-
MS Security Advisories - May 13, 2014
FYI...
Microsoft Security Advisory 2871997
Update to Improve Credentials Protection and Management
- https://technet.microsoft.com/en-us/...curity/2871997
May 13, 2014 - "Microsoft is announcing the availability of an update for supported editions of Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 that improves credential protection and domain authentication controls to reduce credential theft. This update provides additional protection for the Local Security Authority (LSA), adds a restricted admin mode for Credential Security Support Provider (CredSSP), introduces support for the protected account-restricted domain user category, and enforces stricter authentication policies for Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 machines as clients.
Recommendation. Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service..."
- https://support.microsoft.com/kb/2871997
Microsoft Security Advisory 2962824
Update Rollup of Revoked Non-Compliant UEFI Modules
- https://technet.microsoft.com/en-us/...curity/2962824
May 13, 2014 - "With this advisory, Microsoft is revoking the digital signature for four private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. These UEFI (Unified Extensible Firmware Interface) modules are partner modules distributed in backup and recovery software. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are not in compliance with our certification program and are being revoked at the request of the author. Microsoft is not aware of any misuse of the affected UEFI modules..."
- https://support.microsoft.com/kb/2962824
Microsoft Security Advisory 2960358
Update for Disabling RC4 in .NET TLS
- https://technet.microsoft.com/en-us/...curity/2960358
May 13, 2014 - "Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.
Recommendation. Microsoft recommends that customers download and test the update before deploying it in their environments as soon as possible..."
- https://support.microsoft.com/kb/2960358
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/...curity/2755801
Updated: May 13, 2014 Ver: 24.0 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."
- https://support.microsoft.com/kb/2957151
Microsoft Security Advisory 2269637
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/...curity/2269637
Updated: May 13, 2014 Ver: 19.0 - "Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries. This issue is caused by specific insecure programming practices that allow so-called "binary planting" or "DLL preloading attacks". These practices could allow an attacker to remotely execute arbitrary code in the context of the user running the vulnerable application when the user opens a file from an untrusted location. This issue is caused by applications passing an insufficiently qualified path when loading an external library. Microsoft has issued guidance to developers in the MSDN article, Dynamic-Link Library Security, on how to correctly use the available application programming interfaces to prevent this class of vulnerability. Microsoft is also actively reaching out to third-party vendors through the Microsoft Vulnerability Research Program to inform them of the mitigations available in the operating system. Microsoft is also actively investigating which of its own applications may be affected. In addition to this guidance, Microsoft is releasing a tool that allows system administrators to mitigate the risk of this new attack vector by altering the library loading behavior system-wide or for specific applications. This advisory describes the functionality of this tool and other actions that customers can take to help protect their systems...
V19.0 (May 13, 2014): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS14-023, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution."
:fear:
-
KB2920189 and 2962824 problems
FYI...
Problems with 'revoked UEFI module' patches KB 2920189 and 2962824
- http://www.infoworld.com/t/microsoft...2962824-242533
May 14, 2014
Microsoft Security Advisory 2962824
Update Rollup of Revoked Non-Compliant UEFI Modules
- https://support.microsoft.com/kb/2962824
May 13, 2014 - Rev: 2.0
- https://support.microsoft.com/kb/2920189
Last Review: May 13, 2014 - Rev: 2.0
___
- http://windowssecrets.com/patch-watc...2013-continue/
May 14, 2014 - "... concentrate on the security updates and leave most of the nonsecurity fixes for later..."
:fear:
-
Win8.1 Update - more errors
FYI...
MS acknowledges more errors, 80070371 and 80071A91 - installing Win8.1 Update - KB 2919355
- http://www.infoworld.com/t/microsoft...b-2919355-2426
May 16, 2014
- https://support.microsoft.com/kb/2919355
Last Review: May 16, 2014 - Rev: 21.0
___
Security Bulletin Webcast Q&A
- http://blogs.technet.com/b/msrc/p/ma...letin-q-a.aspx
May 14, 2014
:sad:
-
IE 0-day - unpatched - 2014.05.21 ...
FYI...
IE 0-day - CMarkup Object Processing Flaw Lets Remote Users Execute Arbitrary Code
- http://www.securitytracker.com/id/1030266
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-1770
May 21 2014
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Version(s): 8; possibly other versions
Description: A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory error in the processing of CMarkup objects to execute arbitrary code on the target system. The code will run with the privileges of the target user.
The vendor was notified on October 11, 2013.
The original advisory is available at:
- http://zerodayinitiative.com/advisories/ZDI-14-140/
Solution: No solution was available at the time of this entry...
___
- https://atlas.arbor.net/briefs/index#1620714508
Elevated Severity
23 May 2014
A new zero-day vulnerability for Internet Explorer 8 has been disclosed.
Analysis: The flaw, which exists in the handling of CMarkup objects, could allow remote attackers to execute arbitrary code. Exploitation of this vulnerability requires user interaction, either by visiting a malicious site or opening a malicious file... The vulnerability is currently unpatched; it is recommended that users set Internet security zone settings to "High" to block ActiveX Controls and configure IE to prompt before running Active Scripting. Users should also ensure that Microsoft’s EMET (Enhanced Mitigation Experience Toolkit) is enabled.
:fear:
-
MS Security Advisory 2915720
FYI...
Microsoft Security Advisory 2915720
Changes in Windows Authenticode Signature Verification
- https://technet.microsoft.com/en-us/...curity/2915720
Published: Dec 10, 2013 | Updated: May 21, 2014 Version: 1.3
"Microsoft is announcing the availability of an update for all supported releases of Microsoft Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with Security Bulletin MS13-098, but will not be enabled until August 12, 2014. Once enabled, the new default behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure. Note that after August 12, 2014, Windows will no longer recognize non-compliant binaries as signed.
Recommendation: Microsoft recommends that by August 12, 2014, executables authors ensure that all signed binaries comport with this new verification behavior by containing no extraneous information in the WIN_CERTIFICATE structure. Microsoft also recommends that customers appropriately test this change to evaluate how it will behave in their environments...
Suggested Actions: Review Microsoft Root Certificate Program Technical Requirements
Customers who are interested in learning more about the topic covered in this advisory should review Windows Root Certificate Program - Technical Requirements*..."
* http://social.technet.microsoft.com/...uirements.aspx
"... The Technical Requirements version 1.1 have been superseded by this version 2.0..."
:fear:
-
Win8.1 update - Rev: 23.0 ...
FYI...
Win8.1 update ...
- https://support.microsoft.com/kb/2919355
May 30, 2014 - Rev: 23.0
Last Review: June 4, 2014 - Rev: 24.0
___
Cleaning up May’s Windows and Office updates
- http://windowssecrets.com/patch-watc...ffice-updates/
June 4, 2014
___
Overview of KB2871997
- http://blogs.technet.com/b/srd/archi...kb2871997.aspx
5 Jun 2014
- https://support.microsoft.com/kb/2871997#FixItForMe
Last Review: June 5, 2014 - Rev: 4.0
Microsoft Fix it 20141 - "... This Fix it solution changes the UseLogonCredentials registry key to disable WDigest passwords from being stored in memory. After you install security update 2871997 and then apply this Fix it solution to systems that are running Windows 7, Windows Server 2008 R2, Windows 8, or Windows Server 2012, you should no longer have clear-text credentials stored in memory.
Note: This Fix it solution will take effect only if security update 2871997 is installed..."
:fear: :sad:
-
MS Security Bulletin Advance Notification - June 2014
FYI...
- https://technet.microsoft.com/library/security/ms14-jun
June 5, 2014 - "This is an advance notification of security bulletins that Microsoft is intending to release on June 10, 2014...
(Total of -7-)
Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 2 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Office, Microsoft Lync
Bulletin 3 - Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 4 - Important - Information Disclosure - May require restart - Microsoft Windows
Bulletin 5 - Important - Information Disclosure - May require restart - Microsoft Lync Server
Bulletin 6 - Important - Denial of Service - Requires restart - Microsoft Windows
Bulletin 7 - Important - Tampering - May require restart - Microsoft Windows
- http://blogs.technet.com/b/msrc/arch...n-release.aspx
5 Jun 2014
___
Overview of KB2871997
- http://blogs.technet.com/b/srd/archi...kb2871997.aspx
5 Jun 2014
- https://support.microsoft.com/kb/2871997#FixItForMe
Last Review: June 5, 2014 - Rev: 4.0
Microsoft Fix it 20141 - "... This Fix it solution changes the UseLogonCredentials registry key to disable WDigest passwords from being stored in memory. After you install security update 2871997 and then apply this Fix it solution to systems that are running Windows 7, Windows Server 2008 R2, Windows 8, or Windows Server 2012, you should no longer have clear-text credentials stored in memory.
Note: This Fix it solution will take effect only if security update 2871997 is installed..."
:fear:
-
MS Security Bulletin Summary - June 2014
FYI...
- https://technet.microsoft.com/library/security/ms14-jun
June 10, 2014 - "This bulletin summary lists security bulletins released for June 2014...
(Total of -7-)
Microsoft Security Bulletin MS14-035 - Critical
Cumulative Security Update for Internet Explorer (2969262)
- https://technet.microsoft.com/library/security/ms14-035
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
"... resolves -59- items..." *
Microsoft Security Bulletin MS14-036 - Critical
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (2967487)
- https://technet.microsoft.com/library/security/ms14-036
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Office, Microsoft Lync
Microsoft Security Bulletin MS14-034 - Important
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261)
- https://technet.microsoft.com/library/security/ms14-034
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS14-033 - Important
Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2966061)
- https://technet.microsoft.com/en-us/...urity/ms14-033
Important - Information Disclosure - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-032 - Important
Vulnerability in Microsoft Lync Server Could Allow Information Disclosure (2969258)
- https://technet.microsoft.com/library/security/ms14-032
Important - Information Disclosure - May require restart - Microsoft Lync Server
Microsoft Security Bulletin MS14-031 - Important
Vulnerability in TCP Protocol Could Allow Denial of Service (2962478)
- https://technet.microsoft.com/library/security/ms14-031
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-030 - Important
Vulnerability in Remote Desktop Could Allow Tampering (2969259)
- https://technet.microsoft.com/library/security/ms14-030
Important - Tampering - May require restart - Microsoft Windows
___
* http://blogs.technet.com/b/msrc/arch...n-release.aspx
10 Jun 2014
Deployment Priority, Severity, and Exploit Index
- http://blogs.technet.com/cfs-file.as...Deployment.jpg
___
June 2014 Office Updates
- http://blogs.technet.com/b/office_su...e-release.aspx
10 Jun 2014 - "... There are 7 security updates (2 bulletins*) and 20 non-security updates..."
* MS14-034, MS14-036
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18233
2014-06-10
.
-
MS Security Advisories - 2014.06.10 ...
FYI...
June 2014 security fixes ...
- http://windowssecrets.com/patch-watc...ecurity-fixes/
June 11, 2014
Win8.1 Update ...
- https://support.microsoft.com/kb/2919355
May 30, 2014 - Rev: 23.0
June 4, 2014 - Rev: 24.0
Last Review: June 10, 2014 - Rev: 26.0
___
Microsoft Security Advisory 2962824
Update Rollup of Revoked Non-Compliant UEFI Modules
- https://technet.microsoft.com/en-us/...curity/2962824
Updated: June 10, 2014 - Ver: 1.1 - "With this advisory, Microsoft is revoking the digital signature for four private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. These UEFI (Unified Extensible Firmware Interface) modules are partner modules distributed in backup and recovery software. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are not in compliance with our certification program and are being revoked at the request of the author. Microsoft is not aware of any misuse of the affected UEFI modules. Microsoft is proactively revoking these non-compliant modules in coordination with their author as part of ongoing efforts to protect customers. This action only affects systems running Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2 that are capable of UEFI Secure Boot where the system is configured to boot via UEFI and Secure Boot is enabled. There is no action on systems that do not support UEFI Secure Boot or where it is disabled...
Known Issues. Microsoft Knowledge Base Article 2962824* documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues."
* https://support.microsoft.com/kb/2962824
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/...curity/2755801
Updated: June 10, 2014 - Ver: 25.0 - "... Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update. On June 10, 2014, Microsoft released an update (2966072) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-16*..."
* http://helpx.adobe.com/security/prod...apsb14-16.html
Microsoft Security Advisory 2862973
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- https://technet.microsoft.com/en-us/...curity/2862973
Updated: June 10, 2014 - Ver: 3.0 - "Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. Recommendation: Microsoft recommends that customers apply the update at the earliest opportunity. Please see the Suggested Actions section of this advisory for more information..."
- https://support.microsoft.com/kb/2862966
- https://support.microsoft.com/kb/2862973
:fear:
-
June 2014 Security Bulletin Webcast Q&A
FYI...
- http://blogs.technet.com/b/msrc/arch...d-q-amp-a.aspx
13 Jun 2014 - "Today we published the June 2014 Security Bulletin webcast questions and answers page*..."
June 2014 Security Bulletin Webcast Q&A
* http://blogs.technet.com/b/msrc/p/ju...letin-q-a.aspx
June 11, 2014
.
-
IE 11 users - no update - no security fixes ...
FYI...
For IE 11 users, no update now means no security fixes
- http://arstechnica.com/information-t...-new-features/
June 16 2014 - "When Microsoft released the Windows 8.1 Update, IT feathers were ruffled by Microsoft's decision to make it a compulsory update: without it, Windows 8.1 systems would no longer receive security fixes. As spotted by Computerworld's Gregg Keizer*, Microsoft is applying the same rules, at least in part, to Windows 7. Windows 7 users who've installed Internet Explorer 11 are required to install the KB2929437 update. This is the Internet Explorer 11 update that corresponds to the Windows 8.1 Update; it doesn't just include security fixes for Microsoft's browser. There are also some new and improved features, including a more capable WebGL implementation and some additional high performance JavaScript features. If users don't install the update, Windows Update will not provide any more security fixes for their browser..."
* http://www.infoworld.com/d/microsoft...44338?page=0,0
June 16, 2014
:sad: :blink:
-
MS Security Advisory 2974294
FYI...
Microsoft Security Advisory 2974294
Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service
- https://technet.microsoft.com/library/security/2974294
June 17, 2014 - "Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted... See the Affected Software section for a list of affected products. Updates to the Microsoft Malware Protection Engine are installed along with the updated malware definitions for the affected products... automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration..."
- https://www.us-cert.gov/ncas/current...are-Protection
June 17, 2014
___
- http://www.securitytracker.com/id/1030438
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-2779
Jun 17 2014
Impact: Denial of service via local system, Denial of service via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 1.1.10600.0 and prior...
Solution: The vendor has issued a fix (1.1.10701.0).
The vendor's advisory is available at:
- https://technet.microsoft.com/en-us/...curity/2974294
___
- https://atlas.arbor.net/briefs/
High Severity
June 20, 2014
Analysis: If the engine scans a specially crafted file, the vulnerability could be exploited to cause a denial of service condition, stopping the engine from monitoring affected systems. A specially crafted file could be delivered via email or instant messenger, or by visiting a site hosting a malicious file; alternatively, a malicious attacker could use a website that hosts user-provided content to upload a malicious file, which would be scanned by the engine running on the hosting server. [ https://technet.microsoft.com/library/security/2974294 ] Microsoft has updates for affected products, which will automatically be pushed to Microsoft Malware Protection Engine...
:fear::fear:
-
MS Security Advisory 2960358 v1.1
FYI...
Microsoft Security Advisory 2960358
Update for Disabling RC4 in .NET TLS
- https://technet.microsoft.com/en-us/...curity/2960358
V1.1 (June 19, 2014): Added link to Microsoft Knowledge Base Article 2978675* under Known Issues in the Executive Summary.
* https://support.microsoft.com/kb/2978675
June 19, 2014 - Rev: 1.0
:fear:
-
MS14-019 updated ...
FYI...
Microsoft Security Bulletin MS14-019 - Critical
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229)
- https://technet.microsoft.com/en-us/...urity/MS14-019
V1.1 (June 27, 2014) Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
- https://support.microsoft.com/kb/2922229
Last Review: June 24, 2014 - Rev: 2.0
- https://technet.microsoft.com/library/security/ms14-jun
V1.1 (June 17, 2014): For MS14-035, added an Exploitability Assessment in the Exploitability Index for CVE-2014-2782. This is an informational change only.
MS14-035
- https://technet.microsoft.com/library/security/ms14-035
V1.1 (June 17, 2014): Corrected the severity table and vulnerability information to add CVE-2014-2782 as a vulnerability addressed by this update. This is an informational change only...
MS14-036
- https://technet.microsoft.com/library/security/ms14-036
V1.1 (June 17, 2014): Clarified in the Update FAQ for Microsoft Office section what updates will be offered to systems that are running Microsoft Office 2010. This is an informational change only...
:fear:
-
MS Security Notifications ...
FYI...
- https://isc.sans.edu/diary.html?storyid=18319
2014-06-28
"... Microsoft Security Notifications
Issued: June 27, 2014
Notice to IT professionals:
As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is -suspending- the use of -email- notifications that announce the following:
* Security bulletin advance notifications
* Security bulletin summaries
* New security advisories and bulletins
* Major and minor revisions to security advisories and bulletins
In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website. For more information, or to sign up for an RSS feed, visit the Microsoft Technical Security Notifications webpage at:
- http://technet.microsoft.com/security/dd252948 "
___
- http://www.theregister.co.uk/2014/07..._mailing_list/
1 Jul 2014 - "... In an email last night Microsoft said it would resume the mailing list on 3 July.
'On June 27, 2014, Microsoft notified customers that we were suspending Microsoft Security Notifications due to changing governmental policies concerning the issuance of automated electronic messaging. We have reviewed our processes and will resume these security notifications with our monthly Advanced Notification Service on July 3, 2014'..."
:blink:
-
MS Security Bulletin Summary - July 2014
FYI...
- https://technet.microsoft.com/library/security/ms14-jul
July 8, 2014 - "This bulletin summary lists security bulletins released for July 2014...
(Total of -6-)
V1.1 (July 29, 2014): For MS14-037, added an Exploitability Assessment in the Exploitability Index for CVE-2014-4066. This is an informational change only.
Microsoft Security Bulletin MS14-037 - Critical
Cumulative Security Update for Internet Explorer (2975687)
- https://technet.microsoft.com/library/security/ms14-037
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
V1.1 (July 29, 2014): Corrected the severity table and vulnerability information to add CVE-2014-4066 as a vulnerability addressed by this update. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
- https://cve.mitre.org/cgi-bin/cvenam...=CVE-2014-4066
Microsoft Security Bulletin MS14-038 - Critical
Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689)
- https://technet.microsoft.com/library/security/ms14-038
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-039 - Important
Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege (2975685)
- https://technet.microsoft.com/library/security/ms14-039
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-040 - Important
Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684)
- https://technet.microsoft.com/library/security/ms14-040
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-041 - Important
Vulnerability in DirectShow Could Allow Elevation of Privilege (2975681)
- https://technet.microsoft.com/library/security/ms14-041
Important - Elevation of Privilege - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-042 - Moderate
Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621)
- https://technet.microsoft.com/library/security/ms14-042
Moderate - Denial of Service - Does not require restart - Microsoft Server Software
___
- http://blogs.technet.com/b/msrc/arch...n-release.aspx
8 Jul 2014
Deployment Priority, Severity, Exploit Index
- http://blogs.technet.com/cfs-file.as...deployment.jpg
___
July 2014 Office Update Release
- http://blogs.technet.com/b/office_su...e-release.aspx
8 Jul 2014 - "... There are no security updates. There are 36 non-security updates..."
___
- http://www.securitytracker.com/id/1030532 - MS14-037
- http://www.securitytracker.com/id/1030531 - MS14-038
- http://www.securitytracker.com/id/1030535 - MS14-039
- http://www.securitytracker.com/id/1030536 - MS14-040
- http://www.securitytracker.com/id/1030537 - MS14-041
- http://www.securitytracker.com/id/1030538 - MS14-042
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18359
2014-07-08
.
-
MS Security Advisories - 7.08.2014
FYI...
Microsoft Security Advisory 2871997
Update to Improve Credentials Protection and Management
- https://technet.microsoft.com/en-us/...curity/2871997
Published: May 13, 2014 | Updated: July 8, 2014 Version: 2.0 - "Microsoft is announcing the availability of updates for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 that improve credential protection and domain authentication controls to reduce credential theft..."
Microsoft Security Advisory 2960358
Update for Disabling RC4 in .NET TLS
- https://technet.microsoft.com/en-us/...curity/2960358
Published: May 13, 2014 | Updated: July 8, 2014 Version: 1.2 - "Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.
Recommendation. Microsoft recommends that customers download and test the update before deploying it in their environments as soon as possible. Please see the Suggested Actions section of this advisory for more information.
Known Issues. Microsoft Knowledge Base Article 2978675* documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues..."
* https://support.microsoft.com/kb/2978675
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/...curity/2755801
Published: September 21, 2012 | Updated: July 8, 2014 Version: 26.0 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11.
Current Update: Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update..."
:fear:
-
MS Security Advisory 2982792 - 7.10.2014
FYI...
Microsoft Security Advisory 2982792
Improperly Issued Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/en-us/...y/2982792.aspx
July 10, 2014 - "Executive Summary: Microsoft is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The SSL certificates were improperly issued by the National Informatics Centre (NIC), which operates subordinate CAs under root CAs operated by the Government of India Controller of Certifying Authorities (CCA), which are CAs present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. The subordinate CA has been misused to issue SSL certificates for multiple sites, including Google web properties. These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against web properties. The subordinate CAs may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks...
Recommendation: An automatic updater of revoked certificates is included in supported editions of Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, and Windows Server 2012 R2, and for devices running Windows Phone 8 or Windows Phone 8.1. For these operating systems or devices, customers do not need to take any action because the CTL will be updated automatically.
For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 that are using the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070* for details), customers do not need to take any action because the CTL will be updated automatically.
For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2, and that do -not- have the automatic updater of revoked certificates installed, this update is not available. To receive this update, customers must install the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070* for details). Customers in disconnected environments and who are running Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 can install update 2813430** to receive this update (see Microsoft Knowledge Base Article 2813430** for details)..."
* https://support.microsoft.com/kb/2677070
** https://support.microsoft.com/kb/2813430
- https://technet.microsoft.com/en-us/...curity/2982792
V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for supported editions of Windows Server 2003. For more information, see the Suggested Actions section of this advisory.
___
- http://atlas.arbor.net/briefs/index#1956386183
High Severity
July 10, 2014
Four fake certificates have been identified posing as Google and Yahoo, putting Internet Explorer users at risk.
Analysis: The certificates were issued by the National Informatics Centre (NIC) in India, whose certificate issuance process was reportedly compromised. NIC is trusted by CCA India, who in turn is trusted by Microsoft. Other fake certificates were likely issued as well, though details on the full scope of the breach have not been released. While the identified certificates have been revoked by CCA, they could nonetheless affect Windows users: real-time revocation checks performed by security measures using certificate revocation list and online certificate status protocol do not sufficiently prevent attacks, as seen following certificate revocations after disclosure of the OpenSSL Heartbleed vulnerability earlier this year. Firefox, Thunderbird, and Chrome users on Windows are -not- at risk, as the applications' root stores are independent of Windows. Users running Mac OS X, Linux, and other platforms are also not at risk. Until Microsoft has addressed the issue, Windows users should use applications other than Internet Explorer to access domains using TLS. [ http://arstechnica.com/security/2014...windows-users/ ]
- http://www.securitytracker.com/id/1030548
Updated: Jul 17 2014
Impact: Modification of authentication information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2; and prior service packs
Description: A vulnerability was reported in Microsoft Windows. A remote user may be able to spoof SSL certificates.
The operating system includes invalid subordinate certificates issued by National Informatics Centre (NIC), which operates subordinate certificate authorities (CAs) under root CAs operated by the Government of India Controller of Certifying Authorities (CCA)...
Impact: A remote user may be able to spoof SSL certificates.
Solution: The vendor has issued a fix, available via automatic update for Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows Phone 8, and Windows Phone 8.1.
The vendor has issued a fix for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 systems that use the automatic updater of revoked certificates (see KB2677070)...
Vendor URL: https://technet.microsoft.com/en-us/...curity/2982792
:fear::fear:
-
MS14-037 KB2962872 issues ...
FYI...
MS14-037 KB2962872 issues ...
- http://www.infoworld.com/t/microsoft...owdowns-246112
July 14, 2014 - "... Posters on the Microsoft Answers forum report that uninstalling KB 2962872 solves the problem.
Flexerasoft has posted a limited workaround:
Moving the .htm files to a backup folder has been shown to reduce the impact of the issue for some InstallShield customers. Please note that by taking these steps, the InstallShield Start Page and inline help will be limited and navigating to some views may still trigger a crash. Those using this method should save their projects frequently.
Steps to implement this limited workaround:
Move *.htm from
\<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>
To a new folder
\<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>\HTM-Backup\
Move *.htm from
\<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>Express\
To a new folder
\<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>Express\HTM-Backup\
The workaround lets InstallShield start and run normally, but reports say it crashes on exit. There are also sporadic reports of additional problems with KB 2962872, particularly slowdowns..."
- https://community.flexerasoftware.co...oft-KB-2962872
07-11-2014
Microsoft security update KB2962872 (MS14-037) may cause the InstallShield or InstallShield for AdminStudio application to crash...
- http://www.flexerasoftware.com/landi...KB2962872.html
___
MS patches crash Dell Data Protection-Encryption and CMGShield
Black Tuesday patches cause blue screens of death on DDP-E encrypted machines, black recovery screens for CMGShield
- http://www.infoworld.com/t/microsoft...gshield-246108
July 14, 2014 - "... a group of patches in this month's Black Tuesday crop causes BSODs on PCs encrypted with Dell Data Protection-Encryption or forces CMGShield-protected PCs into a lockup, with a black recovery screen. Although Dell posted information identifying the problem late Thursday in Quick Tip 653764*, there's still no word on precisely which Black Tuesday patches trigger the anti-tampering lockout. There's a fix, but it's complex..."
* http://www.dell.com/support/troubles...=&docid=653764
2014-07-10
___
MS14-037: Customers who use PTC Windchill 10.x solutions have
> reported instability and crashes after the installation of this
> security update.
- http://communities.ptc.com/message/250228#250228
Jul 22, 2014
___
July 2014 Security Bulletin Webcast Q&A
- http://blogs.technet.com/b/msrc/p/ju...letin-q-a.aspx
:fear::fear:
-
Office 365 - July 2014 update
FYI...
Issue when launching Office apps after applying July 2014 update for Office 365 ProPlus
- http://blogs.technet.com/b/odsupport...5-proplus.aspx
23 Jul 2014 - "Shortly after the release of the July Public Update, we received notification of a potential issue affecting a subset of Office 365 ProPlus users. In some cases, users running Office may not be able to launch Office products after the July 2014 updates are installed.
We have since corrected the issue and will be releasing an updated build 15.0.4631.1004 scheduled to go live by Thursday July 24th. Once the update is available, you can click on “Update Now” from the backstage to get the latest fix.
If you still have issues, then please reboot your computer and try “Update Now.” If you still have issues launching Office applications, as a last resort, please run the Fix It located at [ http://support.microsoft.com/kb/2739501 ] to uninstall and reinstall the latest bits.
Note: This issue doesn’t affect Volume License customers."
:fear:
-
MS Silverlight 5 - July 2014 update
FYI...
MS Silverlight 5 - July 2014 update
- http://support.microsoft.com/kb/2977218
Last Review: July 23, 2014 - Rev: 1.0 - "... This update offers a new build (version 5.1.30514.0) that is an upgrade to earlier versions of Silverlight. This update is included in current Silverlight installers... fixed by this update:
A Silverlight application that uses tab-switched controls exhibits a memory leak when you switch between tabs or pages in the application..."
Applies to:
Microsoft Silverlight 5
Microsoft Silverlight for Macintosh
Microsoft Silverlight for Windows
___
Glitches - July Windows/Office updates
- http://windowssecrets.com/patch-watc...ffice-updates/
July 24, 2014
> MS14-037 (2962872)
> MS14-039 (2975685)
:fear:
-
MS Security Advisory 2915720 - V1.4
FYI...
Microsoft Security Advisory 2915720
Changes in Windows Authenticode Signature Verification
- https://technet.microsoft.com/en-us/...curity/2915720
December 10, 2013 | Updated: July 29, 2014 - "... This advisory was revised on July 29, 2014 to announce that the stricter Windows Authenticode signature verification behavior described here will be enabled on an opt-in basis and not made a default behavior in supported releases of Microsoft Windows...
V1.4 (July 29, 2014): Revised advisory to announce that Microsoft no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. It remains available as an opt-in feature. See the Advisory FAQ section for more information.
:fear:
-
MS Security Bulletin Summary - August 2014
FYI...
- https://technet.microsoft.com/library/security/ms14-aug
August 12, 2014 - "This bulletin summary lists security bulletins released for August 2014...
(Total of -9-)
Microsoft Security Bulletin MS14-051 - Critical
Cumulative Security Update for Internet Explorer (2976627*)
- https://technet.microsoft.com/library/security/MS14-051
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
> https://support.microsoft.com/kb/2976627
Aug 12, 2014 - Rev: 2.0 - "This security update 2976627 resolves one -publicly- disclosed and -25- privately reported vulnerabilities in Internet Explorer..."
* https://support.microsoft.com/kb/2976627
Last Review: Aug 15, 2014 - Rev: 4.0
Microsoft Security Bulletin MS14-043 - Critical
Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742)
- https://technet.microsoft.com/library/security/ms14-043
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-048 - Important
Vulnerability in OneNote Could Allow Remote Code Execution (2977201)
- https://technet.microsoft.com/library/security/MS14-048
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS14-044 - Important
Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340)
- https://technet.microsoft.com/library/security/MS14-044
Important - Elevation of Privilege - May require restart - Microsoft SQL Server
Microsoft Security Bulletin MS14-045 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
- https://technet.microsoft.com/library/security/MS14-045
Important - Elevation of Privilege - Requires restart - Microsoft Windows
V2.0 (August 15, 2014): Bulletin revised to -remove- Download Center links for Microsoft security update 2982791. Microsoft recommends that customers -uninstall- this update. See the Update FAQ for details.
V3.0 (August 27, 2014): Bulletin rereleased to announce the replacement of the 2982791 update with the 2993651 update* for all supported releases of Microsoft Windows. See the Update FAQ for details.
Microsoft Security Bulletin MS14-049 - Important
Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490)
- https://technet.microsoft.com/library/security/MS14-049
Important - Elevation of Privilege - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-050 - Important
Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202)
- https://technet.microsoft.com/library/security/MS14-050
Important - Elevation of Privilege - May require restart - Microsoft Server Software
Microsoft Security Bulletin MS14-046 - Important
Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)
- https://technet.microsoft.com/library/security/MS14-046
Important - Security Feature Bypass - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS14-047 - Important
Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)
- https://technet.microsoft.com/library/security/MS14-047
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/arch...y-updates.aspx
12 Aug 2014
Deployment Priority, Severity, and Exploit Index
- http://blogs.technet.com/cfs-file.as...entAug2014.jpg
___
August 2014 Office Update Release
- http://blogs.technet.com/b/office_su...e-release.aspx
12 Aug 2014 - "... There are 3 security updates (3 bulletins) and 25 non-security updates..."
Aug 13, 2014 - "UPDATE: An issue has been discovered in the non-security Outlook 2013 update (KB 2881011) that prevents some users from opening archive folders. We have removed this update from availability and released a new update, KB2889859 that fixes the issue. Additionally, KB2992644, has more information on the specific issue. We apologize for any inconvenience."
___
- http://www.securitytracker.com/id/1030714 - MS14-043
- http://www.securitytracker.com/id/1030716 - MS14-044
- http://www.securitytracker.com/id/1030718 - MS14-045
- http://www.securitytracker.com/id/1030721 - MS14-046
- http://www.securitytracker.com/id/1030722 - MS14-047
- http://www.securitytracker.com/id/1030717 - MS14-048
- http://www.securitytracker.com/id/1030719 - MS14-049
- http://www.securitytracker.com/id/1030720 - MS14-050
- http://www.securitytracker.com/id/1030715 - MS14-051
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18521
2014-08-12
.
-
MS Security Advisory 2755801
FYI...
Microsoft Security Advisory 2755801
- https://technet.microsoft.com/en-us/...curity/2755801
Updated: August 12, 2014 - Version: 27.0 - "... Microsoft released an update (2982794*) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-18**. For more information about this update, including download links, see Microsoft Knowledge Base Article 2982794*.
Note: Updates for Windows RT and Windows RT 8.1 are available via Windows Update***..."
* https://support.microsoft.com/kb/2982794
** http://helpx.adobe.com/security/prod...APSB14-18.html
*** https://www.update.microsoft.com/windowsupdate/
:fear:
-
BSOD - Stop 0x050 error ...
FYI...
BSOD - Blue Screen Stop 0x050 error reported for systems installing KB2976897, KB2982791, and KB2970228
Two of Microsoft's kernel-mode driver updates - which often cause problems -- are triggering a BSOD error message on some Windows systems
- http://www.infoworld.com/t/microsoft...2970228-248363
Aug 14, 2014 - "Details at this point are sparse, but it looks like three different patches from this week's Black Tuesday crop are causing Blue Screens with a Stop 0x50 error on some systems. If you're hitting a BSOD, you can help diagnose the problem (and perhaps prod Microsoft to find a solution) by adding your voice to the Microsoft Answers Forum thread* on the subject. Problematic kernel-mode driver updates aren't unusual at all. Now that Microsoft is releasing more of them, problems seem to be cropping up more frequently.
In this case, two MS14-045/KB 2984615 kernel-mode driver patches, KB2976897 and KB2982791, have been implicated in triggering Blue Screen Stop 0x50 messages. Oddly, that Windows 8.1 "Update 2" fix that adds the ruble character as an official currency marker in Win 8.x and Win7, KB 2970228, seems to be causing the problem, too. At this point there's no word on possible causes, although several people have identified their operating systems as 64-bit Windows 7..."
* http://answers.microsoft.com/en-us/w...2-a78fe68766fd
> https://technet.microsoft.com/library/security/MS14-045
:fear::fear: :sad:
-
MS14-045 Known issues - download links removed
FYI...
MS14-045 - See "Known issues" ...
- https://support.microsoft.com/kb/2982791
Last Review: August 19, 2014 - Revision: 4.2 - "... Status:
Microsoft has -removed- the download links to these updates while these issues are being investigated...
Mitigations: Open the Programs and Features item in Control Panel, and then click View installed updates. Find and then -uninstall- any of the following update that are currently installed:
KB2982791
KB2970228
KB2975719
KB2975331 ..."
(More detail at the URL above.)
- https://technet.microsoft.com/library/security/ms14-045
V2.0 (August 15, 2014): Bulletin revised to -remove- Download Center links for Microsoft security update 2982791. Microsoft recommends that customers -uninstall- this update. See the Update FAQ for details.
V3.0 (August 27, 2014): Bulletin rereleased to announce the replacement of the 2982791 update with the 2993651 update* for all supported releases of Microsoft Windows. See the Update FAQ for details.
:fear::fear:
-
Aug 2014 Security Bulletin Webcast Q&A
FYI...
August 2014 Security Bulletin Webcast Q&A
- http://blogs.technet.com/b/msrc/arch...d-q-amp-a.aspx
18 Aug 2014 - "Today, we published the August 2014 Security Bulletin webcast questions and answers page*... We answered ten questions on air, with the majority focusing on the update for Internet Explorer... We are aware of some issues related to the recent updates and are working on a fix. For more information please read KB 2982791**..."
* http://blogs.technet.com/b/msrc/p/au...letin-q-a.aspx
Aug 13, 2014
** https://support.microsoft.com/kb/2982791
Last Review: Aug 19, 2014 - Rev: 4.2
:fear::fear:
-
IE hotfix KB 2991509
FYI...
Internet Explorer may become slow or unresponsive when web applications implement consecutive modal dialog boxes
- https://support.microsoft.com/kb/2991509
Last Review: Aug 21, 2014 - Rev: 2.0 - "After you apply the MS14-037 or MS14-051 cumulative security update for Internet Explorer, web applications that implement consecutive modal dialog boxes may cause Internet Explorer to become slow and unresponsive over time. This issue occurs in Internet Explorer versions 7 through 11..."
- https://support.microsoft.com/kb/2991509#prerequisites
"Prerequisites: You -must- have MS14-051* Cumulative security update for Internet Explorer installed to apply this hotfix... You -must- restart the computer after you apply this update..."
* https://support.microsoft.com/kb/2976627
MS14-051 Issue fix KB2991509 not available for Windows 8 x64
- http://social.technet.microsoft.com/...tprocurrentver
___
- http://blogs.msmvps.com/bradley/2014...e-4th-tuesday/
August 25th, 2014 - "With no hint of a re-release of the kernel updates that caused the bsod’s. On the one hand it’s good to only release it when it’s ready, on the other hand, it’s a bit concerning that it’s talking this long to come out with a rereleased version."
:fear::fear:
-
MS14-045 rereleased
FYI...
MS14-045 rereleased
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
- https://technet.microsoft.com/en-us/.../ms14-045.aspx
V3.0 (August 27, 2014): Bulletin rereleased to announce the replacement of the 2982791 update with the 2993651 update* for all supported releases of Microsoft Windows. See the Update FAQ for details.
* https://support.microsoft.com/kb/2993651
Last Review: Aug 28, 2014 - Rev: 3.0
- http://blogs.technet.com/b/msrc/arch...ereleased.aspx
27 Aug 2014
___
- http://www.infoworld.com/t/microsoft...wn-bugs-249342
Aug 28, 2014 - "... As of early this morning, one Windows 8 user was reporting black screens* with the -new- patch, KB 2993651. Answers Forum posters pacman10, JohnBurgessUK, and chadlan can't get Windows Update to check for new updates after installing KB 2993651 (although rseiler reports all's well). It's too early to tell for sure, but there may be more problems with the -new- patch..."
* http://answers.microsoft.com/en-us/w...8766fd?page=56
___
- http://www.computerworld.com/article...crippling.html
Aug 22, 2014 - "... end users and IT administrators alike, who have all tried to explain what they see as a -decline- in the quality of Microsoft's software updates. Some of that speculation has revolved around the July job cuts \ Microsoft made in the U.S., where according to many accounts a large number of software test engineers were let go..."
'Maybe just made it -worse- re: the "Dear Mr. Ballmer" open letter:
- http://blogs.msmvps.com/bradley/2013...y-email-today/
>> Sep 12th, 2013
:fear::fear:
-
MS Security Bulletin Summary - September 2014
FYI...
- https://technet.microsoft.com/library/security/ms14-sep
Sep 9, 2014 - "This bulletin summary lists security bulletins released for September 2014...
(Total of -4-)
Microsoft Security Bulletin MS14-052 - Critical
Cumulative Security Update for Internet Explorer (2977629)
- https://technet.microsoft.com/library/security/MS14-052
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- http://support.microsoft.com/kb/2977629
Last Review: Sep 16, 2014 - Rev: 2.0
"... This security update resolves 1 publicly disclosed and 36 privately reported vulnerabilities..."
Microsoft Security Bulletin MS14-053 - Important
Vulnerability in .NET Framework Could Allow Denial of Service (2990931)
- https://technet.microsoft.com/library/security/MS14-053
Important - Denial of Service - May require restart - Microsoft Windows, Microsoft .NET Framework
V1.1 (Sep 17, 2014): Bulletin revised to clarify language in the Executive Summary, Mitigating Factors, and Vulnerability FAQ sections that describes the attack vector for CVE-2014-4072. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-4072 - 5.0
Microsoft Security Bulletin MS14-054 - Important
Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948)
- https://technet.microsoft.com/library/security/MS14-054
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-055 - Important
Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)
- https://technet.microsoft.com/library/security/MS14-055
Important - Denial of Service - Does not require restart - Microsoft Lync Server
V2.0 (Sep 15, 2014): Bulletin revised to -remove- Download Center links for Microsoft security update 2982385 for Microsoft Lync Server 2010...
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-4068 - 5.0
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-4070 - 5.0
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-4071 - 5.0
___
- http://blogs.technet.com/b/msrc/arch...y-updates.aspx
Deployment Priority, Severity, Exploit Index
- http://blogs.technet.com/cfs-file.as...deployment.jpg
___
September 2014 Office Update Release
- http://blogs.technet.com/b/office_su...e-release.aspx
9 Sep 2014 - "... There are no security updates. There are 18 non-security updates..."
___
- http://www.securitytracker.com/id/1030818 - MS14-052
- http://www.securitytracker.com/id/1030819 - MS14-053
- http://www.securitytracker.com/id/1030820 - MS14-054
- http://www.securitytracker.com/id/1030821 - MS14-055
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18627
2014-09-09
___
MS Security Advisories - Sep 2014
Update to Improve Credentials Protection and Management
- https://technet.microsoft.com/en-us/...curity/2871997
V3.0 (September 9, 2014): Rereleased advisory to announce the release of update 2982378 to provide additional protection for users’ credentials when logging into a Windows 7 or Windows Server 2008 R2 system...
Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/...curity/2905247
V2.0 (September 9, 2013): Advisory rereleased to announce the offering of the security update via Microsoft Update, in addition to the Download-Center-only option that was provided when this advisory was originally released. Additionally, some of the updates were reissued to improve their quality...
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/...curity/2755801
V28.0 (September 9, 2014): Added the 2987114 update to the Current Update section.
.
-
Update for OneDrive for Business KB2889866
FYI...
Update for OneDrive for Business (KB2889866)
- https://support.microsoft.com/kb/2889866
Last Review: Sep 10, 2014 - Rev: 2.0
"Notice: We are investigating an issue that is affecting the September 2014 update for Microsoft OneDrive for Business. Therefore, we have removed the update from availability for now..."
- http://blogs.technet.com/b/office_su...e-release.aspx
10 Sep 2014 - "UPDATE - We have discovered an issue with update KB 2889866. We have removed the update from availability while we investigate."
___
- http://www.infoworld.com/t/microsoft...tuesday-250304
Sep 11, 2014
___
September 2014 Security Bulletin Webcast Q&A
- http://blogs.technet.com/b/msrc/arch..._q_2d00_a.aspx
12 Sep 2014 - "Today we’re publishing the September 2014 Security Bulletin Webcast Questions & Answers page*..."
* http://blogs.technet.com/b/msrc/p/se...bcast-q-a.aspx
:fear:
-
MS14-055 revised ...
FYI...
MS14-055 revised - Vulnerabilities in Lync could allow denial of service ...
- https://technet.microsoft.com/library/security/MS14-055
V2.0 (September 15, 2014): Bulletin revised to remove* Download Center links for Microsoft security update 2982385 for Microsoft Lync Server 2010...
* Update FAQ
Why was this bulletin revised on September 15, 2014?
Microsoft revised this bulletin to address a known issue that prevented users from successfully installing security update 2982385 for Microsoft Lync Server 2010. Microsoft is investigating behavior associated with the installation of this update, and will update this bulletin when more information becomes available. As an added precaution, Microsoft has removed the download links to the 2982385 security update...
Related: https://support.microsoft.com/kb/2990928
Last Review: Sep 16, 2014 - Rev: 2.0
:fear:
-
MS14-046: revised ...
FYI...
MS14-046: Description of the security update for the .NET Framework 3.5
on Windows 8 and Windows Server 2012: Aug 12, 2014
* https://support.microsoft.com/kb/2966827
Last Review: Sep 19, 2014 - Rev: 3.0
Bulletin Information:
MS14-046 - Important
- https://technet.microsoft.com/library/security/ms14-046
- Reason for Revision: V1.2 (Sep 19, 2014): Bulletin
revised with a change to the 'Known Issues' entry in the Knowledge
Base Article section from "None" to "Yes".
