MS yanks second botched Surface update ...
FYI...
MS yanks second botched Surface update ...
MS pulls the bad December firmware update for the Surface Pro 2 - with no hint as to when a fix is coming or what afflicted customers should do
- http://www.infoworld.com/t/microsoft...-months-232943
Dec 19, 2013 - "... On Dec. 10, Microsoft released a firmware update that was intended to improve stability, push updated Wi-Fi drivers, and promote better cover interaction with sleep, screen dimming, and more on the Surface Pro 2. Microsoft keeps a list of the firmware changes on one obscure page on its website* - not in the Knowledge Base, -not- on the official Windows blog. That page has no indication at all that the botched patch has been pulled..."
* http://www.microsoft.com/surface/en-...istory?lc=1041
:sad: :fear:
MS pulls plug on MSE for XP
FYI...
MS pulls plug on MSE for XP
- http://www.infoworld.com/t/microsoft...dows-xp-233721
Jan 8, 2014 - "... the official end of support Web page* now states that 'Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP on this date'... "
* http://windows.microsoft.com/en-us/w...d-support-help
"... after April 8, 2014, technical assistance for Windows XP will no longer be available, including automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP on this date..."
:fear::fear:
MS Security Bulletin Summary - January 2014
FYI...
- https://technet.microsoft.com/en-us/...letin/ms14-jan
Jan 14, 2014 - "This bulletin summary lists security bulletins released for January 2014...
(Total of -4-)
Microsoft Security Bulletin MS14-001 - Important
Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)
- https://technet.microsoft.com/en-us/...letin/ms14-001
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS14-002 - Important
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)
- https://technet.microsoft.com/en-us/...letin/ms14-002
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-003 - Important
Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)
- https://technet.microsoft.com/en-us/...letin/ms14-003
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-004 - Important
Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)
- https://technet.microsoft.com/en-us/...letin/ms14-004
Important - Denial of Service - May require restart - Microsoft Dynamics AX
___
Deployment Priority, Severity, Exploit Index
- https://blogs.technet.com/cfs-file.a...2D00_Final.jpg
- https://blogs.technet.com/b/msrc/arc...n-release.aspx
____
- https://secunia.com/advisories/56201/ - MS14-001
- https://secunia.com/advisories/55809/ - MS14-002
- https://secunia.com/advisories/56275/ - MS14-003
- https://secunia.com/advisories/56277/ - MS14-004
___
January 2014 Office Update Release
- http://blogs.technet.com/b/office_su...ce-update.aspx
14 Jan 2014 - "There are 12 security updates (1 bulletin) and 1 non-security update...
SECURITY UPDATES: MS14-001...
NON-SECURITY UPDATES: To improve stability and performance for Outlook 2013...
• Update for Microsoft Outlook 2013 KB2850061: http://support.microsoft.com/kb/2850061
Please note that these updates are all found in their corresponding versions of Office Click-to-Run: Office 2013: 15.0.4551.1512 ..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17429
Last Updated: 2014-01-14 18:03:19 UTC
.
MS Security Advisories - 2014.01.14 ...
FYI...
Microsoft Security Advisory (2914486)
Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege
- http://technet.microsoft.com/en-us/s...visory/2914486
Updated: Jan 14, 2014 - "... We have issued MS14-002* to address the Kernel NDProxy Vulnerability (CVE-2013-5065)..."
* https://technet.microsoft.com/en-us/...letin/ms14-002
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5065 - 7.2 (HIGH)
___
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/s...visory/2755801
Updated: Jan 14, 2014 - "... update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... available via Windows Update*..."
* https://update.microsoft.com/
___
Microsoft Security Advisory (2916652)
Improperly Issued Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/en-us/s...visory/2916652
V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
:fear::fear:
MS Exchange Server 2010 - Workaround...
FYI...
Folder views are not updated when you arrange by categories in Outlook after you apply Exchange Server 2010 Service Pack 3 Update Rollup 3 or Update Rollup 4
- http://support.microsoft.com/kb/2925273/en-us
"Workaround:
> To work around this problem when you sort messages by categories, you can update the folder view when you select a different folder view, such as Date (Conversations), and then return to the Categories view.
> To work around this problem when it occurs only in online-mode in the Outlook client, you can use Outlook in cached mode. Or, if it is possible, you can use OWA to make the change to the folder view."
Last Review: Feb 3, 2014 - Revision: 4.1
Applies to: Microsoft Exchange Server 2010 Service Pack 3
:fear::fear:
MS13-098 - Known issues ...
FYI...
MS13-098 - Known issues ...
- http://support.microsoft.com/kb/2893294/en-us
"... Known issues with this security update:
After you install this security update on a computer that is running Windows Vista or Windows Server 2008, the computer name might change to "MINWINPC." When this problem occurs, you cannot log on to computer even if you restart the computer. When you try to log on, you may receive an error message that resembles the following:
The username or password is incorrect.
This issue occurs when you install the security update on a system that has partly corrupted data or when the following registry key does not exist..."
Last Review: Feb 3, 2014 - Rev: 4.0
MS Security Bulletin MS13-098 - Critical
Vulnerability in Windows Could Allow Remote Code Execution (2893294)
- http://technet.microsoft.com/en-us/s...letin/ms13-098
:fear: :sad:
MS Security Advisory (2755801)
FYI...
MS Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/s...visory/2755801
Updated: Feb 04, 2014 Ver: 19.0 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service..."
- https://support.microsoft.com/kb/2929825
Last Review: Feb 4, 2014 - Rev: 2.0
:fear: