MS Security Advisory 2755801
FYI...
MS Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/...curity/2755801
V23.0 (April 28, 2014): Added the 2961887 update to the Current Update section.
On April 28, 2014, Microsoft released an update (2961887) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-13*. For more information about this update, including download links, see Microsoft Knowledge Base Article 2961887** ...
* http://helpx.adobe.com/security/prod...apsb14-13.html
** https://support.microsoft.com/kb/2961887
Last Review: April 28, 2014 - Rev: 1.0
- https://technet.microsoft.com/en-us/...curity/2963983
V1.1 (April 29, 2014): Updated advisory to clarify workarounds to help prevent exploitation of the vulnerability described in this advisory. See Advisory FAQ for details.
:fear::fear:
V23.1 MS Security Advisory 2755801
FYI...
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/...curity/2755801
V23.1 (April 30, 2014): Revised advisory to clarify that the 2961887* update is -not- cumulative and requires that the 2942844** update be installed for affected systems to be offered the update.
* https://support.microsoft.com/kb/2961887
Last Review: Apr 8, 2014 - Rev: 1.0
** https://support.microsoft.com/kb/2942844
Last Review: Apr 8, 2014 - Rev: 1.0
___
An update is available for EMET Certificate Trust default rules
- https://support.microsoft.com/kb/2961016
Last Review: Apr 29, 2014 - Rev: 1.0
Applies to: Enhanced Mitigation Experience Toolkit 4.1
Enhanced Mitigation Experience Toolkit
- https://support.microsoft.com/kb/2458544
Last Review: Apr 30, 2014 - Rev: 9.0
:confused:
___
Microsoft Security Advisory 2963983
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/...curity/2963983
Updated: May 1, 2014 Ver: 2.0 - "Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS14-021* to address this issue..."
* https://technet.microsoft.com/library/security/ms14-021
May 1, 2014
- https://support.microsoft.com/kb/2965111
Last Review: May 1, 2014 - Rev: 1.2
> http://update.microsoft.com/
:spider:
Win8.1 update - Rev: 17.0
FYI...
Win8.1 update ...
- https://support.microsoft.com/kb/2919355
Apr 16, 2014 - Rev: 11.0
Apr 17, 2014 - Rev: 12.0
Apr 18, 2014 - Rev: 13.0
Apr 25, 2014 - Rev: 16.0
Last Review: May 4, 2014 - Rev: 17.0
:fear: :sad:
Win8.1 update - Rev 18.0 ...
FYI...
Win8.1 update ...
- https://support.microsoft.com/kb/2919355
Apr 16, 2014 - Rev: 11.0
Apr 17, 2014 - Rev: 12.0
Apr 18, 2014 - Rev: 13.0
Apr 25, 2014 - Rev: 16.0
May 4, 2014 - Rev: 17.0
Last Review: May 5, 2014 - Rev: 18.0
- http://www.infoworld.com/t/microsoft...2919355-241891
May 05, 2014
- http://www.infoworld.com/t/microsoft...t-fixes-242016
May 06, 2014
:fear::fear: :sad:
MS Security Advisory 2962393
FYI...
Microsoft Security Advisory 2962393
Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client
- https://technet.microsoft.com/en-us/...curity/2962393
May 5, 2014 - "Microsoft is announcing the availability of an update for the Juniper Networks Windows In-Box Junos Pulse Client for Windows 8.1 and Windows RT 8.1. The update addresses a vulnerability in the Juniper VPN client by updating the affected Juniper VPN client libraries contained in affected versions of Microsoft Windows... Microsoft released an update for the Juniper Networks Windows In-Box Junos Pulse VPN client. The update addresses the vulnerability described in Juniper Security Advisory JSA10623*. For more information about this update, including download links, see Microsoft Knowledge Base Article 2962393**.
Note: Updates for Windows RT 8.1 are available via Windows Update."
* https://kb.juniper.net/InfoCenter/in...nt&id=JSA10623
Last Updated: 30 Apr 2014
Version: 43.0
** https://support.microsoft.com/kb/2962393
Last Review: May 5, 2014 - Rev: 1.1
:fear:
MS SIRv16: Jul 2013 to Dec 2013
FYI...
MS SIR Volume 16: July 2013 to December 2013
- http://www.microsoft.com/security/sir/default.aspx
- http://blogs.technet.com/b/mmpc/arch...-measures.aspx
7 May 2014 - "Microsoft’s Security Intelligence Report volume 16 (SIRv16) was released today, providing threat trends on malware encounter rates, infection rates, vulnerabilities, exploits, and more for 110 countries/regions worldwide. The report is designed to help IT and security professionals better protect themselves and their organizations from cyberattacks. Malware data is gathered from the Malicious Software Removal Tool (MSRT), which is used to calculate the infection rate (Computers Cleaned per Mille (CCM), and our real-time protection products are used to derive the encounter rate. One of the more notable findings included in the report was an increase in worldwide infection rates and encounter rates. About 21.2 percent of reporting computers encountered malware each quarter in 2013. We also saw an infection rate of 11.7 CCM. More specifically, the infection rate increased from a CCM rate of 5.6 in the third quarter of 2013 to 17.8 in the fourth—a threefold increase, and the largest infection rate increase ever measured by the MSRT between two consecutive quarters. This rise was predominantly affected by malware using deceptive tactics, influenced by three families not unfamiliar to readers of this blog: Sefnit, and its related families Rotbrow and Brantall..."
___
Malware infections tripled in late 2013, Microsoft finds
- https://www.computerworld.com/s/arti...icrosoft_finds
May 7, 2014
- http://www.infoworld.com/t/malware/f...crosoft-242130
May 08, 2014
:fear::fear:
MS Security Bulletin Summary - May 2014
FYI...
- https://technet.microsoft.com/library/security/ms14-may
May 13, 2014 Ver: 2.0 - "This bulletin summary lists security bulletins released for May 2014...
(Total of -8-)
Microsoft Security Bulletin MS14-029 - Critical
Security Update for Internet Explorer (2962482)
- https://technet.microsoft.com/library/security/ms14-029
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0310 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-1815 - 9.3 (HIGH)
Last revised: 05/14/2014 - "... as exploited in the wild in May 2014..."
Microsoft Security Bulletin MS14-022 - Critical
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166)
- https://technet.microsoft.com/library/security/ms14-022
Critical - Remote Code Execution - May require restart - Microsoft Server Software, Productivity Software
Microsoft Security Bulletin MS14-023 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037)
- https://technet.microsoft.com/library/security/ms14-023
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS14-025 - Important
Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486)
- https://technet.microsoft.com/library/security/ms14-025
Important - Elevation of Privilege - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-026 - Important
Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)
- https://technet.microsoft.com/library/security/ms14-026
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS14-027 - Important
Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488)
- https://technet.microsoft.com/library/security/ms14-027
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-028 - Important
Vulnerabilities in iSCSI Could Allow Denial of Service (2962485)
- https://technet.microsoft.com/library/security/ms14-028
Important - Denial of Service - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-024 - Important
Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033)
- https://technet.microsoft.com/library/security/ms14-024
Important - Security Feature Bypass - May require restart - Microsoft Office
___
- http://blogs.technet.com/b/msrc/arch...y-updates.aspx
13 May 2014
Assessing risk for the May 2014 security updates
- http://blogs.technet.com/b/srd/archi...y-updates.aspx
13 May 2014
___
May 2014 Office Update
- http://blogs.technet.com/b/office_su...e-release.aspx
13 May 2014 - "There are 31 security updates (3 bulletins*) and 30 non-security updates..."
* MS14-022, MS14-023, MS14-024
___
- http://www.securitytracker.com/id/1030227 - MS14-022
- http://www.securitytracker.com/id/1030230 - MS14-023
- http://www.securitytracker.com/id/1030235 - MS14-024
- http://www.securitytracker.com/id/1030231 - MS14-025
- http://www.securitytracker.com/id/1030232 - MS14-026
- http://www.securitytracker.com/id/1030233 - MS14-027
- http://www.securitytracker.com/id/1030234 - MS14-028
- http://www.securitytracker.com/id/1030224 - MS14-029
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18113
Last Updated: 2014-05-13 17:23:09 UTC
___
Patch Tuesday Updates: Microsoft, Adobe
... Malicious actors often use security updates to write their own exploits targeting unpatched systems
- http://atlas.arbor.net/briefs/
Extreme Severity
May 16, 2014
.