- Originally posted: August 12, 2014
- Updated: September 19, 2014
- Bulletin Severity Rating: Important
- Version: 1.2
___
Enabling the Microsoft .NET Framework 3.5 optional Windows feature on Windows 8
and Windows Server 2012 may -fail- after you install security update 2966827
- https://support.microsoft.com/kb/3002547
Last Review: Sep 19, 2014 - Rev: 2.0
:fear::fear:
-
Ms14-055 - v3 ...
FYI...
Microsoft Security Bulletin MS14-055 - Important
Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)
- https://technet.microsoft.com/en-us/...urity/MS14-055
V3.0 (September 23, 2014): Bulletin rereleased to announce the re-offering of the 2982385 security update file (server.msp) for Microsoft Lync Server 2010...
Why was this bulletin revised on September 23, 2014?
Microsoft re-released this bulletin to announce the re-offering of the 2982385 security update file (server.msp) for Microsoft Lync Server 2010. The re-released update addresses an issue in the original offering that prevented users from successfully installing the server.msp file. Customers who attempted to install the original update will be re-offered the 2982385* update and are encouraged to apply it at the earliest opportunity...
* https://support.microsoft.com/kb/2982385
Sep 23, 2014 - Rev: 2.0
:fear:
-
IE10/IE11 in Win8/8.1 - Flash Player update
FYI...
IE10/IE11 in Win8/8.1 - Flash Player update
- https://technet.microsoft.com/en-us/...curity/2755801
Sep 23, 2014
V29.0 (Sep 23, 2014): Added the 2999249* update to the Current Update section.
Update for Adobe Flash Player in Internet Explorer
* https://support.microsoft.com/kb/2999249
Sep 23, 2014 - Rev: 1.0 - "An issue was found in which some videos may not play, or you may receive an error message, when you try to watch video from certain websites. Microsoft has released an update for this issue for IT professionals. This release contains a fix that will significantly reduce the prevalence of video playback failures on sites where this problem previously occurred.
Known issues with this update: Windows Update will not offer this update to Windows RT-based computers until update 2808380 is installed. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 2808380** Windows RT-based device cannot download software updates or Windows Store apps."
** https://support.microsoft.com/kb/2808380
Mar 7, 2013 - Rev: 3.0
[ Hat tip to dvk01: http://myonlinesecurity.co.uk/micros...windows-8-8-1/ ]
:fear::fear:
-
MS Security Bulletin Summary - October 2014
FYI...
- https://technet.microsoft.com/library/security/ms14-oct
Oct 14, 2014 - "This bulletin summary lists security bulletins released for October 2014...
(Total of -8-)
Microsoft Security Bulletin MS14-056 - Critical
Cumulative Security Update for Internet Explorer (2987107)
- https://technet.microsoft.com/library/security/ms14-056
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- https://support.microsoft.com/kb/2987107
"... resolves -14- privately reported vulnerabilities in Internet Explorer. This security update helps protect Internet Explorer from being attacked when you view a specially crafted webpage..."
- https://support.microsoft.com/kb/2987107
Last Review: Oct 20, 2014 - Rev: 3.0
Microsoft Security Bulletin MS14-057 - Critical
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)
- https://technet.microsoft.com/library/security/ms14-057
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS14-058 - Critical
Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)
- https://technet.microsoft.com/library/security/ms14-058
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-059 - Important
Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)
- https://technet.microsoft.com/library/security/ms14-059
Important - Security Feature Bypass - May require restart - Microsoft Developer Tools
- https://support2.microsoft.com/kb/2990942
Last Review: Oct 16, 2014 - Rev: 2.0
Microsoft Security Bulletin MS14-060 - Important
Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)
- https://technet.microsoft.com/library/security/ms14-060
Important - Remote Code Execution - May require restart - Microsoft Windows
- http://www.isightpartners.com/2014/10/cve-2014-4114/
Oct 14, 2014
- https://support.microsoft.com/kb/3000869
Last Review: Oct 14, 2014 - Rev: 1.1
Microsoft Security Bulletin MS14-061 - Important
Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)
- https://technet.microsoft.com/library/security/ms14-061
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps
- https://support.microsoft.com/kb/3000434
Last Review: Oct 14, 2014 - Revision: 1.1
Microsoft Security Bulletin MS14-062 - Important
Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)
- https://technet.microsoft.com/library/security/ms14-062
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-063 - Important
Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)
- https://technet.microsoft.com/library/security/ms14-063
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/arch...4-updates.aspx
Deployment Priority, Severity, and Exploit Index
- http://blogs.technet.com/cfs-file.as...s-overview.png
___
- http://www.securitytracker.com/id/1031018 - MS14-056
CVE Reference: CVE-2014-4123, CVE-2014-4124, CVE-2014-4126, CVE-2014-4127, CVE-2014-4128, CVE-2014-4129, CVE-2014-4130, CVE-2014-4132, CVE-2014-4133, CVE-2014-4134, CVE-2014-4137, CVE-2014-4138, CVE-2014-4140, CVE-2014-4141
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6, 7, 8, 9, 10, 11 ...
- http://www.securitytracker.com/id/1031021 - MS14-057
- http://www.securitytracker.com/id/1031022 - MS14-058
- http://www.securitytracker.com/id/1031023 - MS14-059
- http://www.securitytracker.com/id/1031017 - MS14-060
CVE Reference: CVE-2014-4114
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs ...
This vulnerability is being actively exploited via PowerPoint files.
The original advisory is available at: http://www.isightpartners.com/2014/10/cve-2014-4114/
iSIGHT Partners reported this vulnerability...
- http://www.securitytracker.com/id/1031024 - MS14-061
- http://www.securitytracker.com/id/1031025 - MS14-062
- http://www.securitytracker.com/id/1031027 - MS14-063
___
October 2014 Office Update Release
- http://blogs.technet.com/b/office_su...e-release.aspx
14 Oct 2014 - "... There are 6 security updates (1 bulletin) and 21 non-security updates..."
___
MSRT October 2014 – Hikiti
- http://blogs.technet.com/b/mmpc/arch...14-hikiti.aspx
Oct 14, 2014 - "The October release of the Malicious Software Removal Tool (MSRT) is directly related to a Coordinated Malware Eradication (CME) initiative led by Novetta and with the help of many other security partners: F-Secure, ThreatConnect, ThreatTrack Security, Volexity, Symantec, Tenable, Cisco, and iSIGHT. Collaboration across private industry is crucial to addressing advanced persistent threats. The target in this campaign is an advanced persistent threat that served as the infrastructure of actors that launched targeted attacks against multiple organizations around the world. This month, the MSRT along with all of the partners in our Virus Information Alliance program are releasing new coverage for this infrastructure: Win32/Hikiti and some of the related malware families, Win32/Mdmbot, Win32/Moudoor, Win32/Plugx, Win32/Sensode, and Win32/Derusbi. Novetta has released an executive summary* on this threat..."
* http://www.novetta.com/operationsmn
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18819
2014-10-14 - "... only -8- instead of the promised 9 bulletins. Also, of particular interest is MS14-060 which was pre-announced by iSight Partners. iSight has seen this vulnerability exploited in some "APT" style attacks against NATO/US military interests and attributes these attacks to Russia..."
___
MS Advisories for October 2014
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/...curity/2755801
Updated: Oct 14, 2014 - v30.0
Microsoft Security Advisory 2949927
Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2
- https://technet.microsoft.com/en-us/...curity/2949927
Oct 14, 2014
V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. Microsoft recommends that customers experiencing issues -uninstall- this update. Microsoft is investigating behavior associated with this update, and will update the advisory when more information becomes available.
- https://support.microsoft.com/kb/2949927
Last Review: Oct 21, 2014 - Rev: 6.1
Microsoft Security Advisory 2977292
Update for Microsoft EAP Implementation that Enables the Use of TLS
- https://technet.microsoft.com/en-us/...curity/2977292
Oct 14, 2014
Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/...y/3009008.aspx
V1.1 Oct 15, 2014: Advisory revised to include a workaround for disabling the SSL 3.0 protocol in Windows.
.
-
KB2952664 problems ...
FYI...
KB2952664 problems ...
- http://myonlinesecurity.co.uk/micros...2664-problems/
15 Oct 2014 - "Once again the October 2014 windows updates are causing problems on many computers. The biggest problem this month appears to be KB2952664 update for Windows 7. Do -not- install KB 2952664 update for Windows 7 unless you intend to update the windows 7 computer to either Windows 8 or the windows 10 preview. Various forums, including Microsoft help forums* are full of posts complaining about it failing. There is absolutely no need for the majority of users to install this update on their computer. If you have installed it, it will appear in the update history as -failed-. Go to programs & features, all updates and select KB2952664, press uninstall, reboot the computer and all will be OK. Then go to windows update, press check for updates, when the KB2952664 appears in the window, right click the entry and select -hide- update. You might then get a prompt asking for your admin account password if you are running as a standard user or a normal UAC prompt to continue with hiding the update. This KB 2952664 update for Windows 7 has been continually pushed out by Microsoft almost every month since April 2014 with various tweaks and revisions. Most have had some degree of install problems or have caused some degree of system instabilities. The October 2014 version appears to be the most problematic. It isn’t needed so don’t install it..."
* http://answers.microsoft.com/en-us/w...f-edcf9ac1347b
Compatibility update for upgrading Windows 7
- https://support.microsoft.com/kb/2952664
> http://www.infoworld.com/article/283...-80242016.html
Oct 15, 2014
:fear::fear: :sad:
-
More botched MS patches ...
FYI...
Four more botched MS patches: KB 3000061, KB 2984972, KB 2949927, KB 2995388
Windows users are reporting significant problems with four more October Black Tuesday patches
- http://www.infoworld.com/article/283...b-2995388.html
Oct 16, 2014 - "... Black Tuesday problems continue to pile up. Yesterday brought to light problems with KB 2952664*, the seventh patch with that name, which fails to install on a large number of Windows 7 machines. Now there are reports of four more botched patches. It's too early to tell exactly what's causing the problems, but if you're having headaches, you aren't alone - and there are solutions.
* http://www.infoworld.com/article/283...-80242016.html
KB 3000061**... is a kernel mode driver update, MS 14-058. It's one of Microsoft's zero-day patches this month - there are very limited but identified attacks in the wild that use this security hole.
** https://support.microsoft.com/kb/3000061
TechNet has a thread*** about failure to install on Server 2012 machines. Poster jcs916 describes a problem with installing KB 3000061 on a Windows 8.1 machine...
*** https://social.technet.microsoft.com...=winserver8gen
Microsoft released seven separately identified security patches that weren't associated with Security Bulletins. One of them, KB 2984972, isn't faring well... AndrewKelly, posting on the TechNet forum[4], says he has had problems with Autodesk packages after applying the patch:
4] https://social.technet.microsoft.com...forum=mdopappv
... Finally, a nonsecurity update rollup, KB 2995388[5] - also distributed Tuesday - is causing problems with VMware. After installing the patch, every time you try to boot a virtual machine, you get a message: "Not enough physical memory is available to power on this virtual machine with its configured settings." The VMware folks[6] recommend you -not- install KB 2995388; if you have, they recommend that you -uninstall- it."
5] http://support.microsoft.com/kb/2995388
6] http://blogs.vmware.com/workstation/...-1-update.html
___
- http://blogs.msmvps.com/bradley/2014...eep-an-eye-on/
Oct 15, 2014
:fear::fear: :sad:
-
M$ yanks botched patch KB 2949927, re-issues KB 2952664
FYI...
M$ yanks botched patch KB 2949927, re-issues KB 2952664
Windows 7 upgrade compatibility patch gets a tweaked installer, while the SHA-2 hashing patch is summarily removed without explanation
- http://www.infoworld.com/article/283...b-2952664.html
Oct 17, 2014 - "Tell me if you've heard this one before: Microsoft has pulled a patch - KB 2949927*, a patch so important it rated its own Security Advisory - and there's no official notification that the patch was yanked, no explanation as to why it's been pulled, and no instructions for removing (or keeping) the patch if it did somehow get installed... Take-away lesson: Ignore Windows error messages. Aunt Martha can handle that. The more disconcerting patch, KB 2949927, was one of the -four- botched patches I mentioned yesterday. It adds SHA-2 hash signing and verification capability to Windows 7. Trying to install it on some machines led to multiple reboots failing with error 80004005 - a nice way to spend your Tuesday afternoon. And Wednesday. And Thursday morning... What should you do if the patch was installed? I have no idea, and Microsoft isn't saying a thing. Still -no- word on the other bad patches..."
* https://support.microsoft.com/kb/2949927
Last Review: Oct 21, 2014 - Rev: 6.1
:fear::fear::fear: :sad:
-
MS Security Advisory 3010060 released
FYI...
Security Advisory 3010060 released
- http://blogs.technet.com/b/msrc/arch...-released.aspx
21 Oct 2014 - "Today, we released Security Advisory 3010060* to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file. As part of this Security Advisory, we have included an easy, one-click Fix it** solution to address the known cyberattack. Please review the "Suggested Actions" section of the Security Advisory for additional guidance. Applying the Fix it does not require a reboot. We suggest customers apply this Fix it to help protect their systems..."
Microsoft Security Advisory 3010060
Vulnerability in Microsoft OLE Could Allow Remote Code Execution
* http://technet.microsoft.com/en-us/s...visory/3010060
21 Oct 2014 - "... we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint..."
** https://support.microsoft.com/kb/3010060#FixItForMe
Last Review: Oct 22, 2014 - Rev: 2.0
Enable this fix it - Microsoft Fix it 51026
- http://www.securitytracker.com/id/1031097
CVE Reference:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-6352 - 9.3 (HIGH)
Last revised: 10/23/2014 "... as exploited in the wild in October 2014 with a crafted PowerPoint document."
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs...
> https://support.microsoft.com/kb/3010060#FixItForMe
___
- http://www.symantec.com/connect/blog...-vulnerability
22 Oct 2014 - "At least two groups of attackers are continuing to take advantage of the recently discovered Sandworm vulnerability in Windows by using an exploit that bypasses the patch... Microsoft is aware of the vulnerability and has issued a -new- security advisory warning users of possible attacks. The company has yet to release a patch for this latest issue, which is being tracked as the Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2014-6352*)... The -new- vulnerability affects all supported releases of Microsoft Windows, excluding Windows Server 2003. Microsoft has produced a Fix it** solution to address -known- exploits. Windows users are advised to exercise caution when opening Microsoft PowerPoint files or other files from -untrusted- sources. It is also recommended that the User Account Control (UAC) be enabled, if it is not already..."
* https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-6352 - 9.3 (HIGH)
** https://support.microsoft.com/kb/3010060#FixItForMe
- http://atlas.arbor.net/briefs/index#973033948
Elevated Severity
23 Oct 2014
:fear: