View Full Version : Microsoft Alerts
AplusWebMaster
2012-06-04, 06:22
FYI...
Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/en-us/security/advisory/2718704
June 03, 2012 - "Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:
• Microsoft Enforced Licensing Intermediate PCA (2 certificates)
• Microsoft Enforced Licensing Registration Authority CA (SHA1)
Recommendation. For supported releases of Microsoft Windows, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service..."
* http://support.microsoft.com/kb/2718704
- https://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx?Redirected=true
3 Jun 2012 - "We recently became aware of a complex piece of targeted malware known as 'Flame' and immediately began examining the issue. As many reports assert, Flame has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk. Additionally, most antivirus products will detect and remove this malware. That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks..."
- https://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx?Redirected=true
3 Jun 2012 - "... we released Security Advisory 2718704*, notifying customers that unauthorized digital certificates have been found that chain up to a Microsoft sub-certification authority issued under the Microsoft Root Authority... we encourage all customers to apply the officially tested update to add the proper certificates to the Untrusted Certificate Store... Components of the Flame malware were signed with a certificate that chained up to the Microsoft Enforced Licensing Intermediate PCA certificate authority, and ultimately, to the Microsoft Root Authority. This code-signing certificate came by way of the Terminal Server Licensing Service that we operate to issue certificates to customers for ancillary PKI-based functions in their enterprise. Such a certificate could (without this update being applied) also allow attackers to sign code that validates as having been produced by Microsoft.
Conclusion: We recommend that all customers apply this update."
- http://support.microsoft.com/kb/894199
Last Review: June 4, 2012 - Revision: 129.0
___
- http://www.securitytracker.com/id/1027114
Jun 4 2012
... Unauthorized digital certificates derived from these certificate authorities are being actively used in attacks.
Windows Mobile 6.x and Windows Phone 7 and 7.5 are also affected.
Impact: A remote user may be able to spoof code signing signatures.
Solution: The vendor has issued a fix (KB2718704), available via automatic update...
>> https://www.f-secure.com/weblog/archives/00002377.html
June 4, 2012
___
Microsoft Security Advisory (2718704)
- http://atlas.arbor.net/briefs/index#-2141289419
Severity: Extreme Severity
Published: Monday, June 04, 2012 20:39
This security vulnerability is high risk and should be looked at ASAP by security teams.
Analysis: Due to the risks involved, multiple sources suggest that this issue be mitigated as soon as possible. The vulnerability has already been used in the Flame malware, which has been around for a few years. How many other potential adversaries have found and are leveraging the same security hole for their purposes is an open question.
Source: http://technet.microsoft.com/en-us/security/advisory/2718704
Source: https://isc.sans.edu/diary.html?storyid=13366
Last Updated: 2012-06-05 ...(Version: 4)
Source: http://www.wired.com/threatlevel/2012/06/internet-security-fail/
June 1, 2012 Mikko Hypponen, Chief Research Officer - F-Secure
:fear::fear:
AplusWebMaster
2012-06-09, 13:52
FYI...
WSUS and Windows update hardening
- http://blogs.technet.com/b/wsus/archive/2012/06/08/further-hardening-of-wsus-now-available.aspx
8 Jun 2012
- http://blogs.technet.com/b/mu/archive/2012/06/06/update-to-windows-update-wsus-coming-this-week.aspx
June 8, 2012 - Revision: 2.2
- http://blogs.technet.com/b/configmgrteam/archive/2012/06/08/further-hardening-of-wsus-now-available.aspx
8 Jun 2012
... and:
- http://support.microsoft.com/kb/2720211
Last Review: June 8, 2012 - Revision: 2.2
- http://support.microsoft.com/kb/894199
Last Review: June 8, 2012 - Revision: 131.0
___
An update for Windows Server Update Services 3.0 Service Pack 2 is available
- http://support.microsoft.com/kb/2720211
Last Review: June 11, 2012 - Revision: 5.0
:fear: :fear: :spider:
AplusWebMaster
2012-06-12, 20:52
FYI...
Ref: http://technet.microsoft.com/en-us/security/bulletin
- https://technet.microsoft.com/en-us/security/bulletin/ms12-jun
June 12, 2012 - "This bulletin summary lists security bulletins released for June 2012...
(Total of -7-)
Critical -3-
Microsoft Security Bulletin MS12-036 - Critical
Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)
- https://technet.microsoft.com/en-us/security/bulletin/MS12-036
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-037 - Critical
Cumulative Security Update for Internet Explorer (2699988)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-037
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS12-038 - Critical
Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-038
Critical - Remote Code Execution - May require restart Microsoft Windows, Microsoft .NET Framework
Important -4-
Microsoft Security Bulletin MS12-039 - Important
Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
- https://technet.microsoft.com/en-us/security/bulletin/MS12-039
Important - Remote Code Execution - May require restart - Microsoft Lync
Microsoft Security Bulletin MS12-040 - Important
Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-040
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-041 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-041
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-042 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
- https://technet.microsoft.com/en-us/security/bulletin/MS12-042
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___
Certificate Trust List update...
- https://blogs.technet.com/b/msrc/archive/2012/06/12/certificate-trust-list-update-and-the-june-2012-bulletins.aspx?Redirected=true
12 Jun 2012
RSA keys under 1024 bits are blocked
- https://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx?Redirected=true
11 Jun 2012
Bulletin deployment priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/2604.June-2012-Priority.png
Severity and exploitability index
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/8737.June-2012-Severity.png
___
Microsoft Security Advisory (2719615)
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2719615
June 12, 2012
0-day... CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1889 - 9.3 (HIGH)
> http://support.microsoft.com/kb/2719615#FixItForMe
Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2269637
• V16.0 (June 12, 2012) - "... Updates relating to Insecure Library Loading section: MS12-039..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=13453
Last Updated: 2012-06-12 17:45:41 UTC
___
MSRT
- http://support.microsoft.com/?kbid=890830
June 12, 2012 - Revision: 103.0
(Recent additions)
- http://www.microsoft.com/security/pc-security/malware-families.aspx
... added this release...
• Cleaman
• Kuluoz
Download:
- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.9.exe - 15.5 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.9.exe - 16.1 MB
.
AplusWebMaster
2012-06-13, 06:39
FYI...
Microsoft Security Advisory (2719615)
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2719615
June 12, 2012
0-day... CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1889 - 9.3 (HIGH)
> http://support.microsoft.com/kb/2719615#FixItForMe
- https://secunia.com/advisories/49456/
Release Date: 2012-06-12
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
... vulnerability is reportedly being actively exploited.
Solution: Apply Microsoft Fix it solution.
Reported as a 0-day.
Original Advisory: Microsoft:
http://technet.microsoft.com/en-us/security/advisory/2719615
- http://googleonlinesecurity.blogspot.com/2012/06/microsoft-xml-vulnerability-under.html
June 12, 2012 - "... attacks are being distributed both via malicious web pages intended for Internet Explorer users and through Office documents. Users running Windows XP up to and including Windows 7 are known to be vulnerable..."
___
Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2269637
• V16.0 (June 12, 2012) - "... Updates relating to Insecure Library Loading section: MS12-039..."
___
An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
- http://support.microsoft.com/kb/2677070
Last Review: June 13, 2012 - Revision: 2.0
> https://blogs.technet.com/b/pki/archive/2012/06/12/announcing-the-automated-updater-of-untrustworthy-certificates-and-keys.aspx?Redirected=true
___
> http://forums.spybot.info/showpost.php?p=426868&postcount=25
:fear::fear:
AplusWebMaster
2012-06-14, 05:42
FYI...
Further insight into Security Advisory 2719615
- https://blogs.technet.com/b/msrc/archive/2012/06/13/further-insight-into-security-advisory-2719615.aspx?Redirected=true
13 Jun 2012 - "During our regular Update Tuesday bulletin cycle this week, we released Security Advisory 2719615*, which provides guidance concerning a remote code execution issue affecting MSXML Code Services. As part of that Advisory, we've built a Fix it workaround that blocks the potential attack vector in Internet Explorer. Fix its are a labor-saving mechanism that helps protect customers from a specific issue in advance of a comprehensive security update. We encourage customers to read more about SA2716915's one-click, no-reboot-required Fix it in an in-depth post on the SRD blog**."
* http://technet.microsoft.com/en-us/security/advisory/2719615
** http://blogs.technet.com/b/srd/archive/2012/06/13/msxml-fix-it-before-fixing-it.aspx
Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/en-us/security/advisory/2718704
"... update revokes the trust of the following intermediate CA certificates:
Microsoft Enforced Licensing Intermediate PCA (2 certificates)
Microsoft Enforced Licensing Registration Authority CA (SHA1) ..."
• V1.1 (June 13, 2012): Advisory revised to notify customers that Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices are not affected by the issue.
:fear::fear:
AplusWebMaster
2012-06-16, 20:41
FYI...
FixIt NOW - 0-day XML Core Services...
> https://isc.sans.edu/diary.html?storyid=13489
Last Updated: 2012-06-16 15:58:47 UTC - "... metasploit module (public release) for this vulnerability. Users are encouraged to patch*..."
* http://support.microsoft.com/kb/2719615#FixItForMe
June 12, 2012 - Revision: 3.0
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1889 - 9.3 (HIGH)
- https://secunia.com/advisories/49456/
Last Update: 2012-06-22
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
... vulnerability is currently being actively exploited...
- http://h-online.com/-1619732
18 June 2012
- https://www.us-cert.gov/current/#microsoft_releases_security_advisory_for5
updated June 25, 2012
- http://nakedsecurity.sophos.com/2012/06/29/zero-day-xml-core-services-vulnerability-included-in-blackhole-exploit-kit/
June 29, 2012 - "... CVE-2012-1889 exploiting code very similar to that published to Metasploit was seen within the landing page of a Blackhole exploit kit..."
:fear::fear: :sad:
AplusWebMaster
2012-06-20, 16:43
FYI...
MS12-034: Description of the security update for CVE-2012-0181 in Windows XP and Windows Server 2003
- http://support.microsoft.com/kb/2686509#FixItForMeAlways
Last Review: June 19, 2012 - Revision: 4.0 - "... If you receive the "0x8007F0F4" error when you try to install this security update, check to see if the %windir%\FaultyKeyboard.log file was created on the computer...
Known issues with this security update: In some scenarios, the %windir%\FaultyKeyboard.log file might not have been created on your computer. If the file was not created, follow these steps: To fix this problem automatically, click the Fix it button or link. Then click Run in the File Download dialog box, and follow the steps in the Fix it wizard..."
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0181 - 10.0 (HIGH)
:sad::fear:
AplusWebMaster
2012-06-20, 18:40
FYI...
MS12-037 exploit in-the-wild
- http://nakedsecurity.sophos.com/2012/06/19/ie-remote-code-execution-vulnerability-being-actively-exploited-in-the-wild/
June 19, 2012 - "A critical Internet Explorer vulnerability, announced and patched by Microsoft in June's Patch Tuesday, is being exploited in the wild. The vulnerability is CVE-2012-1875*... patched in MS12-037**... Cunningly-crafted JavaScript code - which can be embedded in a web page to foist the exploit on unsuspecting vistors - is circulating freely on the internet. Also, the Metasploit exploitation framework now has a plug-in module which will generate malicious JavaScript for you on-the-fly to help you automate an attack... response is easy: if you haven't patched already, do so right away..."
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1875 - 9.3 (HIGH)
Cumulative Security Update for Internet Explorer (2699988) - Critical
** https://technet.microsoft.com/en-us/security/bulletin/ms12-037
June 12, 2012
- http://www.symantec.com/connect/blogs/cve-2012-1875-wild-part-2-internet-explorer-gets-stumped
19 Jun 2012
- http://atlas.arbor.net/briefs/index#-1257954642
Severity: Elevated Severity
Source: http://www.symantec.com/connect/blogs/cve-2012-1875-exploited-wild-part-1-trojannaid
18 Jun 2012
___
- https://www.us-cert.gov/cas/techalerts/TA12-174A.html
June 22, 2012
> http://support.microsoft.com/kb/2686509#FixItForMeAlways
:mad::sad:
AplusWebMaster
2012-06-21, 14:00
FYI...
WSUS KB 272011: Common issues encountered and how to fix them
- https://blogs.technet.com/b/sus/archive/2012/06/20/wsus-kb272011-common-issues-encountered-and-how-to-fix-them.aspx?Redirected=true
20 Jun 2012
An update for Windows Server Update Services 3.0 SP2 is available
- http://support.microsoft.com/kb/2720211
Last Review: June 18, 2012 - Revision: 6.0
Thanks to Susan Bradley!
:fear:
AplusWebMaster
2012-06-24, 20:16
FYI...
IE9 may stop responding if DFX Audio Enhancer is installed
- http://support.microsoft.com/kb/2727797/
Last Review: June 22, 2012 - Revision: 2.0 ...
"Consider the following scenario:
You are running Windows Internet Explorer 9.
DFX Audio Enhancer version 10 is installed on the computer.
The following security update is installed on the computer:
2699988 MS12-037: Cumulative Security Update for Internet Explorer: June 12, 2012
In this scenario, Windows Internet Explorer 9 may stop responding, or "hang."
CAUSE: This issue occurs because of an incompatibility with an earlier version of DFX Audio Enhancer...
For more information about how to obtain the latest version of DFX, go to the following third-party webpage:
- http://www.fxsound.com/dfx/index.php ..."
:fear: :sad:
AplusWebMaster
2012-06-25, 21:37
FYI...
Update for Windows Update ...
- http://h-online.com/-1624979
25 June 2012 - "Microsoft has released an unscheduled, non-patch day update for Windows to update the Windows Update function itself. However, according to reports from readers, the Windows Update Agent update does -not- always run smoothly... Users who run Windows Update are confronted with a message which says that an update for Windows Update needs to be installed before the system can check for other updates. On some computers, clicking the "Install Updates" button results in a failed installation with error code 80070057 or 8007041B. On heise Security's test Windows 7 computer, repeatedly attempting the update (click on "Check for updates" on the left) did eventually result in the update being successfully applied. Microsoft has provided a "Fix it" tool* for more stubborn cases in Knowledge Base Article 949104**. The update in question upgrades the Windows Update Agent from version 7.4.7600.226 to 7.6.7600.256 ..."
* Direct download: http://go.microsoft.com/?linkid=9767096
** http://support.microsoft.com/kb/949104
:sad: :fear:
AplusWebMaster
2012-06-29, 11:42
FYI...
MS June cumulative updates have been released
- https://blogs.technet.com/b/the_microsoft_excel_support_team_blog/archive/2012/06/28/june-cumulative-updates-have-been-released.aspx?Redirected=true
28 Jun 2012
2007 Office system cumulative update for June 2012
For Excel 2007: http://support.microsoft.com/kb/2712234 ...
June 26, 2012 - "The cumulative update packages for June 2012 contain the latest hotfixes for the 2007 Microsoft Office system and for the 2007 Office servers..."
Office 2010 cumulative update for June 2012
For Excel 2010: http://support.microsoft.com/kb/2712235 ...
June 28, 2012 - "The cumulative update packages for June 2012 contain the latest hotfixes for the Microsoft Office 2010 system and for the Office 2010 servers..."
:fear:
AplusWebMaster
2012-07-04, 17:03
FYI...
Installing updates for the Microsoft .NET Framework 4 can take longer than expected
- http://support.microsoft.com/kb/2570538/en-us?sd=rss&spid=548#fixit4me
Last Review: July 3, 2012 - Rev: 4.0
... CAUSE: Updates to the .NET Framework 4 require a complete regeneration of the Native Image Cache, a very time-consuming operation. For some computers, an interaction with previously installed Native Images may cause Native Image regeneration to take much longer than expected. Although this issue only affects setup times, the effect can be several minutes to tens of minutes. Computers that have more Native Images installed will see longer generation times...
To fix this problem automatically, click the Fix it button or link. Then click Run in the File Download dialog box, and follow the steps in the Fix it wizard...
- http://support.microsoft.com/kb/2570538/en-us?sd=rss&spid=548#appliesto
APPLIES TO Microsoft .NET Framework 4
:fear:
AplusWebMaster
2012-07-05, 23:07
FYI...
MSRT results to date - June 2012 release ...
- https://blogs.technet.com/b/mmpc/archive/2012/07/04/cleaning-out-cleaman.aspx?Redirected=true
4 Jul 2012 - "... Since the release of the MSRT on June 12, we have removed 59,479 Win32/Cleaman threats from 56,982 computers..."
:fear:
AplusWebMaster
2012-07-10, 20:47
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms12-jul
July 10, 2012 - "This bulletin summary lists security bulletins released for July 2012...
(Total of -9-)
Critical - 3
Microsoft Security Bulletin MS12-043 - Critical
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-043
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office, Microsoft Developer Tools, Microsoft Server Software
Microsoft Security Bulletin MS12-044 - Critical
Cumulative Security Update for Internet Explorer (2719177)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-044
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS12-045 - Critical
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-045
Critical - Remote Code Execution - May require restart - Microsoft Windows
Important - 6
Microsoft Security Bulletin MS12-046 - Important
Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-046
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Developer Tools
Microsoft Security Bulletin MS12-047 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-047
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-048 - Important
Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-048
Important - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-049 - Important
Vulnerability in TLS Could Allow Information Disclosure (2655992)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-049
Important - Information Disclosure - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-050 - Important
Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-050
Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS12-051 - Important
Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-051
Important - Elevation of Privilege - Does not require restart - Microsoft Office
___
- https://blogs.technet.com/b/msrc/archive/2012/07/10/gadgets-certificate-housekeeping-and-the-july-2012-bulletins.aspx?Redirected=true
10 Jul 2012
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-45-71/3755.July-2012-DP.png
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-45-71/5826.July-2012-XI.png
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=13642
Last Updated: 2012-07-10 18:30:31 UTC
___
- https://secunia.com/advisories/49456/ - MS12-043
- https://secunia.com/advisories/45690/ - MS12-044
- https://secunia.com/advisories/49743/ - MS12-045
- https://secunia.com/advisories/49800/ - MS12-046
- https://secunia.com/advisories/49200/ - MS12-047
- https://secunia.com/advisories/49873/ - MS12-048
- https://secunia.com/advisories/49874/ - MS12-049
- https://secunia.com/advisories/49877/ - MS12-050
- https://secunia.com/advisories/49875/ - MS12-050
- https://secunia.com/advisories/49876/ - MS12-051
___
MSRT
- http://support.microsoft.com/?kbid=890830
July 10, 2012 - Revision: 106.0
Download:
- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.10.exe - 15.6 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.10.exe - 16.3 MB
.
AplusWebMaster
2012-07-10, 23:06
FYI...
MS Security Advisories - 2012.07.10 ...
Microsoft Security Advisory (2728973)
Unauthorized Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/en-us/security/advisory/2728973
July 10, 2012
- https://blogs.technet.com/b/msrc/archive/2012/07/10/gadgets-certificate-housekeeping-and-the-july-2012-bulletins.aspx?Redirected=true
July 10, 2012 - "... we’ve chosen to -deprecate- the Windows Gadget Gallery effective immediately, and to provide a Fix it to help sysadmins disable Gadgets and the Sidebar across their enterprises..."
Microsoft Security Advisory (2719662)
Vulnerabilities in Gadgets Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2719662
July 10, 2012 - "... Applying the automated Microsoft Fix It* solution described in Microsoft Knowledge Base Article 2719662 disables the Windows Sidebar experience and all Gadget functionality..."
* http://support.microsoft.com/kb/2719662#FixItForMe
Last Review: July 13, 2012 - Revision: 2.0
- https://isc.sans.edu/diary.html?storyid=13651
Last Updated: 2012-07-10 22:10:12 UTC - "... insecure gadgets allow random code to be executed with the rights of the logged on user..."
Microsoft Security Advisory (2719615)
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2719615
Published: Tuesday, June 12, 2012 | Updated: Tuesday, July 10, 2012
"... We have issued MS12-043 to address this issue..."
- http://support.microsoft.com/kb/2722479#FixItForMe
July 10, 2012
Fix it solution for MSXML version 5 - Microsoft Fix it 50908
> http://go.microsoft.com/?linkid=9813081
Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2269637
July 10, 2012 - v17.0: Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-046
> http://forums.spybot.info/showpost.php?p=427982&postcount=37
:fear::spider:
AplusWebMaster
2012-07-18, 16:52
FYI...
Win7 SP1 Browser Choice errors ...
- https://www.microsoft.com/en-us/news/press/2012/Jul12/07-17statement.aspx
July 17, 2012 - "Under a December 2009 decision of the European Commission, Microsoft is required to display a “Browser Choice Screen” (BCS) on Windows PCs in Europe where Internet Explorer is the default browser. We have fallen short in our responsibility to do this. Due to a technical error, we missed delivering the BCS software to PCs that came with the service pack 1 update to Windows 7. The BCS software has been delivered as it should have been to PCs running the original version of Windows 7, as well as the relevant versions of Windows XP and Windows Vista. However, while we believed when we filed our most recent compliance report in December 2011 that we were distributing the BCS software to all relevant PCs as required, we learned recently that we’ve missed serving the BCS software to the roughly 28 million PCs running Windows 7 SP1. While we have taken immediate steps to remedy this problem, we deeply regret that this error occurred and we apologize for it. The Commission recently told us that it had received reports that the BCS was not being displayed on some PCs. Upon investigating the matter, we learned of the error... the engineering team responsible for maintenance of this code did not realize that it needed to update the detection logic for the BCS software when Windows 7 SP1 was released last year. As a result of this error, new PCs with Windows 7 SP1 did not receive the BCS software as they should have. Since most computer users run earlier versions of Windows, we estimate that the BCS software was properly distributed to about 90% of the PCs that should have received it. We recognize, however, that our obligation was to distribute the BCS to every PC that should have received it. Therefore, we have moved as quickly as we can to address the error and to provide a full accounting of it to the Commission."
- http://thenextweb.com/microsoft/2012/07/17/microsoft-confirms-28-million-pcs-affected-by-browser-ballot-snafu-promises-fix-by-the-end-of-the-week/
"... 28 million PCs in question... Distribution of the fix started on July 3rd..."
What is the Browser Choice update?
- http://support.microsoft.com/kb/976002
.
AplusWebMaster
2012-07-25, 03:36
FYI...
Microsoft Security Advisory (2737111)
Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2737111
July 24, 2012 - "Microsoft is investigating new public reports of vulnerabilities in third-party code, Oracle Outside In libraries, that affect Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePoint, which ship that component. Customers that apply the workarounds described in this advisory are not exposed to the vulnerabilities described in Oracle Critical Patch Update Advisory - July 2012. The vulnerabilities exist due to the way that files are parsed by the third-party, Oracle Outside In libraries. In the most severe case of Microsoft Exchange Server 2007 and Microsoft Exchange Server 2010, it is possible under certain conditions for the vulnerabilities to allow an attacker to take control of the server process that is parsing a specially crafted file. An attacker could then install programs; view, change, or delete data; or take any other action that the server process has access to do. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers..."
• V1.1 (July 25, 2012): Revised the workaround titles for clarity. There were no changes to the workaround steps.
More info...
- https://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx?Redirected=true
24 Jul 2012
Microsoft Exchange Server...
- https://secunia.com/advisories/50019/
Release Date: 2012-07-25
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote...
... more information: https://secunia.com/advisories/49936/
Solution: ... vendor recommends to apply workarounds... see the vendor's advisory...
Original Advisory: Microsoft: http://technet.microsoft.com/en-us/security/advisory/2737111
Microsoft SharePoint and FAST Search Server vuln...
- https://secunia.com/advisories/50049/
Release Date: 2012-07-25
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote...
... more information: https://secunia.com/advisories/49936/
Solution: ... vendor recommends to apply workarounds... see the vendor's advisory...
Original Advisory: Microsoft: http://technet.microsoft.com/en-us/security/advisory/2737111
___
- http://www.kb.cert.org/vuls/id/118913
Last revised: 27 Jul 2012 - "... used by a variety of applications, including Microsoft Exchange, Oracle Fusion Middleware, Guidance Encase Forensics, AccessData FTK, and Novell Groupwise. Outside In 8.3.7.77 and earlier fail to properly handle multiple file types when the data is malformed..."
Vendor Information for VU#118913
- http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=118913&SearchOrder=4
- http://h-online.com/-1653568
26 July 2012
Oracle Outside In Advisory ...
- http://atlas.arbor.net/briefs/index#101557049
Severity: Elevated Severity
Published: Thursday, July 19, 2012 21:19
The Oracle Outside In library is used by many other applications and has multiple security holes in it's parsing routines. Patches are available.
Analysis: Security holes in such a library are good news for the attackers, who have multiple targets to choose from. Defenders should patch ASAP. Of the 15 vulnerable vendors, heavyweights such as Microsoft, IBM and Cisco appear along with others. It is a positive development that this security hole was found by a Google security researcher instead of a cyber-criminal.
Source: http://www.kb.cert.org/vuls/id/118913
.
AplusWebMaster
2012-08-07, 16:49
FYI...
> https://blogs.technet.com/b/mrsnrub/archive/2012/08/06/support-phases-ending-in-the-next-2-years.aspx?Redirected=true
5 Aug 2012
July 13th 2013 (2013-07-13)
Windows Server 2008
- enters extended support
- will receive only security/GDR updates
- extended support end July 10th 2018 (2018-07-10)
- last service pack was SP2
- ref: Microsoft Product Lifecycle Search
___
April 8th 2014 (2014-04-08)
Windows XP
- end of support
- no more updates for this product
- includes XP x64 Edition
- last service pack for x86 was SP3
- last service pack for x64 was SP2
- ref: Microsoft Product Lifecycle Search
- ref: End of Support
Office 2003
- end of support
- no more updates for this product
- ref: End of Support
.
AplusWebMaster
2012-08-14, 21:22
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms12-aug
August 14, 2012 - "This bulletin summary lists security bulletins released for August 2012...
(Total of -9-)
Critical -5-
Microsoft Security Bulletin MS12-052 - Critical
Cumulative Security Update for Internet Explorer (2722913)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-052
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS12-053 - Critical
Vulnerability in Remote Desktop Could Allow Remote Code Execution (2723135
- https://technet.microsoft.com/en-us/security/bulletin/ms12-053
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-054 - Critical
Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594)
- https://www.microsoft.com/technet/security/bulletin/MS12-054
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-060 - Critical
Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2720573)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-060
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft SQL Server, Microsoft Server Software, Microsoft Developer Tools
- http://support.microsoft.com/kb/2708437
Last Review: August 14, 2012 - Revision: 1.3
Microsoft Security Bulletin MS12-058 - Critical
Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-058
Critical - Remote Code Execution - Does not require restart - Microsoft Exchange Server
Important -4-
Microsoft Security Bulletin MS12-055 - Important
Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2731847)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-055
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-056 - Important
Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution (2706045)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-056
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS12-057 - Important
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2731879)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-057
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS12-059 - Important
Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2733918)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-059
Important - Remote Code Execution - May require restart - Microsoft Office
___
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/4812.Deployment.png
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/4846.August-2012-Severity.png
August 2012 Bulletin Release
- https://blogs.technet.com/b/msrc/archive/2012/08/14/august-2012-security-updates.aspx?Redirected=true
14 Aug 2012 - "... MS12-060... We’re aware of limited, targeted attacks attempting to exploit this vulnerability..."
___
- https://secunia.com/advisories/50237/ - MS12-052
- https://secunia.com/advisories/50244/ - MS12-053
- https://secunia.com/advisories/50245/ - MS12-054
- https://secunia.com/advisories/50236/ - MS12-055
- https://secunia.com/advisories/50243/ - MS12-056
- https://secunia.com/advisories/50251/ - MS12-057
- https://secunia.com/advisories/50019/ - MS12-058
- https://secunia.com/advisories/50228/ - MS12-059
- https://secunia.com/advisories/50247/ - MS12-060
___
Update Rollup 4 for Exchange 2010 SP2
- https://blogs.technet.com/b/exchange/archive/2012/08/14/released-update-rollup-4-for-exchange-2010-service-pack-2.aspx?Redirected=true
14 Aug 2012 - "... On August 13th 2012, the Exchange CXP team released Update Rollup 4 for Exchange Server 2010 SP2 to the Download Center. This update contains a number of customer reported and internally found issues. See KB 2706690* Description of Update Rollup 4 for Exchange Server 2010 Service Pack 2 for more details...
* http://support.microsoft.com/kb/2706690
August 14, 2012 - Revision: 1.0
Applies to:
Microsoft Exchange Server 2010 Service Pack 2, when used with:
Microsoft Exchange Server 2010 Enterprise
Microsoft Exchange Server 2010 Standard
- https://isc.sans.edu/diary.html?storyid=13900#comment
"... apparently we're all getting that rollup whether we want it or not...
posted by GrumpySysAdmin, Wed Aug 15 2012, 21:37"
__
Update Rollup 8 for Exchange 2007 SP3
- https://blogs.technet.com/b/exchange/archive/2012/08/14/released-update-rollup-8-for-exchange-2007-service-pack-3.aspx?Redirected=true
14 Aug 2012 - "On August 13th 2012, the Exchange CXP team released Update Rollup 8 for Exchange Server 2007 SP3 to the Download Center... See KB 2734323* Description of Update Rollup 8 for Exchange Server 2007 Service Pack 3..."
* http://support.microsoft.com/kb/2734323
Last Review: August 14, 2012 - Revision: 1.0
Applies to: Microsoft Exchange Server 2007 Service Pack 3, when used with:
Microsoft Exchange Server 2007 Enterprise Edition
Microsoft Exchange Server 2007 Standard Edition
___
MSRT
- http://support.microsoft.com/?kbid=890830
August 14, 2012 - Revision: 108.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
Updated: Aug 14, 2012 - "... added in this release...
• Bafruz
• Matsnu ..."
- https://blogs.technet.com/b/mmpc/archive/2012/08/14/msrt-august-12-what-s-the-buzz-with-bafruz.aspx?Redirected=true
14 Aug 2012
Download:
- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.11.exe - 15.7 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.11.exe - 16.3 MB
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=13900
Last Updated: 2012-08-14 18:32:51 UTC
.
AplusWebMaster
2012-08-15, 01:27
FYI...
Microsoft Security Advisory (2737111)
Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2737111
• V2.0 (August 14, 2012): Advisory updated to reflect publication of security bulletin for Microsoft Exchange.
... MS12-058* addresses this issue for Microsoft Exchange.
* https://technet.microsoft.com/en-us/security/bulletin/ms12-058
Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- https://technet.microsoft.com/en-us/security/advisory/2661254
August 14, 2012 - Ref:
> http://support.microsoft.com/kb/2661254
... Update for minimum certificate key length
August 14, 2012 - Revision: 1.6
>> http://forums.spybot.info/showpost.php?p=429691&postcount=42
:fear::fear:
AplusWebMaster
2012-08-20, 15:22
FYI...
Microsoft Security Bulletin MS12-043 - Critical
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-043
V2.0 (August 14, 2012): Bulletin re-released to offer the security updates for Microsoft XML Core Services 5.0 that were unavailable at the time of initial release. Customers running Microsoft XML Core Services 5.0 should apply the KB2687324, KB2596856, or KB2596679 update to be protected from the vulnerability described in this bulletin. Customers who have already successfully installed the updates originally offered on July 10, 2012 for Microsoft XML Core Services 3.0, Microsoft XML Core Services 4.0, and Microsoft XML Core Services 6.0 do not need to take any action. See the Update FAQ for details...
- http://support.microsoft.com/kb/2687324
Last Review: August 14, 2012 - Revision: 1.9
- http://support.microsoft.com/kb/2596856
Last Review: August 14, 2012 - Revision: 1.0
- http://support.microsoft.com/kb/2596679
Last Review: August 14, 2012 - Revision: 1.2
:fear:
AplusWebMaster
2012-08-21, 01:10
FYI...
Microsoft Security Advisory (2743314)
Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/security/advisory/2743314
August 20, 2012 - "Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). The MS-CHAP v2 protocol is widely used as an authentication method in Point-to-Point Tunneling Protocol (PPTP)-based VPNs. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary..."
- http://support.microsoft.com/kb/2744850
Last Review: August 20, 2012 - Revision: 1.4
- http://h-online.com/-1672257
22 August 2012
___
Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- https://blogs.technet.com/b/gladiatormsft/archive/2012/08/15/software-update-to-block-rsa-keylengths-gt-1024-has-been-released-to-the-download-center.aspx?Redirected=true
14 Aug 2012 - "... an update was released that, once applied, will block RSA certificates with keys less than 1024 bits. The software update was released to the Download Center. The security advisory is located at:
http://technet.microsoft.com/security/advisory/2661254 .
The KB article is available at http://support.microsoft.com/kb/2661254 *.
The update is available now to allow organizations to assess the impact of this update and to reissue certificates with larger key sizes, if necessary, before the update is sent out through Windows Update. Previous blogs may have mentioned it being released to Windows Update this month. That is no longer the case. The update is planned to be sent out through Windows Update on October 9, 2012..."
* http://support.microsoft.com/kb/2661254
Last Review: August 21, 2012 - Revision: 2.1
:fear:
AplusWebMaster
2012-09-06, 20:17
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms12-sep
September 06, 2012 - "This is an advance notification of security bulletins that Microsoft is intending to release on September 11, 2012...
(Total of -2-)
Bulletin 1 - Important - Elevation of Privilege - No restart required - Microsoft Developer Tools
Bulletin 2 - Important - Elevation of Privilege - No restart required - Microsoft Server Software
___
- https://blogs.technet.com/b/msrc/archive/2012/09/06/september-ans-and-an-important-heads-up-concerning-certificates.aspx?Redirected=true
6 Sep 2012 - "... Security Advisory 2661254* was initially made available in August via the Download Center and the Microsoft Update Catalog, with distribution through Windows Update planned for October 2012. To help ensure that all customers are prepared for the update, we are reiterating those announcements before releasing the requirement change with our monthly bulletins on Oct. 9... customers will want to take advantage of September’s quiet bulletin cycle to review their asset inventories – in particular, examining those systems and applications that have been tucked away to collect dust and cobwebs because they “still work” and have not had any cause for review for some time. For those who find they are using certificates with RSA key lengths of -less- than 1024 bits, those certificates will be required to be reissued with at least a 1024-bit key length. (1024 should, by the way, be considered a minimum length; the most up-to-date security practices recommend 2048 bits or even better.) We recommend that you evaluate your environments with the information provided in Security Advisory 2661254 and your organization is aware of and prepared to resolve any known issues prior to October. Some known issues that customers may encounter after applying this update may include:
• Error messages when browsing to web sites that have SSL certificates with keys that are less than 1024 bits
• Problems enrolling for certificates when a certificate request attempts to utilize a key that is less than 1024 bits
• Difficulties creating or consuming email (S/MIME) messages that utilize less than 1024 bit keys for signatures or encryption
• Difficulties installing Active X controls that were signed with less than 1024 bit signatures
• Difficulties installing applications that were signed with less than 1024 bit signatures (unless they were signed prior to Jan. 1, 2010, which will not be blocked by default)..."
* http://support.microsoft.com/kb/2661254
Last Review: August 21, 2012 - Revision: 2.1
.
AplusWebMaster
2012-09-11, 20:39
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms12-sep
Sep 11, 2012 - "This bulletin summary lists security bulletins released for September 2012...
(Total of -2-)
Microsoft Security Bulletin MS12-061 - Important
Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-061
Important - Elevation of Privilege - No restart required - Microsoft Developer Tools
Microsoft Security Bulletin MS12-062 - Important
Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-062
Important - Elevation of Privilege - No restart required - Microsoft Server Software
Bulletin Deployment priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/8228.September-2012-Deployment-Pri.png
Severity and exploitability index
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/3404.September-2012-Deployment-S_2600_E-Index.png
___
- https://secunia.com/advisories/50463/ - MS12-061
- https://secunia.com/advisories/50497/ - MS12-062
___
Microsoft Security Advisory (2736233)
Update Rollup for ActiveX Kill Bits
- https://technet.microsoft.com/en-us/security/advisory/2736233
Sep 11, 2012 - "... This update sets the kill bits for the following third-party software:
Cisco Secure Desktop... relates to a request by Cisco to set a kill bit for an ActiveX control that is vulnerable...
Cisco Hostscan... relates to a request by Cisco to set a kill bit for an ActiveX control that is vulnerable...
Cisco AnyConnect Secure Mobility Client... relates to a request by Cisco to set a kill bit for an ActiveX control that is vulnerable..."
- http://support.microsoft.com/kb/2736233
Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- https://technet.microsoft.com/en-us/security/advisory/2661254
V1.2 (September 11, 2012): Clarified that applications and services that use RSA keys for cryptography and call into the CertGetCertificateChain function could be impacted by this update. Examples of these applications and services include but are not limited to encrypted email, SSL/TLS encryption channels, signed applications, and private PKI environments.
- http://support.microsoft.com/kb/2661254
Last Review: September 12, 2012 - Revision: 3.0
___
MSRT
- http://support.microsoft.com/?kbid=890830
September 11, 2012 - Revision: 110.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Medfos ..."
- https://blogs.technet.com/b/mmpc/archive/2012/09/10/msrt-september-12-medfos-hijacking-your-daily-search.aspx?Redirected=true
Download:
- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.12.exe - 16.1 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.12.exe - 16.7 MB
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=14071
Last Updated: 2012-09-11
.
AplusWebMaster
2012-09-18, 05:34
FYI...
Microsoft Security Advisory (2757760)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
* http://technet.microsoft.com/security/advisory/2757760
17 Sep 2012 (see "Workarounds" ) - "... To download EMET, visit the following Microsoft website:
https://www.microsoft.com/en-us/download/details.aspx?id=29851 ..."
** http://support.microsoft.com/kb/2458544
- https://blogs.technet.com/b/msrc/archive/2012/09/17/microsoft-releases-security-advisory-2757760.aspx?Redirected=true
17 Sep 2012 - "... we released Security Advisory 2757760* to address an issue that affects Internet Explorer 9 and earlier versions if a user views a website hosting malicious code. Internet Explorer 10 is not affected. We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue. In the meantime, customers using Internet Explorer are protected when they deploy the following workarounds and mitigations included in the advisory:
• Deploy the Enhanced Mitigation Experience Toolkit (EMET)
This will help prevent exploitation by providing mitigations to help protect against this issue and should not affect usability of websites.
• Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
Deploying EMET will help to prevent a malicious website from successfully exploiting the issue described in Security Advisory 2757760*. EMET in action is unobtrusive and should not affect customers’ Web browsing experience. We are monitoring the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog..."
___
- https://www.net-security.org/secworld.php?id=13614
18 Sep 2012 - "... The Rapid7 team got right on it and created a module exploiting the vulnerability for the Metasploit exploit toolkit during the weekend, and advised IE users to switch to other browsers such as Chrome or Firefox until Microsoft patches the flaw security update becomes available. Microsoft has reacted fast by issuing a security advisory yesterday, in which it confirms the existence of the flaw in Internet explorer 9 and all previous versions (IE10 is not affected), and offers instructions on steps the users can take to mitigate - but not yet remove - the threat:
• Deploy the Enhanced Mitigation Experience Toolkit (EMET) and configure it for Internet Explorer
• Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.
These steps [i]could bring additional problems to the users, such as being bombarded by a slew of security warnings, so until Microsoft releases a definitive patch for the hole, maybe it would be easier for IE users to take Rapid7's advice and switch to another browser for the time being."
:fear::sad:
AplusWebMaster
2012-09-19, 03:59
FYI...
Microsoft Security Advisory (2757760)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2757760
V1.1 (Sep 18, 2012): Assigned Common Vulnerability and Exposure number CVE-2012-4969 to the issue. Also -corrected- instructions in the EMET workaround.
V1.2 (Sep 19, 2012): Added link to Microsoft Fix it solution, "Prevent Memory Corruption via ExecCommand in Internet Explorer," that prevents exploitation of this issue.
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4969 - 9.3 (HIGH)
"... function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012..."
- https://blogs.technet.com/b/msrc/archive/2012/09/18/additional-information-about-internet-explorer-and-security-advisory-2757760.aspx?Redirected=true
18 Sep 2012 - "We will release a Fix it in the next few days to address an issue in Internet Explorer... It will not affect your ability to browse the Web, and it will provide full protection against this issue until an update is available. It won’t require a reboot of your computer. This Fix it will be available for everyone to download and install within the next few days..."
:fear:
AplusWebMaster
2012-09-20, 04:26
FYI...
IE Fix it available - Security Update scheduled for Friday
- https://blogs.technet.com/b/msrc/archive/2012/09/19/internet-explorer-fix-it-available-now-security-update-scheduled-for-friday.aspx?Redirected=true
19 Sep 2012 - "... today we have released a Fix it* that is available to address that issue. This is an easy, one-click solution that will help protect your computer right away. It will not affect your ability to browse the web, and it does not require a reboot of your computer. Then, on this Friday, Sept. 21, we will release a cumulative update for Internet Explorer through Windows Update and our other standard distribution channels. We recommend that you install this update as soon as it is available... This will not only reinforce the issue that the Fix It addressed, but cover other issues as well. Today’s Advance Notification Service** (ANS) provides additional details about the update we are releasing on Friday - MS12-063. We are planning to release this bulletin as close to 10 a.m. PDT as possible. This cumulative update for Internet Explorer has an aggregate severity rating of Critical. It addresses the publicly disclosed issue described in Security Advisory 2757760 as well as four other Critical-class remote code execution issues..."
* http://support.microsoft.com/kb/2757760#FixItForMe
Last Review: September 20, 2012 - Revision: 2.0
** http://technet.microsoft.com/security/bulletin/ms12-sep
Sep 19, 2012 - Version: 2.0
Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
:fear:
AplusWebMaster
2012-09-21, 20:10
FYI...
> https://technet.microsoft.com/en-us/security/bulletin/ms12-sep
V2.0 (Sep 21, 2012): Added Microsoft Security Bulletin MS12-063, Cumulative Security Update for Internet Explorer (2744842)... out-of-band security bulletin.
Microsoft Security Bulletin MS12-063 - Critical
Cumulative Security Update for Internet Explorer (2744842)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-063
Sep 21, 2012 - Internet Explorer 6, 7, 8, 9.
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1529 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2546 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2548 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2557 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4969 - 9.3 (HIGH)
> https://update.microsoft.com/
:fear:
AplusWebMaster
2012-09-21, 22:07
FYI...
Microsoft Security Advisory (2757760)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2757760
V2.0 (Sep 21, 2012): Advisory updated to reflect publication of security bulletin.
"... We have issued MS12-063* to address this issue..."
* https://technet.microsoft.com/en-us/security/bulletin/ms12-063
Sep 21, 2012 - "... rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows..."
- https://blogs.technet.com/b/msrc/archive/2012/09/21/microsoft-releases-ms12-063-cumulative-security-update-for-internet-explorer.aspx?Redirected=true
21 Sep 2012
- http://atlas.arbor.net/briefs/index#1229731326
Severity: Extreme Severity
Sep 21, 2012
MS12-063 patches the recent 0day security hole in Internet Explorer along with other security holes.
Analysis: The exploit for one of the now-patched security holes was first found and reported last week and was apparently used in targeted attacks. One of the actions of at least one group of attackers was the installation of the Poison Ivy Remote Access Trojan (RAT). The exploit for this issue was soon revealed to the public and a Metasploit module was developed, allowing anyone to gain access to the exploit code for any purpose...
> https://update.microsoft.com/
___
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
- https://technet.microsoft.com/en-us/security/advisory/2755801
Sep 21, 2012 - "... availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10... The update addresses the vulnerabilities described in Adobe security bulletins APSB12-18 and APSB12-19. As of the release of this update, CVE-2012-1535* is known to be under active attack. For more information about this update, including download links, see Microsoft Knowledge Base Article 2755399**... Customers with Windows 8 Release Preview and Windows Server 2012 Release Candidate are encouraged to apply the update to their systems. The update is only available on Windows Update**..."
** http://go.microsoft.com/fwlink/?LinkId=21130
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1535 - 9.3 (HIGH)
Last revised: 08/15/2012
** http://support.microsoft.com/kb/2755399
Sep 21, 2012
- https://blogs.technet.com/b/msrc/archive/2012/09/21/security-advisory-2755801-addresses-adobe-flash-player-issues.aspx?Redirected=true
21 Sep 2012
- http://atlas.arbor.net/briefs/index#1045103976
Severity: Elevated Severity
Sep 21, 2012
Microsoft releases a security update to Flash player.
Analysis: This patch resolves security issues patched by Adobe in August 2012 for Internet Explorer 10 on Windows 8. This includes the following CVE's: CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167, CVE-2012-4168, CVE-2012-4171. Attacks on the CVE-2012-1535 vulnerability are actively underway...
:fear::fear:
AplusWebMaster
2012-09-28, 17:34
FYI...
MS KB 2732059 - .oxps files ...
You cannot open an .oxps file in Windows 7 or in Windows Server 2008 R2
- http://support.microsoft.com/kb/2732059
Last Review: September 26, 2012 - Revision: 2.0
"This issue occurs because Windows 7 and Windows Server 2008 R2 do not support the .oxps format. The supported XPS document format in Windows 7 and in Windows Server 2008 R2 is .xps... This update is available from the following Microsoft Update website:
https://update.microsoft.com
Applies to: Win7, Windows Server 2008 ..."
:fear:
AplusWebMaster
2012-10-09, 21:51
FYI...
- http://technet.microsoft.com/en-us/security/bulletin/ms12-oct
October 09, 2012 - "This bulletin summary lists security bulletins released for October 2012...
(Total of 7-)
Microsoft Security Bulletin MS12-064 - Critical
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-064
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS12-065 - Important
Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-065
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS12-066 - Important
Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-066
Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software, Microsoft Lync
Microsoft Security Bulletin MS12-067 - Important
Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-067
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS12-068 - Important
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-068
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-069 - Important
Vulnerability in Kerberos Could Allow Denial of Service (2743555)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-069
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-070 - Important
Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-070
Important - Elevation of Privilege - May require restart - Microsoft SQL Server
___
Assessing risk for the October 2012 security updates
- https://blogs.technet.com/b/srd/archive/2012/10/09/assessing-risk-for-the-october-2012-security-updates.aspx?Redirected=true
9 Oct 2012
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/7585.October-2012-Deployment.png
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/6866.October-2012-Severity.png
MSRC > Welcome to the 1024-bit world and the October security updates
- http://blogs.technet.com/b/msrc/archive/2012/10/09/welcome-to-the-1024-bit-world-and-the-october-security-updates.aspx?Redirected=true
9 Oct 2012
___
MSRT
- http://support.microsoft.com/?kbid=890830
October 9, 2012 - Revision: 111.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Nitol
• OneScan..."
- https://blogs.technet.com/b/mmpc/archive/2012/10/09/msrt-thwarts-rogues-with-just-one-scan.aspx?Redirected=true
9 Oct 2012
Download:
- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.13.exe - 16.2 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.13.exe - 16.8 MB
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=14272
Last Updated: 2012-10-09 17:12:12 UTC
.
AplusWebMaster
2012-10-09, 22:57
FYI...
Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.microsoft.com/en-us/security/advisory/2749655
October 09, 2012 - "... For more information about the update, please see Microsoft Knowledge Base Article 2749655*..."
* http://support.microsoft.com/kb/2749655
Security Advisory 2749655 and timestamping
- https://blogs.technet.com/b/srd/archive/2012/10/09/security-advisory-2749655-and-timestamping.aspx?Redirected=true
9 Oct 2012 - "... due to a clerical error, a subset of binaries processed by the PRSS lab between June 12, 2012 and August 14, 2012 were digitally signed in an incorrect manner... we are re-releasing an initial batch of four security updates -- MS12-053, MS12-054, MS12-055, and MS12-058 -- with new digital signatures, each of which has been timestamped with a proper timestamping certificate. We are continuing our investigation and expect to re-release additional bulletins as needed in months to come..."
___
Microsoft Security Advisory (2737111)
Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2737111
• V3.0 (October 9, 2012): Advisory updated to reflect publication of security bulletin* for Microsoft FAST Search Server 2010 for SharePoint.
* http://technet.microsoft.com/en-us/security/bulletin/ms12-067
Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- http://technet.microsoft.com/en-us/security/advisory/2661254
• V2.0 (October 9, 2012): Revised advisory to re-release the KB2661254 update for Windows XP and to announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating. Customers who previously applied the KB2661254 update do not need to take any action. See advisory FAQ for details.
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe -Flash- Player in IE 10
* https://technet.microsoft.com/en-us/security/advisory/2755801
Updated: Oct 08, 2012 - "... Microsoft recommends that customers apply the current update -immediately- using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered..."
• V2.0 (October 8, 2012): Added KB2758994** to the Current update section.
** http://support.microsoft.com/kb/2758994
:fear::fear:
AplusWebMaster
2012-10-10, 21:28
FYI...
RE-RELEASED:
Microsoft Security Bulletin MS12-043 - Critical
- http://technet.microsoft.com/en-us/security/bulletin/ms12-043
• V3.0 (October 9, 2012): Added Microsoft XML Core Services 4.0 when installed on supported editions of Windows 8 and Windows Server 2012 to affected software and announced a corresponding detection change for the KB2721691 update package. Customers who have installed Microsoft XML Core Services 4.0 on systems running Windows 8 or Windows Server 2012 need to install the KB2721691 update to be protected from the vulnerability described in this bulletin. See the update FAQ for details.
Microsoft Security Bulletin MS12-053 - Critical
- http://technet.microsoft.com/en-us/security/bulletin/ms12-053
• V2.0 (October 9, 2012): Revised bulletin to rerelease the KB723135 update for Windows XP. Customers do not need to apply the rereleased update packages to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655.
Microsoft Security Bulletin MS12-054 - Critical
- http://technet.microsoft.com/en-us/security/bulletin/ms12-054
• V2.0 (October 9, 2012): Revised bulletin to rerelease the KB2731847 update for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Customers using Windows XP and Windows Server 2003 do not need to apply the rereleased update packages to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655. Customers using Windows Vista, Windows 7, and Windows Server 2008 need to apply the rereleased update packages to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655.
Microsoft Security Bulletin MS12-055 - Important
- http://technet.microsoft.com/en-us/security/bulletin/ms12-055
• V2.0 (October 9, 2012): Revised bulletin to rerelease the KB2731847 update for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Customers using Windows XP and Windows Server 2003 do not need to apply the rereleased update packages to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655. Customers using Windows Vista, Windows 7, and Windows Server 2008 need to apply the rereleased update packages to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655.
Microsoft Security Bulletin MS12-058 - Critical
- http://technet.microsoft.com/en-us/security/bulletin/ms12-058
• V2.0 (October 9, 2012): Revised bulletin to offer the rerelease of updates for Microsoft Exchange Server 2007 Service Pack 3 (KB2756497), Microsoft Exchange Server 2010 Service Pack 1 (KB2756496), and Microsoft Exchange Server 2010 Service Pack 2 (KB2756485). Customers need to apply the rereleased updates to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655.
>> Per: Security Advisory 2749655 and timestamping
- https://blogs.technet.com/b/srd/archive/2012/10/09/security-advisory-2749655-and-timestamping.aspx?Redirected=true
9 Oct 2012 - "... due to a clerical error, a subset of binaries processed by the PRSS lab between June 12, 2012 and August 14, 2012 were digitally signed in an incorrect manner... we are re-releasing an initial batch of four security updates -- MS12-053, MS12-054, MS12-055, and MS12-058 -- with new digital signatures, each of which has been timestamped with a proper timestamping certificate. We are continuing our investigation and expect to re-release additional bulletins as needed in months to come..."
:fear::fear::sad:
AplusWebMaster
2012-10-19, 15:01
FYI...
Windows Update Web site indicates that your Windows Update software has to be updated
- http://support.microsoft.com/kb/836974/en-us
Last Review: October 18, 2012 - Revision: 3.0
Resolution: To resolve this issue, manually update the Windows Update software, and then return to the Windows Update Web site to update your computer. To do this, follow the appropriate steps for your Microsoft Windows operating system...
Windows Server 2003, Windows XP, and Windows 2000
1. Download the Iuctl.cab file and save it on your desktop. To download the Iuctl.cab file, visit the following Windows Update Web site:
http://v4.update.microsoft.com/cab/x86/unicode/iuctl.cab
2. After the file is saved on your desktop, right-click the Iuctl.cab file, and then click Open
3. Select all the files that are listed. To do this, point to the file list, and then press CTRL+A.
4. Right-click the files that you selected, and then click Extract.
5. Select a known location, and then click OK. For example, select the desktop.
6. Locate the file where you extracted it. For example, locate the file on the desktop.
7. Right-click the Iuctl.inf file, and then click Install.
8. Try again to update your computer by using the Windows Update Web site.
After you have resolved this issue, you can safely delete the files and folders that you downloaded and extracted in steps 1 through 4 of this procedure.
:fear::secret:
AplusWebMaster
2012-10-24, 14:53
FYI...
MSRT results - Oct 2012...
- https://blogs.technet.com/b/mmpc/archive/2012/10/22/msrt-october-12-nitol-by-the-numbers.aspx?Redirected=true
22 Oct 2012 - "... Top 10 countries with Win32/Nitol detections (January 2012 to October 2012):
> https://www.microsoft.com/security/portal/blog-images/Nitol/Nitol1.png
... Monthly report volume for Win32/Nitol (January 2011 to October 2012):
> https://www.microsoft.com/security/portal/blog-images/Nitol/Nitol3.png
... This month’s MSRT included two prevalent families - Win32/Onescan, which is a Korean rogue software, and Win32/Nitol. Within the first two days of MSRT release, Win32/Onescan was our top family detected and cleaned by the MSRT tool, while Win32/Nitol took the 9th spot. After one week of report monitoring, while Win32/Onescan was still on top and had been cleaned from almost 1,000,000 machines, Win32/Nitol had slipped to the 11th spot, having been removed from over 36,000 machines. Win32/Nitol’s numbers are something within our expectation. The recent takedown which disrupted a large percentage of Win32/Nitol’s C&C (command and control) infrastructure is a big factor in explaning why Win32/Nitol’s prevalence has been dropping considerably.
MSRT top 15 families after one week:
> https://www.microsoft.com/security/portal/blog-images/Nitol/Nitol4.png ..."
:fear:
AplusWebMaster
2012-11-01, 01:35
FYI...
Microsoft Security Bulletin MS12-034 - Critical
Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight
- http://technet.microsoft.com/en-us/security/bulletin/ms12-034
V1.0 (May 8, 2012): Bulletin published.
V1.1 (May 16, 2012): Added a link to Microsoft Knowledge Base Article 2681578 under Known Issues in the Executive Summary. Also added Microsoft .NET Framework 1.1 Service Pack 1 to the Non-Affected Software table and corrected the update replacement information for Microsoft Office. These were informational changes only. There were no changes to the security update files or detection logic.
V1.2 (May 22, 2012): Added an entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to explain this revision.
V1.3 (June 6, 2012): Added an entry to the update FAQ to explain why systems with non-affected versions of Microsoft Visio Viewer 2010 will be offered security update KB2589337.
V1.4 (July 31, 2012): Bulletin revised to announce a detection change in the Windows Vista packages for KB2676562 to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
V1.5 (October 31, 2012): Corrected update replacement information for the KB2676562* update.
* http://support.microsoft.com/kb/2676562
.
AplusWebMaster
2012-11-13, 22:11
FYI...
- http://technet.microsoft.com/en-us/security/bulletin/ms12-nov
November 13, 2012 - "This bulletin summary lists security bulletins released for November 2012...
(Total of -6-)
Microsoft Security Bulletin MS12-071 - Critical
Cumulative Security Update for Internet Explorer (2761451)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-071
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS12-072 - Critical
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-072
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-074 - Critical
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-074
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS12-075 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-075
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-076 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-076
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS12-073 - Moderate
Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information
- https://technet.microsoft.com/en-us/security/bulletin/ms12-073
Moderate - Information Disclosure - May require restart - Microsoft Windows
___
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/5353.November-2012-Deployment.png
Severity and Exploitabilty Index
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/0486.November-2012-Severity.png
- http://blogs.technet.com/b/msrc/archive/2012/11/13/november-2012-bulletin-release.aspx?Redirected=true
13 Nov 2012 - "... six security bulletins... four Critical, one Important, and one Moderate – addressing 19 vulnerabilities in Microsoft Windows Shell, Windows Kernel, Internet Explorer, Internet Information Services (IIS), .NET Framework, and Excel..."
___
- https://secunia.com/advisories/51202/ - MS12-071
- https://secunia.com/advisories/51221/ - MS12-072
- https://secunia.com/advisories/51235/ - MS12-073
- https://secunia.com/advisories/51236/ - MS12-074
- https://secunia.com/advisories/51239/ - MS12-075
- https://secunia.com/advisories/51242/ - MS12-076
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=14503
Last Updated: 2012-11-13 18:43:04 UTC
___
MSRT
- http://support.microsoft.com/?kbid=890830
November 13, 2012 - Revision: 116.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Folstart
• Phorpiex
• Weelsof ..."
- https://blogs.technet.com/b/mmpc/archive/2012/11/13/don-t-fall-for-folstart.aspx?Redirected=true
13 Nov 2012 - "... good practice to show hidden files and system files file extensions..."
- https://www.microsoft.com/security/portal/blog-images/Folstart/3.png
... How to display hidden files and folders, and show file extensions
Download:
- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.14.exe - 16.5 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.14.exe - 17.1 MB
.
AplusWebMaster
2012-11-14, 05:26
FYI...
Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2269637
V18.0 (November 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-074*, "Vulnerabilities in .NET Framework Could Allow Remote Code Execution."
* http://technet.microsoft.com/en-us/security/bulletin/ms12-074
Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.microsoft.com/en-us/security/advisory/2749655
V1.2 (November 13, 2012): Added the KB2687626 update, described in MS12-046*, to the list of available re-releases (List of available re-releases at the URL above).
* http://technet.microsoft.com/en-us/security/bulletin/ms12-046
V2.0 (November 13, 2012): Re-released bulletin to replace the KB2598361 update with the KB2687626** update for Microsoft Office 2003 Service Pack 3 to address an issue with digital certificates described in Microsoft Security Advisory 2749655. See the update FAQ for details.
** http://support.microsoft.com/KB/2687626
November 13, 2012 - Revision: 2.0
.
AplusWebMaster
2012-11-14, 14:37
FYI... Per comments/info below, you may choose -not- to install this item:
"An IPv6 readiness update is available for Windows 7 and for Windows Server 2008 R2"
- http://support.microsoft.com/kb/2750841
November 13, 2012 - Revision: 1.0
___
From: Susan Bradley
Subject: Do not install KB2750841
http://support.microsoft.com/kb/2750841
Do -not- install that
Threads here:
http://forums.opendns.com/comments.php?DiscussionID=16465
here
http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/additional-log-on-information-may-be-required/d5be5c1c-f9aa-4f06-943e-03d8cb305a57
and
https://isc.sans.edu/diary.html?storyid=14503#comment
"After applying the updates, in the Network Notification Area, I get 'Additional log on info may be required'..."
:fear::sad:
AplusWebMaster
2012-12-08, 18:15
FYI...
MSRT November '12 ...
- https://blogs.technet.com/b/mmpc/archive/2012/12/04/msrt-november-12-weelsof-around-the-world.aspx?Redirected=true
4 Dec 2012
> https://www.microsoft.com/security/portal/blog-images/Weelsof/Weels4.png
> https://www.microsoft.com/security/portal/blog-images/Weelsof/Weels5.png
___
Unexpected reboot: Necurs
- https://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx?Redirected=true
6 Dec 2012 - "Necurs is a prevalent threat in the wild at the moment - variants of Necurs were reported on 83,427 unique machines during the month of November 2012. Necurs is mostly distributed by drive-by download. This means that you might be -silently- infected by Necurs when you visit websites that have been compromised by exploit kits such as Blackhole. So what does Necurs actually do? At a high level, it enables further compromise by providing the functionality to:
- Download additional malware
- Hide its components
- Stop security applications from functioning
In addition Necurs contains backdoor functionality, allowing remote access and control of the infected computer. Necurs also monitors and filters network activity and has been observed to send spam and install rogue security software. Nefariousness aplenty. See our Trojan:Win32/Necurs* family write-up for the full details... we've had reports from a number of users stating that they're having trouble with the Microsoft Security Essentials real time protection option being turned off after their computer has rebooted. We will continue to monitor variants of Necurs in the wild..."
* http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Necurs
Updated: Dec 05, 2012
:fear::fear:
AplusWebMaster
2012-12-11, 20:30
FYI...
- http://technet.microsoft.com/en-us/security/bulletin/ms12-dec
December 11, 2012 - "This bulletin summary lists security bulletins released for December 2012...
(Total of 7)
Microsoft Security Bulletin MS12-077 - Critical
Cumulative Security Update for Internet Explorer (2761465)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-077
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS12-078 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-078
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-079 - Critical
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-079
Critical - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS12-080 - Critical
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-080
Critical - Remote Code Execution - May require restart - Microsoft Server Software
Microsoft Security Bulletin MS12-081 - Critical
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-081
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-082 - Important
Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-082
Important - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-083 - Important
Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-083
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/archive/2012/12/11/it-s-that-time-of-year-for-the-december-2012-bulletin-release.aspx?Redirected=true
Bulletin Deployment Priority:
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/6355.Slide2.PNG
Severity and Exploitability Index:
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/0550.Slide1.PNG
- http://blogs.technet.com/b/security/archive/2012/12/11/new-guidance-to-mitigate-determined-adversaries-favorite-attack-pass-the-hash.aspx?Redirected=true
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=14683
Last Updated: 2012-12-12 01:54:45 UTC
___
- https://secunia.com/advisories/51411/ - MS12-077
- https://secunia.com/advisories/51459/ - MS12-078
- https://secunia.com/advisories/51467/ - MS12-079
- https://secunia.com/advisories/51474/ - MS12-080
- https://secunia.com/advisories/51493/ - MS12-081
- https://secunia.com/advisories/51497/ - MS12-082
- https://secunia.com/advisories/51500/ - MS12-083
___
MSRT
- http://support.microsoft.com/?kbid=890830
December 11, 2012 - Revision: 117.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Phdet ..."
- https://blogs.technet.com/b/mmpc/archive/2012/12/11/msrt-december-12-phdet.aspx?Redirected=true
Download:
- https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.15.exe - 16.8 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.15.exe - 17.4 MB
.
AplusWebMaster
2012-12-12, 05:28
FYI...
Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.microsoft.com/en-us/security/advisory/2749655
V2.0 (December 11, 2012): Added the KB2687627 and KB2687497 updates described in MS12-043, the KB2687501 and KB2687510 updates described in MS12-057, the KB2687508 update described in MS12-059, and the KB2726929 update described in MS12-060* to the list of available rereleases.
* http://technet.microsoft.com/en-us/security/bulletin/ms12-060
V2.0 (December 11, 2012): Re-released bulletin to replace the KB2687323 update with the KB2726929 update for Windows common controls on all affected variants of Microsoft Office 2003, Microsoft Office 2003 Web Components, and Microsoft SQL Server 2005.
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.microsoft.com/en-us/security/advisory/2755801
V5.0 (December 11, 2012): Added KB2785605* to the Current update section.
* http://support.microsoft.com/kb/2785605
Dec 11, 2012 - Revision: 1.0
___
The following bulletins have undergone a major revision increment. Please see the appropriate bulletin for more details.
- http://technet.microsoft.com/security/bulletin/MS12-043
- http://technet.microsoft.com/security/bulletin/MS12-050
V2.1 (December 12, 2012): Clarified that the update for Microsoft SharePoint Services 2.0 is available from the Microsoft Download Center only.
- http://technet.microsoft.com/security/bulletin/MS12-057
- http://technet.microsoft.com/security/bulletin/MS12-059
- http://technet.microsoft.com/security/bulletin/MS12-060
:fear:
AplusWebMaster
2012-12-15, 05:29
FYI..
MS12-078 - "Known issues" ...
- http://support.microsoft.com/kb/2753842
Last Review: December 14, 2012 - Revision: 2.0
"Known issues with this security update: We are aware of issues related to OpenType Font (OTF) rendering in applications such as PowerPoint on affected versions of Windows that occur after this security update is applied. We are currently investigating these issues and will take appropriate action to address the known issues..."
- http://h-online.com/-1771419
18 Dec 2012 - "... this patch seems to prevent the correct display of PostScript Type 1 fonts and OpenType fonts. They disappear completely in a variety of applications – CorelDraw, QuarkExpress and PowerPoint – and currently the only way to make them visible again is to remove the patch..."
:fear::fear:
AplusWebMaster
2012-12-21, 13:44
FYI...
MS12-078 re-released
- https://technet.microsoft.com/en-us/security/bulletin/ms12-078
V2.0 (December 20, 2012): Re-released update KB2753842 to resolve an issue with OpenType fonts not properly rendering after the original update was installed. Customers who have successfully installed the original KB2753842 update need to install the rereleased update.
(Requires restart.)
- http://support.microsoft.com/kb/2753842
Dec 20, 2012 - Rev: 3.0
___
- http://h-online.com/-1773744
21 Dec 2012
- https://secunia.com/advisories/51459/
Last Update: 2012-12-21
Criticality level: Highly critical
CVE Reference(s):
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2556 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4786 - 10.0 (HIGH)
Original Advisory: MS12-078 (KB2779030, KB2753842):
https://technet.microsoft.com/en-us/security/bulletin/ms12-078
:fear:
AplusWebMaster
2012-12-29, 15:57
FYI...
IE 0-day attack in-the-wild...
- https://krebsonsecurity.com/2012/12/attackers-target-internet-explorer-zero-day-flaw/
Dec 28th, 2012 - "Attackers are breaking into Microsoft Windows computers using a newly discovered vulnerability in Internet Explorer, security experts warn. While the flaw appears to have been used mainly in targeted attacks so far, this vulnerability could become more widely exploited if incorporated into commercial crimeware kits sold in the underground. In a blog posting* Friday evening, Milpitas, Calif. based security vendor FireEye said it found that the Web site for the Council on Foreign Relations was compromised and rigged to exploit a previously undocumented flaw in IE8 to install malicious software on vulnerable PCs used to browse the site. According to FireEye, the attack uses Adobe Flash to exploit a vulnerability in the latest (fully-patched) version of IE8..."
* http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html
2012.12.28 - "... we received reports that the Council on Foreign Relations (CFR) website was compromised and hosting malicious content on or around 2:00 PM EST on Wednesday, December 26. Through our Malware Protection Cloud, we can confirm that the website was compromised at that time, but we can also confirm that the CFR website was also hosting the malicious content as early as Friday, December 21... We can also confirm that the malicious content hosted on the website does appear to use Adobe Flash to generate a heap spray attack against Internet Explorer version 8.0 (fully patched), which was the source of the zero-day vulnerability. We have chosen not to release the technical details of this exploit, as Microsoft is still investigating the vulnerability at this time... the JavaScript proceeded to load a flash file today.swf, which ultimately triggered a heap spray in Internet Explorer in order to complete the compromise of the endpoint..."
Update: "... We have seen multiple variations of this attack, as it looks like the attackers changed tactics multiple times during this campaign... Here is the decrypted payload.
- https://www.virustotal.com/file/af5775caa4b2e2fa0a40a425b1277a00067a762469fcb13e0ca6deaa740780b9/analysis/
File name: base
Detection ratio: 21/45
Analysis date: 2012-12-31
- https://krebsonsecurity.com/2012/12/attackers-target-internet-explorer-zero-day-flaw/#comments
Dec 29, 2012 - "... worth noting that IE9 is not supported on Windows XP, so this vulnerability is probably most dangerous for XP users who browse with IE."
___
- https://secunia.com/advisories/51695/
Release Date: 2012-12-30
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: IE 6.x, 7.x, 8.x
... currently being actively exploited in targeted attacks.
Original Advisory: http://technet.microsoft.com/en-us/security/advisory/2794220
- http://h-online.com/-1775071
30 Dec 2012
- http://www.kb.cert.org/vuls/id/154201
29 Dec 2012
___
MS Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2794220
Dec 29, 2012 - "Microsoft is investigating public reports of a vulnerability in IE6, IE7, and IE8. Internet Explorer 9 and Internet Explorer 10 are -not- affected by the vulnerability. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8. The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
CVE Reference:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4792
"... exploited in the wild in December 2012."
- https://blogs.technet.com/b/msrc/archive/2012/12/29/microsoft-releases-security-advisory-2794220.aspx?Redirected=true
Dec 29, 2012 - "... we are actively working to develop a security update to address this issue..."
- https://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx?Redirected=true
29 Dec 2012 - "... We’re also working on an appcompat shim-based Fix It protection tool that can be used to protect systems until the comprehensive update is available. The shim does not address the vulnerability but does prevent the vulnerability from being exploited for code execution... we’re working around the clock on the full security update. You should next expect to see an update from us announcing the availability of a Fix It tool to block the vulnerable code paths..."
:fear: :mad:
AplusWebMaster
2012-12-31, 16:25
FYI...
Targeted 0-day attack - IE 6, 7, and 8
- https://isc.sans.edu/diary.html?storyid=14776
Last Updated: 2012-12-30 22:06:53 UTC... Version: 2 - "... Update:
There is now a Metasploit module (ie_cdwnbindinfo_uaf)that emulates this attack, meaning this will move in to mainstream exploitation rapidly, thus mitigation steps should be taken so soon as possible. Home users running XP should be looking to use another browser as their primary method of browsing the web, and corporate security staff should review Microsoft’s recommendations to build a layered defence to protect staff..."
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4792 - 9.3 (HIGH)
Last revised: 12/31/2012 - "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8... exploited in the wild in December 2012..."
- https://secunia.com/advisories/51695/
Release Date: 2012-12-30
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: IE 6.x, 7.x, 8.x
... currently being actively exploited in targeted attacks.
Original Advisory: http://technet.microsoft.com/en-us/security/advisory/2794220
:fear::fear:
AplusWebMaster
2012-12-31, 22:09
FYI...
MS FixIt released for IE 0-day...
MS Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2794220
V1.1 (December 31, 2012): Added link to Microsoft Fix it* solution, "MSHTML Shim Workaround," that prevents exploitation of this issue.
* http://support.microsoft.com/kb/2794220#FixItForMe
Last Review: Dec 31, 2012 - Rev 1.0
Applies to: IE8, IE7, IE6...
- https://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx?Redirected=true
31 Dec 2012
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4792 - 9.3 (HIGH)
___
- https://windowssecrets.com/windows-secrets/a-windows-patching-december-to-remember/
Jan 2, 2013
> http://www.microsoft.com/security/pc-security/bulletins/201212.aspx
>> http://forums.spybot.info/showpost.php?p=435553&postcount=51
7 Jan 2013
:fear:
AplusWebMaster
2013-01-03, 20:20
FYI...
MS Security Advisory (2798897)
Fraudulent Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/en-us/security/advisory/2798897
Jan 03, 2013 - "Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. To help protect customers from the fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) and is providing an update for all supported releases of Microsoft Windows that removes the trust of certificates that are causing this issue... see Microsoft Knowledge Base Article 2677070 for details..."
* http://support.microsoft.com/kb/2677070
___
- http://h-online.com/-1777291
4 Jan 2013 - "... Mozilla will be adding the two SubCA certificates to its certificate blacklist during its next update, which is due on 8 January... Chrome has also been updated and no longer trusts the SubCA certificates; the company says that when it updates Chrome later in the month it will no longer show Extended Validation status for TURKTRUST issued certificates."
:fear:
AplusWebMaster
2013-01-07, 18:07
FYI...
IE FixIt negated with bypass ...
- http://www.securitytracker.com/id/1027930
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4792 - 9.3 (HIGH)
Updated: Jan 4 2013
Original Entry Date: Dec 30 2012
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Version(s): IE6,7,8
... the vendor has provided the Microsoft Fix it solution, "MSHTML Shim Workaround"... the Microsoft Fix it solution can be bypassed using a variation of the original exploit http://blog.exodusintel.com/2013/01/04/bypassing-microsofts-internet-explorer-0day-fix-it-patch-for-cve-2012-4792/
The vendor's advisory is available at:
http://technet.microsoft.com/en-us/security/advisory/2794220
Mitigation: Use an alternative browser until a full patch is released for this issue.
:fear:
AplusWebMaster
2013-01-08, 20:39
FYI...
- http://technet.microsoft.com/en-us/security/bulletin/ms13-jan
Jan 08, 2013 - "This bulletin summary lists security bulletins released for January 2013...
(Total of -7-)
Microsoft Security Bulletin MS13-001 - Critical
Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-001
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-002 - Critical
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-002
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office, Microsoft Developer Tools, Microsoft Server Software
Microsoft Security Bulletin MS13-003 - Important
Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-003
Important - Elevation of Privilege - Does not require restart - Microsoft Server Software
Microsoft Security Bulletin MS13-004 - Important
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-004
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS13-005 - Important
Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-005
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-006 - Important
Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-006
Important - Security Feature Bypass - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-007 - Important
Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-007
Important - Denial of Service - May require restart - Microsoft Windows, Microsoft .NET Framework
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=14854
Last Updated: 2013-01-08 18:02:06 UTC
___
Bulletin Deployment Priority
> https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/8284.January-2013-Deployment.png
Severity and Exploitabilty Index
> https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/7384.January-2013-Severity.png
- http://blogs.technet.com/b/msrc/archive/2013/01/08/predictions-and-the-january-2013-bulletin-release.aspx?Redirected=true
8 Jan 2013
___
- https://secunia.com/advisories/51640/ - MS13-001
- https://secunia.com/advisories/51773/ - MS13-002
- https://secunia.com/advisories/51686/ - MS13-003
- https://secunia.com/advisories/51777/ - MS13-004
- https://secunia.com/advisories/51704/ - MS13-005
- https://secunia.com/advisories/51724/ - MS13-006
- https://secunia.com/advisories/51772/ - MS13-007
___
MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: January 9, 2013 - Revision: 118.7
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Ganelp
• Lefgroo..."
- https://blogs.technet.com/b/mmpc/archive/2013/01/08/msrt-january-2013-ganelp.aspx?Redirected=true
8 Jan 2013
Download:
- https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.16.exe - 16.8 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.16.exe - 17.5 MB
.
AplusWebMaster
2013-01-08, 23:48
FYI...
Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://technet.microsoft.com/en-us/security/advisory/973811
• V1.14 (January 8, 2013): Updated the FAQ and Suggested Actions with information about attacks against NTLMv1 (NT LAN Manager version 1) and LAN Manager (LM) network authentication. Microsoft Fix it solutions for Windows XP and Windows Server 2003 are available to help protect against these attacks. Applying these Microsoft Fix it solutions enables NTLMv2 settings required for users to take advantage of Extended Protection for Authentication.
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.microsoft.com/en-us/security/advisory/2755801
• V6.0 (January 8, 2013): Added KB2796096* to the Current update section.
* http://support.microsoft.com/kb/2796096
:fear::fear:
AplusWebMaster
2013-01-14, 16:03
FYI...
IE patch to be released 1.14.2013
- http://technet.microsoft.com/en-us/security/bulletin/ms13-jan
January 13, 2013 - Version: 2.0 - "This is an advance notification for one out-of-band security bulletin that Microsoft is intending to release on January 14, 2013. The bulletin addresses a security vulnerability in Internet Explorer..."
- https://blogs.technet.com/b/msrc/archive/2013/01/13/advance-notification-for-update-to-address-security-advisory-2794220.aspx?Redirected=true
"... We recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels. If you have automatic updates enabled on your PC, you won’t need to take any action. If you applied the Fix it released in Security Advisory 2794220, you won’t need to uninstall it before applying the security update..."
:fear:
AplusWebMaster
2013-01-14, 20:54
FYI...
Microsoft Security Bulletin MS13-008 - Critical
Security Update for Internet Explorer (2799329)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-008
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Jan 14, 2013
:fear:
AplusWebMaster
2013-01-15, 05:16
FYI...
Microsoft Security Advisory (2798897)
Fraudulent Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/en-us/security/advisory/2798897
V1.1 (January 14, 2013): Corrected the disallowed certificate list effective date to "Monday, December 31, 2012 (or later)" in the FAQ entry, "After applying the update, how can I verify the certificates in the Microsoft Untrusted Certificates Store?"
Microsoft Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2794220
V2.0 (January 14, 2013): Advisory updated to reflect publication of security bulletin.
MS13-008
:fear:
AplusWebMaster
2013-02-12, 22:00
FYI...
- http://technet.microsoft.com/en-us/security/bulletin/ms13-feb
February 12, 2013 - "This bulletin summary lists security bulletins released for February 2013...
(Total of -12-)
Microsoft Security Bulletin MS13-009 - Critical
Cumulative Security Update for Internet Explorer (2792100)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-009
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-010 - Critical
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-010
Critical - Remote Code Execution - May require restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-011 - Critical
Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-011
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-012 - Critical
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-012
Critical - Remote Code Execution - May require restart - Microsoft Server Software
Microsoft Security Bulletin MS13-020 - Critical
Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-020
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-013 - Important
Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-013
Important - Remote Code Execution - May require restart Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS13-014 - Important
Vulnerability in NFS Server Could Allow Denial of Service (2790978)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-014
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-015 - Important
Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-015
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS13-016 - Important
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-016
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-017 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-017
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-018 - Important
Vulnerability in TCP/IP Could Allow Denial of Service (2790655)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-018
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-019 - Important
Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-019
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/0207.Overview-Slide-2-_2D00_-png.png
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/1738.Overview-Slide-1-_2D00_-png.png
- http://blogs.technet.com/b/msrc/archive/2013/02/12/baseball-bulletins-and-the-february-2013-release.aspx?Redirected=true
"... 12 bulletins, five Critical-class and seven Important-class, addressing 57 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Exchange and .NET Framework..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15142
Last Updated: 2013-02-13
- http://atlas.arbor.net/briefs/index#332003461
High Severity
Feb 13, 2013
Analysis: Many attackers are likely frustrated that their vulnerabilities have now been patched. However, those same attackers still have a significant window of opportunity because not everyone can, or will patch in a timely manner, as has been clearly demonstrated in the widespread use of commodity exploit kits as well as numerous targeted attacks that continue to reign in victims despite vulnerabilities being patched years ago in some cases. The most critical patches are for Internet Explorer, a major target for exploitation due to it's widespread use. Additional hardening in sensitive environments can help reduce the impact of exploitation attempts until patches can be deployed, and robust monitoring can help detect those exploit attempts to provide valuable security intelligence...
___
- https://secunia.com/advisories/52122/ - MS13-009
- https://secunia.com/advisories/52129/ - MS13-010
- https://secunia.com/advisories/52130/ - MS13-011
- https://secunia.com/advisories/52133/ - MS13-012
- https://secunia.com/advisories/52136/ - MS13-013
- https://secunia.com/advisories/52138/ - MS13-014
- https://secunia.com/advisories/52143/ - MS13-015
- https://secunia.com/advisories/52156/ - MS13-016
- https://secunia.com/advisories/52157/ - MS13-017
- https://secunia.com/advisories/52158/ - MS13-018
- https://secunia.com/advisories/52162/ - MS13-019
- https://secunia.com/advisories/52184/ - MS13-020
- https://secunia.com/advisories/52164/ - IE10 Flash
___
MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: February 12, 2013 - Revision: 119.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Sirefef..."
Download:
- https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.17.exe - 17.6 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.17.exe - 18.3 MB
.
AplusWebMaster
2013-02-26, 23:44
FYI...
Win7 IE10 released
- http://windows.microsoft.com/en-us/internet-explorer/downloads/ie-10/worldwide-languages
Feb 26, 2013
"Catch 22" ...
- http://arstechnica.com/information-technology/2013/02/internet-explorer-10-finally-released-for-windows-7/
Feb 26, 2013 - "... Windows Update will, in its default configuration, install it silently and automatically. Over the coming months, Microsoft will classify Internet Explorer 10 as "important" in more and more markets to ensure it is installed automatically as widely as possible. This marks a significant change from Microsoft's past practices. Traditionally, the company has released new browsers only as optional updates... Internet Explorer 10 on Windows 7 will be near-identical to its Windows 8 counterpart. This includes features such as support for the Pointer Events touch API and hardware acceleration using Direct2D and DirectWrite. To that end, installing Internet Explorer 10 on Windows 7 -requires- the installation of a platform update that brings Windows 7's version of these APIs in line with Windows 8... There will be one important difference between the versions, however. Internet Explorer 10 on Windows 8 includes an embedded version of Flash that gets its updates from Windows Update, rather than through Adobe's installer. On Windows 7, Flash will not be embedded. Instead, it will use the same ActiveX plugin as Internet Explorer 9 did. Updates will have to be installed using Adobe's updater, not Microsoft's."
___
From: Susan Bradley - http://msmvps.com/blogs/bradley/
Subject: Tracking BSOD's after KB2670838
- http://answers.microsoft.com/thread/66be9f5a-2257-4c4a-9c9c-5dc6f0f55d37
28 Feb 2013
I'd not be rushing that one out just yet
- https://www.infoworld.com/t/microsoft-windows/microsoft-pushes-another-botched-automatic-update-213802
March 04, 2013 - "... This buggy patch was part of the non-security-related patches typically released on the fourth Tuesday of the month. Since Microsoft switched the patch over to "Optional" on Thursday, it won't be offered automatically to those with Automatic Update turned on. But if you've already downloaded it, Windows may try to install it over and over again.If you've been bit by this bad patch, fortunately the solution is easy -- if you know where the problem came from and how to get rid of it.
> From a blue screen, re-start your PC. Click Start (yes, this is Windows 7) -> Control Panel -> Uninstall a Program. On the left, click the link to View Installed Updates. Scroll way down to KB 2670838, which should be at or near the top of the section marked Microsoft Windows. Double-click on the patch to uninstall it. Re-boot.
Next, just to make sure your system doesn't pick up the patch again, click Start -> Control Panel -> System and Security. Under Windows Update, click the link to Check for Updates. Click the link that says XX Optional Updates are Available. Right-click KB 2670383 and choose Hide.
And while you're at it, make sure Automatic Update is turned off. Last year, Microsoft pushed five different bad patches through Automatic Update. So far this year,the company is running at its usual rate of one really buggy patch every two or three months..."
IEv10 does not install on a hybrid graphics system
- http://support.microsoft.com/kb/2823483/en-us
Last Review: March 12, 2013 - Revision: 8.0
Applies to: Internet Explorer 10, Windows 7 Service Pack 1
___
- http://support.microsoft.com/kb/2670838
Last Review: February 26, 2013 - Revision: 4.0
"... a platform update for Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This update improves the features and performance of the following components:
• Direct2D
• DirectWrite
• Direct3D
• Windows Imaging Component (WIC)
• Windows Advanced Rasterization Platform (WARP)
• Windows Animation Manager (WAM)
• XPS Document API
• H.264 Video Decoder
• JPEG XR codec ..."
:fear::fear:
AplusWebMaster
2013-03-12, 19:31
FYI...
- http://technet.microsoft.com/en-us/security/bulletin/ms13-mar
March 12, 2013 - "This bulletin summary lists security bulletins released for March 2013.
(Total of -7-)
Microsoft Security Bulletin MS13-021 - Critical
Cumulative Security Update for Internet Explorer (2809289)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-021
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-022 - Critical
Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-022
Critical - Remote Code Execution - Does not require restart - Microsoft Silverlight
Microsoft Security Bulletin MS13-023 - Critical
Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-023
Critical - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-024 - Critical
Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-024
Critical - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS13-025 - Important
Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-025
Important - Information Disclosure - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-026 - Important
Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682)
- https://www.microsoft.com/technet/security/bulletin/MS13-026
Important - Information Disclosure - Does not require restart - Microsoft Office
Microsoft Security Bulletin MS13-027 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)
- http://technet.microsoft.com/en-us/security/bulletin/MS13-027
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/1321.DP-Slide.PNG
Severity and Exploitability index
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/0878.Severity-Slide.PNG
- https://blogs.technet.com/b/msrc/archive/2013/03/12/evolving-response-and-the-march-2013-bulletin-release.aspx?Redirected=true
12 Mar 2013
- https://blogs.technet.com/b/srd/archive/2013/03/12/assessing-risk-for-the-march-2013-security-updates.aspx?Redirected=true
12 Mar 2013 - "... seven security bulletins addressing 20 CVE’s..."
- https://www.computerworld.com/s/article/9237536/Microsoft_s_latest_patches_squash_potential_USB_hijack
"... nine critical vulnerabilities in the bulletin MS13-021 for Internet Explorer. They affect -every- current version of Internet Explorer, versions 6 through 10..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15385
Last Updated: 2013-03-13 08:48:46 UTC
___
MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: March 12, 2013 - Revision: 120.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Wecykler..."
- https://blogs.technet.com/b/mmpc/archive/2013/03/11/msrt-march-13-wecykler.aspx?Redirected=true
11 Mar 2013
Download:
- https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.18.exe - 18.6 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.18.exe - 19.3 MB
.
AplusWebMaster
2013-03-19, 18:47
FYI...
Windows 7 SP1 to start rolling out on Windows Update
- http://blogs.windows.com/windows/b/bloggingwindows/archive/2013/03/18/windows-7-sp1-to-start-rolling-out-on-windows-update.aspx
Mar 18, 2013 - "... Windows 7 RTM (with no service pack) will no longer be supported as of April 9th, 2013..."
:fear:
AplusWebMaster
2013-03-27, 01:31
FYI...
Microsoft Security Advisory (2819682)
Security Updates for Microsoft Windows Store Applications
- http://technet.microsoft.com/en-us/security/advisory/2819682
March 26, 2013 - "Microsoft is announcing the availability of security updates for Windows Store applications running on Windows 8, Windows RT, and Windows Server 2012 (Windows Server 2012 Server Core installations are not affected). The updates address vulnerabilities that are detailed in the Knowledge Base articles associated with each update..."
> http://support.microsoft.com/kb/2832006
March 26, 2013 - Revision: 1.0
Applies to:
Windows RT
Windows 8
Windows 8 Enterprise
Windows 8 Pro
Windows Server 2012 Datacenter
Windows Server 2012 Essentials
Windows Server 2012 Foundation
Windows Server 2012 Standard
___
- https://secunia.com/advisories/52779/
Release Date: 2013-03-27
Impact: Spoofing
Where: From remote...
Original Advisory:
- http://technet.microsoft.com/en-us/security/advisory/2819682
- http://support.microsoft.com/kb/2832006
:fear:
AplusWebMaster
2013-04-02, 15:56
FYI...
Skype v6.3.0.105 released
- https://secunia.com/advisories/52867/
Release Date: 2013-04-02
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
... vulnerabilities are reported in versions prior to 6.3.0.105.
Solution: Update to version 6.3.0.105.
Original Advisory: http://blogs.skype.com/2013/03/14/skype-6-3-for-windows/
___
Skypemageddon by bitcoining
- https://www.securelist.com/en/blog/208194210/Skypemageddon_by_bitcoining
April 04 2013 - "... malware connects to its C2 server located in Germany... 213.165.68.138
- https://www.virustotal.com/en/file/411e93206a7750c8df25730349bf9756ddba52c1bc780eaac4bba2b3872bc037/analysis/
File name: skype-img-04_04-2013-exe.exe
Detection ratio: 32/46
Analysis date: 2013-04-08
:fear::fear:
AplusWebMaster
2013-04-04, 20:35
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms13-apr
April 04, 2013 - "This is an advance notification of security bulletins that Microsoft is intending to release on April 9, 2013...
(Total of -9-)
Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 2 - Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 3 - Important - Information Disclosure - May require restart - Microsoft Office, Microsoft Server Software
Bulletin 4 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 5 - Important - Denial of Service - Requires restart - Microsoft Windows
Bulletin 6 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 7 - Important - Elevation of Privilege - Requires restart - Microsoft Security Software
Bulletin 8 - Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
Bulletin 9 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
.
AplusWebMaster
2013-04-09, 17:33
FYI...
MS - End of Support ...
- https://blogs.technet.com/b/rmilne/archive/2013/04/08/exchange-support-save-the-date-8th-april-2014.aspx?Redirected=true
8 Apr 2013 - "...
Outlook 2003 will transition out of extended support on 8th of April 2014
Exchange Server 2003 will transition out of extended support on 8th of April 2014
Windows XP will transition out of extended support on 8th of April 2014
Exchange 2010 SP2 will transition out of support on 8th April 2014
And as non Exchange specific item, please also note Windows 2003:
Windows Server 2003 will transition out of extended support on 14th of July 2015 ..."
:fear:
AplusWebMaster
2013-04-09, 20:30
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms13-apr
April 09, 2013 - "This bulletin summary lists security bulletins released for April 2013...
(Total of -9-)
Microsoft Security Bulletin MS13-028 - Critical
Cumulative Security Update for Internet Explorer (2817183)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-028
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-029 - Critical
Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-029
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-030 - Important
Vulnerability in SharePoint Could Allow Information Disclosure (2827663)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-030
Important - Information Disclosure - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS13-031 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-031
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-032 - Important
Vulnerability in Active Directory Could Lead to Denial of Service (2830914)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-032
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-033 - Important
Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-033
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-034 - Important
Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-034
Important - Elevation of Privilege - Requires restart - Microsoft Security Software
Microsoft Security Bulletin MS13-035 - Important
Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-035
Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS13-036 - Important
Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-036
Important - Elevation of Privilege - Requires restart - Microsoft Windows
V2.0 (April 11, 2013): Added links to Microsoft Knowledge Base Article 2823324 and Microsoft Knowledge Base Article 2839011 under Known Issues. Removed Download Center links for Microsoft security update 2823324. Microsoft recommends that customers uninstall this update. See the Update FAQ for details.
MS13-036: Description of the security update for the Windows file system kernel-mode driver (ntfs.sys):
* http://support.microsoft.com/kb/2823324/en-us
Last Review: April 11, 2013 - Revision: 2.1 - See: "Known issues with this security update... Microsoft recommends that customers -uninstall- this update..."
MS13-036: Description of the security update for the Windows kernel-mode driver (win32k.sys)
- http://support.microsoft.com/default.aspx?scid=kb;en-us;2808735
Last Review: April 9, 2013 - Revision: 1.0 - "Known issues with this security update: After you install this security update, certain Multiple Master fonts cannot be installed..."
___
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/6354.20130409_2D00_Slide2.PNG
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/8637.20130409_2D00_Slide1.PNG
- http://blogs.technet.com/b/msrc/archive/2013/04/09/out-with-the-old-in-with-the-april-2013-security-updates.aspx?Redirected=true
- http://blogs.technet.com/b/srd/archive/2013/04/09/assessing-risk-for-the-april-2013-security-updates.aspx?Redirected=true
9 Apr 2013 - "... nine security bulletins addressing 13 CVE’s..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15577
Last Updated: 2013-04-09 17:59:33 UTC
___
- https://secunia.com/advisories/52874/ - MS13-028
- https://secunia.com/advisories/52911/ - MS13-029
- https://secunia.com/advisories/52914/ - MS13-030
- https://secunia.com/advisories/52916/ - MS13-031
- https://secunia.com/advisories/52917/ - MS13-032
- https://secunia.com/advisories/52919/ - MS13-033
- https://secunia.com/advisories/52921/ - MS13-034
- https://secunia.com/advisories/52928/ - MS13-035
- https://secunia.com/advisories/52930/ - MS13-036
___
MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: April 9, 2013 - Revision: 121.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Babonock
• Redyms
• Vesenlosow..."
- https://blogs.technet.com/b/mmpc/archive/2013/04/09/msrt-april-2013-vesenlosow.aspx?Redirected=true
Download:
- https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.19.exe - 18.7 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.19.exe - 19.4 MB
.
AplusWebMaster
2013-04-11, 20:46
FYI...
MS13-036 problems - KB2823324 / KB2829996
- https://isc.sans.edu/diary.html?storyid=15593
Last Updated: 2013-04-11 02:13:03 UTC
- https://isc.sans.edu/diary/KB2823324+causing+boot+issues+in+Brazil+and+some+other+locales/15593#comment
Date: Wed, 10 Apr 2013 14:53:23 -0700
From: Susan Bradley - patchmanagement.org
Subject: MS13-036 / KB2829996
Getting early unconfirmed reports in Brazil that MS13-036 / KB2829996 MS13-036 is causing system hangs that require replacing ntfs.sys to get the machines up and running again so they can perform a system restore...
___
Stop 0xc000000e startup error in Windows 7 after you install security update 2823324*
- https://support.microsoft.com/kb/2839011
Last Review: April 12, 2013 - Revision: 2.0
"Microsoft is investigating behavior wherein systems may not recover from a restart or applications cannot load after security update 2823324 is applied. We recommend that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the 2823324 update while we investigate..."
MS13-036: Description of the security update for the Windows file system kernel-mode driver (ntfs.sys):
* http://support.microsoft.com/kb/2823324/en-us
Last Review: April 12, 2013 - Revision: 2.2 - See: "Known issues with this security update..."
- https://blogs.technet.com/b/msrc/archive/2013/04/11/kb2839011-released-to-address-security-bulletin-update-issue.aspx?Redirected=true
MSRCTeam | 11 Apr 2013 7:10 PM
:sad: :fear:
AplusWebMaster
2013-04-18, 13:07
FYI...
Repair Disk for KB2823324 and KB2782476 (KB2840165)
To help customers who are experiencing difficulties restarting their systems after installation of security update 2823324
- https://www.microsoft.com/en-us/download/details.aspx?id=38435
4/17/2013
Thanks to Susan Bradley for posting it @ patchmanagement.org
:fear:
AplusWebMaster
2013-04-24, 03:45
FYI...
Microsoft Security Bulletin MS13-036 - Important
Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-036
V3.0 (April 23, 2013): Rereleased bulletin to replace the 2823324 update with the 2840149 update for NTFS.sys when installed on supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. See the Update FAQ* for details.
* "To address known issues with security update 2823324, Microsoft rereleased bulletin MS13-036 to replace the 2823324 update with the 2840149 update for NTFS.sys when installed on all affected versions of Microsoft Windows. Security update 2823324 was expired on April 11, 2013. Microsoft strongly recommends that customers with the 2823324 update still installed should -uninstall- the update prior to applying the 2840149 update*. All customers should apply the 2840149 update, which replaces the expired 2823324 update."
** http://support.microsoft.com/kb/2840149
- https://blogs.technet.com/b/msrc/archive/2013/04/23/new-update-available-for-ms13-036.aspx?Redirected=true
23 Apr 2013
___
- http://technet.microsoft.com/en-us/security/bulletin/ms13-036
Updated: Wednesday, April 24, 2013
Revisions:
• V1.0 (April 9, 2013): Bulletin published.
• V2.0 (April 11, 2013): Added links to Microsoft Knowledge Base Article 2823324 and Microsoft Knowledge Base Article 2839011 under Known Issues. Removed Download Center links for Microsoft security update 2823324. Microsoft recommends that customers uninstall this update. See the Update FAQ for details.
• V2.1 (April 17, 2013): Added FAQs to provide additional guidance for customers who are having difficulties restarting their systems after installing security update 2823324. See the Update FAQ for details.
• V3.0 (April 23, 2013): Rereleased bulletin to replace the 2823324 update with the 2840149 update for NTFS.sys when installed on supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. See the Update FAQ for details.
• V3.1 (April 24, 2013): Corrected KB article hyperlink and incorrect KB numbers for Windows 7 for x64-based Systems and Windows Server 2008 R2 for Itanium-based Systems in the Affected Software table. These are informational changes only.
- https://windowssecrets.com/newsletter/going-google-apps-part-2-move-your-docs/#story6
April 24, 2013
MS13-036 (2808735, 2823324, 2840149)
> A Windows kernel update causes havoc for some
... recommend keeping KB 2808735, also included in MS13-036, on hold, too ..."
:fear:
AplusWebMaster
2013-05-04, 06:39
FYI...
Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2847140
May 03, 2013 - "Microsoft is investigating public reports of a vulnerability in IEv8. Microsoft is aware of attacks that attempt to exploit this vulnerability. Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.
This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
- https://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-security-advisory-2847140.aspx?Redirected=true
3 May 2013 - "... impacts Internet Explorer 8... This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message..."
___
- http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/
May 4, 2013
- http://www.invincea.com/2013/05/part-2-us-dept-labor-watering-hole-pushing-poison-ivy-via-ie8-zero-day/
May 3, 2013 - "... driveby download exploit of IE8... to install the Poison Ivy backdoor Trojan..."
- https://www.virustotal.com/en/file/ea80dba427e7e844a540286faaccfddb6ef2c10a4bc6b27e4b29ca2b30c777fb/analysis/
File name: stub.EXE
Detection ratio: 26/46
Analysis date: 2013-05-02
- http://www.securitytracker.com/id/1028514
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1347
May 4 2013
Vendor Confirmed: Yes
Version(s): 8
Versions 6, 7, 9, and 10 are not affected.
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: No solution was available at the time of this entry.
The vendor's advisory is available at:
http://technet.microsoft.com/en-us/security/advisory/2847140
:mad:
AplusWebMaster
2013-05-06, 20:40
FYI...
IE8 0-Day update ...
- https://isc.sans.edu/diary.html?storyid=15734
Last Updated: 2013-05-06 14:33:57 UTC - "... a Metasploit module was released to exploit the recent Internet Explorer 8 vulnerability. The vulnerability has also been assigned CVE-2013-1347..."
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1347 - 10.0 (HIGH)
Last revised: 05/06/2013 - "... as exploited in the wild in May 2013."
- http://technet.microsoft.com/security/advisory/2847140
May 03, 2013
:fear::fear:
AplusWebMaster
2013-05-09, 06:45
FYI...
Fix it for IEv8 available
- http://support.microsoft.com/kb/2847140#FixItForMe
Last Review: May 9, 2013 - Revision: 2.0 - "... CVE-2013-1347 MSHTML Shim Workaround... To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard..." Microsoft Fix it 50992
- https://blogs.technet.com/b/msrc/archive/2013/05/08/fix-it-for-security-advisory-2847140-is-available.aspx?Redirected=true
8 May 2013 - "... applying the Fix it does not require a reboot. We encourage all customers using Internet Explorer 8 to apply this Fix it to help protect their systems..."
- http://technet.microsoft.com/en-us/security/advisory/2847140
• V1.1 (May 8, 2013): Added link to Microsoft Fix it solution, "CVE-2013-1347 MSHTML Shim Workaround," that prevents exploitation of this issue.
- http://www.securitytracker.com/id/1028514
"... This is currently being actively exploited in targeted attacks. Solution: ... As a workaround apply the Microsoft Fix it solution "CVE-2013-1347 MSHTML Shim Workaround" to mitigate the vulnerability..."
:fear:
AplusWebMaster
2013-05-14, 21:02
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms13-may
May 14, 2013 - "This bulletin summary lists security bulletins released for May 2013...
(Total of -10-)
Microsoft Security Bulletin MS13-037 - Critical
Cumulative Security Update for Internet Explorer (2829530)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-037
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-038 - Critical
Security Update for Internet Explorer (2847204)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-038
Critical - Remote Code Execution - May require restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-039 - Important
Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-039
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-040 - Important
Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-040
Important - Spoofing - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS13-041 - Important
Vulnerability in Lync Could Allow Remote Code Execution (2834695)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-041
Important - Remote Code Execution - May require restart - Microsoft Lync
Microsoft Security Bulletin MS13-042 - Important
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-042
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-043 - Important
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-043
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-044 - Important
Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)
- https://technet.microsoft.com/en-ca/security/bulletin/ms13-044
Important - Information Disclosure - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-045 - Important
Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-045
Important - Information Disclosure - May require restart - Microsoft Windows Essentials
Microsoft Security Bulletin MS13-046 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-046
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/archive/2013/05/13/microsoft-customer-protections-for-may-2013.aspx?Redirected=true
"... 10 bulletins, addressing 33 vulnerabilities in Microsoft products..."
Bulletin Deployment Priority
> https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/8787.Deployment-Priority.png
Severity and Exploitability Index
> https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/6685.Severity-and-Exploitability-Index.png
MS13-037 addressing Pwn2own vulnerabilities
- https://blogs.technet.com/b/srd/archive/2013/05/14/ms13-037-addressing-pwn2own-vulnerabilities.aspx?Redirected=true
14 May 2013
___
May 2013 Security Bulletin Webcast Q&A
- https://blogs.technet.com/b/msrc/p/may-2013-security-bulletin-q-a.aspx?Redirected=true
May 15, 2013
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15791
Last Updated: 2013-05-14 17:52:27 UTC
___
- https://secunia.com/advisories/53327/ - MS13-037
- https://secunia.com/advisories/53314/ - MS13-038 - IE 8
- https://secunia.com/advisories/53340/ - MS13-039
- https://secunia.com/advisories/53350/ - MS13-040
- https://secunia.com/advisories/53363/ - MS13-041
- https://secunia.com/advisories/53370/ - MS13-042
- https://secunia.com/advisories/53379/ - MS13-043
- https://secunia.com/advisories/53380/ - MS13-044
- https://secunia.com/advisories/53383/ - MS13-045
- https://secunia.com/advisories/53385/ - MS13-046
___
MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: May 14, 2013 - Revision: 122.0
- https://blogs.technet.com/b/mmpc/archive/2013/05/14/don-t-pay-the-rogue-scan-with-msrt.aspx?Redirected=true
14 May 2013 - "... added three new families to this month’s Malicious Software Removal Tool (MSRT): Win32/FakeDef, Win32/Vicenor, and Win32/Kexqoud..."
(More detail and Screenshots at the URL above.)
Download:
- https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
File Name: Windows-KB890830-V4.20.exe - 19.3 MB
Windows Malicious Software Removal Tool x64:
File Name: Windows-KB890830-x64-V4.20.exe - 20.0 MB
___
- https://krebsonsecurity.com/2013/05/microsoft-adobe-push-critical-security-updates-2/
"<soapbox>On a side note..Dear Microsoft: Please stop asking people to install Silverlight every time they visit a Microsoft.com property. I realize that Silverlight is a Microsoft product, but it really is not needed to view information about security updates. In keeping with the principle of reducing the attack surface of an operating system, you should not be foisting additional software on visitors who are coming to you for information on how to fix bugs and vulnerabilities in Microsoft products that they already have installed. </soapbox>"
> https://krebsonsecurity.com/wp-content/uploads/2013/05/MSsilverlight.png
.
AplusWebMaster
2013-05-14, 22:25
FYI...
Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2847140
Updated: Tuesday, May 14, 2013 Version: 2.0 - "... We have issued MS13-038* to address this issue..."
* https://technet.microsoft.com/en-us/security/bulletin/ms13-038
Microsoft Security Advisory (2820197)
Update Rollup for ActiveX Kill Bits
- http://technet.microsoft.com/en-us/security/advisory/2820197
May 14, 2013 - "... This update includes kill bits to prevent the following ActiveX controls from being run in Internet Explorer:
• Honeywell Enterprise Buildings Integrator. The following Class Identifier relates to a request by Honeywell to set a kill bit for an ActiveX control that is vulnerable. The class identifier (CLSIDs) for this ActiveX control is:
{0d080d7d-28d2-4f86-bfa1-d582e5ce4867}
• SymmetrE and ComfortPoint Open Manager. The following Class Identifier relates to a request by Honeywell to set a kill bit for an ActiveX control that is vulnerable. The class identifier (CLSIDs) for this ActiveX control is:
{29e9b436-dfac-42f9-b209-bd37bafe9317} ..."
Microsoft Security Advisory (2846338)
Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2846338
May 14, 2013 - "... Only x64-based versions of the Malware Protection Engine are affected... The Microsoft Malware Protection Engine is a part of several Microsoft antimalware products. See the Affected Software section for a list of affected products..."
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
- http://technet.microsoft.com/en-us/security/advisory/2755801
Updated: Tuesday, May 14, 2013 - "... update addresses the vulnerabilities described in Adobe Security bulletin APSB13-14*..."
* https://www.adobe.com/support/security/bulletins/apsb13-14.html
"... Flash Player 11.7.700.202 for Windows 8..."
:fear::fear::fear::fear:
AplusWebMaster
2013-06-11, 20:19
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms13-jun
June 11, 2013 - "This bulletin summary lists security bulletins released for June 2013...
(Total of -5-)
Microsoft Security Bulletin MS13-047 - Critical
Cumulative Security Update for Internet Explorer (2838727)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-047
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-048 - Important
Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-048
Important - Information Disclosure - Requires restart - Microsoft Windows
- https://support.microsoft.com/kb/2839229
Last Review: June 15, 2013 - Revision: 4.1 - "... MS13-048... Known issues with this security update:
Customers who use non-updated versions of certain Kingsoft software products may experience issues installing this security update. In some cases, systems may not successfully restart after security update 2839229 is applied, and customers may encounter a blue or blank screen. We are aware that Kingsoft antivirus and browser product components (kisknl.sys, knbdrv.sys, and dgsafe.sys) may be affected. We recommend that customers update their Kingsoft software to the latest versions -before- security update 2839229 is applied..."
Microsoft Security Bulletin MS13-049 - Important
Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-049
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-050 - Important
Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/security/bulletin/ms13-050
Important - Elevation of privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-051 - Important
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-051
Important - Remote Code Execution - May require restart - Microsoft Office
___
- http://blogs.technet.com/b/srd/archive/2013/06/11/ms13-051-get-out-of-my-office.aspx?Redirected=true
11 Jun 2013 - "MS13-051... We have seen this vulnerability exploited in targeted 0day attacks in the wild..."
- https://krebsonsecurity.com/2013/06/adobe-microsoft-patch-flash-windows/
11 Jun 2013 - "... five updates address 23 vulnerabilities in Windows, Internet Explorer, and Office..."
- http://blogs.technet.com/b/msrc/archive/2013/06/11/improved-cryptography-and-the-june-2013-bulletins.aspx?Redirected=true
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/8080.June-2013-DP-Slide.PNG
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/1512.June-2013-XI-and-Severity.PNG
___
- https://secunia.com/advisories/53728/ - MS13-047
- https://secunia.com/advisories/53739/ - MS13-048
- https://secunia.com/advisories/53741/ - MS13-049
- https://secunia.com/advisories/53742/ - MS13-050
- https://secunia.com/advisories/53747/ - MS13-051
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15977
Last Updated: 2013-06-11 17:10:35 UTC
___
MSRT
- https://support.microsoft.com/?kbid=890830
June 11, 2013 - Revision: 123.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Tupym..."
Download:
- https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
Windows-KB890830-V5.1.exe - 19.1 MB
... Change systems:
Windows Malicious Software Removal Tool x64:
Windows-KB890830-x64-V5.1.exe - 19.9 MB
.
AplusWebMaster
2013-06-11, 23:28
FYI...
Microsoft Security Advisory (2854544)
Update to Improve Cryptography and Digital Certificate Handling in Windows
- http://technet.microsoft.com/en-us/security/advisory/2854544
June 11, 2013 - "... Microsoft released an update (2813430) for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT..."
* http://support.microsoft.com/kb/2813430
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
- http://technet.microsoft.com/en-us/security/advisory/2755801
June 11, 2013 - Version: 13.0
:fear::fear:
AplusWebMaster
2013-06-27, 14:45
FYI...
MS13-029 re-released for XPSP3 ...
Microsoft Security Bulletin MS13-029 - Critical
- https://technet.microsoft.com/en-us/security/bulletin/ms13-029
... Update FAQ: Why was this bulletin revised on June 25, 2013?
Microsoft revised this bulletin to rerelease the 2813347 update for Remote Desktop Connection 7.0 Client on Windows XP Service Pack 3. The rereleased update addresses an issue with the original update that caused the update to be incorrectly reoffered to systems running in specific configurations. Microsoft recommends that customers running the affected software apply the rereleased security update immediately...
V2.0 (June 25, 2013): Revised bulletin to rerelease the 2813347 update for Remote Desktop Connection 7.0 Client on Windows XP Service Pack 3. Microsoft recommends that customers running the affected software apply the rereleased security update immediately...
- https://support.microsoft.com/kb/2828223
Last Review: June 25, 2013 - Revision: 2.0
:fear::fear:
AplusWebMaster
2013-07-09, 20:29
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms13-jul
July 09, 2013 - "This bulletin summary lists security bulletins released for July 2013...
(Total of -7-)
Microsoft Security Bulletin MS13-052 - Critical
Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-052
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Silverlight
Microsoft Security Bulletin MS13-053 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-053
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-054 - Critical
Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-054
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office, Microsoft Visual Studio, Microsoft Lync
Microsoft Security Bulletin MS13-055 - Critical
Cumulative Security Update for Internet Explorer (2846071)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-055
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
V1.1 (July 9, 2013): Bulletin revised to announce that Microsoft is aware of targeted attacks attempting to exploit the vulnerability described in CVE-2013-3163 through Internet Explorer 8. Applying this security update protects customers from exploitation of this vulnerability.
- https://atlas.arbor.net/briefs/index#31300424
High Severity
July 11, 2013
A 0day Internet Explorer exploit has been used in one or more targeted attack campaigns. Microsoft is aware of the issue but patching has yet to take place, leaving a window of vulnerability now that the issue is more well known.
Analysis: It is impossible to avoid all 0day attacks because by their very nature, few will know of the vulnerability. It's not secret that nation-states, security contractors and intelligence agencies have access to many vulnerabilities that are developed in-house or are part of covert markets. Despite this persistent problem with an unknown attack surface, reduction of attack surface is key, along with robust monitoring of resources of value for indicators of compromise. On the host side, Microsofts EMET technology stymies this particular exploit, although in general EMET can be evaded. Despite it's weaknesses, EMET is an extra layer of defense and it's low deployment likely means that some attackers will be less likely to attempt to bypass it's defenses. In the meanwhile, indicators from this particular attack can be useful to help determine if your organization has been targeted.
Source: http://blogs.technet.com/b/srd/archive/2013/07/10/running-in-the-wild-not-for-so-long.aspx
10 Jul 2013 - "... addressed by yesterday’s Microsoft Security Bulletin MS13-055. If you have not yet updated, please do so at the earliest possible..."
Microsoft Security Bulletin MS13-056 - Critical
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-056
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-057 - Critical
Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-057
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-058 - Important
Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-058
Important - Elevation of Privilege - Does not require restart - Microsoft Security Software
___
- http://blogs.technet.com/b/msrc/archive/2013/07/09/a-new-policy-for-store-apps-and-the-july-2013-security-updates.aspx?Redirected=true
9 Jul 2013
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/2746.July-2013-DP.png
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/5670.July-2013-Severity.png
___
- https://secunia.com/advisories/54025/ - MS13-052
- https://secunia.com/advisories/53435/ - MS13-053
- https://secunia.com/advisories/54057/ - MS13-054
- https://secunia.com/advisories/54060/ - MS13-055
- https://secunia.com/advisories/54061/ - MS13-056
- https://secunia.com/advisories/54062/ - MS13-057
- https://secunia.com/advisories/54063/ - MS13-058
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=16126
Last Updated: 2013-07-09 18:22:06 UTC... (Version: 2)
- https://atlas.arbor.net/briefs/index#-271320476
Extreme Severity
July 11, 2013 21:27
Microsoft and Adobe release critical updates. There are apparently two in-the-wild exploits for Microsoft vulnerabilities that are patched herein, so quick deployment is important.
Analysis: One of the Microsoft security holes was disclosed to the public via sharing of exploit code. This has unsurprisingly resulted in the vulnerability being exploited in the wild. There is additional evidence to suggest another one of the vulnerabilities is also being exploited, and details are emergent. No known attacks are taking advantage of the security holes patched by Adobe, however it is always likely that resourceful attackers have known of at least some of these vulnerabilities and have used them in targeted attacks.
Source: https://krebsonsecurity.com/2013/07/adobe-microsoft-release-critical-updates/
___
July 2013 Office Update Release
- https://blogs.technet.com/b/office_sustained_engineering/archive/2013/07/09/july-2013-office-update-release.aspx?Redirected=true
9 Jul 2013
___
- https://www.computerworld.com/s/article/9240668/Patch_Tuesday_release_handles_malicious_fonts_in_Microsoft_Windows
July 9, 2013 - "... 17 of the 34 vulnerabilities covered in the bulletins address IE..."
- http://www.securitytracker.com/id/1028745
CVE Reference: CVE-2013-3115, CVE-2013-3143, CVE-2013-3144, CVE-2013-3145, CVE-2013-3146, CVE-2013-3147, CVE-2013-3148, CVE-2013-3149, CVE-2013-3150, CVE-2013-3151, CVE-2013-3152, CVE-2013-3153, CVE-2013-3161, CVE-2013-3162, CVE-2013-3163, CVE-2013-3164, CVE-2013-3166
Jul 9 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6, 7, 8, 9, 10 ...
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/security/advisory/2755801
V14.0 (July 9, 2013): Added the 2857645 update to the Current Update section.
Current Update: On July 9, 2013, Microsoft released an update (2857645) for all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-17*. For more information about this update, including download links, see Microsoft Knowledge Base Article 2857645**. Note: The update for Windows RT is available via Windows Update only. The 2857645 update is also available for Internet Explorer 11 Preview in Windows 8.1 Preview and Windows 8.1 RT Preview releases. The update is available via Windows Update.
* http://www.adobe.com/support/security/bulletins/apsb13-17.html
CVE-2013-3344, CVE-2013-3345, CVE-2013-3347
Flash Player in Internet Explorer 10
** http://support.microsoft.com/kb/2857645
July 9, 2013
___
MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: July 9, 2013 - Revision: 124.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... list includes every major virus and worm family the tool provides detection and cleaning capabilities for since its initial release on January 11, 2005..."
Download:
- https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
Windows-KB890830-V5.2.exe
Windows Malicious Software Removal Tool x64:
Windows-KB890830-x64-V5.2.exe
.
AplusWebMaster
2013-07-16, 16:07
FYI...
Problems with MS13-057...
Half your video missing in Windows Movie Maker?[1] MS13-057 to blame.
- http://blog.dynamoo.com/2013/07/half-your-video-missing-in-windows.html
16 July 2013 - "... I am not alone.. an InfoWorld post* also indicates that there are problems with Adobe Premiere Pro, Techsmith Camtasia Studio, Serif MoviePlus X6 plus some games due to the MS13-057 update pushed out a week ago. If you are experiencing critical problems with missing video, then the only thing to do seems to be to uninstall the Windows Media Player patch listed as KB2803821 or KB2834904. If this isn't causing a problem then you may as well keep the patch in place to protect your system. I would expect another patch to be re-issued soon."
* https://www.infoworld.com/t/microsoft-windows/another-botched-windows-patch-ms13-057kb-2803821kb-2834904-222636
July 12, 2013
1) https://lh3.ggpht.com/-k5l-sYmfu54/UeTv5jiI8fI/AAAAAAAABfc/klA1eobwtxQ/s400/wmm.jpg
___
- https://isc.sans.edu/diary.html?storyid=16168
Last Updated: 2013-07-15 21:34:45 UTC
___
MS13-057: Description of the security update for Windows Media Format Runtime 9 and 9.5 (wmvdmod.dll), and for Windows Media Player 11 and 12
- http://support.microsoft.com/default.aspx?scid=kb;en-us;2803821
Last Review: August 13, 2013 - Revision: 8.0 - "... If you use Adobe Premier Pro CS6, Camtasia Studio 8.1, or Serif MoviePlus X6, you may experience issues after installing 2803821. In some cases, WMV video files may fail to successfully encode or decode. Upon completion of the investigation, Microsoft will take appropriate action to help protect our customers. This may include providing mitigations and workarounds or re-releasing this security update."
___
3 more botched Windows patches: KB 2803821, KB 2840628, and KB 2821895
Two Black Tuesday patches -- MS 13-052 and MS 13-057 -- and last month's nonsecurity patch KB 2821895 cause a variety of problems
- https://www.infoworld.com/t/microsoft-windows/3-more-botched-windows-patches-kb-2803821-kb-2840628-and-kb-2821895-222807
July 16, 2013
MS13-052: https://support.microsoft.com/kb/2861561
Last Review: July 11, 2013 - Revision: 2.0
MS13-057: https://support.microsoft.com/kb/2847883
Last Review: July 17, 2013 - Revision: 4.0
KB 2821895: https://support.microsoft.com/kb/2821895
Last Review: June 20, 2013 - Revision: 5.0
:fear: :sad:
AplusWebMaster
2013-08-13, 20:27
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms13-aug
August 13, 2013 - "This bulletin summary lists security bulletins released for August 2013...
(Total of -8-)
Microsoft Security Bulletin MS13-059 - Critical
Cumulative Security Update for Internet Explorer (2862772)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-059
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-060 - Critical
Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2850869)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-060
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-061 - Critical
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-061
Critical - Remote Code Execution - May require restart - Microsoft Server Software
Microsoft Security Bulletin MS13-062 - Important
Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege (2849470)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-062
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-063 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2859537)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-063
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-064 - Important
Vulnerability in Windows NAT Driver Could Allow Denial of Service (2849568)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-064
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-065 - Important
Vulnerability in ICMPv6 could allow Denial of Service (2868623)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-065
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-066 - Important
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/security/bulletin/ms13-066
Important - Information Disclosure - May require restart - Microsoft Windows
___
MS13-052: Vulnerabilities in .NET Framework and Silverlight could allow remote code execution
- https://support.microsoft.com/kb/2861561
August 13, 2013 This security update has been re-released and contains some updated articles. We recommend that you apply this updated security update.
Last Review: August 13, 2013 - Revision: 5.0
- https://technet.microsoft.com/en-us/security/bulletin/MS13-052
Updated: August 13, 2013
MS13-057: Description of the security update for Windows Media Format Runtime 9 and 9.5 (wmvdmod.dll), and for Windows Media Player 11 and 12
- http://support.microsoft.com/default.aspx?scid=kb;en-us;2803821
"... issue resolved for Win7 and Win Svr 2008R2...
re-released version of security update 2803821 - August 13, 2013..."
Last Review: August 13, 2013 - Revision: 8.0
- https://technet.microsoft.com/en-us/security/bulletin/MS13-057
Updated: August 13, 2013
___
- http://blogs.technet.com/b/msrc/archive/2013/08/13/leaving-las-vegas-and-the-august-2013-security-updates.aspx?Redirected=true
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/3010.Aug-2013-DP-Slide.PNG
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/8461.Aug-2013-Sev-and-XI-Slide.PNG
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=16358
Last Updated: 2013-08-13 17:28:40
- http://www.theinquirer.net/inquirer/news/2288782/microsofts-patch-tuesday-for-august-fixes-critical-bugs-in-internet-explorer-and-exchange
Aug 14 2013 - "... MS13-059 fixes 11 vulnerabilities in all versions of IE from IE6 to IE10... two patches for address space layout randomisation (ALSR) bypasses this month in MS13-059 for IE and MS13-063 in the Windows kernel..."
___
- https://secunia.com/advisories/53998/ - MS13-059
- https://secunia.com/advisories/54364/ - MS13-060
- https://secunia.com/advisories/54392/ - MS13-061
- https://secunia.com/advisories/54394/ - MS13-062
- https://secunia.com/advisories/54406/ - MS13-063
- https://secunia.com/advisories/54420/ - MS13-064
- https://secunia.com/advisories/54440/ - MS13-065
- https://secunia.com/advisories/54459/ - MS13-066
___
MSRT
- https://support.microsoft.com/?kbid=890830
August 13, 2013 - Revision: 125.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... list includes every major virus and worm family the tool provides detection and cleaning capabilities for since its initial release on January 11, 2005..."
Download:
- https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
Windows-KB890830-V5.3.exe
Windows Malicious Software Removal Tool x64:
Windows-KB890830-x64-V5.3.exe
.
AplusWebMaster
2013-08-13, 21:44
FYI...
Microsoft Security Advisory (2861855)
Updates to Improve Remote Desktop Protocol Network-level Authentication
- http://technet.microsoft.com/en-us/security/advisory/2861855
August 13, 2013
Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.microsoft.com/en-us/security/advisory/2862973
August 13, 2013
Microsoft Security Advisory (2854544)
Updates to Improve Cryptography and Digital Certificate Handling in Windows
- http://technet.microsoft.com/en-us/security/advisory/2854544
Published: June 11, 2013 | Updated: August 13, 2013
Microsoft security advisories: RDP and MD5 deprecation in Microsoft root certificates
- https://isc.sans.edu/diary.html?storyid=16361
Last Updated: 2013-08-13 18:12:43
:fear::fear::fear:
AplusWebMaster
2013-08-15, 05:20
FYI...
MS13-061 rescinded ...
- https://blogs.technet.com/b/exchange/archive/2013/08/14/exchange-2013-security-update-ms13-061-status-update.aspx?Redirected=true
14 Aug 2013 - "Late last night we became aware of an issue with MS13-061 security update for Exchange Server 2013. Specifically, after the installation of the security update, the Content Index for mailbox databases shows as Failed and the Microsoft Exchange Search Host Controller service is renamed. For those that have already installed the MS13-061 security update for Exchange Server 2013, we already have KB 2879739* that provides the steps on how to resolve this issue. However, due to this issue and that it affects all Mailbox server installations, we have decided to pull the MS13-061 security update temporarily.
Note: This issue does not occur in Exchange 2010 or Exchange 2007. You can proceed with testing and deploying Exchange 2007 SP3 RU11, Exchange 2010 SP2 RU7, and Exchange 2010 SP3 RU2.
Recommendation: If you have already installed MS13-061 security update on your Exchange 2013 servers, we recommend following the steps in KB 2879739 to resolve the issue. If you have not installed MS13-061 security update on your Exchange 2013 servers, we recommend not proceeding with the update at this time..."
Update 2874216 breaks the content index in Exchange Server 2013
* https://support.microsoft.com/kb/2879739 - MS13-061
Last Review: August 20, 2013 - Revision: 5.0 <<
Applies to:
- Microsoft Exchange Server 2013 Enterprise
- Microsoft Exchange Server 2013 Standard
:fear:
AplusWebMaster
2013-08-15, 17:59
FYI...
MS botches six Windows patches in latest Automatic Update
Microsoft acknowledges it has problems with KB 2876063, KB 2859537, KB 2873872, KB 2843638, KB 2843639, and KB 2868846 -- all released earlier this week
- http://www.infoworld.com/t/microsoft-windows/microsoft-botches-six-windows-patches-in-latest-automatic-update-224988
August 15, 2013 (Details at the URL above)
___
KB 2876063
- http://support.microsoft.com/kb/2876063 - MS13-061
Last Review: August 27, 2013 - Revision: 3.0
KB 2859537
- http://support.microsoft.com/kb/2859537 - MS13-063
Last Review: August 16, 2013 - Revision: 3.0 <<
KB 2873872
- http://support.microsoft.com/kb/2873872 - MS13-066
Last Review: August 19, 2013 - Revision: 4.0 <<
KB 2843638
- http://support.microsoft.com/kb/2843638 - MS13-066
Last Review: August 23, 2013 - Revision: 8.0
KB 2843639
- http://support.microsoft.com/kb/2843639 - MS13-066
Last Review: August 19, 2013 - Revision: 9.0 <<
KB 2868846
- http://support.microsoft.com/kb/2868846 - MS13-066
Last Review: August 19, 2013 - Revision: 8.0 <<
___
- https://technet.microsoft.com/en-us/security/bulletin/ms13-061
V2.0 (August 14, 2013): Rereleased bulletin to remove the 2874216 updates for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2 to address an issue with the updates. See the Update FAQ for details.
- https://technet.microsoft.com/en-us/security/bulletin/ms13-063
V1.1 (August 14, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
- https://technet.microsoft.com/en-us/security/bulletin/ms13-066
V3.0 (August 19, 2013): Rereleased bulletin to announce the reoffering of the 2843638 update for Active Directory Federation Services 2.0 on Windows Server 2008 and Windows Server 2008 R2. See the Update FAQ for details.
Important Announcement: AD FS 2.0 and MS13-066
- https://blogs.technet.com/b/askds/archive/2013/08/15/important-announcement-ad-fs-2-0-and-ms13-066.aspx?Redirected=true
Update (8/19/13): We have republished MS13-066 with a corrected version of the hotfixes that contributed to this problem. If you had held off on installing the update, it should be safe to install on all of your ADFS servers now.
The updated security bulletin is here:
- http://technet.microsoft.com/en-us/security/bulletin/MS13-066
- http://support.microsoft.com/kb/2843638
Last Review: August 23, 2013 - Revision: 8.0
- http://support.microsoft.com/kb/2843639
Last Review: August 19, 2013 - Revision: 9.0 <<
:fear::fear::sad:
AplusWebMaster
2013-08-20, 01:39
FYI...
MS13-066 re-released
- https://technet.microsoft.com/en-us/security/bulletin/ms13-066
Updated: August 19, 2013 - "... Update FAQ: Why was this bulletin rereleased on August 19, 2013?
Microsoft rereleased this bulletin to announce the reoffering of the 2843638 update for Active Directory Federation Services 2.0 on Windows Server 2008 and Windows Server 2008 R2. The rereleased update addresses an issue in the original offerings that caused AD FS to stop working if the previously released RU3 rollup QFE (update 2790338) had not been installed; the rerelease removes this requirement. Furthermore, in creating this rerelease, Microsoft has consolidated the fixes contained in the two original updates (2843638 and 2843639) into a single 2843638 update. Customers who already installed the original updates will be reoffered the 2843638 update and are encouraged to apply it at the earliest opportunity. Note that when the installation is complete, customers will see only the 2843638 update in the list of installed updates."
V3.0 (August 19, 2013): Rereleased bulletin to announce the reoffering of the 2843638 update for Active Directory Federation Services 2.0 on Windows Server 2008 and Windows Server 2008 R2. See the Update FAQ for details.
- https://support.microsoft.com/kb/2873872
Last Review: August 19, 2013 - Revision: 4.0
- https://support.microsoft.com/kb/2843638
Last Review: August 23, 2013 - Revision: 8.0
- https://support.microsoft.com/kb/2843639
Last Review: August 19, 2013 - Revision: 9.0
:fear::fear:
AplusWebMaster
2013-08-23, 21:13
FYI...
MS13-063 KB2859537 ...
- http://www.infoworld.com/t/microsoft-windows/microsoft-needs-your-help-fix-botched-patch-kb-2859537-225314
Aug 21, 2013 - "... Microsoft published a "Known issues" paragraph in the KB 2859537* Knowledge Base article, but it hadn't pulled the patch. As of this morning, the patch is no longer being offered (it's -unchecked- in the Automatic Update list), and the Known issues paragraph has been modified a bit... Since MS13-063 is a Windows Kernel update - always problematic, reaching into the inner sanctum - a lot of people have reported problems... Microsoft is interested in 0xc0000005 crashes, even if (especially if) you thought you had a genuine copy of Windows 7 or Vista..."
- https://technet.microsoft.com/en-us/security/bulletin/ms13-063
Updated: August 14, 2013
* https://support.microsoft.com/kb/2859537
Last Review: August 16, 2013 - Revision: 3.0
:fear::fear:
AplusWebMaster
2013-08-28, 00:31
FYI...
MS releases revisions to existing Updates
- https://isc.sans.edu/diary.html?storyid=16448
Last Updated: 2013-08-27 20:49:12 - "... patches have undergone signficant revision according to Microsoft. The following patches were updated today by Microsoft, and are set to roll in the automatic updates:
* MS13 - July 2013 / MS13-057 - Critical
- https://technet.microsoft.com/security/bulletin/ms13-jul
Updated: Tuesday, August 27, 2013
V3.0 (August 27, 2013): For MS13-057, bulletin revised to rerelease security update 2803821 for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; security update 2834902 for Windows XP and Windows Server 2003; security update 2834903 for Windows XP; security update 2834904 for Windows XP and Windows Server 2003; and security update 2834905 for Windows XP. Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 customers should install the rereleased updates that apply to their systems. See the bulletin for details.
- https://technet.microsoft.com/en-us/security/bulletin/ms13-057
V3.0 (August 27, 2013): Bulletin revised to rerelease security update 2803821 for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; security update 2834902 for Windows XP and Windows Server 2003; security update 2834903 for Windows XP; security update 2834904 for Windows XP and Windows Server 2003; and security update 2834905 for Windows XP. Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 customers should install the rereleased updates. See the Update FAQ for more information.
* MS13 - August 2013 / MS13-061 - Critical
- https://technet.microsoft.com/security/bulletin/ms13-aug
Updated: Tuesday, August 27, 2013
V3.0 (August 27, 2013): For MS13-061, bulletin revised to announce the reoffering of the 2874216 update for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2. See the bulletin for details.
- https://technet.microsoft.com/en-us/security/bulletin/ms13-061
V3.0 (August 27, 2013): Rereleased bulletin to announce the reoffering of the 2874216 update for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2. See the Update FAQ for details.
___
Office 2010 update
- https://support.microsoft.com/kb/2825640/en-us
Last Review: August 27, 2013 - Revision: 1.0 - "... This update fixes some issues that occur when you install Service Pack 2 (SP2) for Office 2010. Additionally, this update contains stability and performance improvements..."
:fear::fear:
AplusWebMaster
2013-08-29, 02:13
FYI...
Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- https://technet.microsoft.com/en-us/security/advisory/2862973
V1.1 (August 27, 2013): Revised advisory to announce that the 2862973 update is available from the Microsoft Update Catalog.
Microsoft Security Advisory (2854544)
Updates to Improve Cryptography and Digital Certificate Handling in Windows
- https://technet.microsoft.com/en-us/security/advisory/2854544
V1.1 (August 13, 2013): Added the 2862966 and 2862973 updates to the Available Updates and Release Notes section.
V1.2 (August 27, 2013): Revised advisory to announce that the 2862973 update is available from the Microsoft Update Catalog.
:fear::fear:
AplusWebMaster
2013-09-10, 20:50
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms13-sep
Sep 10, 2013 - "This bulletin summary lists security bulletins released for September 2013...
(Total of 13*)
* http://blogs.technet.com/b/msrc/archive/2013/09/10/lovely-tokens-and-the-september-2013-security-updates.aspx?Redirected=true
10 Sep 2013 - "... This month we released 13 bulletins – four Critical and nine Important – which addressed 47 unique CVEs in Microsoft Windows, Office, Internet Explorer and SharePoint..."
Microsoft Security Bulletin MS13-067 - Critical
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-067
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
V1.2 (September 13, 2013): Revised bulletin to announce a detection change for the Excel Services on Microsoft SharePoint Server 2007 update (2760589). This is a detection change only. There were no changes to the update files. Customers who have successfully installed the update do not need to take any action.
Microsoft Security Bulletin MS13-068 - Critical
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-068
Critical - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-069 - Critical
Cumulative Security Update for Internet Explorer (2870699)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-069
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-070 - Critical
Vulnerability in OLE Could Allow Remote Code Execution (2876217)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-070
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-071 - Important
Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-071
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-072 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-072
Important - Remote Code Execution - May require restart - Microsoft Office
V1.1 (September 13, 2013): Revised bulletin to announce detection changes for the Microsoft Office 2007 update (2760411) and the Microsoft Word 2010 update (2767913). These are detection changes only. There were no changes to the update files. Customers who have successfully installed the updates do not need to take any action. Also updated the Known Issues entry in the Knowledge Base Article section from "Yes" to "None".
Microsoft Security Bulletin MS13-073 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-073
Important - Remote Code Execution - May require restart - Microsoft Office
V1.1 (September 13, 2013): Revised bulletin to announce detection changes for the Microsoft Excel 2003 update (2810048), Microsoft Excel 2007 update (2760583), Microsoft Excel Viewer update (2760590), and Microsoft Office Compatibility Pack update (2760588). These are detection changes only. There were no changes to the update files. Customers who have successfully installed the updates do not need to take any action. Also updated the Known Issues entry in the Knowledge Base Article section from "Yes" to "None".
Microsoft Security Bulletin MS13-074 - Important
Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-074
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-075 - Important
Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-075
Important - Elevation of Privilege - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-076 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-076
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-077 - Important
Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-077
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-078 - Important
Vulnerability in FrontPage Could Allow Information Disclosure (2825621)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-078
Important - Information Disclosure - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-079 - Important
Vulnerability in Active Directory Could Allow Denial of Service (2853587)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-079
Important - Denial of Service - May require restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/archive/2013/09/10/lovely-tokens-and-the-september-2013-security-updates.aspx?Redirected=true
10 Sep 2013
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/4113.DP-Slide.PNG
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/1185.Severity-Slide.PNG
___
- https://secunia.com/advisories/54741/ - MS13-067
- https://secunia.com/advisories/54729/ - MS13-068
- https://secunia.com/advisories/54725/ - MS13-069
- https://secunia.com/advisories/54735/ - MS13-070
- https://secunia.com/advisories/54736/ - MS13-071
- https://secunia.com/advisories/54737/ - MS13-072
- https://secunia.com/advisories/54739/ - MS13-073
- https://secunia.com/advisories/51856/ - MS13-074
- https://secunia.com/advisories/54742/ - MS13-075
- https://secunia.com/advisories/54743/ - MS13-076
- https://secunia.com/advisories/54745/ - MS13-077
- https://secunia.com/advisories/54747/ - MS13-078
- https://secunia.com/advisories/54750/ - MS13-079
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=16538
Last Updated: 2013-09-10 18:24:55 UTC ...(Version: 1)
.
AplusWebMaster
2013-09-11, 20:57
FYI...
MS botches still more patches in latest Automatic Update
... the day after Black Tuesday. Watch out for automatic patches KB 2817630, KB 2810009, KB 2760411, KB 2760588, and KB 2760583
- http://www.infoworld.com/t/microsoft-windows/microsoft-botches-still-more-patches-in-latest-automatic-update-226594
Sep 11, 2013 - "No sooner did Microsoft release the latest round of Black Tuesday patches, than screams of agony began sounding all over the Internet. At this point, I've seen -verified- problems with KB 2817630, KB 2810009, KB 2760411, KB 2760588, and KB 2760583... No guidance for handling the problem is on offer in the usual forums, because the people moderating the forums haven't a clue what went wrong and Microsoft isn't saying a thing..."
:fear::fear: :sad:
AplusWebMaster
2013-09-12, 05:12
FYI...
Outlook 2013 Folder Pane Disappears After Installing September 2013 Public Update
- https://blogs.technet.com/b/office_sustained_engineering/archive/2013/09/11/outlook-folder-pane-disappears-after-installing-september-2013-public-update.aspx?Redirected=true
11 Sep 2013 - "Shortly after publishing the September Public Update, we received notifications of a potential issue with Outlook 2013 after installing the non-security update KB2817630. Based on those reports we immediately removed the patch from Microsoft Update. If you haven’t already downloaded or installed the patch, you will not have these problems or be offered the problematic patch. In contrast to what has been reported, MS13-068 is not the cause nor is it affected by this issue...
Due to a version incompatibility between outlook.exe and mso.dll, a mismatched reference to a data structure causes the “Minimize” button in the navigation pane to render incorrectly, typically extremely large to the point that the navigation pane is "invisible" to the user. The issue only manifests when incompatible versions of outlook.exe and mso.dll exist on the system...
Two updates can get a user into this state. Installing the September Public Update delivers an updated version of mso.dll without updating outlook.exe, resulting in the incorrect user interface.
•If you have Automatic Updates enabled, visit the Add Remove Programs feature of your Windows Installation, and uninstall KB2817630. Close Outlook and restart.
•If you have installed the August Cumulative update (which you must do manually), removing KB2817347 will correct the issue. From the Add Remove Programs feature, select KB2817347 from the list and select “Uninstall.” Close Outlook and restart.
•If you have BOTH Updates installed, the problem is not evident. The issue only manifests when one of the updates has been installed. If you have updated to the September Public Update and you want to roll forward, install the August Cumulative update, KB2817347.
We are also working on re-publishing the September Public Update with the correct versions of both mso.dll and outlook.exe to ensure users with automatic updates enabled will receive the correct fix..."
___
Superceded by:
- http://blogs.technet.com/b/office_sustained_engineering/archive/2013/09/12/september-2013-public-update-update-targeting-for-microsoft-update-wsus-and-sccm.aspx
Dated 12 Sep 2013, which in reality did not get the revisions released until 13 Sep 2013...
:fear::fear:
AplusWebMaster
2013-09-12, 16:15
FYI...
Reboot Wednesday: Yesterday's Patch Tuesday Aftermath
- https://isc.sans.edu/forums/diary/Reboot+Wednesday+Yesterdays+Patch+Tuesday+Aftermath/16556
Comments: 15 hours ago ... [Susan Bradley]
"KB2810009 users are reporting error 80242009 upon install see:
http://social.technet.microsoft.com/Forums/office/en-US/0eedb198-f8b1-490d-8c9e-732b4094d0ef/kb2810009-issue
Next: Office 2007 updates:
1.Security Fixes MS13-072 and MS13-073 MS13-074
KB2760411
KB2760588
KB2760583
http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/updates-trying-to-install-over-and-over-again/2a624908-f4b1-46d8-87ed-caa09674ff4f?rtAction=1378836774249
Two security updates released yesterday MS13-072, MS13-073 and MS13-074, These are installing fine but if you scan the machine again for updates, show up again and again and again. Currently there is -no- fix available for these other than to say that the update is applied but it is not getting properly detected. The product group is aware of the issues and are working on it.
Outlook 2013 - see http://blogs.technet.com/b/office_sustained_engineering/archive/2013/09/11/outlook-folder-pane-disappears-after-installing-september-2013-public-update.aspx "
___
- https://windowssecrets.com/patch-watch/office-apps-make-up-the-bulk-of-september-fixes/
Sep 11, 2013
___
MS13-073: Description of the security update for Microsoft Office Excel 2007 ...
- http://support.microsoft.com/kb/2760583/en-us
Last Review: September 13, 2013 - Revision: 4.0
"... Known issues with this update: Customers may have been repeatedly offered this update even though it was already installed. Note: This issue is resolved by a detection change released September 13, 2013. This change did not affect the updated files. This change only affects the way that we offer the updates to customers..."
//
AplusWebMaster
2013-09-13, 17:42
FYI...
MS pulls botched KB 2871630 - many Office patch problems remain
- http://www.infoworld.com/t/microsoft-windows/microsoft-pulls-botched-kb-2871630-while-many-office-patch-problems-remain-226690
Sep 12, 2013 - "... KB 2871630, the one that caused the folder list in Outlook 2013 to disappear - was pulled early Wednesday morning...
While KB 2876130 is reined in for the moment, a whole slew of this month's patches are still causing problems on some machines:
• Two Office 2007 security updates - MS13-072 / KB2760411 and KB2760588 - and one Excel 2007 security update - MS13-073 / KB2760583 - are installing over and over again... The KB articles now say, "You may be repeatedly offered this update even though it is already installed. Microsoft is researching this problem and will post more information in this article when the information becomes available." At this point there's no additional information.
• The MS13-073 / KB 2810048 security patch for Excel 2003 installs over and over again. Two Answers forum threads in English - as well as several in other languages - have more than a hundred entries...
• The installer for the MS13-074 / KB 2810009 security patch for Access 2013 is failing with an error code 80242009... As of 11:00 p.m. Thursday, the TechNet MS13-074 article says "Known issues: None"
• The MS13-068 / KB 2794707 Outlook 2010 security patch is throwing off an error that looks just like the problem Microsoft encountered with Outlook in the Office 2010 SP 2 update, where the Calendar Folder property is empty. I've been told that Microsoft considers the problem to be "cosmetic" and it's relegated to "won't fix" status..."
___
MS13-072
- http://support.microsoft.com/kb/2760411
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Office Basic 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007 Home Use Program
Microsoft Office Home and Student 2007
Microsoft Office Professional 2007
Microsoft Office Professional Plus 2007
Microsoft Office Small Business 2007
Microsoft Office Standard 2007
MS13-073
- http://support.microsoft.com/kb/2760583
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Office Excel 2007
Microsoft Office Excel 2007 (Home and Student version)
MS13-073
- http://support.microsoft.com/kb/2760588
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Office Excel 2007
Microsoft Office Excel 2007 (Home and Student version)
MS13-073
- http://support.microsoft.com/kb/2810048
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 3.0
Applies to:
Microsoft Office 2003 Service Pack 3, when used with:
Microsoft Office Excel 2003
MS13-074
- http://support.microsoft.com/kb/2810009
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Access 2013
:fear: :fear: :sad:
AplusWebMaster
2013-09-18, 01:14
FYI...
Microsoft Security Advisory (2887505)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2887505
September 17, 2013 - "Microsoft is investigating public reports of a vulnerability in all supported versions of Internet Explorer. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. Applying the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," prevents the exploitation of this issue. See the Suggested Actions section of this advisory for more information. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
* http://support.microsoft.com/kb/2887505#FixItForMe
"Notes about this Fix it solution:
- You must restart Internet Explorer after you apply this Fix it solution.
- The Fix it solution that is described in this section applies only (to) 32-bit versions of Internet Explorer.
- You must have security update 2870699 installed for this Fix it to provide effective protection against this issue. For more information about security update 2870699... view the article in the Microsoft Knowledge Base:
2870699 MS13-069: Cumulative security update for Internet Explorer: September 10, 2013
This Fix it solution is not intended to be a replacement for any security update..."
Last Review: September 18, 2013 - Revision: 2.2
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
Microsoft Internet Explorer 6.0"
MS13-069: http://support.microsoft.com/kb/2870699
Last Review: September 18, 2013 - Revision: 2.0
- https://blogs.technet.com/b/msrc/archive/2013/09/17/microsoft-releases-security-advisory-2887505.aspx?Redirected=true
17 Sep 2013
___
- https://atlas.arbor.net/briefs/
High Severity
September 20, 2013 21:24
The latest Internet Explorer vulnerability is being used in targeted attacks and it's just a matter of time before larger-scale attacks take place.
Analysis: Once exploit code of this nature reaches the public, or semi-public sources, those that are paying attention (both "whitehat" and "blackhat" researchers, typically) have the information for defense and for offense. While this exploit code is not yet known to have been leveraged in any exploit kit and only in the context of targeted attacks, it is just a matter of time before the exploit becomes weaponized and expands past it's current use in targeted attacks and is use for cybercrime related activities. EMET is helpful, as is providing other hardening techniques such as whitelisting and application sandboxing where appropriate. 0day exploits are a fact of life, and there is evidence to suggest that this particular vulnerability has been exploited in the wild for some time.
Source: http://www.net-security.org/article.php?id=1885
19 Sep 2013 - "... The simplest way to avoid this risk is to use a browser other than Internet Explorer..."
- https://secunia.com/advisories/54884/
Release Date: 2013-09-18
Criticality: Extremely Critical
Impact: System access
Solution Status: Partial Fix...
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3893 - 9.3 (HIGH)
Provided and/or discovered by: Reported as a 0-day...
- http://community.websense.com/blogs/securitylabs/archive/2013/09/18/up-to-70-of-pcs-vulnerable-to-zero-day-cve-2013-3893.aspx
18 Sep 2013 - "... close to 70% of Windows-based PCs are vulnerable..."
___
- http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-part-2-zero-day-exploit-analysis-cve-2013-3893.html
Sep 21, 2013 - "... Despite the targeted nature of these attacks, the exploit identifies numerous language packs (en, zh, fr, de, ja, pt, ko, ru) and software versions, which is uses to specify the correct ROP chain. Commented-out code suggests that the exploit initially targeted IE8 XP users, and IE8 and IE9 Windows 7 users who also had MS Office 2007 installed. In our tests, we observed that the exploit ran -successfully- on systems running both MS Office 2007 and 2010..."
- http://community.websense.com/blogs/securitylabs/archive/2013/09/26/zero-day-analysis-cve-2013-3893-attacks-more-widespread-than-previously-reported.aspx
26 Sep 2013 - "... attacks utilizing the most recent Internet Explorer zero-day (CVE-2013-3893) are more prevalent than previously thought... We have seen the CVE-2013-3893 exploit targeting Japanese firms in the financial industry, being hosted on a Taiwanese IP address (hxxp: //220.229.238.123 /tn/images/index.html) as of September 25th..."
:fear::fear:
AplusWebMaster
2013-09-20, 12:40
FYI...
- http://www.infoworld.com/t/microsoft-windows/patch-monday-way-avoid-more-microsoft-automatic-update-fiascos-227220
Sep 20, 2013 - "This month's Black Tuesday - Sept. 10, 2013 - enters the record books as Microsoft's most patch-botching month in history... The release dilemma is quite straightforward: Microsoft has to test the patches without letting them leak to the bad guys. Conventional wisdom dictates that if the bad guys can reverse engineer the patches before they roll down the Automatic Update chute, Windows as we know it will cease to exist... In September we had 116 patches on Black Tuesday. Twelve of them were subsequently yanked... mixing security with nonsecurity patches and pushing out more than a hundred at a time - that's just stupid. If Windows and Office are in such bad shape that we have to reboot twice a month, so be it..."
___
Office 2010 Starter Edition: File type associations missing after September 2013 Update
- http://blogs.technet.com/b/office_sustained_engineering/archive/2013/09/18/office-2010-starter-edition-file-type-associations-missing-after-september-2013-update.aspx
18 Sep 2013 - "... we have received reports of file type associations missing after installing KB2589275*. After installing this update, some users have reported they are unable to open files by double-clicking them, that the file type icons have changed, and that they must go to the application to open files... How to fix this issue: There are several options available to repair this issue. Each will restore Office products to a fully functional state. These are permanent fixes rather than having to revert to opening files inside the applications..."
* http://support.microsoft.com/kb/2589275
[Download has apparently been revoked.]
___
MS13-063 - KB 2859537 ...
- http://support.microsoft.com/kb/2859537/en-us
Last Review: September 19, 2013 - Revision: 4.0 - "... Known issues with this security update:
While you are installing this security update, or after you install this security update on computer that is running Windows 7 SP1 or Windows Server 2008 R2 SP1, you may experience either of the following issues: You may receive a STOP 0x6B error message when you restart a computer after you perform a specific System Restore operation...
Note: Not all STOP 0x6B errors are caused by the issues that are described in this article.
Some users may experience issues with certain programs after they install security update 2859537. In some cases the programs may not successfully start..."
MS13-063: Vulnerabilities in Windows kernel could allow elevation of privilege
- http://technet.microsoft.com/en-us/security/bulletin/ms13-063
V1.2 (September 13, 2013): Corrected update replacement for all affected software excluding Windows XP and Windows 8. This is an informational change only.
:fear::fear:
AplusWebMaster
2013-09-26, 19:26
FYI...
MS13-068 - KB2794707- and Office 2010 SP2 - 2687455
Not all the Office patches are ready to install; the Office 2010 SP2 release still has issues.
- https://windowssecrets.com/patch-watch/cleaning-up-a-crush-of-ms-office-updates/
Sep 25, 2013 - "Microsoft should soon push out Office 2010 SP2 to everyone getting Windows updates automatically. (Previously, those users might have seen KB 2687455 listed in Windows Update but unchecked for installation.) I’m still not ready to give the full thumbs-up to this major update. As noted in MS forums*, some Office 2010 users who installed SP2 continue to receive false error messages in their application event log when they start up Outlook. The good news: the error is cosmetic. There’s no actual error, but the Office event logs could become cluttered with messages such as “Calendar Folder property is missing.” An event log filled with false errors can make it difficult to find the records of other PC problems — they roll off the the log sooner than normal and the event you’re looking for is gone. This problem can also occur after installing KB 2794707, a September security update for an Outlook vulnerability. We have several shared calendars in my office, and my event log is filled with the Event 27 “Calendar Folder property is missing” error. There’s currently no ETA on a fix for this issue. Because it’s consider cosmetic, it might be a low priority for Microsoft; however, I don’t find it reassuring to be told to ignore an error. Fortunately, the vulnerability patched by KB 2794707 is difficult to exploit, according to a Microsoft Security Research & Defense post**.
What to do: There’s probably no real harm in installing KBs 2687455 (Office 2010 SP2) and 2794707 (MS13-068). But it’s just as probable there’s no real harm in waiting until Microsoft provides a fix for these fixes. I recommend keeping both updates on -hold- for a while longer."
* http://social.technet.microsoft.com/Forums/sqlserver/en-US/f96903c9-c3ff-4e9d-9363-0882cffe4de8/ol2010-error-id-27-since-sp2-calendar-folder-property-is-missing-calendar-folder-property-is
** http://blogs.technet.com/b/srd/archive/2013/09/10/ms13-068-a-difficult-to-exploit-double-free-in-outlook.aspx
Office 2010 Service Pack 2
- http://support.microsoft.com/kb/2687455
Last Review: August 20, 2013 - Revision: 4.0
- http://support.microsoft.com/kb/2794707
Last Review: October 2, 2013 - Revision: 2.0
Applies to: Microsoft Outlook 2010
:fear::fear:
AplusWebMaster
2013-10-02, 02:15
FYI...
Metasploit releases CVE-2013-3893 ...
- https://community.rapid7.com/community/metasploit/blog/2013/09/30/metasploit-releases-cve-2013-3893-ie-setmousecapture-use-after-free
Sep 30, 2013 - "Recently the public has shown a lot of interest in the new Internet Explorer vulnerability (CVE-2013-3893) that has been exploited in the wild, which was initially discovered in Japan. At the time of this writing there is still no patch available, but there is still at least a temporary fix-it that you can apply from Microsoft, which can be downloaded here*... The vulnerability affects Internet Explorer from 6 all the way to 11, however, the exploit in the wild primarily targets Internet Explorer 8 on Windows XP, and Internet Explorer 8 and 9 on Windows 7... The Metasploit module currently can be only tested on Internet Explorer 9 on Windows 7 SP1 with either Office 2007 or Office 2010 installed..."
* https://support.microsoft.com/kb/2887505#FixItForMe
Microsoft Fix it 51001
- https://isc.sans.edu/diary.html?storyid=16697
Last Updated: 2013-10-01 19:57:14 UTC... Version: 2
:fear::fear::fear:
AplusWebMaster
2013-10-08, 21:13
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms13-oct
October 08, 2013 - "This bulletin summary lists security bulletins released for October 2013...
(Total of -8-)
Microsoft Security Bulletin MS13-080 - Critical
Cumulative Security Update for Internet Explorer (2879017)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-080
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
V1.2 (October 8, 2013): Bulletin revised to announce that the 2884101 update is available via Windows Update.
V1.3 (October 10, 2013): Bulletin revised to remove CVE-2013-3871 from the vulnerabilities addressed by this update. Including this CVE in the original security bulletin text was a documentation error. CVE-2013-3871 is scheduled to be addressed in a future security update. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.
- http://support.microsoft.com/kb/2884101
Last Review: October 8, 2013 - Revision: 2.0
Microsoft Security Bulletin MS13-081 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-081
Critical - Remote Code Execution - Requires restart - Microsoft Windows
V1.1 (October 9, 2013): Bulletin revised to announce a detection change to correct an offering issue for the 2847311 update for Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) and Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation). This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Microsoft Security Bulletin MS13-082 - Critical
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-082
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework
V1.1 (October 10, 2013): Bulletin revised to indicate that Server Core installations of Windows Server 2012 are affected by the vulnerability addressed in the 2861194 update. This is an informational change only. There were no changes to the detection logic or the security update files. Customers who have already successfully updated their systems do not need to take any action.
Microsoft Security Bulletin MS13-083 - Critical
Vulnerability in Windows Common Control Library Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/bulletin/ms13-083
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-084 - Important
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-084
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS13-085 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-085
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-086 - Important
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-086
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-087 - Important
Vulnerability in Silverlight Could Allow Information Disclosure (2890788)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-087
Important - Information Disclosure - Does not require restart - Microsoft Silverlight
___
- http://blogs.technet.com/b/msrc/archive/2013/10/08/the-october-2013-security-updates.aspx?Redirected=true
"... eight bulletins – four Critical and four Important - which address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight... resolves 10 issues in Internet Explorer..."
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/6521.October-2013_2D00_Priority.jpg
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/6131.October-2013_2D00_Severity.jpg
___
- http://blogs.technet.com/b/office_sustained_engineering/archive/2013/10/08/october-2013-office-update-release.aspx
8 Oct 2013 - "The October 2013 Public Update release for Office is now live. There are 24 security updates (3 bulletins) and 35 non-security updates..."
(Long list at the URL above.)
___
- https://secunia.com/advisories/54884/ - MS13-080
- https://secunia.com/advisories/55052/ - MS13-081
- https://secunia.com/advisories/55043/ - MS13-082
- https://secunia.com/advisories/55106/ - MS13-083
- https://secunia.com/advisories/55131/ - MS13-084
- https://secunia.com/advisories/55141/ - MS13-085
- https://secunia.com/advisories/55143/ - MS13-086
- https://secunia.com/advisories/55149/ - MS13-087
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=16760
Last Updated: 2013-10-08 17:30:03 UTC
.
AplusWebMaster
2013-10-09, 15:48
FYI...
Microsoft Security Advisory (2887505)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2887505
Updated: October 08, 2013 - Version: 2.0 - "... We have issued MS13-080* to address the Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893)..."
* https://technet.microsoft.com/en-us/security/bulletin/ms13-080
- https://secunia.com/advisories/54884/
Last Update: 2013-10-11
Criticality: Extremely Critical
CVE Reference(s): CVE-2013-3872, CVE-2013-3873, CVE-2013-3874, CVE-2013-3875, CVE-2013-3882, CVE-2013-3885, CVE-2013-3886, CVE-2013-3893*, CVE-2013-3897
... vulnerability is currently being actively exploited in targeted attacks.
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3872 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3873 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3874 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3875 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3882 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3885 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3886 - 9.3 (HIGH)
* https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3893 - 9.3 (HIGH)
Last revised: 10/10/2013
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3897 - 9.3 (HIGH)
Last revised: 10/10/2013 - "... as exploited in the wild in September and October 2013..."
- http://www.darkreading.com/attacks-breaches/internet-explorer-zero-day-times-two/240162466?printer_friendly=this-page
Oct 09, 2013
- http://community.websense.com/blogs/securitylabs/archive/2013/10/09/zero-day-attack-for-internet-explorer-cve-2013-3897-goes-high-profile.aspx
9 Oct 2013 - CVE-2013-3897
___
Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.microsoft.com/en-us/security/advisory/2862973
Updated: October 08, 2013 - Version: 1.2 - "Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks... Note that the 2862966 update is a prerequisite and must be applied before this update can be installed. The 2862966 update contains associated framework changes to Microsoft Windows. For more information, see Microsoft Knowledge Base Article 2862966.
Known Issues. Microsoft Knowledge Base Article 2862973 documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues..."
- http://support.microsoft.com/kb/2862966
Last Review: August 27, 2013 - Revision: 4.0
- http://support.microsoft.com/kb/2862973
Last Review: August 15, 2013 - Revision: 2.0
:fear::fear:
AplusWebMaster
2013-10-10, 21:31
FYI...
KB 2878890 patch brings back two-year-old KB 951847 - repeatedly...
- http://www.infoworld.com/t/microsoft-windows/another-botched-black-tuesday-kb-2878890-patch-brings-back-two-year-old-kb-951847-repeatedly-228538
Oct 10, 2013 - "Another Black Tuesday, another -botched- patch. Applying this week's KB 2878890* patch on some Windows XP and Server 2003 SP2 machines causes a two-year-old .Net Framework roll-up patch, KB 951847**, to resurface. Windows Update not only prompts WinXP/Server 2003 users to (re-)install the big, old .Net patch, it keeps pestering over and over again to (re-)install it, even if the WU install logs say it's been installed. Fortunately, there's a fix. Although we don't yet know the details - and Microsoft hasn't acknowledged, much less fixed, the problem - there's a steady stream of complaints, comments, and questions about the botched patch on Microsoft's Answers forum. The problem seems to affect older WinXP/Server 2003 installations, likely those with older versions of .Net Framework installed. Advice from the forum mods (who haven't received definitive guidance from Microsoft yet) is that turning off KB 951847 - unchecking the box on the Windows Update list - is a prudent way to get rid of the annoyance..."
* http://technet.microsoft.com/en-us/security/bulletin/MS13-082
V1.0 Oct 8, 2013
... MAY be:
- http://support.microsoft.com/kb/2861189
Last Review: October 8, 2013 - Revision: 1.0
** http://support.microsoft.com/kb/951847
Last Review: August 18, 2011 - Revision: 9.0
MS13-082 ...
- http://www.infoworld.com/t/microsoft-windows/another-botched-black-tuesday-kb-2878890-patch-brings-back-two-year-old-kb-951847-repeatedly-228538#comment-1077827614
"... The specific KB number you see depends on which version of Windows you're using and which version of .NET is being patched. There's a full list of KB numbers/patch files in the KB 2878890 article here: http://support.microsoft.com/kb/2878890 ... . I count 18 of them..."
___
MS13-081: Description of the security update for USB drivers: October 8, 2013
- http://support.microsoft.com/kb/2862330
[Oct 11 ... now -unchecked- in Download list - Win7. Problems likely "under investigaton"...]
___
- https://windowssecrets.com/patch-watch/ie-and-net-fixes-plus-a-win7-cleanup-update/
Susan Bradley - Oct 10, 2013 - "... rated critical for all supported desktop versions of Internet Explorer... Along with the vulnerability reported in the Sept. 17 MS Security Advisory, the update covers -nine- related vulnerabilities...
- What to do: Install KB 2879017 (MS13-080*) as soon as offered..."
* http://technet.microsoft.com/en-us/security/bulletin/MS13-080
V1.3 (October 10, 2013): Bulletin revised to remove CVE-2013-3871 from the vulnerabilities addressed by this update. Including this CVE in the original security bulletin text was a documentation error. CVE-2013-3871 is scheduled to be addressed in a future security update. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.
- http://support.microsoft.com/kb/2879017
Last Review: October 9, 2013 - Revision: 4.0
Applies to:
•Internet Explorer 11
•Internet Explorer 10
•Windows Internet Explorer 9
•Windows Internet Explorer 8
•Windows Internet Explorer 7
•Microsoft Internet Explorer 6.0 ...
___
Update is available that enables you to delete outdated Windows updates by using a new option in the Disk Cleanup wizard in Windows 7 SP1
- http://support.microsoft.com/kb/2852386/en-us
"... Status: Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section...
Last Review: October 8, 2013 - Revision: 1.0
Applies to:
Windows 7 Service Pack 1, when used with:
Windows 7 Enterprise
Windows 7 Home Basic
Windows 7 Home Premium
Windows 7 Professional
Windows 7 Starter
Windows 7 Ultimate ..."
:sad: :fear:
AplusWebMaster
2013-10-12, 18:41
FYI...
MS13-081 KB2862330 update "problems" ...
- http://msmvps.com/blogs/bradley/archive/2013/10/12/so-about-that-confirming-2862330-update-problems.aspx
Sat, Oct 12 2013
"Microsoft 'Confirms' KB2862330 Windows 7 Update 'Problems':
- http://news.softpedia.com/news/Microsoft-Confirms-KB2862330-Windows-7-Update-Problems-390567.shtml
So let's get the story straight. KB2862330 from the moment it was released indicated it might need -two- reboots to be properly installed.
Microsoft stated that in the known issues* section at the top of the security bulletin from the moment it was released.
The system will reboot, start again and rather than coming up, will just restart a second time. It's expected and -not- a bug.
There are a few folks seeing issues with this update and quite frankly I expect it. This is a lot of updates in the kernel section with impact to usb drivers. Where we have a ton of third party development. And not always the greatest third party development.
So let's not blow these statements out of proportion to the reality."
MS13-081: Description of the security update for USB drivers
* http://support.microsoft.com/kb/2862330
Last Review: October 8, 2013 - Revision: 1.0
"Known issues with this security update: After you install security update 2862330, your computer may restart two times. For more information updates that require multiple restart, click the following article number to view the article in the Microsoft Knowledge Base:
2894518** Software updates that require multiple reboots may cause task sequence failure within Configuration Manager"
** http://support.microsoft.com/kb/2894518
Last Review: October 9, 2013 - Revision: 8.0
:blink:
AplusWebMaster
2013-10-17, 00:32
FYI...
MS13-081 - Critical ... V1.2
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-081
V1.1 (October 9, 2013): Bulletin revised to announce a detection change to correct an offering issue for the 2847311 update for Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) and Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation). This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
V1.2 (October 16, 2013): For update 2855844*, corrected the update replacement for Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, and Windows Server 2008 R2 for x64-based Systems Service Pack 1. This is an informational change only.
* http://support.microsoft.com/kb/2855844
Oct 8, 2013 - Revision: 1.0
:blink:
AplusWebMaster
2013-10-18, 21:56
FYI...
MS13-081 ...
- http://support.microsoft.com/kb/2862330
Last Review: Oct 29, 2013 - Rev 3.0
(See: "Known issues")
- http://msmvps.com/blogs/bradley/archive/2013/10/18/kb2862330-known-issues.aspx
Oct 18 2013
___
Botched patch installs .Net Framework 3.5 without warning or consent - even on systems that have studiously avoided .Net
- http://www.infoworld.com/t/microsoft-windows/resurrected-kb-951847-zombie-patch-fixed-now-has-new-problem-229062
Oct 18, 2013
:fear::fear:
AplusWebMaster
2013-11-05, 20:59
FYI...
Clarification on Security Advisory 2896666 ...
- https://blogs.technet.com/b/msrc/archive/2013/11/07/clarification-on-security-advisory-2896666-and-the-ans-for-the-november-2013-security-bulletin-release.aspx?Redirected=true
7 Nov 2013
___
Microsoft Security Advisory (2896666)
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2896666
5 Nov 2013 - "Microsoft is investigating private reports of a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Microsoft Office products. The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images...
Workarounds: Disable the TIFF codec
Note See Microsoft Knowledge Base Article 2896666* to use the automated Microsoft Fix it solution..."
* https://support.microsoft.com/kb/2896666
Enable this Fix it - Microsoft Fix it 51004...
- https://support.microsoft.com/kb/2896666#appliesto
- http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx
5 Nov 2013 - "... Security Advisory 2896666 which includes a proactive Fix it workaround for blocking this attack..."
___
- https://secunia.com/advisories/55584/
Release Date: 2013-11-06
Criticality: Extremely Critical
Where: From remote
Impact: System access ...
... vulnerability is currently being actively exploited in targeted attacks.
Provided and/or discovered by: Reported as 0-day.
Original Advisory: Microsoft (KB2896666):
http://technet.microsoft.com/en-us/security/advisory/2896666
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3906 - 9.3 (HIGH)
Last revised: 11/07/2013 - "... allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013"
0-Day Attack on Office...
- http://krebsonsecurity.com/2013/11/microsoft-warns-of-zero-day-attack-on-office/
5 Nov 2013 - "... the exploit combines multiple techniques to bypass exploit mitigation techniques such as data execution prevention (DEP) and address space layout randomization (ASLR). The company says this exploit will -not- affect Office 2013, but will affect older versions such as Office 2003 and Office 2007..."
- http://blogs.technet.com/b/srd/archive/2013/11.aspx
Nov 5, 2013 - "... the exploit combines multiple techniques to bypass DEP and ASLR protections... Office 2010 uses the vulnerable graphic library, it is only affected only when running on older platforms such as Windows XP or Windows Server 2003, but it is -not- affected when running on newer Windows families (7, 8 and 8.1)..."
:fear::fear:
AplusWebMaster
2013-11-06, 11:20
FYI...
MS13-081/KB 2862330 went down the automatic update chute, triggering blue screens and endless re-installs. It still isn't fixed
- http://www.infoworld.com/t/microsoft-windows/botched-windows-usb-driver-patch-kb-2862330-triggers-bsod-0x000000d1-or-0x000000ca-230201
Nov 5, 2013 - "Last month's Black Tuesday crop included yet another stinker: MS13-081*/KB 2862330**, a "critical" Windows USB driver update that reaches into the Windows kernel, modifying all the USB 2.0 driver programs. Microsoft knew before the patch was released that it had an odd double-reboot tendency... As it turns out, that was the least of MS13-081's worries. The day after the patch appeared, Microsoft's Answers forum lit up with complaints. Here's a partial list of the problems Windows customers have experienced, after installing the patch:
• Windows 7 and Windows Server 2008 R2 may throw up a Blue Screen 0x000000D1 or 0x000000CA or 9x00000050 upon boot.
• Windows 7 and Server 2008 R2 machines may reboot, then stall at 32 percent. The only solution is to unplug the machine, then run a system restore -- necessary because the reboots stall at the same point in an endless cycle.
• After an extended period of time on reboot, Windows 2008 R2 shows the message "Please wait for modules installer," then "Failure configuring windows updates reverting change." Windows rolls back the changes, but tries to do them again.
• Windows XP has the same infinite-loop installation of the patch.
• There are also reports of failing USB keyboards and mice - at least one user reports his Microsoft Mouse won't work after installing the patch.
To date, I've seen no indication that Microsoft has isolated the source of the problem. There is no new version of the patch. There is, however, a very convoluted series of manual patching steps you can take if you feel an urgent need to install the patch. Look for the three scenarios in the KB 2862330 article. It helps if you have a degree in Computer Science. Although Microsoft hasn't completely pulled the patch - it still appears as an Important update in Windows 7 Automatic Update - the selection box is unchecked. Unless you manually check the box, the update will -not- be installed. The universal advice at this point is to refrain from installing the patch - hide it in Automatic Update if you have to. Since the patch is no longer installed by default, and almost a month after its release we still don't have an update, it's a safe assumption that the patch isn't quite as pressing as its "Critical" rating might indicate."
* http://technet.microsoft.com/en-us/security/bulletin/ms13-081
** http://support.microsoft.com/kb/2862330
Last Review: Oct 29, 2013 - Rev 3.0
:sad:
AplusWebMaster
2013-11-09, 18:39
FYI...
New IE 0-Day vuln exploiting msvcrt.dll
- https://isc.sans.edu/diary.html?storyid=16985
Last Updated: 2013-11-09 13:41:19 UTC - "FireEye Labs has discovered an "exploit that leverages a new information leakage vulnerability and an IE out-of-bounds memory access vulnerability to achieve code execution." [1] Based on their analysis, it affects IE 7, 8, 9 and 10. According to Microsoft, the vulnerability can be mitigated by EMET.[2][3] Additional information on FireEye Labs post available..."
1] http://www.fireeye.com/blog/technical/2013/11/new-ie-zero-day-found-in-watering-hole-attack.html
2] https://isc.sans.edu/forums/diary/EMET+40+is+now+available+for+download/16019
3] http://www.microsoft.com/en-us/download/details.aspx?id=39273
___
... or (once again) use an alternative browser!
:fear::fear::sad:
AplusWebMaster
2013-11-12, 03:33
FYI...
IE 0-Day vuln exploiting msvcrt.dll ...
- https://isc.sans.edu/diary.html?storyid=16985
Last Updated: 2013-11-11 23:41:53 UTC ... Version: 3 - "... Update: FireEye Labs provided additional information on the recently discovered IE zero-day exploit that is currently in the wild and has been named Trojan.APT.9002 (aka Hydraq/McRAT variant). They have published additional information on the Trojan that only runs in memory and leave very little artifacts that can help identify infected clients. Additional information about the Trojan can be found here(1) which also includes a list of domains, MD5 hash and User-Agent information.
Update 2: Microsoft is releasing tomorrow a fix for this vulnerability* (CVE-2013-3918) affecting Explorer ActiveX Control as "Bulletin 3" as MS13-090 listed in the November Microsoft Patch Tuesday Preview**..."
1) http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html
* http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspx
- https://blogs.technet.com/b/msrc/archive/2013/11/07/clarification-on-security-advisory-2896666-and-the-ans-for-the-november-2013-security-bulletin-release.aspx?Redirected=true
7 Nov 2013 - "... this release won’t include an update for the issue first described in Security Advisory 2896666..."
** https://isc.sans.edu/forums/diary/16982
- https://www.virustotal.com/en/ip-address/111.68.9.93/information/
- https://www.virustotal.com/en/ip-address/58.64.143.244/information/
___
- https://secunia.com/advisories/55611/
Last Update: 2013-11-13
Criticality: Extremely Critical
Where: From remote
Impact: System access ...
Software: Microsoft Internet Explorer 10.x, 9.x, 8.x, 7.x
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3918 - 9.3 (HIGH)
... vulnerability is caused due to an error within an ActiveX control...
Solution: Apply update...
- http://technet.microsoft.com/en-us/security/bulletin/ms13-090
Nov 12, 2013
:fear::fear:
AplusWebMaster
2013-11-12, 20:34
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms13-nov
Nov 12, 2013 - "This bulletin summary lists security bulletins released for November 2013...
(Total of -8-)
Microsoft Security Bulletin MS13-088 - Critical
Cumulative Security Update for Internet Explorer (2888505)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-088
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-089 - Critical
Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-089
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-090 - Critical
Cumulative Security Update of ActiveX Kill Bits (2900986)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-090
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-091 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-091
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-092 - Important
Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-092
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-093 - Important
Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-093
Important - Information Disclosure - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-094 - Important
Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-094
Important - Information Disclosure - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-095 - Important
Vulnerability in Digital Signatures Could Allow Denial of Service (2868626)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-095
Important - Denial of Service - Requires restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/archive/2013/11/12/authenticity-and-the-november-2013-security-updates.aspx?Redirected=true
12 Nov 2013
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/5238.Overview-Slide_5F00_DP.png
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/8228.Overview-Slide_5F00_Severity.png
___
- https://secunia.com/advisories/55054/ - MS13-088
- https://secunia.com/advisories/50000/ - MS13-089
- https://secunia.com/advisories/55611/ - MS13-090
- https://secunia.com/advisories/55539/ - MS13-091
- https://secunia.com/advisories/55550/ - MS13-092
- https://secunia.com/advisories/55558/ - MS13-093
- https://secunia.com/advisories/55574/ - MS13-094
- https://secunia.com/advisories/55629/ - MS13-095
___
November 2013 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2013/11/12/november-2013-office-update-release.aspx
12 Nov 2013 - "... There are 8 security updates (2 bulletins) and 18 non-security updates..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17003
2013-11-12 18:00:41 UTC
___
November 2013 Security Bulletin Release - Q&A
- https://blogs.technet.com/b/msrc/p/november-2013-security-bulletin-q-a.aspx?Redirected=true
Nov 13, 2013
"... Q: Regarding the TIFF registry change (Fix it) in Microsoft Security Advisory 2896666, can you explain how this will affect TIFF usage?...
A: TIFF images will be blocked on the affected software and platforms listed in the advisory..."
.
AplusWebMaster
2013-11-12, 21:38
FYI...
Microsoft Security Advisory (2896666)
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2896666
V1.1 (November 12, 2013): Clarified the scope of the active attacks, clarified affected software configurations, and revised workarounds...
- http://atlas.arbor.net/briefs/index#2125368770
High Severity
15 Nov 2013 15:38:46 +0000
The CVE-2013-3906* vulnerability has been leveraged by several threat actors. Organizations are strongly encouraged to ensure they are protected against this seriously vulnerability which has yet to be patched. A workaround is available**.
Source: http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/exploit-proliferation-additional-threat-groups-acquire-cve-2013-3906.html
* https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3906 - 9.3 (HIGH)
** https://support.microsoft.com/kb/2896666
Last Review: Nov 12, 2013 - Rev 3.0
Microsoft Fix it 51004
___
Microsoft Security Advisory (2880823)
Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.microsoft.com/en-us/security/advisory/2880823
Nov 12, 2013 - "Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing after January 1, 2016. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
Recommendation: Microsoft recommends that certificate authorities no longer sign newly generated certificates using the SHA-1 hashing algorithm and begin migrating to SHA-2. Microsoft also recommends that customers replace their SHA-1 certificates with SHA-2 certificates at the earliest opportunity. Please see the Suggested Actions section of this advisory for more information..."
Microsoft Security Advisory (2868725)
Update for Disabling RC4
- http://technet.microsoft.com/en-us/security/advisory/2868725
Nov 12, 2013 - "Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT to address known weaknesses in RC4. The update supports the removal of RC4 as an available cipher on affected systems through registry settings. It also allows developers to remove RC4 in individual applications through the use of the SCH_USE_STRONG_CRYPTO flag in the SCHANNEL_CRED structure. These options are -not- enabled by default.
Recommendation. Microsoft recommends that customers download and install the update immediately and then test the new settings in their environments. Please see the Suggested Actions section of this advisory for more information..."
Microsoft Security Advisory (2862152)
Vulnerability in DirectAccess Could Allow Security Feature Bypass
- http://technet.microsoft.com/en-us/security/advisory/2862152
Nov 12, 2013 - "Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how DirectAccess authenticates DirectAccess server connections to DirectAccess clients. An attacker who successfully exploited the vulnerability could use a specially crafted DirectAccess server to pose as a legitimate DirectAccess Server in order to establish connections with legitimate DirectAccess clients. The attacker-controlled system, appearing to be a legitimate server, could cause a client system to automatically authenticate and connect with the attacker-controlled system, allowing the attacker to intercept the target user's network traffic and potentially determine their encrypted domain credentials. Microsoft is not aware of any active attacks that are exploiting this vulnerability as of the release of this advisory.
Recommendation: Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.
Note: In addition to installing the update, additional administrative steps are required to be protected from the vulnerability described in this advisory. Please see the Suggested Actions section of this advisory for more information..."
___
Microsoft Security Advisory (2854544)
Updates to Improve Cryptography and Digital Certificate Handling in Windows
- http://technet.microsoft.com/en-us/security/advisory/2854544
V1.3 (November 12, 2013): Added the 2868725 update and Root Certificates Policy announcement to the Available Updates and Release Notes section.
:fear::fear::fear:
AplusWebMaster
2013-11-13, 14:54
FYI...
XP update locks machines with SVCHOST red lined at 100%: Fix it with KB 2879017...
- http://www.infoworld.com/t/microsoft-windows/windows-xp-update-locks-machines-svchost-red-lined-100-fix-it-kb-2879017-230733
Nov 13, 2013 - "... when Windows Update accesses the Microsoft website to gather a list of available updates, the machine can lock up for five, 10, 15 minutes - or more - with the CPU and fan running at 100 percent. Then, if the customer waits long enough for the updates to appear, and clicks to install them, the XP machine goes racing away again for another five or 10 or more minutes, with the CPU redlined at 100 percent... The best solution appears to be a manual update to Internet Explorer. Yes, Microsoft has messed up wuauclt.exe so badly that it has to be repaired by installing an IE update - not a Windows update - to get it working properly. The fix is part of the October cumulative IE patch known as MS13-080/ KB 2879017*. If you manually download and install the October cumulative patch, then you should be able to use Windows Update with no problems... You would think that simply upgrading to the latest version of IE would solve the problem, but it doesn't. You have to manually download and apply the patch for your version of IE..."
* http://technet.microsoft.com/en-us/security/Bulletin/MS13-080
:fear::fear:
AplusWebMaster
2013-11-14, 15:17
FYI...
MS13-088 - KB2888505
- http://windowssecrets.com/patch-watch/patch-watch-placeholder/
Nov 13, 2013 - "This month’s cumulative IE update fixes -10- newly reported vulnerabilities. KB 2888505 is rated -critical- for Versions 6–11. The only version to get a pass is the new Internet Explorer 11 for Windows 7. This update also includes -17- nonsecurity fixes, as detailed in MS Support article 2888505*... you must keep IE updated, even if you typically use another browser. IE is more than a browser: it’s a key component of the Windows operating system..."
* http://support.microsoft.com/default.aspx?scid=kb;en-us;2888505
:fear:
AplusWebMaster
2013-11-20, 14:50
FYI...
MS to fix XP update SVCHOST redline issue 'soon'
- http://www.infoworld.com/t/microsoft-windows/microsoft-fix-windows-xp-update-svchost-redline-issue-soon-230940
Nov 15, 2013 - "... The Microsoft Update team has analyzed the latest manifestation, come up with an explanation, and has promised that a permanent solution will arrive "as soon as possible." Windows Update team member Doug Neal has just posted a message to the Patch Management Mailing List that explains what's happening when Windows XP's Windows Update agent, wuauclt.exe (running in a SVCHOST wrapper), drives CPU utilization to 100 percent - and can keep WinXP machines pegged at 100 percent for -15- minutes or longer.
'The problem is caused by the Windows Update client evaluating an exceptionally long supersedence chain - something IE6 and IE7 have more than any other version of IE due to their time in market. Each 'link' in the chain doubles the CPU resources needed to evaluate it over the previous version. The chain is so long that the design stymies the WUA client.'
... Neal concludes by saying:
'While I can't provide a date for when this will be done, we know it's an issue affecting customer PCs and we're working to get it out as soon as possible to halt the impact'..."
:fear: :sad:
AplusWebMaster
2013-11-21, 23:30
FYI...
KB 2670838 - fuzzy fonts ...
- http://www.infoworld.com/t/microsoft-windows/blurry-fonts-bug-kb-2670838-persists-ie11-and-windows-7-231035
Nov 18, 2013 - "... Microsoft didn't solve the problem, but it did publish a list of video drivers thought to conflict with the patch. The company also modified the installer to avoid planting the font-busting patch on machines running the identified bad video drivers. That list, toward the bottom of article KB 2670838*, has gone through -eight- major revisions... seeing complaints all over the Web that installing Internet Explorer 11 on Windows 7 can -trigger- the same problem - and the fuzzy fonts appear even on machines that aren't running any of the identified problematic video drivers... also seeing reports that the fuzzy fonts crop up on Firefox, Chrome, and - remarkably - Internet Explorer itself. Some people report that the fuzziness goes away if the pages are refreshed enough times. Others see fuzzy characters only on some pages, but very similar pages don't have the problem. If you have a case of the font fuzzies and are using IE10, the only known solution involves uninstalling KB 2670838. But if you've installed IE11, you may or may not have KB 2670838 - and if you do have it, uninstalling doesn't fix the problem..."
* http://support.microsoft.com/kb/2670838/en-us
Sep 30, 2013 - Rev 8.0
:fear::sad:
AplusWebMaster
2013-11-22, 16:36
FYI...
CVE-2013-3918 Exploit...
- http://www.threattracksecurity.com/it-blog/a-look-inside-a-cve-2013-3918-exploit/
Nov 22, 2013 - "... If you haven’t updated your OS yet, -now- is the time to do it... We were able to retrieve a piece of the exploit malware... Here is a malformed HTML website I used to test the exploit on.
> http://www.threattracksecurity.com/it-blog/wp-content/uploads/2013/11/CDA99A7C92A63D6095A5BA4CACC6ED89.jpg
As you can see, there’s nothing special about it. All one can see is a white page with the text “Hello man” on it. What users don’t know is that infiltration and code execution happens in the background. They don’t see anything happening until it’s already too late..."
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3918 - 9.3 (HIGH)
Last revised: 11/15/2013 - "... as exploited in the wild in November 2013, aka 'InformationCardSigninHelper' Vulnerability."
Microsoft Security Bulletin MS13-090 - Critical
Cumulative Security Update of ActiveX Kill Bits (2900986)
- http://technet.microsoft.com/security/bulletin/MS13-090
___
- http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-a-silverlight-exploit/
Nov 25, 2013 - "... independent security researchers found that the Angler Exploit Kit had added Silverlight to their list of targeted software, using CVE-2013-0074. When we analyzed the available exploit, we found that in addition to CVE-2013-0074, a second vulnerability, CVE-2013-3896, in order to bypass ASLR. These vulnerabilities are discussed in two separate Microsoft security bulletins, namely MS13-022 and MS13-087, respectively..."
:fear::fear: :sad:
AplusWebMaster
2013-11-28, 14:30
FYI...
Microsoft Security Advisory (2914486)
Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege
- http://technet.microsoft.com/en-us/security/advisory/2914486
November 27, 2013 - "Microsoft is investigating new reports of a vulnerability in a kernel component of Windows XP and Windows Server 2003. We are aware of limited, targeted attacks that attempt to exploit this vulnerability. Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003. The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Microsoft is actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs..."
0 day exploit in wild
- https://isc.sans.edu/diary.html?storyid=17117
Last Updated: 2013-11-28 01:05:44 - "... the temporary fix outlined breaks some windows features, specifically some IPSEC VPN functions..."
- http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html
November 27, 2013 - "... The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit..."
- http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
- https://atlas.arbor.net/briefs/index#-1423916473
High Severity
Published: Fri, 06 Dec 2013 00:00:26 +0000
Public exploit code has been released for CVE-2013-5065, a vulnerability in the Windows Kernel NDPROXY component that allows for privilege escalation attacks.
Analysis: .... With public exploit code available, the bar has been lowered significantly.
Source: http://1337day.com/exploits/21615
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5065 - 7.2 (HIGH)
Last revised: 11/29/2013 - "... as exploited in the wild in November 2013."
:fear::fear:
AplusWebMaster
2013-11-28, 17:47
FYI...
.NET Framework 4.5.1
- http://windowssecrets.com/newsletter/a-hands-on-look-at-microsofts-new-xbox-one/#story6
November 27, 2013 - "Skip this serving of .NET Framework 4.5.1... 2858725..."
KB 2858725
- http://support.microsoft.com/kb/2858725
Last Review: Nov 26, 2013 - Rev 4.0
How to temporarily block the installation of the .NET Framework 4.5.1 ...
- http://support.microsoft.com/kb/2721187
Last Review: Nov 26, 2013 - Rev 3.0
Applies to:
• Microsoft .NET Framework 4.5.1, when used with:
Windows Vista Ultimate
Windows 7 Ultimate
Windows Server 2008 Enterprise
Windows Server 2008 R2 Enterprise
Windows Server 2012 Standard
___
.NET Framework Cleanup Tool
- http://blogs.msdn.com/b/astebner/archive/2008/08/28/8904493.aspx
:fear: :sad:
AplusWebMaster
2013-12-10, 04:24
FYI...
MS Security Advisory (2916652)
Improperly Issued Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/en-us/security/advisory/2916652
Dec 9, 2013 - "Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. The improperly issued subordinate CA certificate has been misused to issue SSL certificates for multiple sites, including Google web properties. These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. The subordinate CA certificate may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks. To help protect customers from potentially fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of certificates that are causing this issue. For more information about these certificates, see the Frequently Asked Questions section of this advisory... in addition to addressing the certificates described in this advisory, this update is cumulative and includes digital certificates described in previous advisories..."
:fear:
AplusWebMaster
2013-12-10, 20:28
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms13-dec
Dec 10, 2013 - "This bulletin summary lists security bulletins released for December 2013...
(Total of -11-)
Microsoft Security Bulletin MS13-096 - Critical
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (2908005)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-096
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office, Microsoft Lync
• V1.1 (December 10, 2013): Clarified that users should -undo- the Disable the TIFF Codec workaround* and the Disable data collaboration in Lync workaround after applying the update. See the Update FAQ for more information. Added undo steps to the Disable data collaboration in Lync workaround...
* https://support.microsoft.com/kb/2908005
Disable this Fix it - 51005
• V1.2 (December 20, 2013): Revised the Based on the configuration of my system, how do I know if my system is affected? Update FAQ to include the updates that are applicable for each configuration...
Microsoft Security Bulletin MS13-097 - Critical
Cumulative Security Update for Internet Explorer (2898785)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-097
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-098 - Critical
Vulnerability in Windows Could Allow Remote Code Execution (2893294)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-098
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-099 - Critical
Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-099
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-105 - Critical
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-105
Critical - Remote Code Execution - Does not require restart - Microsoft Exchange
• V1.1 (December 10, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
Microsoft Security Bulletin MS13-100 - Important
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-100
Important - Remote Code Execution - May require restart - Microsoft SharePoint
Microsoft Security Bulletin MS13-101 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-101
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-102 - Important
Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-102
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-103 - Important
Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-103
Important - Elevation of Privilege - Does not require restart - Microsoft Developer Tools
Microsoft Security Bulletin MS13-104 - Important
Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-104
Important - Information Disclosure - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-106 - Important
Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass
- https://technet.microsoft.com/en-us/security/bulletin/ms13-106
Important - Security Feature Bypass - May require restart - Microsoft Office
___
- http://blogs.technet.com/b/msrc/archive/2013/12/10/omphaloskepsis-and-the-december-2013-security-update-release.aspx?Redirected=true
Deployment Priority
- https://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-components-imagefileviewer/communityserver-blogs-components-weblogfiles-00-00-00-45-71/7360.deployment.jpg_2D00_550x0.jpg
- http://blogs.technet.com/b/srd/archive/2013/12/10/assessing-risk-for-the-december-2013-security-updates.aspx
"... we released eleven security bulletins addressing 24 CVE’s..."
___
December 2013 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2013/12/09/december-2013-office-update-release.aspx
9 Dec 2013 - "... There are 12 security updates (4 bulletins) and 43 non-security updates..."
(More detail at the URL above.)
___
- https://secunia.com/advisories/55584/ - MS13-096
- https://secunia.com/advisories/55967/ - MS13-097
- https://secunia.com/advisories/55971/ - MS13-098
- https://secunia.com/advisories/55981/ - MS13-099
- https://secunia.com/advisories/55985/ - MS13-100
- https://secunia.com/advisories/55986/ - MS13-101
- https://secunia.com/advisories/55988/ - MS13-102
- https://secunia.com/advisories/55991/ - MS13-103
- https://secunia.com/advisories/56007/ - MS13-103
- https://secunia.com/advisories/55997/ - MS13-104
- https://secunia.com/advisories/55998/ - MS13-105
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5057 - MS13-106
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17198
Last Updated: 2013-12-10 20:39:23 UTC
___
0-Day Fixes From Adobe, Microsoft
- http://krebsonsecurity.com/2013/12/zero-day-fixes-from-adobe-microsoft/
Dec 10, 2013
.
AplusWebMaster
2013-12-10, 22:45
FYI...
Microsoft Security Advisory (2915720)
Changes in Windows Authenticode Signature Verification
- http://technet.microsoft.com/en-us/security/advisory/2915720
Dec 10, 2013 - "Microsoft is announcing the availability of an update for all supported releases of Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with Security Bulletin MS13-098, but will not be enabled until June 10, 2014. Once enabled, the new default behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure. Note that after June 10, 2014, Windows will no longer recognize non-compliant binaries as signed... see the Suggested Actions section of this advisory for more information..."
Microsoft Security Advisory (2905247)
Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege
- http://technet.microsoft.com/en-us/security/advisory/2905247
Dec 10, 2013 - "Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NET view state that exists when Machine Authentication Code (MAC) validation is disabled through configuration settings. The vulnerability could allow elevation of privilege and affects all supported versions of Microsoft .NET Framework except .NET Framework 3.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1. Any ASP.NET site for which view state MAC has become disabled through configuration settings is vulnerable to attack. An attacker who successfully exploited the vulnerability could use specially crafted HTTP content to inject code to be run in the context of the service account on the ASP.NET server. Microsoft is aware of general information available publicly that could be used to exploit this vulnerability, but is not aware of any active attacks... see the Suggested Actions section of this advisory for more information..."
Microsoft Security Advisory (2896666)
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2896666
Updated: Dec 10, 2013 - "... We have issued MS13-096* to address the Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2013-3906). For more information about this issue, including download links for an available security update, please review MS13-096..."
* https://technet.microsoft.com/en-us/security/bulletin/ms13-096
Microsoft Security Advisory (2871690)
Update to Revoke Non-compliant UEFI Modules
- http://technet.microsoft.com/en-us/security/advisory/2871690
Dec 10, 2013 - "Microsoft is announcing the availability of an update for Windows 8 and Windows Server 2012 that revokes the digital signatures for nine private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are either not in compliance with our certification program or their authors have requested that the packages be revoked. At the time of this release, these UEFI modules are not known to be available publicly. Microsoft is not aware of any misuse of the affected UEFI modules. Microsoft is proactively revoking these non-compliant modules as part of ongoing efforts to protect customers. This action only affects systems running Windows 8 and Windows Server 2012 that are capable of UEFI Secure Boot where the system is configured to boot via UEFI and Secure Boot is enabled. There is no action on systems that do not support UEFI Secure Boot or where it is disabled... Microsoft Knowledge Base Article 2871690* documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues..."
* https://support.microsoft.com/kb/2871690
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/security/advisory/2755801
Dec 10, 2013 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update..."
:fear::fear:
AplusWebMaster
2013-12-13, 16:41
FYI...
Microsoft Security Advisory (2916652)
Improperly Issued Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/en-us/security/advisory/2916652
• V2.0 (December 12, 2013): Advisory revised to announce the availability of the 2917500 update for customers running Windows XP or Windows Server 2003, or for customers who choose not to install the automatic updater of revoked certificates. The 2917500 update* is available via the Microsoft Update service and from the download center. For more information, see the Suggested Actions section of this advisory.
* http://support.microsoft.com/kb/2917500
Last Review: December 12, 2013
:fear:
AplusWebMaster
2013-12-13, 17:49
FYI...
Event ID 27, "Calendar Folder property is missing," after you apply
Office 2010 SP2: http://support.microsoft.com/kb/2883156
- http://msmvps.com/blogs/bradley/archive/2013/12/12/event-id-27-quot-calendar-folder-property-is-missing-quot-hotfix-out.aspx
Dec 12 2013 - "If you are suffering from that
Try this hotfix..."
Description of the Outlook 2010 hotfix package (Outlook-x-none.msp):
December 10, 2013
- http://support.microsoft.com/kb/2849973
:fear:
AplusWebMaster
2013-12-13, 21:34
FYI...
Microsoft Security Advisory (2915720)
Changes in Windows Authenticode Signature Verification
- http://technet.microsoft.com/en-us/security/advisory/2915720
• V1.1 (December 13, 2013): Corrected the registry key information in the Test the Improvement to Authenticode Signature Verification suggested action. Customers who have applied or plan to apply the suggested action should review the revised information.
:fear::fear:
AplusWebMaster
2013-12-16, 17:56
FYI...
MS to fix Win XP SVCHOST redlining 'ASAP' ...
- http://www.infoworld.com/t/microsoft-windows/microsoft-promises-fix-windows-xp-svchost-redlining-soon-possible-232675
Dec 16, 2013 - "... the XP Windows Update agent WUAUCLT.EXE running in a SVCHOST wrapper redlines, taking 100 percent of the CPU for five, 10, 15 minutes - up to an hour or two. If you have Automatic Update enabled on your computer, that means every time you re-boot Windows XP your machine can lock up for hours on end; pull the plug, and the -same- thing happens over again. On Friday night we (finally) received an official explanation that describes why the problem happens, along with a description of what Microsoft is doing to resolve it and a promise that it'll get fixed "as soon as possible"... with something like half a billion Windows XP machines out there still connected to the Internet, it's a horrendous problem... Doug Neal, senior program manager for Windows and Microsoft Update, sent a message to the PatchManagement listserv on Friday night...
'In September we witnessed a large number of reports of SVCHOST taking high CPU for extended periods of time. This was primarily on Windows XP machines running IE6 or IE7. There were a few reports of this happening on Windows XP with IE8, but only a few.' ..."
:sad: :fear:
AplusWebMaster
2013-12-19, 15:31
FYI...
MS yanks second botched Surface update ...
MS pulls the bad December firmware update for the Surface Pro 2 - with no hint as to when a fix is coming or what afflicted customers should do
- http://www.infoworld.com/t/microsoft-windows/microsoft-yanks-second-botched-surface-update-in-many-months-232943
Dec 19, 2013 - "... On Dec. 10, Microsoft released a firmware update that was intended to improve stability, push updated Wi-Fi drivers, and promote better cover interaction with sleep, screen dimming, and more on the Surface Pro 2. Microsoft keeps a list of the firmware changes on one obscure page on its website* - not in the Knowledge Base, -not- on the official Windows blog. That page has no indication at all that the botched patch has been pulled..."
* http://www.microsoft.com/surface/en-us/support/install-update-activate/pro-2-update-history?lc=1041
:sad: :fear:
AplusWebMaster
2014-01-08, 18:50
FYI...
MS pulls plug on MSE for XP
- http://www.infoworld.com/t/microsoft-windows/microsoft-pulls-the-plug-microsoft-security-essentials-windows-xp-233721
Jan 8, 2014 - "... the official end of support Web page* now states that 'Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP on this date'... "
* http://windows.microsoft.com/en-us/windows/end-support-help
"... after April 8, 2014, technical assistance for Windows XP will no longer be available, including automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP on this date..."
:fear::fear:
AplusWebMaster
2014-01-14, 20:36
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms14-jan
Jan 14, 2014 - "This bulletin summary lists security bulletins released for January 2014...
(Total of -4-)
Microsoft Security Bulletin MS14-001 - Important
Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)
- https://technet.microsoft.com/en-us/security/bulletin/ms14-001
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS14-002 - Important
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)
- https://technet.microsoft.com/en-us/security/bulletin/ms14-002
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-003 - Important
Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)
- https://technet.microsoft.com/en-us/security/bulletin/ms14-003
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-004 - Important
Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)
- https://technet.microsoft.com/en-us/security/bulletin/ms14-004
Important - Denial of Service - May require restart - Microsoft Dynamics AX
___
Deployment Priority, Severity, Exploit Index
- https://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/Jan_2D00_2014_2D00_Priority_2D00_Final.jpg
- https://blogs.technet.com/b/msrc/archive/2014/01/14/a-look-into-the-future-and-the-january-2014-bulletin-release.aspx
____
- https://secunia.com/advisories/56201/ - MS14-001
- https://secunia.com/advisories/55809/ - MS14-002
- https://secunia.com/advisories/56275/ - MS14-003
- https://secunia.com/advisories/56277/ - MS14-004
___
January 2014 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2014/01/14/january-2014-office-update.aspx
14 Jan 2014 - "There are 12 security updates (1 bulletin) and 1 non-security update...
SECURITY UPDATES: MS14-001...
NON-SECURITY UPDATES: To improve stability and performance for Outlook 2013...
• Update for Microsoft Outlook 2013 KB2850061: http://support.microsoft.com/kb/2850061
Please note that these updates are all found in their corresponding versions of Office Click-to-Run: Office 2013: 15.0.4551.1512 ..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17429
Last Updated: 2014-01-14 18:03:19 UTC
.
AplusWebMaster
2014-01-15, 00:28
FYI...
Microsoft Security Advisory (2914486)
Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege
- http://technet.microsoft.com/en-us/security/advisory/2914486
Updated: Jan 14, 2014 - "... We have issued MS14-002* to address the Kernel NDProxy Vulnerability (CVE-2013-5065)..."
* https://technet.microsoft.com/en-us/security/bulletin/ms14-002
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5065 - 7.2 (HIGH)
___
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/security/advisory/2755801
Updated: Jan 14, 2014 - "... update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... available via Windows Update*..."
* https://update.microsoft.com/
___
Microsoft Security Advisory (2916652)
Improperly Issued Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/en-us/security/advisory/2916652
V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
:fear::fear:
AplusWebMaster
2014-01-15, 14:13
FYI...
Update fixes an issue that causes Windows to crash
- http://support.microsoft.com/kb/2913431/en-us
Last Review: January 14, 2014 - Revision: 1.1 - "This update fixes an issue that may cause a Windows 7 or Windows Server 2008 R2-based computer to crash. This issue occurs when a program that uses Windows Filtering Platform (such as an antivirus program) is running on the computer... This update is available from Windows Update..."
:fear::fear:
AplusWebMaster
2014-01-16, 18:09
FYI...
XP - brief extention...
- https://blogs.technet.com/b/mmpc/archive/2014/01/15/microsoft-antimalware-support-for-windows-xp.aspx?Redirected=true
15 Jan 2014 - "... To help organizations complete their migrations, Microsoft will continue to provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015. This does -not- affect the end-of-support date of Windows XP, or the supportability of Windows XP for other Microsoft products, which deliver and apply those signatures. For enterprise customers, this applies to System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune running on Windows XP. For consumers, this applies to Microsoft Security Essentials..."
OS market share
- http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0
Dec 2013
:fear:
AplusWebMaster
2014-01-20, 14:05
FYI...
Microsoft Security Bulletin MS13-081 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-081
V2.0 (January 14, 2014): Rereleased bulletin to announce the reoffering of the 2862330 update to systems running Windows 7 or Windows Server 2008 R2. See the Update FAQ* for details..." *"... Customers who already installed the original update will be re-offered the 2862330 update and are encouraged to apply it at the earliest opportunity..."
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3128 - 9.3 (HIGH)
- http://support.microsoft.com/kb/2862330
"This security update was originally released on October 8, 2013. The security update was rereleased on January 14, 2014, for computers that are running Windows 7 Service Pack 1 (SP1) or Windows Server 2008 R2 SP1. The rerelease addresses an issue in which one of the drivers of the USB 2.0 core stack is not updated in some specific computer configurations."
Last Review: Jan 14, 2014 - Revision: 8.0
___
MS13-098: Vulnerability in Windows could allow remote code execution
- http://support.microsoft.com/kb/2893294
Last Review: Dec 20, 2013 - Revision: 3.0
MS13-101: Security update for Windows kernel-mode drivers
- http://support.microsoft.com/kb/2893984
Last Review: Dec 17, 2013 - Revision: 2.0
Description of Software Update Services and Windows Server Update Services changes in content for 2014
- http://support.microsoft.com/kb/894199
Last Review: Jan 16, 2014 - Revision: 18.1
:fear:
AplusWebMaster
2014-02-03, 14:16
FYI...
Folder views are not updated when you arrange by categories in Outlook after you apply Exchange Server 2010 Service Pack 3 Update Rollup 3 or Update Rollup 4
- http://support.microsoft.com/kb/2925273/en-us
"Workaround:
> To work around this problem when you sort messages by categories, you can update the folder view when you select a different folder view, such as Date (Conversations), and then return to the Categories view.
> To work around this problem when it occurs only in online-mode in the Outlook client, you can use Outlook in cached mode. Or, if it is possible, you can use OWA to make the change to the folder view."
Last Review: Feb 3, 2014 - Revision: 4.1
Applies to: Microsoft Exchange Server 2010 Service Pack 3
:fear::fear:
AplusWebMaster
2014-02-04, 12:24
FYI...
MS13-098 - Known issues ...
- http://support.microsoft.com/kb/2893294/en-us
"... Known issues with this security update:
After you install this security update on a computer that is running Windows Vista or Windows Server 2008, the computer name might change to "MINWINPC." When this problem occurs, you cannot log on to computer even if you restart the computer. When you try to log on, you may receive an error message that resembles the following:
The username or password is incorrect.
This issue occurs when you install the security update on a system that has partly corrupted data or when the following registry key does not exist..."
Last Review: Feb 3, 2014 - Rev: 4.0
MS Security Bulletin MS13-098 - Critical
Vulnerability in Windows Could Allow Remote Code Execution (2893294)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-098
:fear: :sad:
AplusWebMaster
2014-02-05, 05:33
FYI...
MS Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/security/advisory/2755801
Updated: Feb 04, 2014 Ver: 19.0 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service..."
- https://support.microsoft.com/kb/2929825
Last Review: Feb 4, 2014 - Rev: 2.0
:fear:
AplusWebMaster
2014-02-11, 20:38
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms14-feb
Feb 11, 2014 - "This bulletin summary lists security bulletins released for February 2014...
(Total of -7-)
Microsoft Security Bulletin MS14-010 - Critical
Cumulative Security Update for Internet Explorer (2909921)
- https://technet.microsoft.com/en-us/security/bulletin/ms14-010
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS14-011 - Critical
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
- https://technet.microsoft.com/en-us/security/bulletin/ms14-011
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-007 - Critical
Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)
- https://technet.microsoft.com/en-us/security/bulletin/ms14-007
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-008 - Critical
Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/bulletin/ms14-008
Critical - Remote Code Execution - May require restart - Microsoft Security Software
Microsoft Security Bulletin MS14-009 - Important
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)
- https://technet.microsoft.com/en-us/security/bulletin/ms14-009
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS14-005 - Important
Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)
- https://technet.microsoft.com/en-us/security/bulletin/ms14-005
Important - Information Disclosure - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-006 - Important
Vulnerability in IPv6 Could Allow Denial of Service (2904659)
- https://technet.microsoft.com/en-us/security/bulletin/ms14-006
Important - Denial of Service - Requires restart - Microsoft Windows
___
Deployment Priority, Severity, and Exploit Index
- https://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/February_5F00_Deployment.jpg
- https://blogs.technet.com/b/msrc/archive/2014/02/11/safer-internet-day-2014-and-our-february-2014-security-updates.aspx
___
- https://secunia.com/advisories/56771/ - MS14-005 ...Reported as a 0-day.
- https://secunia.com/advisories/56775/ - MS14-006
- https://secunia.com/advisories/56781/ - MS14-007
- https://secunia.com/advisories/56788/ - MS14-008
- https://secunia.com/advisories/56793/ - MS14-009
- https://secunia.com/advisories/56796/ - MS14-010
- https://secunia.com/advisories/56814/ - MS14-011
___
February 2014 Office Updates Release
- https://blogs.technet.com/b/office_sustained_engineering/archive/2014/02/11/february-2014-office-updates-release.aspx?Redirected=true
11 Feb 2014 - "... There are 0 security updates and 8 non-security updates...
NON-SECURITY UPDATES
To improve stability and performance for Office 2010
• Update for Microsoft SharePoint Workspace 2010 (KB2760601)
• Update for Microsoft InfoPath 2010 (KB2817396)
• Update for Microsoft InfoPath 2010 (KB2817369)
• Update for Microsoft Office 2010 (KB2837583)
• Update for Microsoft OneNote 2010 (KB2837595)
• Update for Microsoft Outlook 2010 (KB2687567)
• Update for Microsoft PowerPoint 2010 (KB2775360) ...
There are no Outlook Junk Email Filter updates for February. The next Outlook Junk Email Filters updates will ship in the March 2014 update...
There is no Click-to-Run 2013 update for February. The next Click-to-Run update will ship in the April 2014 update..."
Office 365 - Multi-Factor Authentication
- http://blogs.office.com/2014/02/10/multi-factor-authentication-for-office-365/
Feb 10, 2014
___
- http://krebsonsecurity.com/2014/02/security-updates-for-shockwave-windows/
Feb 11, 2014 - "... seven patch bundles addressing at least 31 vulnerabilities in Windows and related software... The cumulative, critical security update for all versions of Internet Explorer (MS14-010) fixes two dozen vulnerabilities, including one that Microsoft says has already been publicly disclosed. The other patch that Microsoft specifically called out — MS14-011 — addresses a vulnerability in VBScript that could cause problems for IE users..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17615
Last Updated: 2014-02-11 18:11:29
.
AplusWebMaster
2014-02-12, 05:05
FYI...
Microsoft Security Advisory (2915720)
Changes in Windows Authenticode Signature Verification
- http://technet.microsoft.com/en-us/security/advisory/2915720
Feb 11, 2014 - Ver: 1.2
Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.microsoft.com/en-us/security/advisory/2862973
Feb 11, 2014 - Ver: 2.0
:fear:
AplusWebMaster
2014-02-13, 17:06
FYI...
- http://windowssecrets.com/patch-watch/staying-safe-on-the-internet-year-round/
Feb 12, 2014 - "... Patch Tuesday’s Internet Explorer patch fixes -24- vulnerabilities, most susceptible to remote code-execution exploits. KB 2909921 is a -critical- update for IE versions 6–11*, on -all- supported Windows workstations. If you’re still running IE9, KB 2909921 will fix a related VBScript threat. But all other supported versions of IE need KB 2928390 ...
What to do: Attacks using the vulnerabilities patched by KB 2909921 (MS14-010) could appear soon. Install this update when offered..."
* MS14-010: Cumulative security update for Internet Explorer ...
- http://technet.microsoft.com/security/bulletin/MS14-010
- http://support.microsoft.com/kb/2909921
Last Review: Feb 11, 2014 - Rev: 1.0
___
MS14-011 - VBScript Scripting Engine ...
- http://technet.microsoft.com/security/bulletin/MS14-011
- http://support.microsoft.com/kb/2928390
Last Review: Feb 11, 2014 - Rev: 1.0
:fear::fear:
AplusWebMaster
2014-02-14, 06:13
FYI...
IE10 0-Day found in Watering Hole Attack
- http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2.html
Feb 13, 2014 - "FireEye Labs has identified a new Internet Explorer (IE) zero-day exploit hosted on a breached website based in the U.S. It’s a brand new zero-day that targets IE 10 users visiting the compromised website – a classic drive-by download attack. Upon successful exploitation, this zero-day attack will download a XOR encoded payload from a remote server, decode and execute it. This post was intended to serve as a warning to the general public. We are collaborating with the Microsoft Security team on research activities..."
- http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html
Feb 13, 2014 - "... Mitigation: The exploit targets IE 10 with Adobe Flash. It aborts exploitation if the user is browsing with a different version of IE or has installed Microsoft’s Experience Mitigation Toolkit (EMET). So installing EMET or updating to IE 11 prevents this exploit from functioning..."
Related: http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/in-turn-its-pdf-time.html
Feb 13, 2013 - "... In response to the many requests we’ve received for more detailed information, we would like to let our readers know that we have been working with Adobe and have jointly agreed to refrain from posting the technical details of the zero-day at this time. This post was intended to serve as a warning to the general public. We will update this post with more information at a later time."
- https://isc.sans.edu/diary.html?storyid=17642
Last Updated: 2014-02-14 04:11:27 UTC
___
- http://www.securitytracker.com/id/1029765
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0322 - 9.3 (HIGH)
Updated: Feb 20 2014
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Description: ... A specific exploit is active that targets version 10 but -exits- if Microsoft’s Experience Mitigation Toolkit (EMET) is detected...
This vulnerability is being actively exploited...
FireEye reported this vulnerability.
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The "MSHTML Shim Workaround" Microsoft Fix it solution will prevent exploitation.
The vendor's advisory is available at:
- https://technet.microsoft.com/security/advisory/2934088
Microsoft Fix it 51007
Watering hole attack using IE 10 0-day
> http://www.symantec.com/connect/sites/default/files/users/user-2300501/ie10_0day-diagram1.png
15 Feb 2014
MS IE10 - CMarkup Use-After-Free vuln
- https://secunia.com/advisories/56974/
Last Update: 2014-02-20
Criticality: Extremely Critical
Where: From remote
Impact: System access
Solution: Apply FixIt.
Original Advisory: Microsoft (KB2934088):
Last Review: Feb 19, 2014 - Rev: 1.0
Enable MSHTML shim workaround - Microsoft Fix it 51007*
... Before you install this Fix it solution, you must first install the latest updates for Internet Explorer 9 or Internet Explorer 10. To install the most current update for Internet Explorer, go to the following Microsoft webpage:
- http://update.microsoft.com/microsoftupdate
* http://support.microsoft.com/kb/2934088#FixItForMe
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0322 - 9.3 (HIGH)
Last revised: 02/18/2014 - "... as exploited in the wild in January and February 2014."
.
- http://www.kb.cert.org/vuls/id/732479
Last revised: 19 Feb 2014
- http://arstechnica.com/security/2014/02/new-zero-day-bug-in-ie-10-exploited-in-active-malware-attack-ms-warns/
Feb 13 2014 - "... surreptitiously installed -malware- on computers running a fully patched version 10 of the Internet Explorer browser. The attacks also work on IE 9... strongly consider switching to another browser altogether. Google Chrome has long received high marks for security, as has Mozilla Firefox."
- http://www.theinquirer.net/inquirer/news/2328919/hackers-exploit-internet-explorer-10-zero-day-bug-in-targeted-attacks-on-military
Feb 14 2014 - "... just avoid the Microsoft browser altogether by running an alternative like Google Chrome or Mozilla Firefox."
:fear::fear: :mad:
AplusWebMaster
2014-02-20, 14:24
FYI...
Microsoft Security Advisory (2934088)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2934088
Feb 19, 2014
- http://support.microsoft.com/kb/2934088
Last Review: Feb 19, 2014 - Rev: 1.0
Enable MSHTML shim workaround - Microsoft Fix it 51007*
... Before you install this Fix it solution, you must first install the latest updates for Internet Explorer 9 or Internet Explorer 10. To install the most current update for Internet Explorer, go to the following Microsoft webpage:
- http://update.microsoft.com/microsoftupdate
* http://support.microsoft.com/kb/2934088#FixItForMe
- http://support.microsoft.com/kb/2909921 - MS14-010
Last Review: Mar 12, 2014 - Rev: 2.0
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0322 - 9.3 (HIGH)
Last revised: 03/06/2014 - "... as exploited in the wild in January and February 2014."
- http://atlas.arbor.net/briefs/index#-1535410988
High Severity
20 Feb 2014
"... 0day exploit code for Internet Explorer 10. IE 9 is also vulnerable. Earlier exploit activity around CVE-2014-0322 has also been observed. The actual exploit code has been made publicly available. A security bulletin and fix-it are available from Microsoft..."
___
- https://blogs.technet.com/b/msrc/archive/2014/02/19/microsoft-releases-security-advisory-2934088.aspx?Redirected=true
Feb 19, 2014 - "... impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are -not- affected..."
:fear::fear:
AplusWebMaster
2014-02-21, 02:25
FYI...
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/security/advisory/2755801
Updated: Feb 20, 2014 - "... Microsoft released an update (2934802) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-07. For more information about this update, including download links, see Microsoft Knowledge Base Article 2934802*.
Prerequisite: This update is not cumulative and requires that cumulative update 2916626**, released on January 14, 2014, be installed. The previous update (2929825), released on February 4, 2014, is not a dependency; the fixes it contains have been rolled into this current update (2934802).
Note: Updates for Windows RT and Windows RT 8.1 are available via Windows Update**..."
* https://support.microsoft.com/kb/2934802
** https://support.microsoft.com/kb/2916626
*** http://update.microsoft.com/microsoftupdate
- https://secunia.com/advisories/57067/
Release Date: 2014-02-21
Criticality: Highly Critical
Where: From remote
Impact: Exposure of sensitive information, System access...
For more information: https://secunia.com/SA57057/
Solution: Apply updates...
___
Microsoft Security Advisory (2934088)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2934088
Feb 19, 2014
- http://support.microsoft.com/kb/2934088
Last Review: Feb 19, 2014 - Rev: 1.0
Enable MSHTML shim workaround - Microsoft Fix it 51007*
... Before you install this Fix it solution, you must first install the latest updates for Internet Explorer 9 or Internet Explorer 10. To install the most current update for Internet Explorer, go to the following Microsoft webpage:
- http://update.microsoft.com/microsoftupdate
* http://support.microsoft.com/kb/2934088#FixItForMe
- http://support.microsoft.com/kb/2909921 - MS14-010
Last Review: Feb 11, 2014 - Rev: 1.0
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0322 - 9.3 (HIGH)
Last revised: 02/21/2014 - "... as exploited in the wild in January and February 2014"
- http://atlas.arbor.net/briefs/index#-1535410988
High Severity
20 Feb 2014
"... 0day exploit code for Internet Explorer 10. IE 9 is also vulnerable. Earlier exploit activity around CVE-2014-0322 has also been observed. The actual exploit code has been made publicly available. A security bulletin and fix-it are available from Microsoft..."
:fear::fear:
AplusWebMaster
2014-02-28, 12:21
FYI...
Microsoft Security Advisory (2871690)
Update to Revoke Non-compliant UEFI Modules
- http://technet.microsoft.com/en-us/security/advisory/2871690
Updated: Feb 27, 2014 Ver: 2.0 - "Microsoft is announcing the availability of an update for Windows 8 and Windows Server 2012 that revokes the digital signatures for nine private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are either not in compliance with our certification program or their authors have requested that the packages be revoked. At the time of this release, these UEFI modules are not known to be available publicly...
... The -rereleased- update* addresses an issue where specific third-party BIOS versions did not properly validate the signature of the original update... The 2871777 update** is a -prerequisite- and must be applied before this update can be installed..."
* https://support.microsoft.com/kb/2871690
Last Review: Feb 27, 2014 - Rev: 2.0
Also see: Known issues with this security update...
** https://support.microsoft.com/kb/2871777
Last Review: Sep 18, 2013 - Rev: 6.0
Applies to: Win8, winSvr2012
:fear:
AplusWebMaster
2014-03-01, 03:41
FYI...
Microsoft Security Advisory (2862152)
Vulnerability in DirectAccess and IPsec Could Allow Security Feature Bypass
- http://technet.microsoft.com/en-us/security/advisory/2862152
Published: Nov 12, 2013 | Updated: Feb 28, 2014 Ver: 1.1 - "Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how server connections are authenticated to clients in either DirectAccess or IPsec site-to-site tunnels. An attacker who successfully exploited the vulnerability could use a specially crafted DirectAccess server to pose as a legitimate DirectAccess Server in order to establish connections with legitimate DirectAccess clients. The attacker-controlled system, appearing to be a legitimate server, could cause a client system to automatically authenticate and connect with the attacker-controlled system, allowing the attacker to intercept the target user's network traffic and potentially determine their encrypted domain credentials. Microsoft is not aware of any active attacks that are exploiting this vulnerability as of the release of this advisory.
Recommendation: Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service*.
Note: In addition to installing the update, additional administrative steps are required to be protected from the vulnerability described in this advisory. Please see the Suggested Actions section of this advisory for more information... customers must also follow the configuration guidance provided in Microsoft Knowledge Base Article 2862152** to be fully protected from the vulnerability..."
• V1.0 (November 12, 2013): Advisory published.
• V1.1 (February 28, 2014): Advisory -revised- to announce a detection change in the 2862152 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows Server 2012 R2, and Windows RT 8.1. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
* http://update.microsoft.com/microsoftupdate/
** http://support.microsoft.com/kb/2862152
Last Review: Dec 2, 2013 - Rev: 2.0
.
AplusWebMaster
2014-03-11, 19:25
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms14-mar
March 11, 2014 - "This bulletin summary lists security bulletins released for March 2014...
(Total of -5-)
Microsoft Security Bulletin MS14-012 - Critical
Cumulative Security Update for Internet Explorer (2925418)
- https://technet.microsoft.com/en-us/security/bulletin/ms14-012
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS14-013 - Critical
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)
- https://technet.microsoft.com/en-us/security/bulletin/ms14-013
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-014 - Important
Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)
- https://technet.microsoft.com/en-us/security/bulletin/ms14-014
Important - Security Feature Bypass - Does not require restart - Microsoft Silverlight
Microsoft Security Bulletin MS14-015 - Important
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)
- https://technet.microsoft.com/en-us/security/bulletin/ms14-015
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-016 - Important
Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)
- https://technet.microsoft.com/en-us/security/bulletin/ms14-016
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___
Description of the Office updates: March 11, 2014
- http://support.microsoft.com/kb/2937335
"... Microsoft released the following nonsecurity updates... We recommend that you install all updates that apply to you..."
- https://blogs.technet.com/b/office_sustained_engineering/archive/2014/03/11/march-2014-office-update-release.aspx
11 Mar 2014 - "... There are no security updates and 10 non-security updates..."
___
- http://krebsonsecurity.com/2014/03/adobe-microsoft-push-security-updates/
11 Mar 2014 - "... five bulletins address -23- distinct security weaknesses... The Internet Explorer patch is rated -critical- for virtually all supported versions of IE, and plugs at least -18- security holes, including a severe weakness in IE 9 and 10 that is already being exploited in targeted attacks..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17795
Last Updated: 2014-03-11 17:23:47 UTC
___
- https://blogs.technet.com/b/msrc/archive/2014/03/11/the-march-2014-security-updates.aspx
Deployment Priority, Severity, and Exploit Index
- https://blogs.technet.com/resized-image.ashx/__size/550x0/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/2248.March_5F00_Deployment.jpg
- http://blogs.technet.com/b/srd/archive/2014/03/11/assessing-risk-for-the-march-2014-security-updates.aspx
11 Mar 2014
___
- https://secunia.com/advisories/56974/ - MS14-012
- https://secunia.com/advisories/57325/ - MS14-013
- http://www.securitytracker.com/id/1029902 - MS14-014
- https://secunia.com/advisories/57330/ - MS14-015
- http://www.securitytracker.com/id/1029901 - MS14-016
.
AplusWebMaster
2014-03-11, 20:05
FYI...
Microsoft Security Advisory (2934088)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2934088
Updated: March 11, 2014 - "... We have issued MS14-012* to address this issue. For more information about this issue, including download links for an available security update, please review MS14-012..."
* https://technet.microsoft.com/en-us/security/bulletin/ms14-012
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/security/advisory/2755801
Updated: March 11, 2014 Version: 21.0 - "... announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."
:fear:
AplusWebMaster
2014-03-15, 17:20
FYI...
MS14-012: Cumulative security update for Internet Explorer
- https://support.microsoft.com/kb/2925418
Last Review: Mar 14, 2014 - Rev. 2.0
:fear: :confused:
AplusWebMaster
2014-03-21, 16:55
FYI...
An important fix for SharePoint Foundation 2013 SP1 has just been released
- http://blogs.technet.com/b/stefan_gossner/archive/2014/03/20/an-important-fix-for-sharepoint-foundation-2013-sp1-has-just-been-released.aspx
20 Mar 2014 - "When looking in the last couple of days at the KB article for SP1 for SharePoint Foundation 2013* you might have seen the following comment:
Notice: A known issue in SharePoint Foundation 2013 SP1 can affect the functionality of the Search WebPart. We encourage you to limit production installations of SharePoint Foundation 2013 SP1 until a fix is available. SharePoint Server 2013 is not affected by this issue.
Today we have released March 2014 Public Update (PU) for SharePoint Foundation 2013** which fixes this problem. Be aware that this fix is only necessary for SharePoint Foundation 2013 installations. SharePoint Server 2013 is not affected by the problem..."
(More detail at the technet URL above.)
Tags: SharePoint 2013, Hotfix Info
* http://support.microsoft.com/kb/2817439
Last Review: Mar 1, 2014 - Rev: 3.0
** http://support.microsoft.com/kb/2760625
Last Review: Mar 20, 2014 - Rev: 1.0
___
- http://windowssecrets.com/patch-watch/the-final-countdown-for-windows-xp-support/
Mar 13, 2014 Susan Bradley - "... I plan to post alerts of security issues you might face come April 9. Because Windows Server 2003 will still get updates for another year, we’ll have a better idea of what vulnerabilities XP users face and what’s not getting patched..."
:fear:
AplusWebMaster
2014-03-25, 00:21
FYI...
Microsoft Security Advisory (2953095)
Vulnerability in Microsoft Word Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2953095
Mar 24, 2014 - "Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Applying the Microsoft Fix it solution*, "Disable opening RTF content in Microsoft Word," prevents the exploitation of this issue through Microsoft Word... The vulnerability is a remote code execution vulnerability. The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code. The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer. Note that by default, Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013. On completion of investigation for this vulnerability, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
• V1.1 (March 27, 2014): Updated Advisory FAQ to clarify that Microsoft WordPad is not affected by the issue and to help explain how the issue is specific to Microsoft Word.
* https://support.microsoft.com/kb/2953095#FixItForMe
Microsoft Fix it 51010
- http://blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx
24 Mar 2014
___
- https://secunia.com/advisories/57577/
Criticality: Extremely Critical
Where: From remote
Impact: System access...
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1761 - 9.3 (HIGH)
"... as exploited in the wild in March 2014."
Reported as a 0-Day...
Original Advisory: https://technet.microsoft.com/en-us/security/advisory/2953095
0-Day Exploit Targeting Word, Outlook
- http://krebsonsecurity.com/2014/03/microsoft-warns-of-word-2010-exploit/
Mar 24, 2014
- https://www.computerworld.com/s/article/9247151/Microsoft_warns_Word_users_of_ongoing_attacks_exploiting_unpatched_bug
Mar 24, 2014 - "... exploits are triggered just by -previewing- malicious messages in Outlook 2007, 2010 and 2013..."
:fear::fear:
AplusWebMaster
2014-04-08, 20:16
FYI...
- https://technet.microsoft.com/en-us/security/bulletin/ms14-apr
April 08, 2014 - "This bulletin summary lists security bulletins released for April 2014...
(Total of -4-)
Microsoft Security Bulletin MS14-017 - Critical
Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/bulletin/ms14-017
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps
Microsoft Security Bulletin MS14-018 - Critical
Cumulative Security Update for Internet Explorer (2950467)
- http://technet.microsoft.com/en-us/security/bulletin/ms14-018
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS14-019 - Important
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/bulletin/ms14-019
Important - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-020 - Important
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)
- http://technet.microsoft.com/en-us/security/bulletin/ms14-020
Important - Remote Code Execution - May require restart - Microsoft Office
___
- http://blogs.technet.com/b/msrc/archive/2014/04/08/the-april-2014-security-updates.aspx
Deployment Priority, Severity, and Exploit Index
- http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/deployment.jpg
[ Open link target in IE ]
___
MS14-019 - MSRD info:
- http://blogs.technet.com/b/srd/archive/2014/04/08/ms14-019-fixing-a-binary-hijacking-via-cmd-or-bat-file.aspx
8 Apr 2014
___
April 2014 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2014/04/08/april-2014-office-update-release.aspx
8 Apr 2014 - "... There are 13 security updates (2 bulletins) and 28 non-security updates..."
MS14-017, MS14-020
___
- https://secunia.com/advisories/57577/ - MS14-017
- https://secunia.com/advisories/57586/ - MS14-018
- https://secunia.com/advisories/57642/ - MS14-019
- https://secunia.com/advisories/57652/ - MS14-020
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17923
Last Updated: 2014-04-08 20:23:09 UTC - Version: 3
.
AplusWebMaster
2014-04-09, 00:01
FYI...
Microsoft Security Advisory (2953095)
Vulnerability in Microsoft Word Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2953095
Last Updated: April 8, 2014 - "... We have issued MS14-017* to address this issue..."
* http://technet.microsoft.com/en-us/security/bulletin/ms14-017
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/security/advisory/2755801
Last Updated: April 8, 2014 - V22.0
:fear:
AplusWebMaster
2014-04-09, 22:14
FYI...
Windows 8.1 Update woes continue with errors 80070020, 80073712, 800F081F, 80242FFF, and 800F0922
WSUS is still down, as general update failures and complaints pile up in the two days since the release of Windows 8.1 Update
- http://www.infoworld.com/t/microsoft-windows/windows-81-update-woes-continue-errors-80070020-80073712-800f081f-80242fff-and-800f0922-240249
April 10, 2014
- http://support.microsoft.com/kb/2919355
Last Review: April 11, 2014 - Rev: 9.0
- http://blogs.technet.com/b/wsus/archive/2014/04/08/windows-8-1-update-prevents-interaction-with-wsus-3-2-over-ssl.aspx
8 Apr 2014 - "There is a -known- issue which causes some PCs updated with the Windows 8.1 Update (KB 2919355) to stop scanning against Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2 or WSUS 3.2) servers which are configured to use SSL and have not enabled TLS 1.2... we recommend that you -suspend- deployment of this update in your organization until we release the update that resolves this issue..."
- http://www.infoworld.com/t/microsoft-windows/microsoft-removes-windows-81-update-wsus-update-servers-240129
April 08, 2014 - "... Microsoft has -blocked- Windows 8.1 Update from WSUS servers, so it is no longer available for iT admins to distribute to their users. Individuals can still download the update directly through Windows Update..."
___
MS yanks SharePoint 2013 SP1, KB 2817429
... Microsoft has pulled the two-week-old SP1 for SharePoint 2013
- http://www.infoworld.com/t/microsoft-windows/microsoft-yanks-sharepoint-2013-service-pack-1-kb-2817429-239969
Apr 07, 2014
- http://support.microsoft.com/kb/2817429
Last Review: April 3, 2014 - Rev: 4.0
"Notice: We have recently uncovered an issue with this Service Pack 1 package that may prevent customers who have Service Pack 1 from deploying future public or cumulative updates. As a precautionary measure, we have deactivated the download page until a new package is published."
:fear: :confused:
AplusWebMaster
2014-04-12, 08:52
FYI...
April 2014 Office Update ...
- http://blogs.technet.com/b/office_sustained_engineering/archive/2014/04/08/april-2014-office-update-release.aspx
"... Update for Microsoft Visio 2013 (KB2837632)*
*NOTE: Visio 2013 KB http://support.microsoft.com/kb/2837632 has been updated to correct a targeting issue. -Prior- to April 11 the update incorrectly targeted Visio 2013 -and- Office 2013. The update has now been corrected and will only target Visio 2013 installs. We apologize for any inconvenience this may have caused..."
- http://support.microsoft.com/kb/2837632
Last Review: April 11, 2014 Rev: 1.0 (?)
Applies to
• Microsoft Visio Professional 2013
• Microsoft Visio Standard 2013
___
481MB Visio 2013 patch ... ?
- http://www.infoworld.com/t/patch-management/windows-updates-huge-visio-2013-patch-joke-240140
April 09, 2014
:fear::fear:
AplusWebMaster
2014-04-14, 15:08
FYI...
MS info regarding the latest Update for Win 8.1
- http://blogs.technet.com/b/gladiatormsft/archive/2014/04/12/information-regarding-the-latest-update-for-windows-8-1.aspx
12 Apr 2014 - "Microsoft has been listening to customer feedback. Much of this feedback has been received and some of the results are being given back to our users of Windows 8.1 in the form of updates. Recently, a very big update for Windows 8.1 was released... Since Microsoft wants to ensure that customers benefit from the best support and servicing experience and to coordinate and simplify servicing across both Windows Server 2012 R2, Windows 8.1 RT and Windows 8.1, this update will be considered a new servicing/support baseline. What this means is those users who have elected to install updates manually will have 30 days to install Windows 8.1 Update on Windows 8.1 devices; after this 30-day window - and beginning with the May Patch Tuesday, Windows 8.1 user's devices without the update installed will no longer receive security updates. This means that Windows 8.1 users - starting patch Tuesday in May 2014 and beyond - will require this update to be installed. If the Windows 8.1 Update is not installed, those newer updates will be considered “not applicable”..."
- http://support.microsoft.com/kb/2919355
Last Review: April 14, 2014 - Rev: 10.0
___
- http://www.infoworld.com/t/microsoft-windows/microsoft-confirms-its-dropping-windows-81-support-240407
April 14, 2014
:fear::fear:
AplusWebMaster
2014-04-17, 18:23
FYI...
MS14-018 ...
- http://support.microsoft.com/kb/2936068
Last Review: April 16, 2014 - Rev: 3.0
___
Microsoft fixes Windows 8.1 Update for corporate WSUS servers
- http://www.infoworld.com/t/microsoft-windows/microsoft-fixes-windows-81-update-corporate-wsus-servers-240654
April 16, 2014 - "... it will continue to make Windows 8.1 security patches available to WSUS customers until August's Patch Tuesday. Previous announcements said that patches to Windows 8.1 would be cut off in May. This stay of execution for this patch applies only to those who receive security patches through WSUS. Windows 8.1 customers who get their patches through Windows Update (or Microsoft Update) have to install the Windows 8.1 Update/KB 2919355 patch by May 13 if they wish to continue receiving security patches for their machines..."
- http://blogs.technet.com/b/wsus/archive/2014/04/16/solution-to-kb2919355-preventing-interaction-with-wsus-3-2-over-ssl.aspx
16 Apr 2014
- https://support.microsoft.com/kb/2919355
Apr 16, 2014 - Rev: 11.0
Apr 17, 2014 - Rev: 12.0
Apr 18, 2014 - Rev: 13.0
Last Review: Apr 25, 2014 - Rev: 16.0
- https://support.microsoft.com/kb/2959977
Last Review: April 17, 2014 - Rev: 3.0
:confused:
AplusWebMaster
2014-04-26, 19:07
FYI...
MS KB 2952664 ...
... scarce details from Microsoft...
- http://www.infoworld.com/t/microsoft-windows/microsoft-confuses-windows-7-users-sudden-release-of-kb-2952664-241047
Apr 24, 2014 - "... Windows 7 users are wondering what's up with KB 2952664*, an "important" patch that arrived unannounced... there appears to be no compelling reason to install the patch."
Compatibility update for upgrading Windows 7
* https://support.microsoft.com/kb/2952664
Last Review: Apr 22, 2014 - Rev: 1.0
:confused:
AplusWebMaster
2014-04-27, 14:34
FYI...
Microsoft Security Advisory 2963983
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.microsoft.com/en-US/library/security/2963983
April 26, 2014 8:25 PM - "Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
Suggested Actions: Apply Workarounds... Deploy the Enhanced Mitigation Experience Toolkit 4.1 ...
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1776 - 10.0 (HIGH)
Last revised: 04/28/2014 - "... Use-after-free vulnerability in VGX.DLL... as exploited in the wild in April 2014"
- https://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being
April 28, 2014 - "... consider employing an alternative web browser until an official update is available..."
- http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html
April 26, 2014 - "... exploit leverages a previously unknown use-after-free vulnerability, and uses a well-known Flash exploitation technique* to achieve arbitrary memory access and bypass Windows’ ASLR and DEP protections..."
* http://www.fireeye.com/blog/technical/cyber-exploits/2013/10/aslr-bypass-apocalypse-in-lately-zero-day-exploits.html
- http://blog.trendmicro.com/trendlabs-security-intelligence/internet-explorer-zero-day-hits-all-versions-in-use/
Apr 27, 2014 - "... some workarounds have been provided by Microsoft as part of their advisory; of these enabling Enhanced Protected Mode (an IE10 and IE11-only feature) is the easiest to do. In addition, the exploit code requires Adobe Flash to work, so disabling or removing the Flash Player from IE also reduces the risk from this vulnerability as well..."
- http://blogs.technet.com/b/msrc/archive/2014/04/26/microsoft-releases-security-advisory.aspx
Tags: Advisory, Zero-Day Exploit, Security, Internet Explorer (IE), Vulnerability"
:fear::fear:
AplusWebMaster
2014-04-29, 11:27
FYI...
MS Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
V23.0 (April 28, 2014): Added the 2961887 update to the Current Update section.
On April 28, 2014, Microsoft released an update (2961887) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-13*. For more information about this update, including download links, see Microsoft Knowledge Base Article 2961887** ...
* http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
** https://support.microsoft.com/kb/2961887
Last Review: April 28, 2014 - Rev: 1.0
- https://technet.microsoft.com/en-us/library/security/2963983
V1.1 (April 29, 2014): Updated advisory to clarify workarounds to help prevent exploitation of the vulnerability described in this advisory. See Advisory FAQ for details.
:fear::fear:
AplusWebMaster
2014-05-01, 05:27
FYI...
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
V23.1 (April 30, 2014): Revised advisory to clarify that the 2961887* update is -not- cumulative and requires that the 2942844** update be installed for affected systems to be offered the update.
* https://support.microsoft.com/kb/2961887
Last Review: Apr 8, 2014 - Rev: 1.0
** https://support.microsoft.com/kb/2942844
Last Review: Apr 8, 2014 - Rev: 1.0
___
An update is available for EMET Certificate Trust default rules
- https://support.microsoft.com/kb/2961016
Last Review: Apr 29, 2014 - Rev: 1.0
Applies to: Enhanced Mitigation Experience Toolkit 4.1
Enhanced Mitigation Experience Toolkit
- https://support.microsoft.com/kb/2458544
Last Review: Apr 30, 2014 - Rev: 9.0
:confused:
___
Microsoft Security Advisory 2963983
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/library/security/2963983
Updated: May 1, 2014 Ver: 2.0 - "Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS14-021* to address this issue..."
* https://technet.microsoft.com/library/security/ms14-021
May 1, 2014
- https://support.microsoft.com/kb/2965111
Last Review: May 1, 2014 - Rev: 1.2
> http://update.microsoft.com/
:spider:
AplusWebMaster
2014-05-01, 21:42
FYI...
MS14-021 - Critical / Security Update for Internet Explorer (2965111)
- https://technet.microsoft.com/library/security/ms14-021
May 1, 2014 - "This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers... Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service*..."
* http://update.microsoft.com/microsoftupdate
- https://support.microsoft.com/kb/2965111
Last Review: May 1, 2014 - Rev: 1.2
___
- http://www.securitytracker.com/id/1030154
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1776 - 10.0 (HIGH)
May 1 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6, 7, 8, 9, 10, 11
Description: A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user. This vulnerability is being actively exploited in targeted attacks.
Solution: The vendor has issued a fix (2965111)...
Vendor URL: https://technet.microsoft.com/library/security/ms14-021
___
- http://atlas.arbor.net/briefs/index#1200596255
Extreme Severity
May 01, 2014
... IE 0-day vulnerability currently being exploited in targeted attacks... out-of-band patch for this vulnerability should be applied immediately.
:fear:
AplusWebMaster
2014-05-04, 19:41
FYI...
Win8.1 update ...
- https://support.microsoft.com/kb/2919355
Apr 16, 2014 - Rev: 11.0
Apr 17, 2014 - Rev: 12.0
Apr 18, 2014 - Rev: 13.0
Apr 25, 2014 - Rev: 16.0
Last Review: May 4, 2014 - Rev: 17.0
:fear: :sad:
AplusWebMaster
2014-05-06, 13:19
FYI...
Win8.1 update ...
- https://support.microsoft.com/kb/2919355
Apr 16, 2014 - Rev: 11.0
Apr 17, 2014 - Rev: 12.0
Apr 18, 2014 - Rev: 13.0
Apr 25, 2014 - Rev: 16.0
May 4, 2014 - Rev: 17.0
Last Review: May 5, 2014 - Rev: 18.0
- http://www.infoworld.com/t/microsoft-windows/microsoft-reissues-botched-windows-81-update-kb-2919355-241891
May 05, 2014
- http://www.infoworld.com/t/microsoft-windows/the-new-kb-2919355-windows-81-update-causes-more-problems-it-fixes-242016
May 06, 2014
:fear::fear: :sad:
AplusWebMaster
2014-05-06, 23:57
FYI...
Microsoft Security Advisory 2962393
Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client
- https://technet.microsoft.com/en-us/library/security/2962393
May 5, 2014 - "Microsoft is announcing the availability of an update for the Juniper Networks Windows In-Box Junos Pulse Client for Windows 8.1 and Windows RT 8.1. The update addresses a vulnerability in the Juniper VPN client by updating the affected Juniper VPN client libraries contained in affected versions of Microsoft Windows... Microsoft released an update for the Juniper Networks Windows In-Box Junos Pulse VPN client. The update addresses the vulnerability described in Juniper Security Advisory JSA10623*. For more information about this update, including download links, see Microsoft Knowledge Base Article 2962393**.
Note: Updates for Windows RT 8.1 are available via Windows Update."
* https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10623
Last Updated: 30 Apr 2014
Version: 43.0
** https://support.microsoft.com/kb/2962393
Last Review: May 5, 2014 - Rev: 1.1
:fear:
AplusWebMaster
2014-05-08, 12:43
FYI...
MS SIR Volume 16: July 2013 to December 2013
- http://www.microsoft.com/security/sir/default.aspx
- http://blogs.technet.com/b/mmpc/archive/2014/05/07/sirv16-cybercriminal-tactics-trend-toward-deceptive-measures.aspx
7 May 2014 - "Microsoft’s Security Intelligence Report volume 16 (SIRv16) was released today, providing threat trends on malware encounter rates, infection rates, vulnerabilities, exploits, and more for 110 countries/regions worldwide. The report is designed to help IT and security professionals better protect themselves and their organizations from cyberattacks. Malware data is gathered from the Malicious Software Removal Tool (MSRT), which is used to calculate the infection rate (Computers Cleaned per Mille (CCM), and our real-time protection products are used to derive the encounter rate. One of the more notable findings included in the report was an increase in worldwide infection rates and encounter rates. About 21.2 percent of reporting computers encountered malware each quarter in 2013. We also saw an infection rate of 11.7 CCM. More specifically, the infection rate increased from a CCM rate of 5.6 in the third quarter of 2013 to 17.8 in the fourth—a threefold increase, and the largest infection rate increase ever measured by the MSRT between two consecutive quarters. This rise was predominantly affected by malware using deceptive tactics, influenced by three families not unfamiliar to readers of this blog: Sefnit, and its related families Rotbrow and Brantall..."
___
Malware infections tripled in late 2013, Microsoft finds
- https://www.computerworld.com/s/article/9248166/Malware_infections_tripled_in_late_2013_Microsoft_finds
May 7, 2014
- http://www.infoworld.com/t/malware/flash-and-java-still-vulnerable-ever-says-microsoft-242130
May 08, 2014
:fear::fear:
AplusWebMaster
2014-05-08, 16:40
FYI...
Win8.1 update ...
- https://support.microsoft.com/kb/2919355
Apr 16, 2014 - Rev: 11.0
Apr 17, 2014 - Rev: 12.0
Apr 18, 2014 - Rev: 13.0
Apr 25, 2014 - Rev: 16.0
May 4, 2014 - Rev: 17.0
May 5, 2014 - Rev: 18.0
May 7, 2014 - Rev: 19.0
Last Review: May 9, 2014 - Rev: 20.0
- http://www.infoworld.com/t/microsoft-windows/the-new-kb-2919355-windows-81-update-causes-more-problems-it-fixes-242016
May 06, 2014
- http://www.infoworld.com/t/microsoft-windows/dear-microsoft-please-call-the-kb-2919355-windows-81-update-dogs-242213
May 09, 2014
___
- https://www.computerworld.com/s/article/9248284/As_Patch_Tuesday_looms_Microsoft_gives_Windows_8.1_users_a_reprieve
May 12, 2014 - "For the third time in the last four weeks, Microsoft today backed away from a customer cutoff as it postponed enforcement of the Windows 8.1 Update migration deadline until June 10. On Monday - and just a day before its May Patch Tuesday slate of security fixes - Microsoft said consumers have four more weeks to move from Windows 8.1 to Windows 8.1 Update before their devices would be barred from receiving further patches. The deadline change was the third in the past month, following an earlier Windows 8.1 Update extension for business users... When Microsoft launched Windows 8.1 Update (Win8.1U) on April 8, it told all customers using Windows 8.1 that they had to upgrade to the new refresh within five weeks, or by May 13. Failure to do so, Microsoft said, would block devices running Windows 8.1 from receiving security updates scheduled to ship that day, as well as all future security and non-security updates to the OS. Business customers howled, calling the mandate a repudiation of Microsoft's long-standing policy of giving customers 24 months to upgrade to a service pack. Although Win8.1U was not labeled as such, many saw similarities to Microsoft's service packs and believed Win8.1U should hew to that policy. Within a week, Microsoft changed its tune, and gave companies a three-month extension. Enterprises and other organizations that rely on WSUS (Windows Server Update Services), Windows Intune or System Center Configuration Manager to obtain and deploy patches have until August 12 to migrate from Windows 8.1 to Win8.1U..."
- http://www.infoworld.com/t/microsoft-windows/microsoft-extends-windows-81-updatekb-2919355-deadline-242339
May 12, 2014
:fear::fear::fear:
AplusWebMaster
2014-05-13, 20:33
FYI...
- https://technet.microsoft.com/library/security/ms14-may
May 13, 2014 Ver: 2.0 - "This bulletin summary lists security bulletins released for May 2014...
(Total of -8-)
Microsoft Security Bulletin MS14-029 - Critical
Security Update for Internet Explorer (2962482)
- https://technet.microsoft.com/library/security/ms14-029
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0310 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1815 - 9.3 (HIGH)
Last revised: 05/14/2014 - "... as exploited in the wild in May 2014..."
Microsoft Security Bulletin MS14-022 - Critical
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166)
- https://technet.microsoft.com/library/security/ms14-022
Critical - Remote Code Execution - May require restart - Microsoft Server Software, Productivity Software
Microsoft Security Bulletin MS14-023 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037)
- https://technet.microsoft.com/library/security/ms14-023
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS14-025 - Important
Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486)
- https://technet.microsoft.com/library/security/ms14-025
Important - Elevation of Privilege - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-026 - Important
Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)
- https://technet.microsoft.com/library/security/ms14-026
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS14-027 - Important
Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488)
- https://technet.microsoft.com/library/security/ms14-027
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-028 - Important
Vulnerabilities in iSCSI Could Allow Denial of Service (2962485)
- https://technet.microsoft.com/library/security/ms14-028
Important - Denial of Service - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-024 - Important
Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033)
- https://technet.microsoft.com/library/security/ms14-024
Important - Security Feature Bypass - May require restart - Microsoft Office
___
- http://blogs.technet.com/b/msrc/archive/2014/05/13/the-may-2014-security-updates.aspx
13 May 2014
Assessing risk for the May 2014 security updates
- http://blogs.technet.com/b/srd/archive/2014/05/13/assessing-risk-for-the-may-2014-security-updates.aspx
13 May 2014
___
May 2014 Office Update
- http://blogs.technet.com/b/office_sustained_engineering/archive/2014/05/13/may-2014-office-update-release.aspx
13 May 2014 - "There are 31 security updates (3 bulletins*) and 30 non-security updates..."
* MS14-022, MS14-023, MS14-024
___
- http://www.securitytracker.com/id/1030227 - MS14-022
- http://www.securitytracker.com/id/1030230 - MS14-023
- http://www.securitytracker.com/id/1030235 - MS14-024
- http://www.securitytracker.com/id/1030231 - MS14-025
- http://www.securitytracker.com/id/1030232 - MS14-026
- http://www.securitytracker.com/id/1030233 - MS14-027
- http://www.securitytracker.com/id/1030234 - MS14-028
- http://www.securitytracker.com/id/1030224 - MS14-029
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18113
Last Updated: 2014-05-13 17:23:09 UTC
___
Patch Tuesday Updates: Microsoft, Adobe
... Malicious actors often use security updates to write their own exploits targeting unpatched systems
- http://atlas.arbor.net/briefs/
Extreme Severity
May 16, 2014
.
AplusWebMaster
2014-05-14, 00:37
FYI...
Microsoft Security Advisory 2871997
Update to Improve Credentials Protection and Management
- https://technet.microsoft.com/en-us/library/security/2871997
May 13, 2014 - "Microsoft is announcing the availability of an update for supported editions of Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 that improves credential protection and domain authentication controls to reduce credential theft. This update provides additional protection for the Local Security Authority (LSA), adds a restricted admin mode for Credential Security Support Provider (CredSSP), introduces support for the protected account-restricted domain user category, and enforces stricter authentication policies for Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 machines as clients.
Recommendation. Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service..."
- https://support.microsoft.com/kb/2871997
Microsoft Security Advisory 2962824
Update Rollup of Revoked Non-Compliant UEFI Modules
- https://technet.microsoft.com/en-us/library/security/2962824
May 13, 2014 - "With this advisory, Microsoft is revoking the digital signature for four private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. These UEFI (Unified Extensible Firmware Interface) modules are partner modules distributed in backup and recovery software. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are not in compliance with our certification program and are being revoked at the request of the author. Microsoft is not aware of any misuse of the affected UEFI modules..."
- https://support.microsoft.com/kb/2962824
Microsoft Security Advisory 2960358
Update for Disabling RC4 in .NET TLS
- https://technet.microsoft.com/en-us/library/security/2960358
May 13, 2014 - "Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.
Recommendation. Microsoft recommends that customers download and test the update before deploying it in their environments as soon as possible..."
- https://support.microsoft.com/kb/2960358
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: May 13, 2014 Ver: 24.0 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."
- https://support.microsoft.com/kb/2957151
Microsoft Security Advisory 2269637
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/library/security/2269637
Updated: May 13, 2014 Ver: 19.0 - "Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries. This issue is caused by specific insecure programming practices that allow so-called "binary planting" or "DLL preloading attacks". These practices could allow an attacker to remotely execute arbitrary code in the context of the user running the vulnerable application when the user opens a file from an untrusted location. This issue is caused by applications passing an insufficiently qualified path when loading an external library. Microsoft has issued guidance to developers in the MSDN article, Dynamic-Link Library Security, on how to correctly use the available application programming interfaces to prevent this class of vulnerability. Microsoft is also actively reaching out to third-party vendors through the Microsoft Vulnerability Research Program to inform them of the mitigations available in the operating system. Microsoft is also actively investigating which of its own applications may be affected. In addition to this guidance, Microsoft is releasing a tool that allows system administrators to mitigate the risk of this new attack vector by altering the library loading behavior system-wide or for specific applications. This advisory describes the functionality of this tool and other actions that customers can take to help protect their systems...
V19.0 (May 13, 2014): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS14-023, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution."
:fear:
AplusWebMaster
2014-05-15, 00:24
FYI...
Problems with 'revoked UEFI module' patches KB 2920189 and 2962824
- http://www.infoworld.com/t/microsoft-windows/how-fix-problems-revoked-uefi-module-patches-kb-2920189-and-2962824-242533
May 14, 2014
Microsoft Security Advisory 2962824
Update Rollup of Revoked Non-Compliant UEFI Modules
- https://support.microsoft.com/kb/2962824
May 13, 2014 - Rev: 2.0
- https://support.microsoft.com/kb/2920189
Last Review: May 13, 2014 - Rev: 2.0
___
- http://windowssecrets.com/patch-watch/the-rapid-fire-updates-for-office-2013-continue/
May 14, 2014 - "... concentrate on the security updates and leave most of the nonsecurity fixes for later..."
:fear:
AplusWebMaster
2014-05-17, 15:59
FYI...
MS acknowledges more errors, 80070371 and 80071A91 - installing Win8.1 Update - KB 2919355
- http://www.infoworld.com/t/microsoft-windows/microsoft-acknowledges-more-errors-80070371-and-80071a91-when-installing-windows-81-updatekb-2919355-2426
May 16, 2014
- https://support.microsoft.com/kb/2919355
Last Review: May 16, 2014 - Rev: 21.0
___
Security Bulletin Webcast Q&A
- http://blogs.technet.com/b/msrc/p/may-2014-security-bulletin-q-a.aspx
May 14, 2014
:sad:
AplusWebMaster
2014-05-22, 04:52
FYI...
IE 0-day - CMarkup Object Processing Flaw Lets Remote Users Execute Arbitrary Code
- http://www.securitytracker.com/id/1030266
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1770
May 21 2014
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Version(s): 8; possibly other versions
Description: A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory error in the processing of CMarkup objects to execute arbitrary code on the target system. The code will run with the privileges of the target user.
The vendor was notified on October 11, 2013.
The original advisory is available at:
- http://zerodayinitiative.com/advisories/ZDI-14-140/
Solution: No solution was available at the time of this entry...
___
- https://atlas.arbor.net/briefs/index#1620714508
Elevated Severity
23 May 2014
A new zero-day vulnerability for Internet Explorer 8 has been disclosed.
Analysis: The flaw, which exists in the handling of CMarkup objects, could allow remote attackers to execute arbitrary code. Exploitation of this vulnerability requires user interaction, either by visiting a malicious site or opening a malicious file... The vulnerability is currently unpatched; it is recommended that users set Internet security zone settings to "High" to block ActiveX Controls and configure IE to prompt before running Active Scripting. Users should also ensure that Microsoft’s EMET (Enhanced Mitigation Experience Toolkit) is enabled.
:fear:
AplusWebMaster
2014-05-22, 04:54
FYI...
Microsoft Security Advisory 2915720
Changes in Windows Authenticode Signature Verification
- https://technet.microsoft.com/en-us/library/security/2915720
Published: Dec 10, 2013 | Updated: May 21, 2014 Version: 1.3
"Microsoft is announcing the availability of an update for all supported releases of Microsoft Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with Security Bulletin MS13-098, but will not be enabled until August 12, 2014. Once enabled, the new default behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure. Note that after August 12, 2014, Windows will no longer recognize non-compliant binaries as signed.
Recommendation: Microsoft recommends that by August 12, 2014, executables authors ensure that all signed binaries comport with this new verification behavior by containing no extraneous information in the WIN_CERTIFICATE structure. Microsoft also recommends that customers appropriately test this change to evaluate how it will behave in their environments...
Suggested Actions: Review Microsoft Root Certificate Program Technical Requirements
Customers who are interested in learning more about the topic covered in this advisory should review Windows Root Certificate Program - Technical Requirements*..."
* http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements.aspx
"... The Technical Requirements version 1.1 have been superseded by this version 2.0..."
:fear:
AplusWebMaster
2014-05-28, 18:40
FYI...
Win8.1 update ...
- https://support.microsoft.com/kb/2919355
May 30, 2014 - Rev: 23.0
Last Review: June 4, 2014 - Rev: 24.0
___
Cleaning up May’s Windows and Office updates
- http://windowssecrets.com/patch-watch/cleaning-up-mays-windows-and-office-updates/
June 4, 2014
___
Overview of KB2871997
- http://blogs.technet.com/b/srd/archive/2014/06/05/an-overview-of-kb2871997.aspx
5 Jun 2014
- https://support.microsoft.com/kb/2871997#FixItForMe
Last Review: June 5, 2014 - Rev: 4.0
Microsoft Fix it 20141 - "... This Fix it solution changes the UseLogonCredentials registry key to disable WDigest passwords from being stored in memory. After you install security update 2871997 and then apply this Fix it solution to systems that are running Windows 7, Windows Server 2008 R2, Windows 8, or Windows Server 2012, you should no longer have clear-text credentials stored in memory.
Note: This Fix it solution will take effect only if security update 2871997 is installed..."
:fear: :sad:
AplusWebMaster
2014-06-05, 20:28
FYI...
- https://technet.microsoft.com/library/security/ms14-jun
June 5, 2014 - "This is an advance notification of security bulletins that Microsoft is intending to release on June 10, 2014...
(Total of -7-)
Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 2 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Office, Microsoft Lync
Bulletin 3 - Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 4 - Important - Information Disclosure - May require restart - Microsoft Windows
Bulletin 5 - Important - Information Disclosure - May require restart - Microsoft Lync Server
Bulletin 6 - Important - Denial of Service - Requires restart - Microsoft Windows
Bulletin 7 - Important - Tampering - May require restart - Microsoft Windows
- http://blogs.technet.com/b/msrc/archive/2014/06/05/advance-notification-service-for-the-june-2014-security-bulletin-release.aspx
5 Jun 2014
___
Overview of KB2871997
- http://blogs.technet.com/b/srd/archive/2014/06/05/an-overview-of-kb2871997.aspx
5 Jun 2014
- https://support.microsoft.com/kb/2871997#FixItForMe
Last Review: June 5, 2014 - Rev: 4.0
Microsoft Fix it 20141 - "... This Fix it solution changes the UseLogonCredentials registry key to disable WDigest passwords from being stored in memory. After you install security update 2871997 and then apply this Fix it solution to systems that are running Windows 7, Windows Server 2008 R2, Windows 8, or Windows Server 2012, you should no longer have clear-text credentials stored in memory.
Note: This Fix it solution will take effect only if security update 2871997 is installed..."
:fear:
AplusWebMaster
2014-06-10, 20:33
FYI...
- https://technet.microsoft.com/library/security/ms14-jun
June 10, 2014 - "This bulletin summary lists security bulletins released for June 2014...
(Total of -7-)
Microsoft Security Bulletin MS14-035 - Critical
Cumulative Security Update for Internet Explorer (2969262)
- https://technet.microsoft.com/library/security/ms14-035
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
"... resolves -59- items..." *
Microsoft Security Bulletin MS14-036 - Critical
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (2967487)
- https://technet.microsoft.com/library/security/ms14-036
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Office, Microsoft Lync
Microsoft Security Bulletin MS14-034 - Important
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261)
- https://technet.microsoft.com/library/security/ms14-034
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS14-033 - Important
Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2966061)
- https://technet.microsoft.com/en-us/library/security/ms14-033
Important - Information Disclosure - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-032 - Important
Vulnerability in Microsoft Lync Server Could Allow Information Disclosure (2969258)
- https://technet.microsoft.com/library/security/ms14-032
Important - Information Disclosure - May require restart - Microsoft Lync Server
Microsoft Security Bulletin MS14-031 - Important
Vulnerability in TCP Protocol Could Allow Denial of Service (2962478)
- https://technet.microsoft.com/library/security/ms14-031
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-030 - Important
Vulnerability in Remote Desktop Could Allow Tampering (2969259)
- https://technet.microsoft.com/library/security/ms14-030
Important - Tampering - May require restart - Microsoft Windows
___
* http://blogs.technet.com/b/msrc/archive/2014/06/10/theoretical-thinking-and-the-june-2014-bulletin-release.aspx
10 Jun 2014
Deployment Priority, Severity, and Exploit Index
- http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/2860.Deployment.jpg
___
June 2014 Office Updates
- http://blogs.technet.com/b/office_sustained_engineering/archive/2014/06/10/june-2014-office-update-release.aspx
10 Jun 2014 - "... There are 7 security updates (2 bulletins*) and 20 non-security updates..."
* MS14-034, MS14-036
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18233
2014-06-10
.
AplusWebMaster
2014-06-10, 23:34
FYI...
June 2014 security fixes ...
- http://windowssecrets.com/patch-watch/june-brings-a-hodgepodge-of-security-fixes/
June 11, 2014
Win8.1 Update ...
- https://support.microsoft.com/kb/2919355
May 30, 2014 - Rev: 23.0
June 4, 2014 - Rev: 24.0
Last Review: June 10, 2014 - Rev: 26.0
___
Microsoft Security Advisory 2962824
Update Rollup of Revoked Non-Compliant UEFI Modules
- https://technet.microsoft.com/en-us/library/security/2962824
Updated: June 10, 2014 - Ver: 1.1 - "With this advisory, Microsoft is revoking the digital signature for four private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. These UEFI (Unified Extensible Firmware Interface) modules are partner modules distributed in backup and recovery software. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are not in compliance with our certification program and are being revoked at the request of the author. Microsoft is not aware of any misuse of the affected UEFI modules. Microsoft is proactively revoking these non-compliant modules in coordination with their author as part of ongoing efforts to protect customers. This action only affects systems running Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2 that are capable of UEFI Secure Boot where the system is configured to boot via UEFI and Secure Boot is enabled. There is no action on systems that do not support UEFI Secure Boot or where it is disabled...
Known Issues. Microsoft Knowledge Base Article 2962824* documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues."
* https://support.microsoft.com/kb/2962824
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: June 10, 2014 - Ver: 25.0 - "... Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update. On June 10, 2014, Microsoft released an update (2966072) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-16*..."
* http://helpx.adobe.com/security/products/flash-player/apsb14-16.html
Microsoft Security Advisory 2862973
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- https://technet.microsoft.com/en-us/library/security/2862973
Updated: June 10, 2014 - Ver: 3.0 - "Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. Recommendation: Microsoft recommends that customers apply the update at the earliest opportunity. Please see the Suggested Actions section of this advisory for more information..."
- https://support.microsoft.com/kb/2862966
- https://support.microsoft.com/kb/2862973
:fear:
AplusWebMaster
2014-06-14, 05:29
FYI...
- http://blogs.technet.com/b/msrc/archive/2014/06/13/june-2014-security-bulletin-webcast-and-q-amp-a.aspx
13 Jun 2014 - "Today we published the June 2014 Security Bulletin webcast questions and answers page*..."
June 2014 Security Bulletin Webcast Q&A
* http://blogs.technet.com/b/msrc/p/july-2014-security-bulletin-q-a.aspx
June 11, 2014
.
AplusWebMaster
2014-06-17, 13:48
FYI...
For IE 11 users, no update now means no security fixes
- http://arstechnica.com/information-technology/2014/06/internet-explorer-11s-new-update-ethos-for-security-fixes-youll-need-new-features/
June 16 2014 - "When Microsoft released the Windows 8.1 Update, IT feathers were ruffled by Microsoft's decision to make it a compulsory update: without it, Windows 8.1 systems would no longer receive security fixes. As spotted by Computerworld's Gregg Keizer*, Microsoft is applying the same rules, at least in part, to Windows 7. Windows 7 users who've installed Internet Explorer 11 are required to install the KB2929437 update. This is the Internet Explorer 11 update that corresponds to the Windows 8.1 Update; it doesn't just include security fixes for Microsoft's browser. There are also some new and improved features, including a more capable WebGL implementation and some additional high performance JavaScript features. If users don't install the update, Windows Update will not provide any more security fixes for their browser..."
* http://www.infoworld.com/d/microsoft-windows/microsoft-strips-some-windows-7-users-of-ie11-patch-privileges-244338?page=0,0
June 16, 2014
:sad: :blink:
AplusWebMaster
2014-06-18, 00:31
FYI...
Microsoft Security Advisory 2974294
Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service
- https://technet.microsoft.com/library/security/2974294
June 17, 2014 - "Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted... See the Affected Software section for a list of affected products. Updates to the Microsoft Malware Protection Engine are installed along with the updated malware definitions for the affected products... automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration..."
- https://www.us-cert.gov/ncas/current-activity/2014/06/17/Microsoft-Releases-Security-Advisory-Microsoft-Malware-Protection
June 17, 2014
___
- http://www.securitytracker.com/id/1030438
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2779
Jun 17 2014
Impact: Denial of service via local system, Denial of service via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 1.1.10600.0 and prior...
Solution: The vendor has issued a fix (1.1.10701.0).
The vendor's advisory is available at:
- https://technet.microsoft.com/en-us/library/security/2974294
___
- https://atlas.arbor.net/briefs/
High Severity
June 20, 2014
Analysis: If the engine scans a specially crafted file, the vulnerability could be exploited to cause a denial of service condition, stopping the engine from monitoring affected systems. A specially crafted file could be delivered via email or instant messenger, or by visiting a site hosting a malicious file; alternatively, a malicious attacker could use a website that hosts user-provided content to upload a malicious file, which would be scanned by the engine running on the hosting server. [ https://technet.microsoft.com/library/security/2974294 ] Microsoft has updates for affected products, which will automatically be pushed to Microsoft Malware Protection Engine...
:fear::fear:
AplusWebMaster
2014-06-20, 14:18
FYI...
Microsoft Security Advisory 2960358
Update for Disabling RC4 in .NET TLS
- https://technet.microsoft.com/en-us/library/security/2960358
V1.1 (June 19, 2014): Added link to Microsoft Knowledge Base Article 2978675* under Known Issues in the Executive Summary.
* https://support.microsoft.com/kb/2978675
June 19, 2014 - Rev: 1.0
:fear:
AplusWebMaster
2014-06-28, 05:35
FYI...
Microsoft Security Bulletin MS14-019 - Critical
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229)
- https://technet.microsoft.com/en-us/library/security/MS14-019
V1.1 (June 27, 2014) Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
- https://support.microsoft.com/kb/2922229
Last Review: June 24, 2014 - Rev: 2.0
- https://technet.microsoft.com/library/security/ms14-jun
V1.1 (June 17, 2014): For MS14-035, added an Exploitability Assessment in the Exploitability Index for CVE-2014-2782. This is an informational change only.
MS14-035
- https://technet.microsoft.com/library/security/ms14-035
V1.1 (June 17, 2014): Corrected the severity table and vulnerability information to add CVE-2014-2782 as a vulnerability addressed by this update. This is an informational change only...
MS14-036
- https://technet.microsoft.com/library/security/ms14-036
V1.1 (June 17, 2014): Clarified in the Update FAQ for Microsoft Office section what updates will be offered to systems that are running Microsoft Office 2010. This is an informational change only...
:fear:
AplusWebMaster
2014-06-28, 16:17
FYI...
- https://isc.sans.edu/diary.html?storyid=18319
2014-06-28
"... Microsoft Security Notifications
Issued: June 27, 2014
Notice to IT professionals:
As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is -suspending- the use of -email- notifications that announce the following:
* Security bulletin advance notifications
* Security bulletin summaries
* New security advisories and bulletins
* Major and minor revisions to security advisories and bulletins
In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website. For more information, or to sign up for an RSS feed, visit the Microsoft Technical Security Notifications webpage at:
- http://technet.microsoft.com/security/dd252948 "
___
- http://www.theregister.co.uk/2014/07/01/casl_confusion_as_redmond_reinstates_infosec_mailing_list/
1 Jul 2014 - "... In an email last night Microsoft said it would resume the mailing list on 3 July.
'On June 27, 2014, Microsoft notified customers that we were suspending Microsoft Security Notifications due to changing governmental policies concerning the issuance of automated electronic messaging. We have reviewed our processes and will resume these security notifications with our monthly Advanced Notification Service on July 3, 2014'..."
:blink:
AplusWebMaster
2014-07-08, 20:19
FYI...
- https://technet.microsoft.com/library/security/ms14-jul
July 8, 2014 - "This bulletin summary lists security bulletins released for July 2014...
(Total of -6-)
V1.1 (July 29, 2014): For MS14-037, added an Exploitability Assessment in the Exploitability Index for CVE-2014-4066. This is an informational change only.
Microsoft Security Bulletin MS14-037 - Critical
Cumulative Security Update for Internet Explorer (2975687)
- https://technet.microsoft.com/library/security/ms14-037
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
V1.1 (July 29, 2014): Corrected the severity table and vulnerability information to add CVE-2014-4066 as a vulnerability addressed by this update. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4066
Microsoft Security Bulletin MS14-038 - Critical
Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689)
- https://technet.microsoft.com/library/security/ms14-038
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-039 - Important
Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege (2975685)
- https://technet.microsoft.com/library/security/ms14-039
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-040 - Important
Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684)
- https://technet.microsoft.com/library/security/ms14-040
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-041 - Important
Vulnerability in DirectShow Could Allow Elevation of Privilege (2975681)
- https://technet.microsoft.com/library/security/ms14-041
Important - Elevation of Privilege - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-042 - Moderate
Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621)
- https://technet.microsoft.com/library/security/ms14-042
Moderate - Denial of Service - Does not require restart - Microsoft Server Software
___
- http://blogs.technet.com/b/msrc/archive/2014/07/08/july-2014-security-bulletin-release.aspx
8 Jul 2014
Deployment Priority, Severity, Exploit Index
- http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/2654.deployment.jpg
___
July 2014 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2014/07/08/july-2014-office-update-release.aspx
8 Jul 2014 - "... There are no security updates. There are 36 non-security updates..."
___
- http://www.securitytracker.com/id/1030532 - MS14-037
- http://www.securitytracker.com/id/1030531 - MS14-038
- http://www.securitytracker.com/id/1030535 - MS14-039
- http://www.securitytracker.com/id/1030536 - MS14-040
- http://www.securitytracker.com/id/1030537 - MS14-041
- http://www.securitytracker.com/id/1030538 - MS14-042
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18359
2014-07-08
.
AplusWebMaster
2014-07-09, 02:52
FYI...
Microsoft Security Advisory 2871997
Update to Improve Credentials Protection and Management
- https://technet.microsoft.com/en-us/library/security/2871997
Published: May 13, 2014 | Updated: July 8, 2014 Version: 2.0 - "Microsoft is announcing the availability of updates for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 that improve credential protection and domain authentication controls to reduce credential theft..."
Microsoft Security Advisory 2960358
Update for Disabling RC4 in .NET TLS
- https://technet.microsoft.com/en-us/library/security/2960358
Published: May 13, 2014 | Updated: July 8, 2014 Version: 1.2 - "Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.
Recommendation. Microsoft recommends that customers download and test the update before deploying it in their environments as soon as possible. Please see the Suggested Actions section of this advisory for more information.
Known Issues. Microsoft Knowledge Base Article 2978675* documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues..."
* https://support.microsoft.com/kb/2978675
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Published: September 21, 2012 | Updated: July 8, 2014 Version: 26.0 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11.
Current Update: Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update..."
:fear:
AplusWebMaster
2014-07-10, 23:42
FYI...
Microsoft Security Advisory 2982792
Improperly Issued Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/en-us/library/security/2982792.aspx
July 10, 2014 - "Executive Summary: Microsoft is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The SSL certificates were improperly issued by the National Informatics Centre (NIC), which operates subordinate CAs under root CAs operated by the Government of India Controller of Certifying Authorities (CCA), which are CAs present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. The subordinate CA has been misused to issue SSL certificates for multiple sites, including Google web properties. These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against web properties. The subordinate CAs may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks...
Recommendation: An automatic updater of revoked certificates is included in supported editions of Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, and Windows Server 2012 R2, and for devices running Windows Phone 8 or Windows Phone 8.1. For these operating systems or devices, customers do not need to take any action because the CTL will be updated automatically.
For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 that are using the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070* for details), customers do not need to take any action because the CTL will be updated automatically.
For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2, and that do -not- have the automatic updater of revoked certificates installed, this update is not available. To receive this update, customers must install the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070* for details). Customers in disconnected environments and who are running Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 can install update 2813430** to receive this update (see Microsoft Knowledge Base Article 2813430** for details)..."
* https://support.microsoft.com/kb/2677070
** https://support.microsoft.com/kb/2813430
- https://technet.microsoft.com/en-us/library/security/2982792
V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for supported editions of Windows Server 2003. For more information, see the Suggested Actions section of this advisory.
___
- http://atlas.arbor.net/briefs/index#1956386183
High Severity
July 10, 2014
Four fake certificates have been identified posing as Google and Yahoo, putting Internet Explorer users at risk.
Analysis: The certificates were issued by the National Informatics Centre (NIC) in India, whose certificate issuance process was reportedly compromised. NIC is trusted by CCA India, who in turn is trusted by Microsoft. Other fake certificates were likely issued as well, though details on the full scope of the breach have not been released. While the identified certificates have been revoked by CCA, they could nonetheless affect Windows users: real-time revocation checks performed by security measures using certificate revocation list and online certificate status protocol do not sufficiently prevent attacks, as seen following certificate revocations after disclosure of the OpenSSL Heartbleed vulnerability earlier this year. Firefox, Thunderbird, and Chrome users on Windows are -not- at risk, as the applications' root stores are independent of Windows. Users running Mac OS X, Linux, and other platforms are also not at risk. Until Microsoft has addressed the issue, Windows users should use applications other than Internet Explorer to access domains using TLS. [ http://arstechnica.com/security/2014/07/crypto-certificates-impersonating-google-and-yahoo-pose-threat-to-windows-users/ ]
- http://www.securitytracker.com/id/1030548
Updated: Jul 17 2014
Impact: Modification of authentication information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2; and prior service packs
Description: A vulnerability was reported in Microsoft Windows. A remote user may be able to spoof SSL certificates.
The operating system includes invalid subordinate certificates issued by National Informatics Centre (NIC), which operates subordinate certificate authorities (CAs) under root CAs operated by the Government of India Controller of Certifying Authorities (CCA)...
Impact: A remote user may be able to spoof SSL certificates.
Solution: The vendor has issued a fix, available via automatic update for Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows Phone 8, and Windows Phone 8.1.
The vendor has issued a fix for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 systems that use the automatic updater of revoked certificates (see KB2677070)...
Vendor URL: https://technet.microsoft.com/en-us/library/security/2982792
:fear::fear:
AplusWebMaster
2014-07-14, 21:45
FYI...
MS14-037 KB2962872 issues ...
- http://www.infoworld.com/t/microsoft-windows/black-tuesday-patch-kb-2962872-crashes-installshield-causes-slowdowns-246112
July 14, 2014 - "... Posters on the Microsoft Answers forum report that uninstalling KB 2962872 solves the problem.
Flexerasoft has posted a limited workaround:
Moving the .htm files to a backup folder has been shown to reduce the impact of the issue for some InstallShield customers. Please note that by taking these steps, the InstallShield Start Page and inline help will be limited and navigating to some views may still trigger a crash. Those using this method should save their projects frequently.
Steps to implement this limited workaround:
Move *.htm from
\<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>
To a new folder
\<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>\HTM-Backup\
Move *.htm from
\<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>Express\
To a new folder
\<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>Express\HTM-Backup\
The workaround lets InstallShield start and run normally, but reports say it crashes on exit. There are also sporadic reports of additional problems with KB 2962872, particularly slowdowns..."
- https://community.flexerasoftware.com/showthread.php?217569-InstallShield-Crashes-and-Microsoft-KB-2962872
07-11-2014
Microsoft security update KB2962872 (MS14-037) may cause the InstallShield or InstallShield for AdminStudio application to crash...
- http://www.flexerasoftware.com/landing/Microsoft-Security-Update-IS-AR-KB2962872.html
___
MS patches crash Dell Data Protection-Encryption and CMGShield
Black Tuesday patches cause blue screens of death on DDP-E encrypted machines, black recovery screens for CMGShield
- http://www.infoworld.com/t/microsoft-windows/microsoft-patches-crash-dell-data-protection-encryption-and-cmgshield-246108
July 14, 2014 - "... a group of patches in this month's Black Tuesday crop causes BSODs on PCs encrypted with Dell Data Protection-Encryption or forces CMGShield-protected PCs into a lockup, with a black recovery screen. Although Dell posted information identifying the problem late Thursday in Quick Tip 653764*, there's still no word on precisely which Black Tuesday patches trigger the anti-tampering lockout. There's a fix, but it's complex..."
* http://www.dell.com/support/troubleshooting/us/en/04/KCS/KcsArticles/ArticleView?c=&l=&s=&docid=653764
2014-07-10
___
MS14-037: Customers who use PTC Windchill 10.x solutions have
> reported instability and crashes after the installation of this
> security update.
- http://communities.ptc.com/message/250228#250228
Jul 22, 2014
___
July 2014 Security Bulletin Webcast Q&A
- http://blogs.technet.com/b/msrc/p/july2-2014-security-bulletin-q-a.aspx
:fear::fear:
AplusWebMaster
2014-07-25, 12:31
FYI...
Issue when launching Office apps after applying July 2014 update for Office 365 ProPlus
- http://blogs.technet.com/b/odsupport/archive/2014/07/23/issue-when-launching-office-apps-after-applying-july-2014-update-for-office-365-proplus.aspx
23 Jul 2014 - "Shortly after the release of the July Public Update, we received notification of a potential issue affecting a subset of Office 365 ProPlus users. In some cases, users running Office may not be able to launch Office products after the July 2014 updates are installed.
We have since corrected the issue and will be releasing an updated build 15.0.4631.1004 scheduled to go live by Thursday July 24th. Once the update is available, you can click on “Update Now” from the backstage to get the latest fix.
If you still have issues, then please reboot your computer and try “Update Now.” If you still have issues launching Office applications, as a last resort, please run the Fix It located at [ http://support.microsoft.com/kb/2739501 ] to uninstall and reinstall the latest bits.
Note: This issue doesn’t affect Volume License customers."
:fear:
AplusWebMaster
2014-07-26, 15:27
FYI...
MS Silverlight 5 - July 2014 update
- http://support.microsoft.com/kb/2977218
Last Review: July 23, 2014 - Rev: 1.0 - "... This update offers a new build (version 5.1.30514.0) that is an upgrade to earlier versions of Silverlight. This update is included in current Silverlight installers... fixed by this update:
A Silverlight application that uses tab-switched controls exhibits a memory leak when you switch between tabs or pages in the application..."
Applies to:
Microsoft Silverlight 5
Microsoft Silverlight for Macintosh
Microsoft Silverlight for Windows
___
Glitches - July Windows/Office updates
- http://windowssecrets.com/patch-watch/a-few-glitches-with-july-windowsoffice-updates/
July 24, 2014
> MS14-037 (2962872)
> MS14-039 (2975685)
:fear:
AplusWebMaster
2014-07-31, 04:22
FYI...
Microsoft Security Advisory 2915720
Changes in Windows Authenticode Signature Verification
- https://technet.microsoft.com/en-us/library/security/2915720
December 10, 2013 | Updated: July 29, 2014 - "... This advisory was revised on July 29, 2014 to announce that the stricter Windows Authenticode signature verification behavior described here will be enabled on an opt-in basis and not made a default behavior in supported releases of Microsoft Windows...
V1.4 (July 29, 2014): Revised advisory to announce that Microsoft no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. It remains available as an opt-in feature. See the Advisory FAQ section for more information.
:fear:
AplusWebMaster
2014-08-12, 20:28
FYI...
- https://technet.microsoft.com/library/security/ms14-aug
August 12, 2014 - "This bulletin summary lists security bulletins released for August 2014...
(Total of -9-)
Microsoft Security Bulletin MS14-051 - Critical
Cumulative Security Update for Internet Explorer (2976627*)
- https://technet.microsoft.com/library/security/MS14-051
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
> https://support.microsoft.com/kb/2976627
Aug 12, 2014 - Rev: 2.0 - "This security update 2976627 resolves one -publicly- disclosed and -25- privately reported vulnerabilities in Internet Explorer..."
* https://support.microsoft.com/kb/2976627
Last Review: Aug 15, 2014 - Rev: 4.0
Microsoft Security Bulletin MS14-043 - Critical
Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742)
- https://technet.microsoft.com/library/security/ms14-043
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-048 - Important
Vulnerability in OneNote Could Allow Remote Code Execution (2977201)
- https://technet.microsoft.com/library/security/MS14-048
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS14-044 - Important
Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340)
- https://technet.microsoft.com/library/security/MS14-044
Important - Elevation of Privilege - May require restart - Microsoft SQL Server
Microsoft Security Bulletin MS14-045 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
- https://technet.microsoft.com/library/security/MS14-045
Important - Elevation of Privilege - Requires restart - Microsoft Windows
V2.0 (August 15, 2014): Bulletin revised to -remove- Download Center links for Microsoft security update 2982791. Microsoft recommends that customers -uninstall- this update. See the Update FAQ for details.
V3.0 (August 27, 2014): Bulletin rereleased to announce the replacement of the 2982791 update with the 2993651 update* for all supported releases of Microsoft Windows. See the Update FAQ for details.
Microsoft Security Bulletin MS14-049 - Important
Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490)
- https://technet.microsoft.com/library/security/MS14-049
Important - Elevation of Privilege - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-050 - Important
Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202)
- https://technet.microsoft.com/library/security/MS14-050
Important - Elevation of Privilege - May require restart - Microsoft Server Software
Microsoft Security Bulletin MS14-046 - Important
Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)
- https://technet.microsoft.com/library/security/MS14-046
Important - Security Feature Bypass - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS14-047 - Important
Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)
- https://technet.microsoft.com/library/security/MS14-047
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/archive/2014/08/12/august-2014-security-updates.aspx
12 Aug 2014
Deployment Priority, Severity, and Exploit Index
- http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/3108.DeploymentAug2014.jpg
___
August 2014 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2014/08/12/august-2014-office-update-release.aspx
12 Aug 2014 - "... There are 3 security updates (3 bulletins) and 25 non-security updates..."
Aug 13, 2014 - "UPDATE: An issue has been discovered in the non-security Outlook 2013 update (KB 2881011) that prevents some users from opening archive folders. We have removed this update from availability and released a new update, KB2889859 that fixes the issue. Additionally, KB2992644, has more information on the specific issue. We apologize for any inconvenience."
___
- http://www.securitytracker.com/id/1030714 - MS14-043
- http://www.securitytracker.com/id/1030716 - MS14-044
- http://www.securitytracker.com/id/1030718 - MS14-045
- http://www.securitytracker.com/id/1030721 - MS14-046
- http://www.securitytracker.com/id/1030722 - MS14-047
- http://www.securitytracker.com/id/1030717 - MS14-048
- http://www.securitytracker.com/id/1030719 - MS14-049
- http://www.securitytracker.com/id/1030720 - MS14-050
- http://www.securitytracker.com/id/1030715 - MS14-051
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18521
2014-08-12
.
AplusWebMaster
2014-08-13, 12:03
FYI...
Microsoft Security Advisory 2755801
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: August 12, 2014 - Version: 27.0 - "... Microsoft released an update (2982794*) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-18**. For more information about this update, including download links, see Microsoft Knowledge Base Article 2982794*.
Note: Updates for Windows RT and Windows RT 8.1 are available via Windows Update***..."
* https://support.microsoft.com/kb/2982794
** http://helpx.adobe.com/security/products/flash-player/APSB14-18.html
*** https://www.update.microsoft.com/windowsupdate/
:fear:
AplusWebMaster
2014-08-14, 14:28
FYI...
BSOD - Blue Screen Stop 0x050 error reported for systems installing KB2976897, KB2982791, and KB2970228
Two of Microsoft's kernel-mode driver updates - which often cause problems -- are triggering a BSOD error message on some Windows systems
- http://www.infoworld.com/t/microsoft-windows/blue-screen-stop-0x050-error-reported-systems-installing-kb2976897-kb2982791-and-kb2970228-248363
Aug 14, 2014 - "Details at this point are sparse, but it looks like three different patches from this week's Black Tuesday crop are causing Blue Screens with a Stop 0x50 error on some systems. If you're hitting a BSOD, you can help diagnose the problem (and perhaps prod Microsoft to find a solution) by adding your voice to the Microsoft Answers Forum thread* on the subject. Problematic kernel-mode driver updates aren't unusual at all. Now that Microsoft is releasing more of them, problems seem to be cropping up more frequently.
In this case, two MS14-045/KB 2984615 kernel-mode driver patches, KB2976897 and KB2982791, have been implicated in triggering Blue Screen Stop 0x50 messages. Oddly, that Windows 8.1 "Update 2" fix that adds the ruble character as an official currency marker in Win 8.x and Win7, KB 2970228, seems to be causing the problem, too. At this point there's no word on possible causes, although several people have identified their operating systems as 64-bit Windows 7..."
* http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/blue-screen-stop-0x50-after-applying-update/6da4d264-02d8-458e-89e2-a78fe68766fd
> https://technet.microsoft.com/library/security/MS14-045
:fear::fear: :sad:
AplusWebMaster
2014-08-16, 13:00
FYI...
MS14-045 - See "Known issues" ...
- https://support.microsoft.com/kb/2982791
Last Review: August 19, 2014 - Revision: 4.2 - "... Status:
Microsoft has -removed- the download links to these updates while these issues are being investigated...
Mitigations: Open the Programs and Features item in Control Panel, and then click View installed updates. Find and then -uninstall- any of the following update that are currently installed:
KB2982791
KB2970228
KB2975719
KB2975331 ..."
(More detail at the URL above.)
- https://technet.microsoft.com/library/security/ms14-045
V2.0 (August 15, 2014): Bulletin revised to -remove- Download Center links for Microsoft security update 2982791. Microsoft recommends that customers -uninstall- this update. See the Update FAQ for details.
V3.0 (August 27, 2014): Bulletin rereleased to announce the replacement of the 2982791 update with the 2993651 update* for all supported releases of Microsoft Windows. See the Update FAQ for details.
:fear::fear:
AplusWebMaster
2014-08-19, 05:19
FYI...
August 2014 Security Bulletin Webcast Q&A
- http://blogs.technet.com/b/msrc/archive/2014/08/18/august-2014-security-bulletin-webcast-and-q-amp-a.aspx
18 Aug 2014 - "Today, we published the August 2014 Security Bulletin webcast questions and answers page*... We answered ten questions on air, with the majority focusing on the update for Internet Explorer... We are aware of some issues related to the recent updates and are working on a fix. For more information please read KB 2982791**..."
* http://blogs.technet.com/b/msrc/p/aug-2014-security-bulletin-q-a.aspx
Aug 13, 2014
** https://support.microsoft.com/kb/2982791
Last Review: Aug 19, 2014 - Rev: 4.2
:fear::fear:
AplusWebMaster
2014-08-26, 13:13
FYI...
Internet Explorer may become slow or unresponsive when web applications implement consecutive modal dialog boxes
- https://support.microsoft.com/kb/2991509
Last Review: Aug 21, 2014 - Rev: 2.0 - "After you apply the MS14-037 or MS14-051 cumulative security update for Internet Explorer, web applications that implement consecutive modal dialog boxes may cause Internet Explorer to become slow and unresponsive over time. This issue occurs in Internet Explorer versions 7 through 11..."
- https://support.microsoft.com/kb/2991509#prerequisites
"Prerequisites: You -must- have MS14-051* Cumulative security update for Internet Explorer installed to apply this hotfix... You -must- restart the computer after you apply this update..."
* https://support.microsoft.com/kb/2976627
MS14-051 Issue fix KB2991509 not available for Windows 8 x64
- http://social.technet.microsoft.com/Forums/en-US/c8581d6e-f756-4d1d-b296-0bb0d2df6bb4/ms14051-issue-fix-kb2991509-not-available-for-windows-8-x64?forum=ieitprocurrentver
___
- http://blogs.msmvps.com/bradley/2014/08/25/were-heading-into-the-4th-tuesday/
August 25th, 2014 - "With no hint of a re-release of the kernel updates that caused the bsod’s. On the one hand it’s good to only release it when it’s ready, on the other hand, it’s a bit concerning that it’s talking this long to come out with a rereleased version."
:fear::fear:
AplusWebMaster
2014-08-27, 22:23
FYI...
MS14-045 rereleased
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
- https://technet.microsoft.com/en-us/library/security/ms14-045.aspx
V3.0 (August 27, 2014): Bulletin rereleased to announce the replacement of the 2982791 update with the 2993651 update* for all supported releases of Microsoft Windows. See the Update FAQ for details.
* https://support.microsoft.com/kb/2993651
Last Review: Aug 28, 2014 - Rev: 3.0
- http://blogs.technet.com/b/msrc/archive/2014/08/27/security-bulletin-ms14-045-rereleased.aspx
27 Aug 2014
___
- http://www.infoworld.com/t/microsoft-windows/microsoft-ships-replacement-patch-kb-2993651-two-known-bugs-249342
Aug 28, 2014 - "... As of early this morning, one Windows 8 user was reporting black screens* with the -new- patch, KB 2993651. Answers Forum posters pacman10, JohnBurgessUK, and chadlan can't get Windows Update to check for new updates after installing KB 2993651 (although rseiler reports all's well). It's too early to tell for sure, but there may be more problems with the -new- patch..."
* http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/blue-screen-stop-0x50-after-applying-update/6da4d264-02d8-458e-89e2-a78fe68766fd?page=56
___
- http://www.computerworld.com/article/2598533/malware-vulnerabilities/microsoft-engineer-definitely-problems-with-test-process-after-crippling.html
Aug 22, 2014 - "... end users and IT administrators alike, who have all tried to explain what they see as a -decline- in the quality of Microsoft's software updates. Some of that speculation has revolved around the July job cuts \ Microsoft made in the U.S., where according to many accounts a large number of software test engineers were let go..."
'Maybe just made it -worse- re: the "Dear Mr. Ballmer" open letter:
- http://blogs.msmvps.com/bradley/2013/09/12/dear-mr-ballmer-my-email-today/
>> Sep 12th, 2013
:fear::fear:
AplusWebMaster
2014-09-09, 20:28
FYI...
- https://technet.microsoft.com/library/security/ms14-sep
Sep 9, 2014 - "This bulletin summary lists security bulletins released for September 2014...
(Total of -4-)
Microsoft Security Bulletin MS14-052 - Critical
Cumulative Security Update for Internet Explorer (2977629)
- https://technet.microsoft.com/library/security/MS14-052
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- http://support.microsoft.com/kb/2977629
Last Review: Sep 16, 2014 - Rev: 2.0
"... This security update resolves 1 publicly disclosed and 36 privately reported vulnerabilities..."
Microsoft Security Bulletin MS14-053 - Important
Vulnerability in .NET Framework Could Allow Denial of Service (2990931)
- https://technet.microsoft.com/library/security/MS14-053
Important - Denial of Service - May require restart - Microsoft Windows, Microsoft .NET Framework
V1.1 (Sep 17, 2014): Bulletin revised to clarify language in the Executive Summary, Mitigating Factors, and Vulnerability FAQ sections that describes the attack vector for CVE-2014-4072. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4072 - 5.0
Microsoft Security Bulletin MS14-054 - Important
Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948)
- https://technet.microsoft.com/library/security/MS14-054
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-055 - Important
Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)
- https://technet.microsoft.com/library/security/MS14-055
Important - Denial of Service - Does not require restart - Microsoft Lync Server
V2.0 (Sep 15, 2014): Bulletin revised to -remove- Download Center links for Microsoft security update 2982385 for Microsoft Lync Server 2010...
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4068 - 5.0
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4070 - 5.0
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4071 - 5.0
___
- http://blogs.technet.com/b/msrc/archive/2014/09/09/the-september-2014-security-updates.aspx
Deployment Priority, Severity, Exploit Index
- http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/4064.deployment.jpg
___
September 2014 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2014/09/09/september-2014-office-update-release.aspx
9 Sep 2014 - "... There are no security updates. There are 18 non-security updates..."
___
- http://www.securitytracker.com/id/1030818 - MS14-052
- http://www.securitytracker.com/id/1030819 - MS14-053
- http://www.securitytracker.com/id/1030820 - MS14-054
- http://www.securitytracker.com/id/1030821 - MS14-055
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18627
2014-09-09
___
MS Security Advisories - Sep 2014
Update to Improve Credentials Protection and Management
- https://technet.microsoft.com/en-us/library/security/2871997
V3.0 (September 9, 2014): Rereleased advisory to announce the release of update 2982378 to provide additional protection for users’ credentials when logging into a Windows 7 or Windows Server 2008 R2 system...
Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/library/security/2905247
V2.0 (September 9, 2013): Advisory rereleased to announce the offering of the security update via Microsoft Update, in addition to the Download-Center-only option that was provided when this advisory was originally released. Additionally, some of the updates were reissued to improve their quality...
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
V28.0 (September 9, 2014): Added the 2987114 update to the Current Update section.
.
AplusWebMaster
2014-09-12, 15:23
FYI...
Update for OneDrive for Business (KB2889866)
- https://support.microsoft.com/kb/2889866
Last Review: Sep 10, 2014 - Rev: 2.0
"Notice: We are investigating an issue that is affecting the September 2014 update for Microsoft OneDrive for Business. Therefore, we have removed the update from availability for now..."
- http://blogs.technet.com/b/office_sustained_engineering/archive/2014/09/10/september-2014-office-update-release.aspx
10 Sep 2014 - "UPDATE - We have discovered an issue with update KB 2889866. We have removed the update from availability while we investigate."
___
- http://www.infoworld.com/t/microsoft-windows/microsofts-new-update-tuesday-looks-whole-lot-the-old-black-tuesday-250304
Sep 11, 2014
___
September 2014 Security Bulletin Webcast Q&A
- http://blogs.technet.com/b/msrc/archive/2014/09/12/september_2d00_2014_2d00_security_2d00_bulletin_2d00_release_2d00_webcast_2d00_q_2d00_a.aspx
12 Sep 2014 - "Today we’re publishing the September 2014 Security Bulletin Webcast Questions & Answers page*..."
* http://blogs.technet.com/b/msrc/p/september-2014-security-bulletin-release-webcast-q-a.aspx
:fear:
AplusWebMaster
2014-09-16, 13:00
FYI...
MS14-055 revised - Vulnerabilities in Lync could allow denial of service ...
- https://technet.microsoft.com/library/security/MS14-055
V2.0 (September 15, 2014): Bulletin revised to remove* Download Center links for Microsoft security update 2982385 for Microsoft Lync Server 2010...
* Update FAQ
Why was this bulletin revised on September 15, 2014?
Microsoft revised this bulletin to address a known issue that prevented users from successfully installing security update 2982385 for Microsoft Lync Server 2010. Microsoft is investigating behavior associated with the installation of this update, and will update this bulletin when more information becomes available. As an added precaution, Microsoft has removed the download links to the 2982385 security update...
Related: https://support.microsoft.com/kb/2990928
Last Review: Sep 16, 2014 - Rev: 2.0
:fear:
AplusWebMaster
2014-09-20, 15:56
FYI...
MS14-046: Description of the security update for the .NET Framework 3.5
on Windows 8 and Windows Server 2012: Aug 12, 2014
* https://support.microsoft.com/kb/2966827
Last Review: Sep 19, 2014 - Rev: 3.0
Bulletin Information:
MS14-046 - Important
- https://technet.microsoft.com/library/security/ms14-046
- Reason for Revision: V1.2 (Sep 19, 2014): Bulletin
revised with a change to the 'Known Issues' entry in the Knowledge
Base Article section from "None" to "Yes".
- Originally posted: August 12, 2014
- Updated: September 19, 2014
- Bulletin Severity Rating: Important
- Version: 1.2
___
Enabling the Microsoft .NET Framework 3.5 optional Windows feature on Windows 8
and Windows Server 2012 may -fail- after you install security update 2966827
- https://support.microsoft.com/kb/3002547
Last Review: Sep 19, 2014 - Rev: 2.0
:fear::fear:
AplusWebMaster
2014-09-23, 21:46
FYI...
Microsoft Security Bulletin MS14-055 - Important
Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)
- https://technet.microsoft.com/en-us/library/security/MS14-055
V3.0 (September 23, 2014): Bulletin rereleased to announce the re-offering of the 2982385 security update file (server.msp) for Microsoft Lync Server 2010...
Why was this bulletin revised on September 23, 2014?
Microsoft re-released this bulletin to announce the re-offering of the 2982385 security update file (server.msp) for Microsoft Lync Server 2010. The re-released update addresses an issue in the original offering that prevented users from successfully installing the server.msp file. Customers who attempted to install the original update will be re-offered the 2982385* update and are encouraged to apply it at the earliest opportunity...
* https://support.microsoft.com/kb/2982385
Sep 23, 2014 - Rev: 2.0
:fear:
AplusWebMaster
2014-09-24, 03:25
FYI...
IE10/IE11 in Win8/8.1 - Flash Player update
- https://technet.microsoft.com/en-us/library/security/2755801
Sep 23, 2014
V29.0 (Sep 23, 2014): Added the 2999249* update to the Current Update section.
Update for Adobe Flash Player in Internet Explorer
* https://support.microsoft.com/kb/2999249
Sep 23, 2014 - Rev: 1.0 - "An issue was found in which some videos may not play, or you may receive an error message, when you try to watch video from certain websites. Microsoft has released an update for this issue for IT professionals. This release contains a fix that will significantly reduce the prevalence of video playback failures on sites where this problem previously occurred.
Known issues with this update: Windows Update will not offer this update to Windows RT-based computers until update 2808380 is installed. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 2808380** Windows RT-based device cannot download software updates or Windows Store apps."
** https://support.microsoft.com/kb/2808380
Mar 7, 2013 - Rev: 3.0
[ Hat tip to dvk01: http://myonlinesecurity.co.uk/microsoft-updates-adobe-flash-player-ie10-ie11in-windows-8-8-1/ ]
:fear::fear:
AplusWebMaster
2014-10-14, 20:36
FYI...
- https://technet.microsoft.com/library/security/ms14-oct
Oct 14, 2014 - "This bulletin summary lists security bulletins released for October 2014...
(Total of -8-)
Microsoft Security Bulletin MS14-056 - Critical
Cumulative Security Update for Internet Explorer (2987107)
- https://technet.microsoft.com/library/security/ms14-056
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- https://support.microsoft.com/kb/2987107
"... resolves -14- privately reported vulnerabilities in Internet Explorer. This security update helps protect Internet Explorer from being attacked when you view a specially crafted webpage..."
- https://support.microsoft.com/kb/2987107
Last Review: Oct 20, 2014 - Rev: 3.0
Microsoft Security Bulletin MS14-057 - Critical
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)
- https://technet.microsoft.com/library/security/ms14-057
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS14-058 - Critical
Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)
- https://technet.microsoft.com/library/security/ms14-058
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-059 - Important
Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)
- https://technet.microsoft.com/library/security/ms14-059
Important - Security Feature Bypass - May require restart - Microsoft Developer Tools
- https://support2.microsoft.com/kb/2990942
Last Review: Oct 16, 2014 - Rev: 2.0
Microsoft Security Bulletin MS14-060 - Important
Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)
- https://technet.microsoft.com/library/security/ms14-060
Important - Remote Code Execution - May require restart - Microsoft Windows
- http://www.isightpartners.com/2014/10/cve-2014-4114/
Oct 14, 2014
- https://support.microsoft.com/kb/3000869
Last Review: Oct 14, 2014 - Rev: 1.1
Microsoft Security Bulletin MS14-061 - Important
Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)
- https://technet.microsoft.com/library/security/ms14-061
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps
- https://support.microsoft.com/kb/3000434
Last Review: Oct 14, 2014 - Revision: 1.1
Microsoft Security Bulletin MS14-062 - Important
Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)
- https://technet.microsoft.com/library/security/ms14-062
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-063 - Important
Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)
- https://technet.microsoft.com/library/security/ms14-063
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/archive/2014/10/14/october-2014-updates.aspx
Deployment Priority, Severity, and Exploit Index
- http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/October-2014-Security-Bulletins-overview.png
___
- http://www.securitytracker.com/id/1031018 - MS14-056
CVE Reference: CVE-2014-4123, CVE-2014-4124, CVE-2014-4126, CVE-2014-4127, CVE-2014-4128, CVE-2014-4129, CVE-2014-4130, CVE-2014-4132, CVE-2014-4133, CVE-2014-4134, CVE-2014-4137, CVE-2014-4138, CVE-2014-4140, CVE-2014-4141
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6, 7, 8, 9, 10, 11 ...
- http://www.securitytracker.com/id/1031021 - MS14-057
- http://www.securitytracker.com/id/1031022 - MS14-058
- http://www.securitytracker.com/id/1031023 - MS14-059
- http://www.securitytracker.com/id/1031017 - MS14-060
CVE Reference: CVE-2014-4114
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs ...
This vulnerability is being actively exploited via PowerPoint files.
The original advisory is available at: http://www.isightpartners.com/2014/10/cve-2014-4114/
iSIGHT Partners reported this vulnerability...
- http://www.securitytracker.com/id/1031024 - MS14-061
- http://www.securitytracker.com/id/1031025 - MS14-062
- http://www.securitytracker.com/id/1031027 - MS14-063
___
October 2014 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2014/10/14/october-2014-office-update-release.aspx
14 Oct 2014 - "... There are 6 security updates (1 bulletin) and 21 non-security updates..."
___
MSRT October 2014 – Hikiti
- http://blogs.technet.com/b/mmpc/archive/2014/10/14/msrt-october-2014-hikiti.aspx
Oct 14, 2014 - "The October release of the Malicious Software Removal Tool (MSRT) is directly related to a Coordinated Malware Eradication (CME) initiative led by Novetta and with the help of many other security partners: F-Secure, ThreatConnect, ThreatTrack Security, Volexity, Symantec, Tenable, Cisco, and iSIGHT. Collaboration across private industry is crucial to addressing advanced persistent threats. The target in this campaign is an advanced persistent threat that served as the infrastructure of actors that launched targeted attacks against multiple organizations around the world. This month, the MSRT along with all of the partners in our Virus Information Alliance program are releasing new coverage for this infrastructure: Win32/Hikiti and some of the related malware families, Win32/Mdmbot, Win32/Moudoor, Win32/Plugx, Win32/Sensode, and Win32/Derusbi. Novetta has released an executive summary* on this threat..."
* http://www.novetta.com/operationsmn
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18819
2014-10-14 - "... only -8- instead of the promised 9 bulletins. Also, of particular interest is MS14-060 which was pre-announced by iSight Partners. iSight has seen this vulnerability exploited in some "APT" style attacks against NATO/US military interests and attributes these attacks to Russia..."
___
MS Advisories for October 2014
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: Oct 14, 2014 - v30.0
Microsoft Security Advisory 2949927
Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2
- https://technet.microsoft.com/en-us/library/security/2949927
Oct 14, 2014
V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. Microsoft recommends that customers experiencing issues -uninstall- this update. Microsoft is investigating behavior associated with this update, and will update the advisory when more information becomes available.
- https://support.microsoft.com/kb/2949927
Last Review: Oct 21, 2014 - Rev: 6.1
Microsoft Security Advisory 2977292
Update for Microsoft EAP Implementation that Enables the Use of TLS
- https://technet.microsoft.com/en-us/library/security/2977292
Oct 14, 2014
Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/library/security/3009008.aspx
V1.1 Oct 15, 2014: Advisory revised to include a workaround for disabling the SSL 3.0 protocol in Windows.
.
AplusWebMaster
2014-10-15, 14:41
FYI...
KB2952664 problems ...
- http://myonlinesecurity.co.uk/microsoft-update-kb2952664-problems/
15 Oct 2014 - "Once again the October 2014 windows updates are causing problems on many computers. The biggest problem this month appears to be KB2952664 update for Windows 7. Do -not- install KB 2952664 update for Windows 7 unless you intend to update the windows 7 computer to either Windows 8 or the windows 10 preview. Various forums, including Microsoft help forums* are full of posts complaining about it failing. There is absolutely no need for the majority of users to install this update on their computer. If you have installed it, it will appear in the update history as -failed-. Go to programs & features, all updates and select KB2952664, press uninstall, reboot the computer and all will be OK. Then go to windows update, press check for updates, when the KB2952664 appears in the window, right click the entry and select -hide- update. You might then get a prompt asking for your admin account password if you are running as a standard user or a normal UAC prompt to continue with hiding the update. This KB 2952664 update for Windows 7 has been continually pushed out by Microsoft almost every month since April 2014 with various tweaks and revisions. Most have had some degree of install problems or have caused some degree of system instabilities. The October 2014 version appears to be the most problematic. It isn’t needed so don’t install it..."
* http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/new-windows-update-inconsistency-regarding-update/30c7c7d4-d15b-49ed-a08f-edcf9ac1347b
Compatibility update for upgrading Windows 7
- https://support.microsoft.com/kb/2952664
> http://www.infoworld.com/article/2833825/microsoft-windows/windows-7-patch-kb-2952664-fails-with-error-80242016.html
Oct 15, 2014
:fear::fear: :sad:
AplusWebMaster
2014-10-17, 00:53
FYI...
Four more botched MS patches: KB 3000061, KB 2984972, KB 2949927, KB 2995388
Windows users are reporting significant problems with four more October Black Tuesday patches
- http://www.infoworld.com/article/2834535/security/four-more-botched-black-tuesday-patches-kb-3000061-kb-2984972-kb-2949927-and-kb-2995388.html
Oct 16, 2014 - "... Black Tuesday problems continue to pile up. Yesterday brought to light problems with KB 2952664*, the seventh patch with that name, which fails to install on a large number of Windows 7 machines. Now there are reports of four more botched patches. It's too early to tell exactly what's causing the problems, but if you're having headaches, you aren't alone - and there are solutions.
* http://www.infoworld.com/article/2833825/microsoft-windows/windows-7-patch-kb-2952664-fails-with-error-80242016.html
KB 3000061**... is a kernel mode driver update, MS 14-058. It's one of Microsoft's zero-day patches this month - there are very limited but identified attacks in the wild that use this security hole.
** https://support.microsoft.com/kb/3000061
TechNet has a thread*** about failure to install on Server 2012 machines. Poster jcs916 describes a problem with installing KB 3000061 on a Windows 8.1 machine...
*** https://social.technet.microsoft.com/Forums/windowsserver/en-US/f77691d8-a9d0-4714-98ad-71665cfa8965/kb3000061-fails-to-install-on-server-2012?forum=winserver8gen
Microsoft released seven separately identified security patches that weren't associated with Security Bulletins. One of them, KB 2984972, isn't faring well... AndrewKelly, posting on the TechNet forum[4], says he has had problems with Autodesk packages after applying the patch:
4] https://social.technet.microsoft.com/Forums/en-US/c90212b0-b32c-4488-9753-fb952112828c/warning-kb2984972-and-autodeskrelated-46-appv-packages?forum=mdopappv
... Finally, a nonsecurity update rollup, KB 2995388[5] - also distributed Tuesday - is causing problems with VMware. After installing the patch, every time you try to boot a virtual machine, you get a message: "Not enough physical memory is available to power on this virtual machine with its configured settings." The VMware folks[6] recommend you -not- install KB 2995388; if you have, they recommend that you -uninstall- it."
5] http://support.microsoft.com/kb/2995388
6] http://blogs.vmware.com/workstation/2014/10/workstation-10-issue-recent-microsoft-windows-8-1-update.html
___
- http://blogs.msmvps.com/bradley/2014/10/15/patches-to-keep-an-eye-on/
Oct 15, 2014
:fear::fear: :sad:
AplusWebMaster
2014-10-17, 19:36
FYI...
M$ yanks botched patch KB 2949927, re-issues KB 2952664
Windows 7 upgrade compatibility patch gets a tweaked installer, while the SHA-2 hashing patch is summarily removed without explanation
- http://www.infoworld.com/article/2834930/security/microsoft-yanks-botched-patch-kb-2949927-re-issues-kb-2952664.html
Oct 17, 2014 - "Tell me if you've heard this one before: Microsoft has pulled a patch - KB 2949927*, a patch so important it rated its own Security Advisory - and there's no official notification that the patch was yanked, no explanation as to why it's been pulled, and no instructions for removing (or keeping) the patch if it did somehow get installed... Take-away lesson: Ignore Windows error messages. Aunt Martha can handle that. The more disconcerting patch, KB 2949927, was one of the -four- botched patches I mentioned yesterday. It adds SHA-2 hash signing and verification capability to Windows 7. Trying to install it on some machines led to multiple reboots failing with error 80004005 - a nice way to spend your Tuesday afternoon. And Wednesday. And Thursday morning... What should you do if the patch was installed? I have no idea, and Microsoft isn't saying a thing. Still -no- word on the other bad patches..."
* https://support.microsoft.com/kb/2949927
Last Review: Oct 21, 2014 - Rev: 6.1
:fear::fear::fear: :sad:
AplusWebMaster
2014-10-22, 07:11
FYI...
Security Advisory 3010060 released
- http://blogs.technet.com/b/msrc/archive/2014/10/21/security-advisory-3010060-released.aspx
21 Oct 2014 - "Today, we released Security Advisory 3010060* to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file. As part of this Security Advisory, we have included an easy, one-click Fix it** solution to address the known cyberattack. Please review the "Suggested Actions" section of the Security Advisory for additional guidance. Applying the Fix it does not require a reboot. We suggest customers apply this Fix it to help protect their systems..."
Microsoft Security Advisory 3010060
Vulnerability in Microsoft OLE Could Allow Remote Code Execution
* http://technet.microsoft.com/en-us/security/advisory/3010060
21 Oct 2014 - "... we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint..."
** https://support.microsoft.com/kb/3010060#FixItForMe
Last Review: Oct 22, 2014 - Rev: 2.0
Enable this fix it - Microsoft Fix it 51026
- http://www.securitytracker.com/id/1031097
CVE Reference:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6352 - 9.3 (HIGH)
Last revised: 10/23/2014 "... as exploited in the wild in October 2014 with a crafted PowerPoint document."
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs...
> https://support.microsoft.com/kb/3010060#FixItForMe
___
- http://www.symantec.com/connect/blogs/attackers-circumvent-patch-windows-sandworm-vulnerability
22 Oct 2014 - "At least two groups of attackers are continuing to take advantage of the recently discovered Sandworm vulnerability in Windows by using an exploit that bypasses the patch... Microsoft is aware of the vulnerability and has issued a -new- security advisory warning users of possible attacks. The company has yet to release a patch for this latest issue, which is being tracked as the Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2014-6352*)... The -new- vulnerability affects all supported releases of Microsoft Windows, excluding Windows Server 2003. Microsoft has produced a Fix it** solution to address -known- exploits. Windows users are advised to exercise caution when opening Microsoft PowerPoint files or other files from -untrusted- sources. It is also recommended that the User Account Control (UAC) be enabled, if it is not already..."
* https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6352 - 9.3 (HIGH)
** https://support.microsoft.com/kb/3010060#FixItForMe
- http://atlas.arbor.net/briefs/index#973033948
Elevated Severity
23 Oct 2014
:fear:
AplusWebMaster
2014-10-30, 10:47
FYI...
Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/library/security/3009008
V2.0 (October 29, 2014): Revised advisory to announce the deprecation of SSL 3.0, to clarify the workaround instructions for disabling SSL 3.0 on Windows servers and on Windows clients, and to announce the availability of a Microsoft Fix it solution for Internet Explorer. For more information see Knowledge Base Article 3009008*.
* https://support.microsoft.com/kb/3009008#FixItForMe
Last Review: Oct 29, 2014 - Rev: 2.3
Disable SSL 3.0 in Internet Explorer - Microsoft Fix it 51024
:fear::fear:
AplusWebMaster
2014-11-11, 22:31
FYI...
- https://technet.microsoft.com/library/security/ms14-nov
Nov 11, 2014 - "This bulletin summary lists security bulletins released for November 2014...
(Total of -14-)
Microsoft Security Bulletin MS14-064 - Critical
Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
- https://technet.microsoft.com/library/security/MS14-064
Critical - Remote Code Execution - May requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-065 - Critical
Cumulative Security Update for Internet Explorer (3003057)
- https://technet.microsoft.com/library/security/MS14-065
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS14-066 - Critical
Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
- https://technet.microsoft.com/library/security/MS14-066
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-067 - Critical
Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958)
- https://technet.microsoft.com/library/security/MS14-067
Critical - Remote Code Execution - May require restart - Microsoft Windows
MS14-068: Release date to be determined.
Microsoft Security Bulletin MS14-069 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710)
- https://technet.microsoft.com/library/security/MS14-069
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS14-070 - Important
Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)
- https://technet.microsoft.com/library/security/MS14-070
Important - Elevation of Privilege - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-071 - Important
Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)
- https://technet.microsoft.com/library/security/MS14-071
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-072 - Important
Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)
- https://technet.microsoft.com/library/security/MS14-072
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS14-073 - Important
Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431)
- https://technet.microsoft.com/library/security/MS14-073
Elevation of Privilege - May require restart - Microsoft Server Software
Microsoft Security Bulletin MS14-074 - Important
Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)
- https://technet.microsoft.com/library/security/MS14-074
Important - Security Feature Bypass - Requires restart - Microsoft Windows
MS14-075: Release date to be determined.
Microsoft Security Bulletin MS14-076 - Important
Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998)
- https://technet.microsoft.com/library/security/MS14-076
Important - Security Feature Bypass - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-077 - Important
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381)
- https://technet.microsoft.com/library/security/MS14-077
Important - Information Disclosure - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-078 - Moderate
Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (2992719)
- https://technet.microsoft.com/library/security/MS14-078
Moderate - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft Office
Microsoft Security Bulletin MS14-079 - Moderate
Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (3002885)
- https://technet.microsoft.com/library/security/MS14-079
Moderate - Denial of Service - Requires restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/archive/2014/11/11/november-2014-updates.aspx
Assessing Risk
- http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx
11 Nov 2014
Exploitability Index
- http://technet.microsoft.com/en-us/security/cc998259.aspx
___
- http://www.securitytracker.com/id/1031184 - MS14-064
- http://www.securitytracker.com/id/1031185 - MS14-065
- http://www.securitytracker.com/id/1031186 - MS14-066
- http://www.securitytracker.com/id/1031187 - MS14-067
-
- http://www.securitytracker.com/id/1031189 - MS14-069
- http://www.securitytracker.com/id/1031190 - MS14-070
- http://www.securitytracker.com/id/1031191 - MS14-071
- http://www.securitytracker.com/id/1031188 - MS14-072
- http://www.securitytracker.com/id/1031192 - MS14-073
- http://www.securitytracker.com/id/1031193 - MS14-074
-
- http://www.securitytracker.com/id/1031194 - MS14-076
- http://www.securitytracker.com/id/1031195 - MS14-077
- http://www.securitytracker.com/id/1031196 - MS14-078
- http://www.securitytracker.com/id/1031197 - MS14-078
- http://www.securitytracker.com/id/1031198 - MS14-079
___
November 2014 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2014/11/11/october-2014-office-update.aspx
11 Nov 2014 - "... There are 5 security updates (3 bulletins) and 33 non-security updates...
NOTICE: Support for Microsoft Office 2010 SP1 ended on 10/14/14. All subsequent Office 2010 updates, beginning with this set, will only apply provided Office 2010 SP2 is installed. See KB2687455* for more information about acquiring Office 2010 SP2 ...
* https://support.microsoft.com/kb/2687455
___
ISC Analysis:
- https://isc.sans.edu/diary.html?storyid=18941
2014-11-11
___
MS Advisories - Nov 2014:
MS Security Advisory 2755801
Update for vulns in Flash Player in IE
- https://technet.microsoft.com/en-us/library/security/2755801
Nov 11, 2014 V31.0 - "... update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."
MS Security Advisory 3010060
Vulnerability in Microsoft OLE Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/library/security/3010060
Nov 11, 2014 V2.0 - "... We have issued Microsoft Security Bulletin MS14-064* to address this issue..."
* https://technet.microsoft.com/library/security/MS14-064
.
AplusWebMaster
2014-11-13, 21:19
FYI...
KB 3003743, IE11 ...
- http://www.infoworld.com/article/2846845/microsoft-windows/microsoft-black-tuesday-kb-3003743-ie11-emet-5-security.html
Nov 13, 2014 - "... sporadic reports of KB 3003743* - part of MS14-074 - breaking concurrent RDP sessions. Poster turducken on the My Digital Life forums pins it down:
Today's updates includes KB3003743 and with it comes termsrv.dll version 6.1.7601.18637
Jason Hart has also tweeted that KB 3003743 kills NComputing's virtualization software..."
* https://support.microsoft.com/kb/3003743
Last Review: Nov 11, 2014 - Rev: 1.2
:fear:
AplusWebMaster
2014-11-16, 17:30
FYI...
MS14-066: Known issues ...
- https://support.microsoft.com/kb/2992611
Last Review: Nov 14, 2014 - Rev: 3.0
See: Known issues with this security update:
" We are aware of an issue in certain configurations in which TLS 1.2 is enabled by default, and TLS negotiations may fail. When this problem occurs, TLS 1.2 connections are dropped, processes hang (stop responding), or services become intermittently unresponsive..."
Security Update MS14-066 causes major performance problems in Microsoft Access / SQL Server applications
- http://darrenmyher.wordpress.com/2014/11/13/security-update-ms14-066-causes-major-performance-in-microsoft-access-sql-server-applications/
Nov 13, 2014
___
Hold off installing MS14-066 / KB 2992611
- http://blogs.msmvps.com/spywaresucks/2014/11/16/hold-off-installing-ms14-066-kb-2992611/
Nov 16, 2014 - "Word is it is breaking stuff, including the ability to access using secure sites using Chrome.
Possible fixes if you’re already affected:
- Open gpedit.msc
- Go to computer configuration > administrative templates > Network > SSL Configuration Settings > - SSL Cipher Suite Order: Set it to enabled
- Reboot
The policy populates the Windows registry with the legacy cipher suites less the 4 new cipher suites added by MS14-066 /2992611. The list of ciphers used can be viewed by enabling the policy then reviewing the list of ciphers in the dialog box
Or: Remove MS14-066 / KB 2992611 and reboot.
Amazon Advisory: https://aws.amazon.com/security/security-bulletins/ms14-066-advisory/ "
- http://www.infoworld.com/article/2848574/operating-systems/microsoft-botches-kb-2992611-schannel-patch-tls-alert-code-40-slow-sql-server-block-iis-sites.html
Nov 17, 2014 - "... we're sitting here with a bad patch, almost a week after Black Tuesday, and the patch is -still- being offered through Automatic Update. Microsoft hasn't pulled it, in spite of one acknowledged major problem, another that's the talk of the SQL Server community, and a few hangers-on that may clobber your machines. Amazon raised a red flag on Wednesday..."
MS14-066 Advisory
- https://aws.amazon.com/security/security-bulletins/ms14-066-advisory/
2014/11/14 5:30PM PST - "We are continuing to investigate the reported issues with the patch that was supplied for MS14-066. This updated status is being provided for the service below. We will continue to update this Security Bulletin for the other services previously identified as more information becomes available.
Amazon Relational Database Service (RDS):
Amazon RDS will build and deploy any required updates to affected RDS SQL Server instances. Any needed updates will require a restart of the RDS database instance. Communication of the specific timing of the update for each instance will be communicated via email or AWS Support directly to customers prior to any instance restart...
We will continue provide updates to this security bulletin.
___
WinShock (KB2992611) Patch breaks IIS
- https://social.technet.microsoft.com/Forums/windowsserver/en-US/218cf562-3dab-4d09-adcc-74f65d0f29f1/winshock-kb2992611-patch-breaks-iis?forum=winserversecurity
Last entry (as of date/time of this post): Nov 16, 2014 12:01 AM
___
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321 - 10.0 (HIGH)
Last revised: 11/12/2014
> http://technet.microsoft.com/security/bulletin/MS14-066
:fear:
AplusWebMaster
2014-11-18, 20:31
FYI...
MS Security Bulletin MS14-068 - Critical
Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)
- https://technet.microsoft.com/library/security/MS14-068
Critical - Elevation of Privilege - Requires restart - Microsoft Windows
Nov 18, 2014 - Ver: 1.0
- https://support.microsoft.com/kb/3011780
- http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx
18 Nov 2014
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6324 - 9.0 (HIGH)
Last revised: 11/19/2014 - "... as exploited in the wild in November 2014..."
___
MS14-066/KB 2992611/WinShock - more problems reported
- http://www.infoworld.com/article/2849292/operating-systems/more-patch-problems-reported-with-the-ms14-066-kb-2992611-winshock-mess.html
Nov 18, 2014 - "... an entire collection of real, bona fide problems that accompany many installations of KB 2992611.
- On Nov. 12, Amazon issued an advisory about the botched Microsoft patch:
[ http://aws.amazon.com/security/security-bulletins/ms14-066-advisory/ ]
'We have received reports that the patch that Microsoft supplied for MS14-066 has been causing issues, specifically that TLS 1.2 sessions are disconnecting during key exchange.
While we investigate this issue with the patch provided, we suggest that our customers review their security groups and ensure that external access to Windows instances have been appropriately restricted to the extent possible.'
Now IBM has chimed in with its own advisory:
[ http://www-01.ibm.com/support/docview.wss?uid=swg21690217 ]
After applying the OS patch, B2B Integrator and FileGateway are unable to start up with the following error:
The driver could not establish a secure connection to SQL Server by using Secure Sockets
Layer (SSL) encryption. Error: "SQL Server returned an incomplete response. The connection has been closed.".
[2014-04-22 06:21:32.25] ERRORDTL [1398162092250]com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server returned an incomplete response. The connection has been closed."
IBM further advises, as of early Tuesday morning, "There is currently no workaround for this issue with the OS patch."
Even BlackBerry - has officially diagnosed a conflict between KB 2992611 and its Print To Go product..."
[ https://supportforums.blackberry.com/t5/BlackBerry-PlayBook/Print-to-Go/td-p/2866644/page/3 ]
> http://www.infoworld.com/article/2849357/microsoft-windows/microsoft-ms14-066kb-2992611-schannel-ms14-068kb-3011780-kb-3000850.html
Nov 18, 2014
___
- https://technet.microsoft.com/library/security/ms14-066
V2.0 (November 18, 2014): Bulletin revised to announce the reoffering of the 2992611 update to systems running Windows Server 2008 R2 and Windows Server 2012. The reoffering addresses known issues that a small number of customers experienced with the new TLS cipher suites that were included in the original release. Customers running Windows Server 2008 R2 or Windows Server 2012 who installed the 2992611 update prior to the November 18 reoffering should reapply the update. See Microsoft Knowledge Base Article 2992611 for more information.
> https://support.microsoft.com/kb/2992611
Last Review: Nov 18, 2014 - Rev: 4.1
... Note: If you downloaded and then installed this security update from the Microsoft Download Center for Windows Server 2008 R2 or Windows Server 2012, we recommend that you reinstall the security update from the Download Center. When you click the Download button, you will be prompted to select the check boxes for updates 2992611 and 3018238. Click to select both updates, and then click Next to continue with the updates. These packages -will- require -two- restarts in sequence during installation.
> http://support2.microsoft.com/kb/3011780
Last Review: Nov 18, 2014 - Rev: 1.0
___
November 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
> https://support2.microsoft.com/kb/3000850
Last Review: Nov 18, 2014 - Rev: 1.0
:fear:
AplusWebMaster
2014-11-20, 19:14
FYI...
MS14-066: Updated... again
- https://support.microsoft.com/kb/2992611
Last Review: Nov 19, 2014 - Rev: 5.0 ...
___
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321 - 10.0 (HIGH)
Last revised: 11/19/2014
:fear::fear: :slap:
AplusWebMaster
2014-11-22, 16:57
FYI...
MS14-066: Revised - again ...
- https://support.microsoft.com/kb/2992611
Last Review: Nov 22, 2014 - Rev: 9.3
Also see: "Known issues with this security update..."
:fear::fear:
AplusWebMaster
2014-11-27, 03:31
FYI...
Update for vulns in Adobe Flash Player in IE10, 11
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: Nov 25, 2014 V32.0 - "... update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... described in Adobe Security bulletin APSB14-26*..."
* https://helpx.adobe.com/security/products/flash-player/apsb14-26.html
Nov 25, 2014 - "... update to Adobe Flash Player 15.0.0.239..."
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8439 - 7.5 (HIGH)
:fear:
AplusWebMaster
2014-12-05, 03:29
FYI...
- https://technet.microsoft.com/library/security/ms14-dec
Dec 4, 2014 - "This is an advance notification of security bulletins that Microsoft is intending to release on December 9, 2014...
(Total of -7-)
Bulletin 1 - Important - Elevation of Privilege - May require restart- Microsoft Exchange
Bulletin 2 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 3 - Critical - Remote Code Execution - May require restart - Microsoft Office
Bulletin 4 - Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 5 - Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 6 - Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 7 - Important - Information Disclosure - May require restart - Microsoft Windows
.
AplusWebMaster
2014-12-08, 18:05
FYI...
IE9 0-day ...
- https://secunia.com/advisories/60610/
Release Date: 2014-12-08
Criticality: Highly Critical
Where: From remote
Impact: System access
Solution Status: Unpatched
Software: Microsoft Internet Explorer 9.x
CVE Reference(s): https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8967 - 6.8
Description: ... vulnerability is caused due to a use-after-free error when handling CElement objects and can be exploited to cause memory corruption via a specially crafted HTML element with "display:run-in" style applied. Successful exploitation of this vulnerability may allow execution of arbitrary code...
- http://www.zerodayinitiative.com/advisories/ZDI-14-403/
2014-12-04
:fear::fear:
AplusWebMaster
2014-12-09, 21:41
FYI...
- https://technet.microsoft.com/library/security/ms14-dec
Dec 9, 2014 - "This bulletin summary lists security bulletins released for December 2014...
(Total of -7-).
Microsoft Security Bulletin MS14-075 - Important
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)
- https://technet.microsoft.com/library/security/MS14-075
Important - Elevation of Privilege - May require restart - Microsoft Exchange
Microsoft Security Bulletin MS14-080 - Critical
Cumulative Security Update for Internet Explorer (3008923)
- https://technet.microsoft.com/library/security/ms14-080
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS14-081 - Critical
Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301)
- https://technet.microsoft.com/library/security/ms14-081
Critical - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS14-082 - Important
Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)
- https://technet.microsoft.com/library/security/ms14-082
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS14-083 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
- https://technet.microsoft.com/library/security/ms14-083
Microsoft Security Bulletin MS14-084 - Critical
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)
- https://technet.microsoft.com/library/security/ms14-084
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-085 - Important
Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)
- https://technet.microsoft.com/library/security/ms14-085
Important - Information Disclosure - May require restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/archive/2014/12/09/december-2014-updates.aspx
Dec 9, 2014 - "... we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange...
We re-released two Security Bulletins:
MS14-065 Cumulative Security Update for Internet Explorer
- http://support.microsoft.com/kb/3003057
MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution
- https://technet.microsoft.com/library/security/MS14-066
One Security Advisory was revised:
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)..."
- https://technet.microsoft.com/en-us/library/security/2755801
___
MS Advisories for Dec 2014:
Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/library/security/3009008
Oct 14, 2014 | Updated: Dec 9, 2014
V2.1
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: Dec 9, 2014
V33.0
___
- http://www.securitytracker.com/id/1031318 - MS14-075
- http://www.securitytracker.com/id/1031315 - MS14-080
- http://www.securitytracker.com/id/1031314 - MS14-081
- http://www.securitytracker.com/id/1031319 - MS14-082
- http://www.securitytracker.com/id/1031320 - MS14-083
- http://www.securitytracker.com/id/1031313 - MS14-084
- http://www.securitytracker.com/id/1031324 - MS14-085
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=19043
2014-12-09
.
AplusWebMaster
2014-12-10, 21:27
FYI...
"Crash Wednesday"...
- http://www.infoworld.com/article/2858014/operating-systems/botched-kb-3004394-triggers-uacs-diagnostic-tool-error-0x8000706f7-amd-catalyst-driver-fail-defende.html
Dec 10, 2014 - "If yesterday was Black Tuesday, today must be Crash Wednesday. I'm seeing lots of reports of problems with KB 3004394, which modifies the Windows Root Certificate checker so that it looks for bad root certificates daily. As usual, there's no confirmation from Microsoft about the problem, no documentation that I can find, and no advice on how to proceed. Users with problems find they go away if they uninstall the patch.
Lead3 started a thread on the Microsoft Answers Forum on Tuesday that described two problems with KB 3004394: 'All MMC functions (Event Viewer, etc.) now require Administrator action, although in an Administrator account. Windows Defender service will not start. The Windows Defender Service Terminated with the following error %%-2147023113'
In the same thread, Thinger123 reported: 'After I install it, I can't install any other Windows Updates. I get an error message on Windows Update. I have already did some advanced troubleshooting and narrowed the problem down to KB3004394. The update itself installs fine, but after a reboot, no other Windows Updates will install. As soon as I clicked Install Updates on other updates, it goes right to a red X and error message. Removing the update and rebooting allows all other updates to complete as usual.'
And q454 posted: 'I'm also having problems with update KB3004394. everytime I try running taskmngr it kept asking that an unknown program wanted to make changes. I try going to msconfig and got the same thing, then went to UAC settings and got the same alert. basically everything that had to do with Microsoft UAC gave me an alert that an unknown program wanted to make changes to my pc'
Tim Birming said: 'MSE installation also aborts with error 8004ff91 after this patch. Error code reveals nothing.'
And KellyPratt noted: 'VirtualBox went back to working after I uninstalled this update. The AMD forum is alight with problems installing the AMD Catalyst Omega driver.'
Poster necrophyte said: 'with kb3004394 not installed (but all other patches from yesterdays patch tuesday installed), ran ddu, rebooted, installed 14.12 with no issues, rebooted, and now finally after 11h of hair tearing i have a functioning display driver again, even better, the omega one.. blame microsoft for this kb3004394 root certificate update, which almost made me do an OS repair install.. hope theyll read my technet thread where i first mentioned kb3004394 being the culprit'
The KB 3002339 problem, by contrast, is relatively innocuous. SnydrRydr posted on the Answers forum:
' have been installing the Update for Visual Studio 2012 (KB3002339) for over an hour now and it's still not done. I took a look at the support article and it looks like it's a small bug fix update. So why is it taking so long to install?'
W Jezewski offered a solution: 'I ran into the same issue with three machines. Manual download and install did the trick.'
You can download KB 3002339 directly from the Microsoft Download Center*."
* https://www.microsoft.com/en-us/download/details.aspx?id=44907
___
- https://support.microsoft.com/kb/3004394/en-us
Dec 9, 2014 - Rev: 1.0
Windows update KB3004394 issues
- https://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/windows-update-kb3004394-issues/ace25277-7f65-4486-bc44-c1b106907a18?page=1
- http://www.bleepingcomputer.com/forums/t/559332/windows-update-kb3004394-triggers-error-messages/page-2
Posted Today, 05:42 AM
:fear::fear:
AplusWebMaster
2014-12-12, 05:21
FYI...
MS on KB 3004394 patch: Uninstall it ...
- http://www.infoworld.com/article/2858738/microsoft-windows/microsoft-recommends-that-you-uninstall-botched-patch-kb-3004394.html
Dec 11, 2014 - "... Microsoft has pulled the botched patch KB 3004394. That's the Windows Root Cert patch causing endless problems - Windows Defender wouldn't start, installing KB 3004394 blocked installing other Windows Updates, UAC prompts appeared in the weirdest places, MSE wouldn't install, VirtualBox stopped working, and on and on... Microsoft acknowledged the problem and told us what to do about it. Microsoft engineer and forum moderator Pinaki Mohanty*, writing on the Microsoft Answers forum, announced that you should uninstall KB 3004394, if you were unfortunate enough to get it. Here's the official advice:
'We encourage Windows 7 and Windows Server 2008 R2 customers who are impacted, to uninstall the updates/KB3004394. Once ready, we will re-release the updates.'* "
* https://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/fixed-patch-tuesday-dec-2014-kb3004394-driver-code/2bb0fbdd-c8ca-427a-aefb-e3bd5db57c1a?page=2
Pinaki Mohanty - Microsoft Forum Moderator Dec 11, 2014
- https://support.microsoft.com/kb/3004394
Last Review: Dec 11, 2014 - Rev: 2.0
___
- http://www.infoworld.com/article/2858280/microsoft-windows/botch-brigade-kb-2553154-2726958-clobber-excel-activex-kb-3011970-silverlight-kb-3004394-root-cert.html
Dec 11, 2014 - "Overnight, Microsoft pulled two high-profile screwed-up patches: KB 3011970 and KB 3004394. Another patch, KB 2553154, is killing some Excel 2010 and 2013 macros, saying the ActiveX control "has stopped working in Excel." Admins are reporting that KB 3008923 has broken modal dialogs in IE. And the hang on installing KB 3002339 described yesterday* is still kicking...
I'm seeing reports of this problem with both Excel 2010 and Excel 2013. It isn't clear at this point if the same problem applies to other Office 2010 or 2013 programs, such as Word. It's also not clear if the same problem affects Office 2007, which is included in the security bulletin...
KB 2986475, the Exchange Server 2010 SP3 update rollup 8, was pulled yesterday, as reported. If you started rolling out the update, you need to roll it back (at least, if you want to connect to Outlook). I've seen no further official word as to the cause or the cure. KB 3002339 -- a patch of a .Net Framework 4.5.3 patch -- is still hanging on installation for some people. If the patch takes more than, oh, 30 minutes to install, kill the installer, then manually download it...
KB 3008923, the MS14-080 Internet Explorer rollup, is crashing Internet Explorer, although which versions of IE is unclear... At this point, I've seen reports of the problem with IE9 and IE11, but one report says it affects IE11 only, and not IE9 or IE10. As usual, there's no acknowledgment of the problem in the KB article (although the KB article does say there may be an installation error 8024001d with Windows 10 Technical Preview). No clue as to a workaround.
Finally, KB 3011970 -- the Silverlight patch -- crashed so spectacularly that Time Warner Cable issued an alert...
* http://www.infoworld.com/article/2858014/operating-systems/botched-kb-3004394-triggers-uacs-diagnostic-tool-error-0x8000706f7-amd-catalyst-driver-fail-defende.html
Dec 10, 2014
:fear::fear:
AplusWebMaster
2014-12-12, 20:52
FYI...
MS releases 'Silver Bullet' patch KB 3024777 to eliminate KB 3004394
More information unfolds about the Windows Root Certification patch and its foibles
- http://www.infoworld.com/article/2859115/microsoft-windows/microsoft-releases-silver-bullet-patch-kb-3024777-to-eliminate-botched-patch-kb-3004394.html
Dec 12, 2014 - "Another episode of the KB 3004394 saga is unfolding, as Microsoft releases a new patch, KB 3024777, specifically designed to take out this week's Black Tuesday fiasco, KB 3004394, on Windows 7 SP1 and Windows Server 2008 R2 SP1 machines. The story's a little more complicated... You'll recall this week's bête noire, KB 3004394. Issued on Tuesday, by Wednesday there were dozens of reports of problems with odd UAC prompts, Windows Diagnostic Tool error 8000706f7, failure on attempting to install the AMD Catalyst driver, Windows Defender error 2147023113, and several more. It's as if Microsoft didn't test the patch before releasing it. On Thursday, Microsoft yanked the patch and later advised in an Answers forum post that you should uninstall KB 3004394. Today's a new day, and we have a new explanation -- and marching orders.
Microsoft has updated its KB 3004394* article to say that the problems only occur on Windows 7 SP1 and Windows Server 2008 R2 SP1:
* http://support2.microsoft.com/kb/3004394/en-us
'... We have found that this update is causing additional problem on computers that are running Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This includes the inability to install future updates. The KB 3004394 update does not cause any known problems on the -other- systems for which it is released. We recommend that you install the update on the other systems.
If you have not yet deployed KB 3004394 on Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers, we recommend that you -delay- installation until a new version of this update becomes available.
If you have already installed KB 3004394 on Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers that were not restarted after the update was installed, we recommend that you -delay- the restart if it is possible until more information is added to this article about a method to remove the update.
If the installation of KB 3004394 is causing problems on these computers, -remove- the update, and then restart the computers. >> The ability to remove Windows Updates through Control Panel may no longer function on some Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers after KB 3004394 is installed...' ...
Reading between the lines - several of them, actually - it looks like this is what you should do:
On Windows 7 SP1/Server 2008 R2 SP1 machines: Crank up Windows Update. If KB 3024777 is listed, run it. If the installation fails, manually download the Silver Bullet and fire. Er, run it.
On Windows 8/8.1/Server 2012 machines: I wouldn't manually uninstall KB 3004394, if you have it, until Microsoft tells us more about potential conflicts..."
(More detail at the the infoworld URL at the top of this post.)
___
- http://support2.microsoft.com/kb/3024777
Last Review: Dec 12, 2014 - Rev: 6.0
___
:fear: :sad: :surrender:
AplusWebMaster
2014-12-13, 19:11
FYI...
MS14-080: https://support.microsoft.com/kb/3008923 - IE
Last Review: Dec 13, 2014 - Rev: 5.1
MS14-082: https://support.microsoft.com/kb/3017349 - Office
Last Review: Dec 13, 2014 - Rev: 3.0
:fear::fear:
AplusWebMaster
2014-12-15, 19:56
FYI...
Win7 hit by rash of -bogus- 'not genuine' reports, validation code 0x8004FE21
- http://www.infoworld.com/article/2859267/operating-systems/windows-7-hit-by-rash-of-bogus-not-genuine-reports-validation-code-0x8004fe21.html
Dec 15, 2014 - "... I see at least a hundred posts from people who are being told their copy of Windows 7 is disingenuous when, in fact, they know it's genuine. If you guessed that all of those problems were caused by a bad Black Tuesday patch, you win the small prize. If you guessed that the aberrant patch is KB 3004394, you get the big prize... Windows users started screaming about KB 3004394 within hours of it being rolled out of the Automatic Update chute last Tuesday: Bogus UAC prompts, MMC plug-ins refused to start, Windows Defender wouldn't start, Microsoft Security Essentials wouldn't install, VirtualBox wouldn't work, the AMD Catalyst Omega driver wouldn't install, and other Windows Updates wouldn't install after KB 3004394 infected those machines. On Thursday morning, Microsoft -pulled- the patch. On Thursday afternoon, Microsoft started advising in the Answers Forum that people infected with KB 3004394 should manually remove the patch, although the KB 3004394 article admonished, "The ability to remove Windows Updates through Control Panel may no longer function on some Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers after KB 3004394 is installed." Then we started hearing rumors that manually uninstalling KB 3004394 would, in fact, cause -more- problems... a whole lot of bad advice flowing around this problem. Even at this late date -- working all the way through the weekend, until late Sunday night -- I'm not sure that this fix will work in all cases..."
- https://support.microsoft.com/kb/3004394
Last Review: Dec 11, 2014 - Rev: 2.0
> https://support.microsoft.com/kb/3024777
Last Review: Dec 12, 2014 - Rev: 6.0
___
MS sends out KB 2920807, KB 2920738 for Office
- http://www.infoworld.com/article/2858888/microsoft-windows/patches-aplenty-microsoft-sends-out-kb-2920807-kb-2920738-for-office.html
Dec 12, 2014 - "... short version:
If you're using Office 2010 or Office 2013 and you installed the October Office update (MS14-061/KB 3000434), you've been living with a bug for the past couple of months. A new TechNet post explains:
Shortly after the release of the October Public Update, we received notification of a potential issue affecting Office 2010 and Office 2013 users. In some cases, users running Office 2013 or Office 2010 may not be able update Microsoft Word fields in a few scenarios after the October Public updates are installed. We have since corrected the issue in Office 2013 Click-to-Run build 15.0.4675.1002.
If you have Office Click-to-Run (one component of Office 365), you're already fixed. But if you use an installed version of Office 2010 or Office 2013, this bug has been lurking for a couple of months: When you print or print preview a document in Word that has the Print Markup option enabled, the page numbers of the document may be displayed incorrectly. No idea why it's taken months to articulate the bug or squash it. The patch for Office 2013 is listed as KB 2920738. The patch for Office 2010 SP2 is KB 2920807..."
- https://support.microsoft.com/kb/3000434 - MS14-061
- https://support.microsoft.com/kb/2920738 - Office 2013
Last Review: Dec 15, 2014 - Rev: 4.0
- https://support.microsoft.com/kb/2920807 - Office 2010 SP2
Last Review: Dec 15, 2014 - Rev: 4.0
___
- http://www.theinquirer.net/inquirer/news/2386122/windows-10-users-forced-to-uninstall-office-on-patch-tuesday
Dec 15 2014
:fear::fear: :sad:
AplusWebMaster
2014-12-17, 15:37
FYI...
MS14-080: Cumulative security update for I/E ...
- https://support.microsoft.com/kb/3008923
Last Review: Dec 13, 2014 - Rev: 5.1
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
Microsoft Internet Explorer 6.0
> patchmanagement.org - Message 39536
16 Dec 2014 - "The KB article lists known issues of IE9 crashing and IE11 dialog box errors..."
___
MS14-082: Office 2013 ...
- https://support.microsoft.com/kb/2726958
Last Review: Dec 16, 2014 - Rev: 4.0
:fear::fear: :blink:
AplusWebMaster
2014-12-18, 16:01
FYI...
MS ships KB 3025390 to fix IE11 screwups in KB 3008923
As of noon Wednesday, MS still hasn't pulled -or- updated the botched patch MS 14-080 / KB 3008923
- http://www.infoworld.com/article/2860874/microsoft-windows/microsoft-ships-kb-3025930-to-fix-ie-11-modal-dialog-screw-ups-in-kb-3008923.html
Dec 17, 2014 - "... the link in the Windows Update description doesn't work, but you can find detailed information at support2.microsoft.com (note the "support2" in the link). Here's what that KB article says:
'You install MS14-080: Cumulative security update for Internet Explorer: December 9, 2014 ( https://support.microsoft.com/kb/3008923 ) on a computer that's running Internet Explorer 11 or the Internet Explorer 11 Web Browser control. However, after you do this, you may experience unexpected behavior when you interact with sites that use one or more web application modal dialog boxes. Any data or information that's provided in the modal dialog box may not be returned to the application window or to the dialog box that created the data or information. Therefore, the application that created the dialog box may exhibit errors or lack specific functionality that was dependent on that dialog box data...'
German sites report that the patch appears in the English language, though their patches normally appear in German. I talked about the original problem with KB 3008923 last week, and Microsoft has since updated the KB 3008923 article (now at version 5.1) with this explanation:
'We are aware of some reports of functional issues on sites that use nested modal dialog boxes on Internet Explorer 11 that occur after you install this security update…
We are aware of some limited reports of Internet Explorer 9 crashing after you apply this security update.
Microsoft is researching this issue and will post more information in this article when the information becomes available.'
Many people haven't been able to -find- the KB article, and they're cautious about installing a patch simply because it magically appeared in Windows Update, with -no- explanation..."
(More detail and links at the infoworld URL at the top of this post.)
- https://support.microsoft.com/kb/3008923
Last Review: Dec 17, 2014 - Rev: 6.0
- https://support.microsoft.com/kb/3025390
Last Review: Dec 17, 2014 - Rev: 1.0
___
- http://www.forbes.com/sites/jasonevangelho/2014/12/13/new-windows-7-patch-is-effectively-malware-disables-graphics-driver-updates-and-windows-defender/
12/13/2014 - "... If you have Windows 7 set to automatically update every Tuesday, it may be time to permanently -disable- that feature. Microsoft has just confirmed that a recent update — specifically KB 3004394 — is causing a range of serious problems and recommends removing it... Unfortunately this newest update isn’t limited to graphics driver problems. Redmond hasn’t directly divulged each and every issue, but Microsoft’s Answer Forum is littered with tech-savvy users reporting that USB 3.0 drivers are broken and User Account Control (UAC) prompts have gone haywire. Microsoft has acknowledged that it even prevents the installation of future Windows Updates..."
Install KB3024777 to fix an issue with KB3004394...
- http://support.microsoft.com/kb/3024777/en-us
Last Review: Dec 12, 2014 - Rev: 6.0
:fear::fear: :sad:
AplusWebMaster
2014-12-19, 18:59
FYI...
MS14-080: I/E...
- https://support.microsoft.com/kb/3008923
Last Review: Dec 18, 2014 - Rev: 7.0
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
Microsoft Internet Explorer 6.0
___
For IE 11: Some web application modal dialog boxes don't work correctly in Internet Explorer 11 after you install update 3008923
- https://support.microsoft.com/kb/3025390
Last Review: Dec 17, 2014 - Rev: 1.0
:fear::fear::fear:
AplusWebMaster
2014-12-24, 12:03
FYI...
Install KB3024777 to fix an issue with KB3004394 on Windows 7 and Windows Server 2008 R2
- https://support.microsoft.com/kb/3024777/en-us
Last Review: Dec 22, 2014 - Rev: 7.0
The KB 3004394 update that was dated December 10, 2014 can cause additional problems on computers that are running Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This includes the inability to install future updates. This new update is available to remove KB 3004394 from your computer.
For more information about the KB 3004394 update, see the following Microsoft Knowledge Base article:
Dec 2014 update for Windows Root Certificate Program in Windows
- https://support.microsoft.com/kb/3004394
Last Review: Dec 11, 2014 - Rev: 2.0
:fear::fear: :sad:
AplusWebMaster
2014-12-26, 22:32
FYI...
KB3008923 Compromises MS Baseline Security Analyzer's Results Report
- https://social.technet.microsoft.com/Forums/en-US/1b880988-466d-48be-be21-3f4d6edfcc3f/kb3008923-compromises-ms-baseline-security-analyzers-results-report?forum=w8itproappcompat
Saturday, December 13, 2014 1:11 AM
... confirmed KB3008923 compromises MS Baseline Security Analyzer's Results Reports by uninstalling the KB. MS BSA now works as before. I don't use IE so I can't help you there but I presume BSA uses some IE modules. I know that there are many problems with KB3008923 across many platforms...
... the IE cumulative update + Repair fixed the issues with BSA...
> Marked as answer by Phantom of the Mobile 15 hours 11 minutes ago
Wednesday, December 24, 2014 3:41 PM
___
MS14-080: Cumulative security update for Internet Explorer: December 9, 2014
> https://support.microsoft.com/KB/3008923
Last Review: Dec 18, 2014 - Rev: 7.0
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
Microsoft Internet Explorer 6.0
> Known issues with this security update
>Issue 1:
We are aware of some reports of functional issues on sites that use nested modal dialog boxes on Internet Explorer -11- that occur after you install this security update.
To resolve this issue, install update 3025390. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
3025390 Some web application modal dialog boxes don't work correctly in Internet Explorer 11 after you install update 3008923
>Issue 2:
We are aware of some limited reports of Internet Explorer -9- crashing after you apply this security update.
Microsoft is researching this problem and will post more information in this article when the information becomes available.
___
> http://www.microsoft.com/en-us/search/result.aspx?q=kb%203008923
- https://support.microsoft.com/kb/3025390/
Last Review: Dec 17, 2014 - Rev: 1.0
> http://www.microsoft.com/en-us/search/result.aspx?q=kb%203025390
:fear::fear: :sad:
AplusWebMaster
2014-12-30, 17:23
FYI...
UPDATE: Office 2010 ActiveX Disabled - December Update KB2553154
- http://blogs.technet.com/b/office_sustained_engineering/archive/2014/12/12/office-2010-activex-disabled-december-update-kb2553154.aspx
12 Dec 2014 - "An issue has been discovered in Security Update for Microsoft Office 2010 (KB2553154*) that disables ActiveX controls. A workaround for this issue can be found at KB3025036**."
MS14-082: Description of the security update for Microsoft Office 2010: Dec 9, 2014
* https://support.microsoft.com/KB/2553154
Last Review: Dec 16, 2014 - Rev: 4.0
"Cannot insert object" error in an ActiveX custom Office solution after you install the
MS14-082 security update
** https://support.microsoft.com/kb/3025036
Dec 30, 2014 - Rev: 7.0
Office Updates
- http://blogs.technet.com/b/office_sustained_engineering/
______
Best / Last / End-of-the-year 2014 MS support “guesses” found:
- http://windowssecrets.com/patch-watch/wrapping-up-a-year-of-windows-and-office-updates/
Dec 22, 2014 - "It’s been a long year of security fixes, broken patches, and enhancements for Windows, Office, and other applications. As we close the book on 2014 updating, we’re still missing a bit of holiday cheer — there are a couple of remaining fixes for IE and Excel updates.
MS14-080 (3008923)
Problems with IE 11 and IE 9 rollup updates: December’s cumulative update for Internet Explorer 11 reportedly patched 14 vulnerabilities, but it also came with a few issues of its own. Soon after KB 3008923 was released, there were reports of problems with a few websites and line-of-business platforms. To patch the patch, Microsoft released KB 3025390.
As briefly noted in MS article KB 3008923, a few IE 9 users are reporting browser crashes after installing the December update. So far, there’s no fix or workaround — Microsoft is still “researching this problem.” -All- IE users should keep in mind that Microsoft wants you running IE 11 as soon as possible. As noted in an IEBlog post, beginning Jan. 12, 2016, Microsoft will support IE 11 -only- on Win7 and Win8 workstation systems. (It will continue to support IE 9 on Vista. Support for Vista ends on April 11, 2017.)
- What to do: IE 9 users who run into issues with KB 3008923 (MS14-080) will have to -uninstall- the update and wait for another update. IE 11 users should install KB 3025390 to fix problems with the December cumulative update.
MS14-082: Office patch results in an Excel macro bug... MS14-082 included three updates designed to quash a vulnerability in MS Office that could lead to a remote takeover of your system. But an unintended consequent of the patch is ActiveX controls failures in Office documents. In some cases, the update breaks Excel macros. For example, if you apply the update on one PC and then save an Excel document containing ActiveX controls, macros might -fail- when the document is opened on a system that has -not- been updated with MS14-082."
:fear: :confused:
AplusWebMaster
2015-01-08, 00:53
FYI...
MS patch hangover: KB 3008923, 2553154, 2726958, 3004394, 3011970
... a slew of December Black Tuesday patches -didn't- get fixed over the holidays.
- http://www.infoworld.com/article/2865819/operating-systems/microsofts-december-patch-hangover-kb-3008923-2553154-2726958-3004394.html
Jan 6, 2015 - "December 2014 will likely go down in the annals of Windows pain as the worst patching month ever. Depending on how you count, roughly a quarter of all the patches that rolled out the Automatic Update chute on Dec. 9 have encountered problems - some quite spectacular. Microsoft's more advanced customers (the ones who figured out why their machines weren't working right) have complained bitterly. You might think that while the rest of us were downing copious quantities of eggnog and designer microbrew, the Microsoft elves would have been busy fixing what went wrong. While there's been progress, many of the problems have been abandoned. Others were given a quick band-aid and declared fixed. With one week to go before a new year of Black Tuesdays starts, we're looking at lots of dead and wounded..."
(Much -more- detail at the infoworld URL above.)
:fear::fear: :sad:
AplusWebMaster
2015-01-09, 15:48
FYI...
Microsoft advanced notification service changes <<<
- https://isc.sans.edu/diary.html?storyid=19167
2015-01-09 - "... Microsoft is changing the way in which they provide information... You can read the full blog here:
>> http://blogs.technet.com/b/msrc/archive/2015/01/08/evolving-advance-notification-service-ans-in-2015.aspx
In a nutshell if you want to be advised in advance you now need to register, select the products used and you will then be provided with information relating to the patches that will be released. If you are a premier customer your technical contact can provide information. The main point for me is this one:
'Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs, and will no longer make this information broadly available through a blog post and web page.'
Now a lot of us do look at that information to plan their next patching cycle. So you will need to look at that process and see what needs changing. You'll have to rely on the information in your patching solution, or register. You can register here:
> http://mybulletins.technet.microsoft.com/
The dashboard that is created in the end looks nice, but for me too early to tell how useful it is at this stage, although it was slightly painful to review each bulletin. It will take a few patch cycles to sort it all out I'd say.
Screenshot: https://isc.sans.edu/diaryimages/images/Screen%20Shot%202015-01-09%20at%2018_34_43.png
So going forward you will need to adjust how you identify the patches to be applied within your environment. If you do not want to register you can just visit the main bulletins page here:
--> https://technet.microsoft.com/en-us/library/security/dn631937.aspx
This page has a list of all released bulletins."
___
myBulletins Q&A: http://technet.microsoft.com/en-us/security/dn722424
___
- https://technet.microsoft.com/en-us/security/bulletin
Next release: January 13, 2015
> http://www.microsoft.com/en-us/download/details.aspx?id=36982
Note: There are multiple files available for this download. Once you click on the "Download" button, you will be prompted to select the files you need.
Version: 1.0
File Name: BulletinSearch.xlsx - File Size: 1.9 MB
MSRC-CVRF.zip - 881 KB
Date Published: 1/5/2015
This download offers the following items:
1. Excel file that contains affected software, bulletin replacement, reboot requirements, and CVE information from the Microsoft security bulletins (since June 1998)
2. Zip file that contains security bulletins in the Common Vulnerability Reporting Framework (CVRF) format (since June 2012)
> http://www.microsoft.com/en-us/download/confirmation.aspx?id=36982
___
- http://www.theinquirer.net/inquirer/news/2389603/microsoft-kills-off-patch-tuesday-advance-notifications-with-no-advance-notification
Jan 9 2015 - "... This is the -second- time that Microsoft has attempted to kill off the ANS. In July 2014, the company was forced to backpedal after announcing the end of ANS by email with almost no advance notification before giving the following advance notification a few days later: "We have reviewed our processes and will resume these security notifications with our monthly Advanced Notification Service on July 3 2014." Whether or not the ANS will be brought back from the boneyard a second time remains to be seen, but it may come down to feedback, especially given the -lack- of advance notification that it was to close. The previous move was due to regulations on email distribution being tightened, but this time it appears that the death knell of the ANS is more extensive. We know that many of our readers have taken a -keen- interest in the Advance Notification articles that we have written every month, and so we are as surprised as you are that there will no longer be any advance notification. But take this as advance notification that our coverage and analysis of Patch Tuesday will continue in 2015. Albeit -without- advance notification."
- http://www.infoworld.com/article/2865301/security/the-inanity-of-paying-for-microsoft-advanced-security-notifications.html
Jan 9 2015 - "For those of us who watch every month for advance warning of Microsoft security patches - they appear on the Thursday preceding Black Tuesday, every month - yesterday came as a slap in the face. Without any warning, Microsoft abruptly stopped its free Advance Notification Service on the day we were all expecting the usual advanced warnings for the January 2015 Black Tuesday patches... Translation: If you want advanced notice of upcoming security bulletins, you have to become a 'Premier customer'... In the past year, Microsoft patching has reached breathtaking new lows, both in quantity -and- quality of patches delivered. The situation's deteriorated so much that many graybeards are beginning to wonder if Windows is so unwieldy that it's become unusable. Somehow, I don't think the powers-that-be understand the way decisions like this affect the Windows support community. I can't fathom why Microsoft would so aggressively piss-off the people who are trying to keep Windows working, over such a tiny concession."
:fear: :confused:
AplusWebMaster
2015-01-13, 21:19
FYI...
- https://technet.microsoft.com/library/security/ms15-jan
Jan 13, 2015 - "This bulletin summary lists security bulletins released for January 2015...
(Total of -8-)
Microsoft Security Bulletin MS15-001 - Important
Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (3023266)
- https://technet.microsoft.com/library/security/MS15-001
Important - Elevation of Privilege - Requires restart- Microsoft Windows
Microsoft Security Bulletin MS15-002 - Critical
Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393)
- https://technet.microsoft.com/library/security/MS15-002
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS15-003 - Important
Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674)
- https://technet.microsoft.com/library/security/MS15-003
Important - Elevation of Privilege - May require restart - Microsoft Windows
Microsoft Security Bulletin MS15-004 - Important
Vulnerability in Windows Components Could Allow Elevation of Privilege (3025421)
- https://technet.microsoft.com/library/security/MS15-004
Important - Elevation of Privilege - May require restart - Microsoft Windows
Microsoft Security Bulletin MS15-005 - Important
Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass (3022777)
- https://technet.microsoft.com/library/security/MS15-005
Important - Security Feature Bypass - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS15-006 - Important
Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (3004365)
- https://technet.microsoft.com/library/security/MS15-006
Important - Security Feature Bypass - May require restart - Microsoft Windows
Microsoft Security Bulletin MS15-007 - Important
Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029)
- https://technet.microsoft.com/library/security/MS15-007
Important - Denial of Service - May require restart - Microsoft Windows
Microsoft Security Bulletin MS15-008 - Important
Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3019215)
- https://technet.microsoft.com/library/security/MS15-008
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/archive/2015/01/13/january-2015-updates.aspx
Jan 13, 2015 - "... We re-released one Security Bulletin:
- MS14-080 Cumulative Security Update for Internet Explorer
> https://technet.microsoft.com/library/security/MS14-080 *
One Security Advisory was revised:
- Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)
> https://technet.microsoft.com/en-us/library/security/2755801.aspx ..."
* V1.0 (December 9, 2014): Bulletin published.
V2.0 (January 13, 2015): To address issues with Security Update 3008923, Microsoft re-released MS14-080 to comprehensively address CVE-2014-6363. In addition to installing update 3008923, customers running Explorer 10 on Windows 8, Windows Server 2012, or Window RT should also install update 3029449, which has been added with this rerelease. Customers who have already successfully installed the 3008923 update, which has not changed since its original release, do -not- need to reinstall it. See Microsoft Knowledge Base Article 3008923** for more information.
** https://support.microsoft.com/kb/3008923
Last Review: Jan 13, 2015 - Rev: 8.0
Last Review: Jan 14, 2015 - Rev: 9.0
Office Updates
- http://blogs.technet.com/b/office_sustained_engineering/
___
- http://www.securitytracker.com/id/1031527 - MS15-001
- http://www.securitytracker.com/id/1031523 - MS15-002
- http://www.securitytracker.com/id/1031528 - MS15-003
- http://www.securitytracker.com/id/1031524 - MS15-004
- http://www.securitytracker.com/id/1031529 - MS15-005
- http://www.securitytracker.com/id/1031530 - MS15-006
- http://www.securitytracker.com/id/1031532 - MS15-007
- http://www.securitytracker.com/id/1031531 - MS15-008
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=19179
2015-01-13 - 18:26:14 UTC
.
AplusWebMaster
2015-01-15, 16:19
FYI...
Relief for botched Excel patch/fixes for KB 2553154, 2726958 -missing- from January patch-Tuesday
... included a patch-of-a-patch-of-a-patch, but -lacked- several crucial fixes
- http://www.infoworld.com/article/2868062/operating-systems/january-patch-tuesday-a-yawn-and-several-whimpers-no-relief-for-last-months-kb-2553154-2726958-botc.html
Jan 14, 2015 - "... On Tuesday Microsoft released its crop of patches for January, including the following:
A -new- MS14-080 / KB 3029449, which is an Internet Explorer cumulative rollup re-release of the old MS14-080 / KB 3008923, which was one of the botched-hangover-patches from December. Note the change in KB number. In certain circumstances (which I describe below) you may need to install -both- patches.
A "critical" patch, MS15-002 / KB 3020393, for Telnet, which is a communication protocol that's 45 years old - and rarely used on modern Windows desktops. That's the -only- critical patch this month; all the others are "Important."
A fix, MS15-003 / KB 3021674, for the zero-day User Profile Services escalation that was publicly (and controversially) reported by Google on Sunday, Jan. 11. This isn't a critical flaw in Windows because it entails escalation of privilege - elevating your session to Admin mode. In order to exploit the flaw, the miscreant has to be in the computer already.
A fix for the other zero-day bug, ahcache.sys/NtApphelpCacheControl, which Google publicly disclosed on Dec. 29. That's MS15-001 / KB 3023266.
Here's what we -didn't- get on Tuesday:
A fix for the badly botched MS14-082 / KB 3017349 Office patch, which clobbers Excel ActiveX in Office 2007, 2010, and 2013, as reported on Dec. 11. There's even a newly reported problem, where default naming of controls gets all screwed up. The three component patches - KB 2726958 for Office 2013, KB 2553154 for Office 2010, and KB 2596927 for Office 2007 - are -still- being offered via Automatic Update. If you create or distribute Office macros, Microsoft continues to screw up your programs, rolling the poison pill out the Automatic Update chute. It's still way too early to tell if there are additional problems with this month's patches. I fully expect the Windows Kernel Mode driver patch, MS15-008 / KB 3019215 will figure prominently in due course, simply because Kernel Mode driver patches always seem to cause trouble.
Here's what's happening with the re-released (but differently numbered) MS14-080 patch... This gets messy. The original MS14-080 / KB 3008923 IE rollup had all sorts of bugs. Microsoft issued a patch, KB 3025390, to fix the problems but it, in turn, caused even more problems (see the comments to my InfoWorld article). In addition, Microsoft discovered that the original KB 3008923 didn't fix a VBScript security hole, known as CVE-2014-6363. So this month, Microsoft issued an update to MS14-080 called KB 3029449 that specifically addresses the VBScript hole. As the KB 302449 article puts it:
This package contains the VBScript 5.8 updates that are intended for Internet Explorer 10 in a Windows 8 or Windows Server 2012 environment. Install this update and the December cumulative security update for Internet Explorer.
MS14-080 now includes these bafflegab instructions:
To address issues with Security Update 3008923, Microsoft re-released MS14-080 to comprehensively address CVE-2014-6363. In addition to installing update 3008923, customers running Internet Explorer 10 on Windows 8, Windows Server 2012, or Window RT should also install update 3029449, which has been added with this rerelease. Customers who have already successfully installed the 3008923 update, which has not changed since its original release, do not need to reinstall it. See Microsoft Knowledge Base Article 3008923 for more information.
It isn't at all clear if the new version of MS14-080 includes -fixes- for the problems introduced by the old MS14-080, and/or the problems introduced by KB 3025390, which was -supposed- to solve those original MS14-080 problems..."
* http://www.infoworld.com/article/2860874/microsoft-windows/microsoft-ships-kb-3025930-to-fix-ie-11-modal-dialog-screw-ups-in-kb-3008923.html
:fear::fear:
AplusWebMaster
2015-01-21, 23:16
FYI...
MS finally solves big problems with Surface Pro 3
- http://www.infoworld.com/article/2873112/mobile-technology/microsoft-may-have-finally-solved-the-big-problems-with-surface-pro-3.html
Jan 21, 2015 - "Judging by many comments on the Microsoft Answers forum and elsewhere, Microsoft's Jan. 15 firmware update* for the Surface Pro 3 has solved almost all outstanding issues with Wi-Fi connections, hibernating, Bluetooth connectivity, battery drain on standby, Hyper-V interference with Wi-Fi, and more... It now appears that the Surface Pro 3 is relatively glitch-free and ready for the big time. That's a big step up from the problems we've seen with the last -nine- firmware patches."
(More detail at the infoworld URL above.)
* http://blogs.technet.com/b/surface/archive/2015/01/16/firmware-and-driver-updates-to-get-more-from-your-surface-devices.aspx
:fear: :blink:
AplusWebMaster
2015-01-22, 21:20
FYI...
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
V35.0 (Jan 22, 2015): Added the 3033408 update to the Current Update section...
"... Affected Software: This advisory discusses the following software.
Windows 8 for 32-bit Systems / Adobe Flash Player in Internet Explorer 10
Windows 8 for 64-bit Systems / Adobe Flash Player in Internet Explorer 10
Windows Server 2012 / Adobe Flash Player in Internet Explorer 10
Windows RT / Adobe Flash Player in Internet Explorer 10
Windows 8.1 for 32-bit Systems / Adobe Flash Player in Internet Explorer 11
Windows 8.1 for 64-bit Systems / Adobe Flash Player in Internet Explorer 11
Windows Server 2012 R2 / Adobe Flash Player in Internet Explorer 11
Windows RT 8.1 / Adobe Flash Player in Internet Explorer 11
... The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."
[Link: https://support.microsoft.com/kb/3033408 ]
:fear:
AplusWebMaster
2015-01-28, 02:46
FYI...
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in IE 10/11
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: Jan 27, 2015
V36.0 - "... The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."
> https://support.microsoft.com/kb/3035034
___
- https://helpx.adobe.com/security/products/flash-player/apsb15-03.html
Jan 27, 2015
CVE-2015-0312: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0312
"... Adobe is aware of reports that CVE-2015-0311 is actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.296.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.264.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.440.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.296.
> Affected software versions:
Adobe Flash Player 16.0.0.287 and earlier versions
Adobe Flash Player 13.0.0.262 and earlier 13.x versions
Adobe Flash Player 11.2.202.438 and earlier versions for Linux..."
___
- http://www.securitytracker.com/id/1031635
CVE Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0312
Jan 27 2015
:fear:
AplusWebMaster
2015-02-06, 00:46
FYI...
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: Feb 5, 2015 - V37.0
"Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11...
- https://support.microsoft.com/kb/3021953
Last Review: Feb 5, 2015 - Rev 1.0
:fear::fear:
AplusWebMaster
2015-02-10, 20:36
FYI...
- https://technet.microsoft.com/library/security/ms15-feb
Feb 10, 2015 - "This bulletin summary lists security bulletins released for February 2015...
(Total of -9-)
Microsoft Security Bulletin MS15-009 - Critical
Security Update for Internet Explorer (3034682)
- https://technet.microsoft.com/library/security/MS15-009
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS15-010 - Critical
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
- https://technet.microsoft.com/library/security/MS15-010
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS15-011 - Critical
Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
- https://technet.microsoft.com/library/security/MS15-011
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS15-012 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)
- https://technet.microsoft.com/library/security/MS15-012
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS15-013 - Important
Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
- https://technet.microsoft.com/library/security/MS15-013
Important - Security Feature Bypass - May require restart - Microsoft Office
Microsoft Security Bulletin MS15-014 - Important
Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)
- https://technet.microsoft.com/library/security/MS15-014
Important - Security Feature Bypass - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS15-015 - Important
Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
- https://technet.microsoft.com/library/security/MS15-015
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS15-016 - Important
Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)
- https://technet.microsoft.com/library/security/MS15-016
Important - Information Disclosure - May require restart- Microsoft Windows
Microsoft Security Bulletin MS15-017 - Important
Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)
- https://technet.microsoft.com/library/security/MS15-017
Important - Elevation of Privilege - Requires restart - Microsoft Server Software
___
- http://blogs.technet.com/b/msrc/archive/2015/02/10/february-2015-updates.aspx
10 Feb 2015 - "... we released nine security bulletins – three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software...
We re-released one Security Bulletin:
MS14-083 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
- https://technet.microsoft.com/library/security/ms14-083
One new Security Advisory was released:
Update for Windows Command Line Auditing (3004375).
- https://technet.microsoft.com/en-us/library/security/3004375.aspx
One Security Advisory was revised:
Vulnerability in SSL 3.0 Could Allow Information Disclosure (3009008).
- https://technet.microsoft.com/en-us/library/security/3009008.aspx
We also announced changes related to SSL 3.0 and you can read more about these on the IE blog:
- http://blogs.msdn.com/b/ie/
___
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/library/security/3009008
Published: October 14, 2014 | Updated: February 10, 2015
Version: 2.2
Update for Windows Command Line Auditing
- https://technet.microsoft.com/en-us/library/security/3004375
Published: February 10, 2015
Version: 1.0
___
Feb 2015 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2015/02/10/february-2015-office-update-release.aspx
10 Feb 2015 - "... There are 16 security updates (2 bulletins) and 53 non-security updates..."
- http://technet.microsoft.com/en-us/security/ms15-012
- http://technet.microsoft.com/en-us/security/ms15-013
___
- http://www.securitytracker.com/id/1031723 - MS15-009
- http://www.securitytracker.com/id/1031718 - MS15-010
- http://www.securitytracker.com/id/1031719 - MS15-011
- http://www.securitytracker.com/id/1031720 - MS15-012
- http://www.securitytracker.com/id/1031721 - MS15-013
- http://www.securitytracker.com/id/1031722 - MS15-014
- http://www.securitytracker.com/id/1031724 - MS15-015
- http://www.securitytracker.com/id/1031725 - MS15-016
- http://www.securitytracker.com/id/1031726 - MS15-017
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=19315
2015-02-10 18:36:06 UTC
.
AplusWebMaster
2015-02-11, 16:12
FYI...
MS Patches appear to be causing problems ...
- https://isc.sans.edu/diary.html?storyid=19317
Last Updated: 2015-02-10 21:05:12 UTC - "... We have received multiple reports of Microsoft patches causing machines to hang. There is also a report that Microsoft has pulled one of the patches. Specifically, we have had issues reported with the Visual Studio Patch. We will continue to monitor the situation and keep you posted..."
Comments:
1] http://forums.overclockers.co.uk/showthread.php?p=27612025
KB3001652 is not a security update but is the one causing freezing of computers while installing. Reports are it's been pulled and when we do a WSUS sync we're not seeing it.
2] Also see:
- http://windowsitpro.com/security/first-responders-kb3001652-hangs-computers-never-finishes-installation and:
- http://www.infoworld.com/article/2882348/patch-management/visual-studio-patch-rollup-kb-3001652-causes-widespread-freezing-problems.html
On one system I got a installation window and I had to accept the Eula and continue and finish the installation. On two other system I terminated the 'vstor_redist.exe *32' process! The Windows Update installation continued with the other updates after this.
3] "... none of today's Microsoft bulletins/advisories even mentions Visual Studio, and KB3001652 was released in Sept. 2014. The KB article hasn't been updated, either (which would normally be done if the patch was re-released).
4] I think what is happening is one of the patches from this month is breaking detection of the VS patch from Oct '14, which triggers it to reinstall but it cannot complete successfully for whatever reason..."
___
Visual Studio patch rollup KB 3001652 causes widespread freezing problems
The Black Tuesday patches have been out for just a few hours, and there are multiple reports about KB 3001652 freezing and/or failing with error 0x80070659
- http://www.infoworld.com/article/2882348/patch-management/visual-studio-patch-rollup-kb-3001652-causes-widespread-freezing-problems.html
Feb 10, 2015 - "I’m seeing reports all over the Web that the just-released KB 3001652*, Visual Studio 2010 Tools for Office Runtime cumulative update, is causing all sorts of problems. As of this moment, the patch is still offered through Windows Update and corporate WSUS servers... Even more mystifying:
KB 3001652 was released last October. There's no indication why it's coming down the Windows Update chute -this- month. Indeed, the master list of WU/WSUS patches for this year doesn't even mention KB 3001652..."
* http://support.microsoft.com/kb/3001652 - [ ... using I/E ]
Last Review: October 14, 2014 - Revision: 1.0
???
:fear::fear:
AplusWebMaster
2015-02-12, 10:10
FYI...
Botched Windows patch KB 3001652 re-issued and appears to be working
Yesterday's bad Visual Studio 2010 patch has just been re-released sans the original's flaws
- http://www.infoworld.com/article/2882849/patch-management/botched-windows-patch-kb-3001652-re-issued-and-appears-to-be-working.html
Feb 11, 2015 - "Much to its credit, Microsoft yanked the bad Visual Studio 2010 patch, KB 3001652*, within hours of its release yesterday. Reports of the patch's hangs and errors rapidly piled in from all over the internet. Today we have another version of the patch appearing in Windows Update, and on Windows Server Update Services. Based on a very small sample, it looks like the new version installs just fine. KB 3001652 has a convoluted history. Originally released last October, it was somehow re-released in this month's Black Tuesday drop, on Feb 10. The KB article doesn't mention anything about either Tuesday's or today's (Wednesday's) modifications to the patch - the article hasn’t been updated since last October. Microsoft's official Windows Update/WSUS patch list, KB 894199**, doesn't list the Tuesday botched update, nor does it list today's apparently good update. I have no idea why the patch was re-issued this month, what was wrong with the October version, why it had to be re-issued or updated, and why the botched patch triggered so many problems. Perhaps Microsoft will tell us."
* https://support.microsoft.com/kb/3001652
Last Review: Oct 14, 2014 - Rev: 1.0
** https://support2.microsoft.com/kb/894199/en-us
Last Review: Feb 10, 2015 - Rev: 126.0
___
- http://windowssecrets.com/patch-watch/february-brings-a-shower-of-nonsecurity-updates/
Feb 11, 2015 - "... Staying true to current form, Microsoft had to recall one of its patches almost immediately - but not soon enough for some Windows users... Starting off with another flawed patch:
A Visual Studio update is further proof that enabling automatic updates in Windows Update can be hazardous. KB 3001652 was a rollup patch for Visual Studio 2010 Tools for Office Runtime. According to the update’s info page, it’s “required to run Microsoft Office–based solutions that are built by using Microsoft Visual Studio 2010, Visual Studio 2012, and Visual Studio 2013.” In my opinion, this patch should never have been released pre-checked for automatic updating.
Soon after KB 3001652 was released, there were widespread reports — including posts in the Windows Secrets Lounge — that it was causing system hangs during installation. To regain access to their machines, the affected users had to do a hard reboot or manually stop the Windows Update service.
Not surprisingly, Microsoft quickly -recalled- the patch but then re-issued it the next day.
- What to do: If you have Windows Update set to automatic, I hope you were able to regain control of your computer quickly. But given Microsoft’s recent spate of bad patches, I suggest you set Windows Update to “Download updates but let me choose whether to install them.” If KB 3001652 shows up in Windows Update, I suggest putting it on-hold for a couple of weeks..."
___
Microsoft Excel Support Team Blog
[ 'NOT seeing a fix for December's Excel issue other than the fixit... ]
- http://blogs.technet.com/b/the_microsoft_excel_support_team_blog/archive/2014/12/18/forms-controls-stop-working-after-december-2014-updates-.aspx
18 Dec 2014
:fear:
AplusWebMaster
2015-02-13, 05:48
FYI...
Microsoft yanks KB 2920732 patch for killing PowerPoint 2013 on Windows RT
If you were unlucky enough to install KB 2920732, there’s no way to uninstall it
- http://www.infoworld.com/article/2883639/patch-management/microsoft-yanks-kb-2920732-patch-for-killing-powerpoint-2013-on-windows-rt-with-error-0xc0000428.html
Feb 12, 2015 - "In a situation that may foreshadow Windows 10 patching problems, the Black Tuesday patch KB 2920732 has brought PowerPoint 2013 on Windows RT systems to its knees. Worse, because of the way Windows RT works, there's no way to back out the update. Your only solution, until Microsoft releases a fixed patch, is to "refresh" your system to reinstall Windows and clobber your installed programs..."
> https://support.microsoft.com/KB/2920732
Last Review: Feb 11, 2015 - Rev: 2.0 - "Notice:
This update is currently unavailable. It is being revised to address an issue that is under investigation. The update will be restored when the issue is resolved."
Applies to:
- Microsoft PowerPoint 2013
- Microsoft Office Home and Student 2013 RT
___
- https://atlas.arbor.net/briefs/index#-1022314154
High Severity
Feb 12, 2015
:fear::fear:
AplusWebMaster
2015-02-14, 01:24
FYI...
Microsoft's SSL 3.0 Poodle-busting patch KB 3023607 breaks popular Cisco VPN client
Cisco verifies that installing KB 3023607 may lead to 'Failed to initialize connection subsystem' errors with AnyConnect VPN
- http://www.infoworld.com/article/2883756/security/microsoft-s-ssl-3-0-poodle-busting-patch-kb-3023607-breaks-cisco-s-popular-vpn-client-anyconnect.html
Feb 13, 2015 - MS15-009 - KB3023607
> https://supportforums.cisco.com/discussion/12423591/latest-microsoft-feb-2015-patch-breaks-anyconnect-smc
- https://support.microsoft.com/KB/3023607
- https://isc.sans.edu/diary.html?storyid=19331
Last Updated: 2015-02-13 17:32:03 UTC
___
Users report that KB 2956128 is causing Outlook failures
Microsoft is asking for help in narrowing down a problem facing admins with Outlook 2010 and Exchange 2013
- http://www.infoworld.com/article/2884204/patch-management/users-report-that-kb-2956128-is-causing-outlook-failures.html
Feb 13, 2015 - OL2010 - KB2956128
- https://social.technet.microsoft.com/Forums/office/en-US/af1df139-e8f4-4950-9f6d-147e21c40f92/ol2010search-problems-after-install-kb2956128?forum=outlook
- https://support.microsoft.com/KB/2956128
___
MS15-010 ...
- https://support.microsoft.com/kb/3036220
Last Review: Feb 12, 2015 - Rev: 3.0
"... Known issues in security update 3013455:
After you install security update 3013455, you may notice some text quality degradation in certain scenarios. The problem occurs on computers that are running the following operating systems:
Windows Server 2008 SP2
Windows Server 2003 SP2
Windows Vista SP2 ..."
___
MS15-009 - I/E
- http://atlas.arbor.net/briefs/index#-1022314154
High Severity
Feb 12, 2015
- https://support.microsoft.com/kb/3021952
Last Review: Feb 16, 2015 - Rev: 4.0
:fear::fear:
AplusWebMaster
2015-02-16, 20:30
FYI...
Patch Mayhem: Feb Patch Failures...
- https://isc.sans.edu/diary.html?storyid=19337
Last Updated: 2015-02-16 15:03:48 UTC - "February was -is- another rough month for anybody having to apply Microsoft patches. We had a couple of posts already covering the Microsoft patch issues, but due to the number of problems... quick overview of what has failed so far..."
(See the isc URL above.)
___
Bulletins on revision other than 1.0:
(Total of -9- released)
MS15-009
- https://support.microsoft.com/kb/3021952 - Rev: 5.0
MS15-010
- https://support.microsoft.com/kb/3036220 - Rev: 3.0
MS15-011
- https://support.microsoft.com/kb/3000483 - Rev: 3.0
MS15-015
- https://support.microsoft.com/kb/3031432 - Rev: 2.0
___
MS14-083 re-released:
- https://support.microsoft.com/kb/3017347 - Rev: 2.0
SSL 3.0 Could Allow Information Disclosure:
- https://support.microsoft.com/kb/3009008 - Rev: 2.3
:fear::fear:
AplusWebMaster
2015-02-17, 13:05
FYI...
Secure Channel cumulative update changes TLS protocol renegotiation and fallback behavior
"... This update was first included the February cumulative security update for Internet Explorer (MS15-009).
Note: This update is only offered as a companion package to some Internet Explorer updates to complement changes in Internet Explorer 11 that obsoletes SSL 3.0..."
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
"...Known issue:
After you apply this update, when you use a Cisco AnyConnect Secure Mobility Client application to establish virtual private network (VPN) connections in Windows 8.1 or Windows Server 2012 R2, you receive the following error message:
Failed to Initialize connection subsystem.
Fix it for me...
To install or remove this Fix it solution, click the Fix it button or link under the Enable this fix it heading or the Disable this fix it heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it Wizard.
Install AppCompat shim
Microsoft Fix it 51033"
- http://support.microsoft.com/kb/3023607
Last Review: Feb 17, 2015 - Rev: 3.0
Applies to:
Windows Server 2012 R2 Datacenter
Windows Server 2012 R2 Essentials
Windows Server 2012 R2 Foundation
Windows Server 2012 R2 Standard
Windows 8.1 Enterprise
Windows 8.1 Pro
Windows 8.1
Windows RT 8.1
Windows Server 2008 R2 Service Pack 1, when used with:
Windows Server 2008 R2 Datacenter
Windows Server 2008 R2 Enterprise
Windows Server 2008 R2 Standard
Windows Server 2008 R2 for Itanium-Based Systems
Windows Server 2008 R2 Foundation
Windows 7 Service Pack 1, when used with:
Windows 7 Ultimate
Windows 7 Enterprise
Windows 7 Professional
Windows 7 Home Premium
Windows 7 Home Basic
Windows 7 Starter
- http://www.infoworld.com/article/2884942/operating-systems/microsoft-posts-fixit-for-kb-3023607-the-poodle-patch-that-clobbers-cicso-s-anyconnect-vpn.html
Feb 17, 2015
___
Update for PowerPoint 2013 (KB2956149)
- https://support2.microsoft.com/kb/2956149
Last Review: Feb 17, 2015 - Rev: 2.0
Applies to:
Microsoft PowerPoint 2013
- http://www.infoworld.com/article/2884649/operating-systems/microsoft-releases-new-patch-kb-2956149-to-get-powerpoint-rt-running-again.html
Feb 17, 2015
:fear:
AplusWebMaster
2015-02-18, 15:49
FYI...
Vulnerabilities in Group Policy could allow security policy bypassing (MS15-011, MS15-014, CVE-2015-0008, CVE-2015-0009)
- https://dirteam.com/sander/2015/02/11/vulnerabilities-in-group-policy-could-allow-security-policy-bypassing-ms15-011-ms15-014-cve-2015-0008-cve-2015-0009/
Feb 11, 2015 ...
MS15-011: Vulnerability in Group Policy ...
- http://support2.microsoft.com/kb/3000483
Last Review: Feb 11, 2015 - Rev: 3.0
MS15-014: Vulnerability in Group Policy ...
- http://support2.microsoft.com/kb/3004361
Last Review: Feb 10, 2015 - Rev: 1.0
Overview of Server Message Block signing
- http://support2.microsoft.com/kb/887429
Last Review: Sep 11, 2011 - Rev: 3.0
MS15-011 & MS15-014: Hardening Group Policy
- http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx
10 Feb 2015
- https://technet.microsoft.com/en-us/library/cc730910%28v=ws.10%29.aspx
- https://technet.microsoft.com/en-us/library/security/MS15-011
- https://technet.microsoft.com/en-us/library/security/MS15-014
:fear::fear:
AplusWebMaster
2015-02-19, 18:57
FYI...
MS15-010: MS Security Bulletin MS15-010 V1.1
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
- https://technet.microsoft.com/en-us/library/security/MS15-010
Updated: Feb 18, 2015
V1.1 (February 18, 2015): "Bulletin revised to add an Update FAQ that explains why there are two packages on the Microsoft Download Center pages for affected editions of Windows Server 2003, Windows Server 2008, and Windows Vista. The additional package (3037639*) is not needed to be protected from the vulnerabilities addressed by the 3013455 update; it simply corrects a text quality problem that some customers experienced after installing the 3013455** update on the indicated systems."
Fix for text quality degradation after security update 3013455 (MS15-010) is installed
* https://support.microsoft.com/kb/3037639
Last Review: Feb 20, 2015 - Rev: 3.0
Applies to:
Windows Server 2008 ...
Windows Server 2003 ...
Windows Vista SP2 ...
** https://support.microsoft.com/kb/3013455
Last Review: Feb 19, 2015 - Rev: 3.0
- http://www.infoworld.com/article/2885974/patch-management/microsoft-surreptitiously-reissues-kb-3013455-for-vista-windows-server-2003.html
Feb 18, 2015
:fear:
AplusWebMaster
2015-02-23, 10:47
FYI...
Symantec - Corrupt IPS def file update impacted 32-bit versions of I/E
- http://www.symantec.com/connect/blogs/corrupt-ips-definition-package-impacted-32-bit-versions-internet-explorer
21 Feb 2015 - "On February 20, 2015, Symantec received reports stating that 32-bit versions of Internet Explorer had been crashing after the application of the Intrusion Prevention System (IPS) 20150220.001 definition package. We can confirm that this definition package impacted 32-bit versions of Internet Explorer on computers with the following Symantec and Norton products installed:
Symantec Endpoint Protection 12.1
Norton Security
Norton Security with Backup
Norton 360
Norton Internet Security
Only Symantec Endpoint Protection clients that receive content from a pre-RU2 SEPM, or pre-RU2 clients that run LiveUpdate directly to Symantec may be affected.
Solution: Based on our analysis, the issue was caused by a corrupt file in the virus definition set. Symantec recreated a snapshot of the same definition package as 20150221.001 and released it through our LiveUpdate servers. Definition package updates are automatically deployed by Norton and Symantec Endpoint Protection every four hours, unless users manually download them for unmanaged computers or administrators manually deploy them to their managed clients from the SEP Management Server. Users can also manually deploy the update before it is deployed automatically."
:fear::fear:
AplusWebMaster
2015-02-26, 17:07
FYI...
Lingering issues for two Windows kernel patches - Feb 2015
- http://windowssecrets.com/patch-watch/lingering-issues-for-two-windows-kernel-patches/
Feb 25, 2015 - "We see fewer and fewer updates appearing on the unofficial, fourth-week Patch Tuesday. But we need that time to clean-up-patch-issues from the -official- Patch Tuesday. As has become typical, February saw -several- troublesome patches. But Microsoft seems to be jumping on them more quickly.
> Changing Lithuania’s currency symbol: KB 3006137 is the only official Microsoft update released this week. Its sole function is to change Lithuania’s currency symbol in Windows from litai (Lt) to euros (€). (The country adopted the euro on Jan. 1.) The update is for all current versions of Windows except Vista. (Win7 users must be on Service Pack 1, and Win8 users must be on Version 2.1 Update [KB 2919355].) You should see KB 3006137 as an -unchecked- optional patch in Windows Update, but Microsoft also offers it as a hotfix. Plus, the patch’s support page includes instructions for manually changing currency symbols and other language settings. Those of you who follow European news know that there’s an ongoing debate on whether to keep the euro. England never adopted it, and there’s recently been speculation that Greece will drop it.
But as a tourist traveling through several European nations last year, I found that using just one currency was efficient and extremely convenient.
- What to do: KB 3006137 is completely optional. If you have no need to work with Lithuanian currency, you -can- skip it — or install it just to keep your system fully up to date.
MS15-009 (3023607, 3038778): IE 11 security feature catches VPN apps: February’s critical Internet Explorer update (MS15-009) fixed -41- vulnerabilities; for IE 11, it also included two companion updates. KB 3038778 is a security enhancement that, by default, prevents SSL 3.0 fallbacks with Protected Mode sites (more info*). This was primarily a defense against POODLE attacks. KB 3023607 was designed to prevent use of the less secure Transport Layer Security protocol."
* http://blogs.msdn.com/b/ie/archive/2014/12/09/december-2014-internet-explorer-security-updates-amp-disabling-ssl-3-0-fallback.aspx
___
- http://www.infoworld.com/article/2889295/microsoft-windows/20-epic-microsoft-windows-auto-update-meltdowns.html
Feb 26, 2015
:fear::fear:
AplusWebMaster
2015-03-05, 15:45
FYI...
MS15-009: Description of the security update for JScript9.dll in Internet Explorer...
** https://support.microsoft.com/kb/3034196
Last Review: Feb 10, 2015 - Rev: 1.0
MS15-009: Description of the security update for Internet Explorer
* https://support.microsoft.com/kb/3021952
Last Review: Feb 19, 2015 - Rev: 5.0
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
Microsoft Internet Explorer 6.0
- https://technet.microsoft.com/en-us/library/security/MS15-009
V1.1 (March 4, 2015): Revised bulletin to clarify what additional updates will be installed, and how they will be installed, when security update 3021952* is installed on systems running Internet Explorer 9, Internet Explorer 10, or Internet Explorer 11.
See the Update FAQ for more information. This is an informational change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
___
- http://www.infoworld.com/article/2893438/security/microsoft-advises-that-the-massive-ie-february-rollup-kb-3034682-will-reboot-twice.html
Mar 5, 2015 - "... if you're updating Windows through Windows Update - manually, without automatic updates - you should check Windows Update a second time, after you've gone through the initial update, and reboot. There may be another patch waiting for you. If you've already applied the February patches using Windows Update, take a minute to go back and make sure there isn't a lingering KB 3034196** ..."
:fear:
AplusWebMaster
2015-03-06, 12:45
FYI...
Microsoft Security Advisory 3046015
Vulnerability in Schannel Could Allow Security Feature Bypass
- https://technet.microsoft.com/en-us/library/security/3046015.aspx
March 5, 2015 - "Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Mitigating Factors: A server needs to support RSA key exchange export ciphers for an attack to be successful.
Recommendation: Please see the Suggested Actions section of this advisory for workarounds* to disable the RSA export ciphers. Microsoft recommends that customers use these workarounds to mitigate this vulnerability...
* https://technet.microsoft.com/en-us/library/security/3046015.aspx#_Apply_Workarounds
Workarounds refer to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available.
• Disable RSA key exchange ciphers using the Group Policy Object Editor (Windows Vista and later systems only).
You can disable the RSA key exchange ciphers in Windows Vista and later systems by modifying the SSL Cipher Suite order in the Group Policy Object Editor..."
(More detail at the MS URL above.)
>> Browser check: https://freakattack.com/ || https://www.ssllabs.com/ssltest/viewMyClient.html
"...If you run a server …
You should immediately disable support for TLS export cipher suites. While you’re at it, you should also disable other cipher suites that are known to be insecure and enable forward secrecy. For instructions on how to secure popular HTTPS server software, we recommend Mozilla’s security configuration guide and their SSL configuration generator. We also recommend testing your configuration with the Qualys SSL Labs SSL Server Test tool**.
If you use a browser …
Make sure you have the most recent version of your browser installed, and check for updates frequently. Updates that fix the FREAK attack should be available for all major browsers soon.
** https://www.ssllabs.com/ssltest/
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1637
Last revised: 03/06/2015
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204 - 5.0
Last revised: 03/05/2015
___
- http://blog.trendmicro.com/trendlabs-security-intelligence/freak-vulnerability-forces-weaker-encryption/
"... Microsoft[1] has confirmed all version of Windows are vulnerable. Red Hat confirmed that versions 6 and 7 of Red Hat Enterprise Linux (RHEL)[2] are vulnerable as well. Browsers that are vulnerable to the FREAK vulnerability include Internet Explorer[3], Opera (Mac OS X / Linux)[3], and Safari[3]..."
1] https://technet.microsoft.com/library/security/3046015
2] https://access.redhat.com/articles/1369543
3] http://thehackernews.com/2015/03/freak-openssl-vulnerability_5.html
___
- https://www.us-cert.gov/ncas/current-activity/2015/03/06/FREAK-SSLTLS-Vulnerability
Mar 6, 2015 - "FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204) is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers. Google has released an updated version of its Android OS and Chrome browser for OS X to mitigate the vulnerability. Microsoft has released a Security Advisory that includes a workaround for supported Windows systems. Users and administrators are encouraged to review Vulnerability Note VU#243585* for more information and apply all necessary mitigations as vendors make them available. Users may visit freakattack.com** to help determine whether their browsers are vulnerable..."
* http://www.kb.cert.org/vuls/id/243585
** https://freakattack.com/
___
Microsoft Security Advisory 3046015
Vulnerability in Schannel Could Allow Security Feature Bypass
- https://technet.microsoft.com/en-us/library/security/3046015.aspx
Updated: March 10, 2015 - "... We have issued Microsoft Security Bulletin MS15-031* to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin. The vulnerability addressed is the Schannel Security Feature Bypass Vulnerability - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1637 "
* https://technet.microsoft.com/library/security/MS15-031
March 10, 2015 - "This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection. Any Windows system using Schannel to connect to a remote TLS server with an insecure cipher suite is affected... This security update also addresses the vulnerability first described in Microsoft Security Advisory 3046015[1]. For more information about this update, see Microsoft Knowledge Base Article 3046049[2]."
1] https://technet.microsoft.com/security/advisory/3046015
2] https://support.microsoft.com/kb/3046049
:fear: :fear:
AplusWebMaster
2015-03-10, 21:38
FYI...
- https://technet.microsoft.com/library/security/ms15-MAR
March 10, 2015 - "This bulletin summary lists security bulletins released for March 2015...
(Total of -14-)
Microsoft Security Bulletin MS15-018 - Critical
Cumulative Security Update for Internet Explorer (3032359)
- https://technet.microsoft.com/library/security/MS15-018
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS15-019 - Critical
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3040297)
- https://technet.microsoft.com/library/security/MS15-019
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS15-020 - Critical
Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836)
- https://technet.microsoft.com/library/security/MS15-020
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS15-022 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999)
- https://technet.microsoft.com/library/security/MS15-022
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS15-023 - Important
Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege (3034344)
- https://technet.microsoft.com/library/security/MS15-023
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS15-024 - Important
Vulnerability in PNG Processing Could Allow Information Disclosure (3035132)
- https://technet.microsoft.com/library/security/MS15-024
Important - Information Disclosure - May require restart - Microsoft Windows
Microsoft Security Bulletin MS15-025 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680)
- https://technet.microsoft.com/library/security/MS15-025
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS15-026 - Important
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3040856)
- https://technet.microsoft.com/library/security/MS15-026
Important - Elevation of Privilege - Does not require restart - Microsoft Exchange
Microsoft Security Bulletin MS15-027 - Important
Vulnerability in NETLOGON Could Allow Spoofing (3002657)
- https://technet.microsoft.com/library/security/MS15-027
Important - Spoofing - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS15-028 - Important
Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377)
- https://technet.microsoft.com/library/security/MS15-028
Important - Security Feature Bypass - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS15-029 - Important
Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure (3035126)
- https://technet.microsoft.com/library/security/MS15-029
Important - Information Disclosure - May require restart - Microsoft Windows
Microsoft Security Bulletin MS15-030 - Important
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (3039976)
- https://technet.microsoft.com/library/security/MS15-030
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS15-031 - Important
Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)
- https://technet.microsoft.com/library/security/MS15-031
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/archive/2015/03/10/march-2015-updates.aspx
10 Mar 2015 - "... we released 14 security bulletins to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Exchange, and Internet Explorer... We released one new Security Advisory:
• Availability of SHA-2 code signing support for Windows 7 and Windows Server 2008 R2 (3033929)
Two Security Advisories were revised:
• Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)
• Vulnerability in Schannel Could Allow Security Feature Bypass (3046015)..."
Microsoft Security Advisory 3046015
Vulnerability in Schannel Could Allow Security Feature Bypass
- https://technet.microsoft.com/en-us/library/security/3046015
Published: March 5, 2015 | Updated: March 10, 2015
Version: 2.0 - "Microsoft has completed the investigation into a public report of a vulnerability. We have issued Microsoft Security Bulletin MS15-031[1] to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin. The vulnerability addressed is the Schannel Security Feature Bypass Vulnerability
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1637 "
1] https://technet.microsoft.com/library/security/MS15-031
Microsoft Security Advisory 3033929
Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2
- https://technet.microsoft.com/en-us/library/security/3033929
March 10, 2015 - "Microsoft is announcing the reissuance of an update for all supported editions of Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and verification functionality. This update supersedes the 2949927 update that was rescinded on October 17, 2014 to address issues that some customers experienced after installation. As with the original release, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, and Windows RT 8.1 do not require this update because SHA-2 signing and verification functionality is already included in these operating systems. This update is not available for Windows Server 2003, Windows Vista, or Windows Server 2008.
[1]The 3033929 update has affected binaries in common with the 3035131 update being released simultaneously via MS15-025. Customers who download and install updates manually and who are planning to install -both- updates should install the 3035131* update before installing the 3033929** update. See the Advisory FAQ for more information."
* https://support.microsoft.com/kb/3035131
** https://support.microsoft.com/kb/3033929
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: March 10, 2015 - Version: 38.0
___
March 2015 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2015/03/10/march-2015-office-update-release.aspx
10 Mar 2015 - "... There are 35 security updates (1 bulletin) and 39 non-security updates..."
> http://technet.microsoft.com/en-us/security/ms15-022
__
- http://www.securitytracker.com/id/1031888 - MS15-018
- http://www.securitytracker.com/id/1031887 - MS15-019
- http://www.securitytracker.com/id/1031890 - MS15-020
- http://www.securitytracker.com/id/1031889 - MS15-021
- http://www.securitytracker.com/id/1031895 - MS15-022
- http://www.securitytracker.com/id/1031896 - MS15-022
- http://www.securitytracker.com/id/1031897 - MS15-023
- http://www.securitytracker.com/id/1031898 - MS15-024
- http://www.securitytracker.com/id/1031899 - MS15-025
- http://www.securitytracker.com/id/1031900 - MS15-026
- http://www.securitytracker.com/id/1031891 - MS15-027
- http://www.securitytracker.com/id/1031893 - MS15-028
- http://www.securitytracker.com/id/1031894 - MS15-029
- http://www.securitytracker.com/id/1031892 - MS15-030
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=19445
2015-03-10
.
AplusWebMaster
2015-03-12, 14:50
FYI...
MS Update 3033929 causing Reboot loop
- http://krebsonsecurity.com/2015/03/ms-update-3033929-causing-reboot-loop/
12 Mar 2015 - "One of the operating system updates Microsoft released on Tuesday of this week — KB3033929 — is causing a reboot loop for a fair number of Windows 7 users, according to postings on multiple help forums. The update in question does not appear to address a pressing security vulnerability, so users who have not yet installed it should probably delay doing so until Microsoft straightens things out. Various tech help forums ares starting to fill up with requests from Windows 7 users who are experiencing a reboot loop after applying the glitchy patch*, which is a “code signing” update that improves the ability of Windows 7 and Windows Server 2008 R2 systems to validate the integrity and authenticity of programs running on top of the operating system. At this time, none of the tech help forums seem to have a solution for the problem..."
* https://support.microsoft.com/kb/3033929
Last Review: Mar 10, 2015 - Rev: 1.0
___
Netlogon patch KB 3002657, SHA-2 signing patch KB 3033929 - Woes mount ...
- http://www.infoworld.com/article/2895900/security/microsoft-netlogon-patch-kb-3002657-woes-continue-kb-3032359-cisco-anyconnect-fix-confirmed.html
Mar 12, 2015 - "... Complaints are mounting among admins that the Netlogon spoofing patch, MS15-027/KB 3002657* is causing more problems... In addition to log-on failures with EMC Isilon clusters, there are also problems with Outlook, SharePoint, and NAS drives... Spiceworks also has a lengthy thread on this topic. No idea when/if Microsoft will pull the patch, but clearly it's causing lots of problems... Posters on the Patchmanagement List are complaining about a detection problem with the kernel patch MS15-025/KB 3033395** installing on Windows 2003 R2 servers. Apparently the update mechanism fails to identify the patch once it's installed, and offers it up repeatedly... confirmation on yesterday's report that the RDP patch MS15-030/KB 3036493*** requires multiple reboots - at least in some situations. It has been added to the official list of multiple-reboot renegades maintained in KB 2894518****. Admins take note: Your patching sequences may get clobbered... seeing a lot of complaints about the size of this month's bundle of patches. Those of you with Office, for example, may see as many as 50 or 60 individual patches in a swollen download package of 400MB or more..."
* https://support.microsoft.com/kb/3002657
Last Review: Mar 10, 2015 - Rev: 1.0
** https://support.microsoft.com/kb/3033395
Last Review: Mar 10, 2015 - Rev: 1.0
*** https://support.microsoft.com/kb/3036493
Last Review: Mar 10, 2015 - Rev: 1.0
**** https://support.microsoft.com/kb/2894518
Last Review: Mar 12, 2015 - Rev: 15.0
___
KB 3033929 install fails, with multiple errors
- http://www.infoworld.com/article/2895906/patch-management/new-kb-3033929-patch-install-fails-at-72-complete-with-errors-80004005-800b0100-80070002-80070005.html
Mar 12, 2015
____
- http://windowssecrets.com/patch-watch/marchs-patch-tuesday-comes-in-like-a-lion/
Mar 11, 2015 - "... Along with a slug of Windows security fixes, Office gets an astounding 35 security updates — plus the usual load of nonsecurity fixes.
MS15-018 (3032359), MS15-019 (3030403, 3030398)
Patching the usual browser suspects: ... browser security starts with keeping Internet Explorer fully patched — even if you rarely use it. IE is deeply tied into Windows.
KB 3032359 (MS15-018) is rated -critical- for client versions of Windows. It fixes -eight- privately reported vulnerabilities and one publicly disclosed vulnerability, and it applies to all supported versions of the browser, including IE in Windows 10 Technical Preview. There are no reports of active exploits at this time. Among other things, the update makes changes to the VBScript engine and ensures proper enforcement of cross-domain policies. This should help prevent attackers from taking control of a PC when a user clicks-a-malicious-webpage.
Those of you still running IE 7 or an earlier version of the browser (or systems lacking IE, such as Windows 2008 Server Core editions) also need KB 3030398 or KB 3030403 (MS15-019), a related fix for the Windows VBScript engine. These updates should show up on Vista, Server 2003, Server 2008, and some Server Core machines. PCs running Windows 8 or higher will see an Adobe Flash Player update a bit sooner than those running Win7. As noted in MS Security Advisory 2755801, Microsoft released KB 3044132 for embedded Flash on March 10. Adobe’s Flash update will be released two days later... "
:fear::fear:
AplusWebMaster
2015-03-16, 17:10
FYI... MS KB revision updates:
MS15-018: Cumulative security update for Internet Explorer...
- http://support.microsoft.com/en-us/kb/3032359
Last Review: Mar 16, 2015 - Rev: 3.0
Applies to:
•Internet Explorer 10
•Internet Explorer 11
•Microsoft Internet Explorer 6.0
•Windows Internet Explorer 7
•Windows Internet Explorer 8
•Windows Internet Explorer 9
___
MS15-020 - Critical
Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836)
- https://technet.microsoft.com/library/security/MS15-020
V1.1 (March 10, 2015): Bulletin revised to better explain the attack vector for the DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096).
Updated: March 10, 2015 - "... For more information about this update, see Microsoft Knowledge Base Article 3041836*..."
MS15-020 ... remote code execution
* - https://support.microsoft.com/en-us/kb/3041836
"Known issues and additional information about this security update:
The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link...":
Last Review: Mar 12, 2015 - Rev: 2.0
Related:
MS15-020 ... Windows text svcs
- https://support.microsoft.com/en-us/kb/3033889
Last Review: Mar 14, 2015 - Rev: 2.0
MS15-020 ... Windows shell
- https://support.microsoft.com/en-us/kb/3039066
Last Review: Mar 14, 2015 - Rev: 3.0
:fear:
AplusWebMaster
2015-03-17, 22:46
FYI...
Netlogon patch KB 3002657 re-issued
If you're running Win Svr 2003, Microsoft advises you install KB 3002657-v2 on top of the first patch
- http://www.infoworld.com/article/2897814/operating-systems/server-2003-admins-beware-microsoft-re-issues-botched-netlogon-patch-kb-3002657.html
Mar 17, 2015 - "... Microsoft finally acknowledged the problem and posted a fix - for Windows Server 2003 -only- although I've seen unverified reports of similar problems on other versions of Windows Server... The KB article references problems with EMC Isilon OneFS in the "Known Issues" section...
Updated Security Bulletin MS15-027:
- https://technet.microsoft.com/library/security/MS15-027 "
Updated: March 16, 2015 - Ver: 2.0
V2.0 (March 16, 2015): To address a connectivity issue with update 3002657 when installed on supported editions of Windows Server 2003, Microsoft released update 3002657-v2 for all supported editions of Windows Server 2003. Customers who have not already installed the 3002657 update should install update 3002657-v2 to be fully protected from this vulnerability. To avoid the possibility of future detection logic problems, Microsoft recommends that customers running Windows Server 2003 who have already successfully installed the 3002657 update -also- apply update 3002657-v2 even though they are already protected from this vulnerability. Customers running other Microsoft operating systems are not affected by this re-release and do not need to take any action. See Microsoft Knowledge Base Article 3002657* for more information."
* https://support.microsoft.com/en-us/kb/3002657
Last Review: Mar 17, 2015 - Rev: 2.0
:fear::fear:
AplusWebMaster
2015-03-19, 01:32
FYI...
MS Security Advisory 3046310
Improperly Issued Digital Certificates Could Allow Spoofing
- https://isc.sans.edu/diary.html?storyid=19475
Mar 16, 2015 - "Microsoft is aware of an improperly issued SSL certificate for the domain “live.fi” that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. To help protect customers from potentially fraudulent use of this digital certificate, it has been revoked by the issuing CA and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of certificates that are causing this issue... For customers running Windows Server 2003, or for customers who choose not to install the automatic updater of revoked certificates, Microsoft recommends that the 3046310 update* be applied immediately using update management software, by checking for updates using the Microsoft Update service, or by downloading and applying the update manually..."
* https://support.microsoft.com/en-us/kb/3046310
Last Review: Mar 16, 2015 - Rev: 1.0
(See 'Applies to...')
___
Support for urgent Trusted Root updates for Windows Root Certificate Program in Windows
- https://support2.microsoft.com/default.aspx?scid=kb;en-us;3004394
Last Review: Mar 16, 2015 - Rev: 4.0
(See 'Applies to...')
___
Update Rollup 16 for Exchange Server 2007 SP3
- https://support.microsoft.com/en-us/kb/3030086
Last Review: Mar 17, 2015 - Rev: 1.0
Applies to:
Microsoft Exchange Server 2007 Service Pack 3, when used with:
Microsoft Exchange Server 2007 Enterprise Edition
Microsoft Exchange Server 2007 Standard Edition
:fear:
AplusWebMaster
2015-03-20, 13:07
FYI...
Microsoft Security Advisory 3046310
Improperly Issued Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/en-us/library/security/3046310.aspx
Published: March 16, 2015 | Updated: March 19, 2015
V2.0 (March 19, 2015): Advisory re-released to announce that the update for supported editions of Windows Server 2003 is now available. See Knowledge Base Article 3046310* for more information and download links.
* https://support.microsoft.com/en-us/kb/3046310
Last Review: Mar 19, 2015 - Rev: 3.0
(See "Applies to...")
:fear:
AplusWebMaster
2015-03-21, 13:21
FYI...
MS15-018: Cumulative security update for Internet Explorer...
- https://support.microsoft.com/en-us/kb/3032359
Last Review: Mar 16, 2015 - Rev: 3.0
"... Known issues with this security update:
After you install this security update, applications may crash when they render table-based content in Internet Explorer 11, Internet Explorer 10, Internet Explorer 9, and Internet Explorer 8.
Status: Microsoft is working on a fix for this issue..."
___
MS15-020: Description of the security update for Windows text services ...
- https://support2.microsoft.com/default.aspx?scid=kb;en-us;3033889
Last Review: Mar 18, 2015 - Rev: 3.0
- https://support.microsoft.com/en-us/kb/3048778
Last Review: Mar 20, 2015 - Rev: 4.0
(See "Applies to...")
___
MS15-027: Vulnerability in NETLOGON could allow spoofing...
- https://support.microsoft.com/en-us/kb/3002657
Last Review: Mar 20, 2015 - Rev: 5.0
(See "Applies to...")
___
Enterprise Site Discovery on IE8, IE9, IE10, and IE11
- http://blogs.msdn.com/b/ie/archive/2015/03/20/announcing-enterprise-site-discovery-support-on-ie8-ie9-ie10-and-new-privacy-enhancements.aspx
March 20, 2015 - "... The March 2015 update expands Enterprise Site Discovery beyond Internet Explorer 11 to include Internet Explorer 8, 9, & 10. By default, data collection is turned off. When collection is enabled, data will be collected from all sites visited by users with Internet Explorer unless otherwise configured. Data is collected during each browsing event and is associated to the browsed URL..."
(More detail at the URL above.)
:fear::fear: