MS Security Advisory - Digital Certificates / Compat updts - Win7, Win8, 8.1
FYI...
Microsoft Security Advisory 3050995
Improperly Issued Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/librar...or=-2147217396
March 24, 2015 - "Microsoft is aware of digital certificates that were improperly issued from the subordinate CA, MCS Holdings, which could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The improperly issued certificates cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. To help protect customers from the potentially fraudulent use of these improperly issued certificates, Microsoft is updating the Certificate Trust list (CTL) to remove the trust of the subordinate CA certificate. The trusted root Certificate Authority, the China Internet Network Information Center (CNNIC), has also revoked the certificate of the subordinate CA. Microsoft is working on an update for Windows Server 2003 customers and will release it once fully tested..."
- https://support.microsoft.com/en-us/kb/3050995
Last Review: Mar 24, 2015 - Rev: 1.0
(See "Applies to...")
___
Microsoft Security Bulletin MS15-031 - Important
Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)
- https://technet.microsoft.com/en-us/...urity/MS15-031
V1.1 (March 24, 2015): Revised bulletin to add an FAQ directing customers to Microsoft Knowledge Base Article 3050509* for instructions on how to disable EXPORT ciphers after installing the update on Windows Server 2003 systems.
* https://support.microsoft.com/en-us/kb/3050509
Last Review: Mar 24, 2015 - Rev: 1.0
Applies to:
Microsoft Windows Server 2003 SP2
___
Compatibility update for upgrading Windows 7
- https://support.microsoft.com/en-us/kb/2952664
Last Review: Mar 24, 2015 - Rev: 6.0
Applies to:
Windows 7 SP1, when used with:
Windows 7 Enterprise
Windows 7 Home Basic
Windows 7 Home Premium
Windows 7 Professional
Windows 7 Starter
Windows 7 Ultimate
___
Compatibility update for Windows 7 RTM
- https://support.microsoft.com/en-us/kb/2977759
Last Review: Mar 24, 2015 - Rev: 6.0
Applies to:
Windows 7 Enterprise
Windows 7 Home Premium
Windows 7 Home Basic
Windows 7 Professional
Windows 7 Starter
Windows 7 Ultimate
___
Compatibility update for Windows 8.1 and Windows 8
- https://support.microsoft.com/en-us/kb/2976978
Last Review: Mar 24, 2015 - Rev: 7.0
Applies to:
Windows 8.1 Enterprise
Windows 8.1
Windows 8.1 Pro
Windows 8 Enterprise
Windows 8
Windows 8 Pro
___
An update to enable an automatic update from Windows 8 to Windows 8.1
- https://support.microsoft.com/en-us/kb/3008273
Last Review: Mar 24, 2015 - Rev: 5.0
Applies to:
Windows 8 Pro
Windows 8 Pro N
Windows 8
Windows RT
:fear::fear:
KB 2876229 can hijack your browser
FYI...
KB 2876229 can hijack your browser
Microsoft's patch installs Skype, which by default makes MSN your home page and Bing your search engine
- http://www.infoworld.com/article/290...r-browser.html
March 25, 2015 - "If you were somehow possessed to install the "optional" KB 2876229 patch, make sure you -uncheck- the correct installer boxes, or your Internet Explorer home page will be hijacked and the default search engine changed. That's the default behavior of this boorish Microsoft KB-numbered installer, pushed through the Windows Update chute.
Yesterday's fourth-Tuesday patch round included a rather special patch. Identified as "Skype for Windows desktop 7.0 (KB2876229)," it's an -unchecked- patch offered up for systems that don't already have Skype installed:
> http://core0.staticworld.net/images/...edium.idge.jpg
While you might expect Windows Update to include, uh, Windows updates, this is a patch of a different color. If you check the box and install KB 2876229, Microsoft runs the Windows-based Skype installer. It's the plain vanilla Skype installer, not an update or a patch. Which might not be too bad, but the Skype installer asks if you want to make MSN your home page and if you want to make Bing your default search engine. Unless you uncheck the requisite boxes in the installer, your browser gets taken over.
Welcome to the kind of garbage you would expect to see from Oracle, which still rigs the Java installer to add the Ask toolbar and reset your search engine to Ask."
:fear::fear:
MS Updates released for Win 8.1, Win7SP1, Outlook 2010
FYI...
Update enables additional capabilities for Windows Update notifications in Windows 8.1 and Windows 7 SP1
- https://support.microsoft.com/en-us/kb/3035583
Last Review: Mar 27, 2015 - Rev: 1.0 - "This update enables additional capabilities for Windows Update notifications when new updates are available to the user. It applies to a computer that is running Windows 8.1 or Windows 7 Service Pack 1 (SP1)...
Prerequisites: To install this update, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) installed in Windows 8.1. Or, install Windows 7 SP1...
Applies to:
Windows 8.1 Pro
Windows 8.1
Windows 7 Service Pack 1, when used with:
Windows 7 Ultimate
Windows 7 Professional
Windows 7 Home Premium
Windows 7 Home Basic
Windows 7 Starter
Mystery patch ...
- http://www.infoworld.com/article/290...b-3035583.html
Mar 30, 2015
___
March 26, 2015 update for Outlook 2010
- https://support.microsoft.com/en-us/kb/2965290
Last Review: Mar 26, 2015 - Rev: 1.0 - "This update fixes the following issues:
After you migrate from Microsoft Exchange Server 2010 or Microsoft Exchange Server 2007 to Microsoft Exchange Server 2013, a user's Offline Address Book does not download.
When a user opens an .eml file in cached mode, a Reply, Reply All, or Forward operation results in an empty header block in the body instead of correctly propagating the To and Cc fields.
Mail Tips cannot be retrieved when an item is opened by using an add-in before a connection to the server that is running Exchange Server is established.
Accessibility in the Recover Deleted Items dialog box is poor.
In configurations in which many people use shared folders, members are removed from a large, shared personal distribution when you modify the contents of the distribution...
Applies to:
Microsoft Office 2010 Service Pack 2, when used with:
Microsoft Outlook 2010
:fear::fear:
KB3035583 is a Win10 prompter ...
FYI...
KB3035583 is a Win10 prompter/downloader that nags users about upgrading to Win 10 ...
- http://www.infoworld.com/article/290...ownloader.html
Apr 6, 2015 - "... KB 3035583 is a shill for Windows 10. As poster rugk on the eset Security Forum says, it's "an adware/PUA/PUS/PUP for Windows 10 upgrade." Aldershoff goes into detail:
'Once the update is downloaded it adds a folder to System32 called "GWX" which contains 9 files and a folder called "Download". One of the four .EXE files reveals what the update really is, the description of GWXUXWorker.EXE states, "Download Windows 10?. This explains the X in the name, the X is the Romanian [sic] number 10.'
The folder also contains "config.xml" which contains some URLs that at the moment of writing didn't work. The config file mentions "OnlineAdURL" that points to https://go.microsoft.com/fwlink/?LinkID=526874 and Telemetry BaseURL pointing to http://g.bing.com/GWX/ .
Dudau adds:
'In the same system folder, users can find a config XML file that goes through the program's behavior depending on what "phase" Windows 10 is in. For example, currently the program doesn't display any notifications or act in any way because we're currently in the "None" phase. But as we get to the "RTM" phase of Windows 10, users will likely see a new Live Tile show up on their Start Screen, pointing to the upcoming OS. Similarly, taskbar notifications will also be displayed when Windows 10 launches, prompting users to update.'
Is the patch an -unwanted- intrusion or just a convenient way to let Windows 7, 8, and 8.1 users upgrade to the (free) Windows 10?"
- http://www.infoworld.com/article/290...-win7-pcs.html
Apr 8, 2015
:fear::fear:
MS Security Bulletin Summary - April 2015
FYI...
- https://technet.microsoft.com/library/security/ms15-apr
April 14, 2015 - "This bulletin summary lists security bulletins released for April 2015...
(Total of -11-)
Microsoft Security Bulletin MS15-032 - Critical
Cumulative Security Update for Internet Explorer (3038314)
- https://technet.microsoft.com/library/security/MS15-032
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS15-033 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)
- https://technet.microsoft.com/library/security/MS15-033
Critical - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS15-034 - Critical
Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
- https://technet.microsoft.com/library/security/MS15-034
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS15-035 - Critical
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306)
- https://technet.microsoft.com/library/security/MS15-035
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS15-036 - Important
Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044)
- https://technet.microsoft.com/library/security/MS15-036
Important - Elevation of Privilege - May require restart - Microsoft Server Software, Productivity Software
Microsoft Security Bulletin MS15-037 - Important
Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269)
- https://technet.microsoft.com/library/security/MS15-037
Important - Elevation of Privilege - Does not require restart - Microsoft Windows
Microsoft Security Bulletin MS15-038 - Important
Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576)
- https://technet.microsoft.com/library/security/MS15-038
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS15-039 - Important
Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482)
- https://technet.microsoft.com/library/security/MS15-039
Important - Security Feature Bypass - May require restart - Microsoft Windows
Microsoft Security Bulletin MS15-040 - Important
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711)
- https://technet.microsoft.com/library/security/MS15-040
Important - Information Disclosure - May require restart - Microsoft Windows
Microsoft Security Bulletin MS15-041 - Important
Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)
- https://technet.microsoft.com/library/security/MS15-041
Important - Information Disclosure - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS15-042 - Important
Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234)
- https://technet.microsoft.com/library/security/MS15-042
Important - Denial of Service - Requires restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/arch...5-updates.aspx
14 Apr 2015 - "... we released 11 security bulletins... We released one new Security Advisory:
Update to Improve PKU2U Authentication (3045755)
- https://technet.microsoft.com/en-us/...y/3045755.aspx
One Security Advisory was revised:
SSL 3.0 Update (3009008): https://technet.microsoft.com/en-us/...y/3009008.aspx
- https://technet.microsoft.com/library/security/2755801
V39.0 (April 15, 2015): Added the 3049508 update* to the Current Update section.
Update for vulnerabilities in Adobe Flash
* https://support.microsoft.com/en-us/kb/3049508
Last Review: April 15, 2015 - Rev: 3.0
___
Exploitability Index:
- https://technet.microsoft.com/en-us/....aspx#ID0EPEAC
___
April 2015 Office Update Release
- http://blogs.technet.com/b/office_su...e-release.aspx
14 Apr 2015 - "... There are 13 security updates (2 bulletins) and 42 non-security updates...
Security Bulletin MS15-033: https://technet.microsoft.com/en-us/security/ms15-033
Security Bulletin MS15-036: https://technet.microsoft.com/en-us/security/ms15-036 ..."
___
- http://www.securitytracker.com/id/1032108 - MS15-032
- http://www.securitytracker.com/id/1032104 - MS15-033
- http://www.securitytracker.com/id/1032109 - MS15-034
- http://www.securitytracker.com/id/1032110 - MS15-035
- http://www.securitytracker.com/id/1032111 - MS15-036
- http://www.securitytracker.com/id/1032112 - MS15-037
- http://www.securitytracker.com/id/1032113 - MS15-038
- http://www.securitytracker.com/id/1032114 - MS15-039
- http://www.securitytracker.com/id/1032115 - MS15-040
- http://www.securitytracker.com/id/1032116 - MS15-041
- http://www.securitytracker.com/id/1032117 - MS15-042
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=19577
2015-04-14
.
MS April patches show signs of trouble...
FYI...
Microsoft woes: Re-issued patch KB 3013769 crashes, Skype for Business rolls, Windows 10 nagware resurfaces
Several of this month's Black Tuesday patches are already showing signs of trouble
- http://www.infoworld.com/article/290...esurfaces.html
Apr 15, 2015 - "Microsoft usually releases a list of non-security patches several days before the Black Tuesday rollout, but this month there was no information until several hours after the patches hit. That's a problem for users, particularly because Microsoft's track record with patches is so bad -- and this month is no exception. Yesterday Microsoft released dozens of patches for Windows in 11 bulletins covering 26 individually identified CVEs (common vulnerabilities and exposures), including 10 in Internet Explorer, four re-released security changes, and nine changes to non-security patch installers. The .Net security bulletin alone gives rise to 10 different downloadable patches... Not to be outdone, the Office team released a bewildering array of updates for Office 2013, including 13 security patches, two bulletins, and 42 non-security patches. Note that you must have Office 2013 SP1 before you can install any of these patches. There's also a Security Advisory about Public Key Cryptography User-to-User (PKU2U), called KB 3045755. It's still early in the game, but here are the problems I saw that cropped up overnight. KB 3013769, the December 2014 update rollup for Windows 8.1 and Server 2012 R2, has been re-released as an optional update. Many people using Kaspersky Antivirus report that installing the patch triggers a blue screen..."
(More detail at the infoworld URL above.)
:fear::fear:
MS15-034: HTTP.sys (IIS) ... PATCH NOW
FYI...
MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution - PATCH NOW
- https://isc.sans.edu/diary.html?storyid=19583
Last Updated: 2015-04-16 18:05:38 UTC - "Denial of Service (DoS) exploits are widely available to exploit CVE-2015-1635, a vulnerability in HTTP.sys, affecting Internet Information Server(IIS). The patch was released on Tuesday (April 14th) as part of Microsoft's Patch Tuesday. Due to the ease with which this vulnerability can be exploited, we recommend that you expedite patching this vulnerability.
Update: We are seeing active exploits hitting our honeypots from 78.186.123.180. We will be going to Infocon Yellow as these scans use the DoS version, not the "detection" version of the exploit. The scans appear to be "Internet wide"... Based on posts on Twitter, 171.13.14.0/24 is also sending the exploit code in 'somewhat targeted' scans..."
Microsoft Security Bulletin MS15-034 - Critical
Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
* https://technet.microsoft.com/library/security/MS15-034
April 14, 2015
> https://support.microsoft.com/en-us/kb/3042553
Last Review: April 14, 2015 - Rev: 1.0
(SEE: 'Applies to...")
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-1635 - 10.0 (HIGH)
"... HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability..."
- http://news.netcraft.com/archives/20...-websites.html
16 April, 2015
- http://blog.trendmicro.com/trendlabs...vulnerability/
Apr 22, 2015
___
KB 2965295, KB 2965270 freeze Calendar and syncing, cause lockouts
- http://www.infoworld.com/article/291...-lockouts.html
Apr 16, 2015 - "... more and more reports of problems with two new patches: KB 2965295, the 'April 14, 2015 update for Outlook 2010' and KB 2965270, descriptively entitled 'April 14, 2015 update for Outlook 2013'. I'm also hearing new rumblings about our old friends KB 2956128 - the February Outlook 2010 update rollup (with problems that Microsoft promised to fix 'by the 3rd week of April') - and its successor of sorts, KB 2956203, the 'March 10, 2015 update for Outlook 2010'..."
(More detail at the infoworld URL above.)
:fear::fear:
MS Windows 0-day - in-the-wild ...
FYI...
MS Windows 0-day - in-the-wild ...
- http://www.securitytracker.com/id/1032155
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-1701 - 7.2 (HIGH)
Apr 20 2015
Impact: Root access via local system
Vendor Confirmed: Yes
Description: A vulnerability was reported in Microsoft Windows. A local user can obtain system privileges on the target system. A local user can run a specially crafted program to execute a callback to use data from the system token and execute code with System privileges.
Microsoft Windows 8 and later are reportedly not affected.
This vulnerability is being actively exploited.
The original advisory is available at:
- https://www.fireeye.com/blog/threat-...pt28_useo.html
Apr 18, 2015
"FireEye reported this vulnerability..."
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-1701 - 7.2 (HIGH)
Last revised: 04/21/2015 - "... as exploited in the wild in April 2015..."
___
- http://www.theinquirer.net/inquirer/...sh-and-windows
Apr 20 2015 - "... Microsoft is aware of the outstanding local privilege escalation vulnerability in Windows, named CVE-2015-1701, but has -not- yet issued a patch... updating Adobe Flash to the latest version will render the exploit -harmless- because it has seen CVE-2015-1701 in use -only- in conjunction with the Adobe Flash exploit for CVE-2015-3043. The Flash exploit is served from unobfuscated HTML/JS. The launcher page picks one of two Flash files to deliver depending on the target's platform... The APT28 attackers relied heavily on the CVE-2014-0515 Metasploit module to conduct these new exploits..."
___
MS15-051...
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)
- https://technet.microsoft.com/library/security/ms15-051
May 12, 2015
- https://support.microsoft.com/en-us/kb/3057191
Last Review: May 13, 2015 - Rev: 2.0
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-1701
Last revised: 05/13/2015
7.2 (HIGH)
:fear::fear:
More MS patch isssues - 4.20.2015 ...
FYI...
'Optional' Windows 8.1 update KB 3022345 fails to install with error 800F0922
- http://www.infoworld.com/article/291...-800f0922.html
Apr 22, 2015 - "At least one of the optional Windows updates Microsoft released yesterday is running into problems. Messages are popping up in every corner of the Web that patch KB 3022345 -- an "Update to enable the Diagnostics Tracking Service in Windows 8.1 and Windows Server 2012 R2" -- triggers an installation failure 800F0922..."
* https://support.microsoft.com/en-us/kb/3022345
Last Review: Apr 21, 2015 - Rev: 2.0
___
Microsoft to release massive set of 34 non-security patches Tuesday
- http://www.infoworld.com/article/291...s-tuesday.html
Apr 20, 2015 - "The official list of Windows Update patches was updated over the weekend to show that 34 patches rated "optional" are headed for the Automatic Update chute this Tuesday, April 21...
For those Windows users with Automatic Update turned on, who automatically install optional updates, this could prove to be a rocky Tuesday."
(More detail at the infoworld URL above.)
___
IE11 patch KB 3038314 blocks search engines and may fail with error 80092004
The latest IE11 patch prevents some Windows users from adding Google as a search provider - if it finishes installing at all
- http://www.infoworld.com/article/291...-80092004.html
Apr 20, 2015 - "We don't know the full extent of the problem yet, but it appears the latest Internet Explorer patch prevents Internet Explorer 11 - and possibly other versions of IE - from installing Google and other search engines. And the problem may go beyond Windows 7 SP1 and Windows 8.1 Update 1 PCs. Many IE11 customers are reporting on the Microsoft Answers Forum* (and elsewhere**) that the latest IE11 patch rollup, MS15-032 KB 3038314***, reports that it failed to install with error 80092004. Others say the download on that patch -stalls- at 11 percent and doesn't budge, or that the download kicks out at 11 percent with the same failed-to-install error message, code 80092004... No response yet from Microsoft, of course."
(More detail at the infoworld URL above.)
* http://answers.microsoft.com/en-us/w...e-3bca16e3f3cc
** http://www.techspot.com/community/to...4-4-17.212083/
*** https://support.microsoft.com/en-us/kb/3038314
___
KB 2952664 triggers daily telemetry run in Windows 7 - and may be snooping on users
Microsoft bills the 'compatibility update' as way to ease the upgrade process to Windows 10 - but it's collecting data daily
- http://www.infoworld.com/article/291...-snooping.html
Apr 20, 2015 - "If you think that KB 2952664* just tweaks your system a bit to improve the upgrade process, you may be in for a surprise. It could also be triggering a daily telemetry run and maybe even snooping on you. KB 2952664 is billed as a "compatibility update for upgrading Windows 7… [that] helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows." So I was surprised when reader Carl Anderson sent me an email, pointing out a Microsoft Answers forum thread** that accuses the February 2015 Black Tuesday patches of installing a process that red-lines one core of the CPU every time Windows 7 is started..."
(More detail at the infoworld URL above.)
* https://support.microsoft.com/en-us/kb/2952664
** http://answers.microsoft.com/en-us/w...fbab2b5?page=1
:fear::fear::fear:
April Patch Watch... notes
FYI...
April Patch Watch... notes
- http://windowssecrets.com/patch-watc...dition-report/
Apr 22, 2015 - "As if the list of April’s Patch Tuesday nonsecurity fixes weren’t long enough, Microsoft has just released another downpour of patches. These are, for the most part, operating-system updates, primarily for Windows 8.1. None is critical... a second release of nonsecurity updates in the same month is -not- what I had in mind...
Two security-update notes: There are a few reports of problems with Internet Explorer cumulative update KB 3038314. After installing the patch, some users are unable to add another search provider...
Another update, KB 3045999 (MS15-038), is being flagged by software vendor Romax. The company states that the update is incompatible with the company’s software and recommends that its customers remove it. This problem is probably not widespread, but it’s a reminder to keep updates in mind anytime an application starts misbehaving..."
MS15-032: Cumulative security update for Internet Explorer...
> https://support.microsoft.com/en-us/kb/3038314/
Last Review: 04/24/2015 - Rev: 4.0
MS15-038: Description of the security update for Windows...
> https://support.microsoft.com/en-us/kb/3045999/
Last Review: 04/14/2015 - Rev: 1.0
Windows Update KB3045999 Incompatability With All Romax Software...
- http://support.romaxtech.com/entries...Romax-Software
Apr 17, 2015
:fear::fear: