-
MSRT Nov '12 ...
FYI...
MSRT November '12 ...
- https://blogs.technet.com/b/mmpc/arc...edirected=true
4 Dec 2012
> https://www.microsoft.com/security/p...sof/Weels4.png
> https://www.microsoft.com/security/p...sof/Weels5.png
___
Unexpected reboot: Necurs
- https://blogs.technet.com/b/mmpc/arc...edirected=true
6 Dec 2012 - "Necurs is a prevalent threat in the wild at the moment - variants of Necurs were reported on 83,427 unique machines during the month of November 2012. Necurs is mostly distributed by drive-by download. This means that you might be -silently- infected by Necurs when you visit websites that have been compromised by exploit kits such as Blackhole. So what does Necurs actually do? At a high level, it enables further compromise by providing the functionality to:
- Download additional malware
- Hide its components
- Stop security applications from functioning
In addition Necurs contains backdoor functionality, allowing remote access and control of the infected computer. Necurs also monitors and filters network activity and has been observed to send spam and install rogue security software. Nefariousness aplenty. See our Trojan:Win32/Necurs* family write-up for the full details... we've had reports from a number of users stating that they're having trouble with the Microsoft Security Essentials real time protection option being turned off after their computer has rebooted. We will continue to monitor variants of Necurs in the wild..."
* http://www.microsoft.com/security/po...n:Win32/Necurs
Updated: Dec 05, 2012
:fear::fear:
-
MS Security Bulletin Summary - December 2012
FYI...
- http://technet.microsoft.com/en-us/s...letin/ms12-dec
December 11, 2012 - "This bulletin summary lists security bulletins released for December 2012...
(Total of 7)
Microsoft Security Bulletin MS12-077 - Critical
Cumulative Security Update for Internet Explorer (2761465)
- http://technet.microsoft.com/en-us/s...letin/ms12-077
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS12-078 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
- http://technet.microsoft.com/en-us/s...letin/ms12-078
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-079 - Critical
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
- http://technet.microsoft.com/en-us/s...letin/ms12-079
Critical - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS12-080 - Critical
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)
- http://technet.microsoft.com/en-us/s...letin/ms12-080
Critical - Remote Code Execution - May require restart - Microsoft Server Software
Microsoft Security Bulletin MS12-081 - Critical
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
- http://technet.microsoft.com/en-us/s...letin/ms12-081
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-082 - Important
Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
- http://technet.microsoft.com/en-us/s...letin/ms12-082
Important - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-083 - Important
Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
- http://technet.microsoft.com/en-us/s...letin/ms12-083
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/arch...edirected=true
Bulletin Deployment Priority:
- https://blogs.technet.com/cfs-filesy...355.Slide2.PNG
Severity and Exploitability Index:
- https://blogs.technet.com/cfs-filesy...550.Slide1.PNG
- http://blogs.technet.com/b/security/...edirected=true
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=14683
Last Updated: 2012-12-12 01:54:45 UTC
___
- https://secunia.com/advisories/51411/ - MS12-077
- https://secunia.com/advisories/51459/ - MS12-078
- https://secunia.com/advisories/51467/ - MS12-079
- https://secunia.com/advisories/51474/ - MS12-080
- https://secunia.com/advisories/51493/ - MS12-081
- https://secunia.com/advisories/51497/ - MS12-082
- https://secunia.com/advisories/51500/ - MS12-083
___
MSRT
- http://support.microsoft.com/?kbid=890830
December 11, 2012 - Revision: 117.0
- http://www.microsoft.com/security/pc...-families.aspx
"... added in this release...
• Phdet ..."
- https://blogs.technet.com/b/mmpc/arc...edirected=true
Download:
- https://www.microsoft.com/download/e...ylang=en&id=16
File Name: Windows-KB890830-V4.15.exe - 16.8 MB
- https://www.microsoft.com/download/e...s.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.15.exe - 17.4 MB
.
-
MS Security Advisory update - 2012.12.11 ...
FYI...
Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.microsoft.com/en-us/s...visory/2749655
V2.0 (December 11, 2012): Added the KB2687627 and KB2687497 updates described in MS12-043, the KB2687501 and KB2687510 updates described in MS12-057, the KB2687508 update described in MS12-059, and the KB2726929 update described in MS12-060* to the list of available rereleases.
* http://technet.microsoft.com/en-us/s...letin/ms12-060
V2.0 (December 11, 2012): Re-released bulletin to replace the KB2687323 update with the KB2726929 update for Windows common controls on all affected variants of Microsoft Office 2003, Microsoft Office 2003 Web Components, and Microsoft SQL Server 2005.
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.microsoft.com/en-us/s...visory/2755801
V5.0 (December 11, 2012): Added KB2785605* to the Current update section.
* http://support.microsoft.com/kb/2785605
Dec 11, 2012 - Revision: 1.0
___
The following bulletins have undergone a major revision increment. Please see the appropriate bulletin for more details.
- http://technet.microsoft.com/security/bulletin/MS12-043
- http://technet.microsoft.com/security/bulletin/MS12-050
V2.1 (December 12, 2012): Clarified that the update for Microsoft SharePoint Services 2.0 is available from the Microsoft Download Center only.
- http://technet.microsoft.com/security/bulletin/MS12-057
- http://technet.microsoft.com/security/bulletin/MS12-059
- http://technet.microsoft.com/security/bulletin/MS12-060
:fear:
-
MS12-078 - "Known issues" ...
FYI..
MS12-078 - "Known issues" ...
- http://support.microsoft.com/kb/2753842
Last Review: December 14, 2012 - Revision: 2.0
"Known issues with this security update: We are aware of issues related to OpenType Font (OTF) rendering in applications such as PowerPoint on affected versions of Windows that occur after this security update is applied. We are currently investigating these issues and will take appropriate action to address the known issues..."
- http://h-online.com/-1771419
18 Dec 2012 - "... this patch seems to prevent the correct display of PostScript Type 1 fonts and OpenType fonts. They disappear completely in a variety of applications – CorelDraw, QuarkExpress and PowerPoint – and currently the only way to make them visible again is to remove the patch..."
:fear::fear:
-
MS12-078 re-released
FYI...
MS12-078 re-released
- https://technet.microsoft.com/en-us/...letin/ms12-078
V2.0 (December 20, 2012): Re-released update KB2753842 to resolve an issue with OpenType fonts not properly rendering after the original update was installed. Customers who have successfully installed the original KB2753842 update need to install the rereleased update.
(Requires restart.)
- http://support.microsoft.com/kb/2753842
Dec 20, 2012 - Rev: 3.0
___
- http://h-online.com/-1773744
21 Dec 2012
- https://secunia.com/advisories/51459/
Last Update: 2012-12-21
Criticality level: Highly critical
CVE Reference(s):
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-2556 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4786 - 10.0 (HIGH)
Original Advisory: MS12-078 (KB2779030, KB2753842):
https://technet.microsoft.com/en-us/...letin/ms12-078
:fear:
-
IE 0-day attack in-the-wild...
FYI...
IE 0-day attack in-the-wild...
- https://krebsonsecurity.com/2012/12/...zero-day-flaw/
Dec 28th, 2012 - "Attackers are breaking into Microsoft Windows computers using a newly discovered vulnerability in Internet Explorer, security experts warn. While the flaw appears to have been used mainly in targeted attacks so far, this vulnerability could become more widely exploited if incorporated into commercial crimeware kits sold in the underground. In a blog posting* Friday evening, Milpitas, Calif. based security vendor FireEye said it found that the Web site for the Council on Foreign Relations was compromised and rigged to exploit a previously undocumented flaw in IE8 to install malicious software on vulnerable PCs used to browse the site. According to FireEye, the attack uses Adobe Flash to exploit a vulnerability in the latest (fully-patched) version of IE8..."
* http://blog.fireeye.com/research/201...k-details.html
2012.12.28 - "... we received reports that the Council on Foreign Relations (CFR) website was compromised and hosting malicious content on or around 2:00 PM EST on Wednesday, December 26. Through our Malware Protection Cloud, we can confirm that the website was compromised at that time, but we can also confirm that the CFR website was also hosting the malicious content as early as Friday, December 21... We can also confirm that the malicious content hosted on the website does appear to use Adobe Flash to generate a heap spray attack against Internet Explorer version 8.0 (fully patched), which was the source of the zero-day vulnerability. We have chosen not to release the technical details of this exploit, as Microsoft is still investigating the vulnerability at this time... the JavaScript proceeded to load a flash file today.swf, which ultimately triggered a heap spray in Internet Explorer in order to complete the compromise of the endpoint..."
Update: "... We have seen multiple variations of this attack, as it looks like the attackers changed tactics multiple times during this campaign... Here is the decrypted payload.
- https://www.virustotal.com/file/af57...80b9/analysis/
File name: base
Detection ratio: 21/45
Analysis date: 2012-12-31
- https://krebsonsecurity.com/2012/12/...flaw/#comments
Dec 29, 2012 - "... worth noting that IE9 is not supported on Windows XP, so this vulnerability is probably most dangerous for XP users who browse with IE."
___
- https://secunia.com/advisories/51695/
Release Date: 2012-12-30
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: IE 6.x, 7.x, 8.x
... currently being actively exploited in targeted attacks.
Original Advisory: http://technet.microsoft.com/en-us/s...visory/2794220
- http://h-online.com/-1775071
30 Dec 2012
- http://www.kb.cert.org/vuls/id/154201
29 Dec 2012
___
MS Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2794220
Dec 29, 2012 - "Microsoft is investigating public reports of a vulnerability in IE6, IE7, and IE8. Internet Explorer 9 and Internet Explorer 10 are -not- affected by the vulnerability. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8. The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
CVE Reference:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4792
"... exploited in the wild in December 2012."
- https://blogs.technet.com/b/msrc/arc...edirected=true
Dec 29, 2012 - "... we are actively working to develop a security update to address this issue..."
- https://blogs.technet.com/b/srd/arch...edirected=true
29 Dec 2012 - "... We’re also working on an appcompat shim-based Fix It protection tool that can be used to protect systems until the comprehensive update is available. The shim does not address the vulnerability but does prevent the vulnerability from being exploited for code execution... we’re working around the clock on the full security update. You should next expect to see an update from us announcing the availability of a Fix It tool to block the vulnerable code paths..."
:fear: :mad:
-
Targeted 0-day attack - IE 6, 7, and 8
FYI...
Targeted 0-day attack - IE 6, 7, and 8
- https://isc.sans.edu/diary.html?storyid=14776
Last Updated: 2012-12-30 22:06:53 UTC... Version: 2 - "... Update:
There is now a Metasploit module (ie_cdwnbindinfo_uaf)that emulates this attack, meaning this will move in to mainstream exploitation rapidly, thus mitigation steps should be taken so soon as possible. Home users running XP should be looking to use another browser as their primary method of browsing the web, and corporate security staff should review Microsoft’s recommendations to build a layered defence to protect staff..."
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4792 - 9.3 (HIGH)
Last revised: 12/31/2012 - "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8... exploited in the wild in December 2012..."
- https://secunia.com/advisories/51695/
Release Date: 2012-12-30
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: IE 6.x, 7.x, 8.x
... currently being actively exploited in targeted attacks.
Original Advisory: http://technet.microsoft.com/en-us/s...visory/2794220
:fear::fear:
-
MS FixIt released for IE 0-day...
FYI...
MS FixIt released for IE 0-day...
MS Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2794220
V1.1 (December 31, 2012): Added link to Microsoft Fix it* solution, "MSHTML Shim Workaround," that prevents exploitation of this issue.
* http://support.microsoft.com/kb/2794220#FixItForMe
Last Review: Dec 31, 2012 - Rev 1.0
Applies to: IE8, IE7, IE6...
- https://blogs.technet.com/b/srd/arch...edirected=true
31 Dec 2012
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4792 - 9.3 (HIGH)
___
- https://windowssecrets.com/windows-s...r-to-remember/
Jan 2, 2013
> http://www.microsoft.com/security/pc...ns/201212.aspx
>> http://forums.spybot.info/showpost.p...3&postcount=51
7 Jan 2013
:fear:
-
MS Security Advisory 2798897 - Fraudulent Digital Certificates...
FYI...
MS Security Advisory (2798897)
Fraudulent Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/en-us/s...visory/2798897
Jan 03, 2013 - "Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. To help protect customers from the fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) and is providing an update for all supported releases of Microsoft Windows that removes the trust of certificates that are causing this issue... see Microsoft Knowledge Base Article 2677070 for details..."
* http://support.microsoft.com/kb/2677070
___
- http://h-online.com/-1777291
4 Jan 2013 - "... Mozilla will be adding the two SubCA certificates to its certificate blacklist during its next update, which is due on 8 January... Chrome has also been updated and no longer trusts the SubCA certificates; the company says that when it updates Chrome later in the month it will no longer show Extended Validation status for TURKTRUST issued certificates."
:fear:
-
IE FixIt negated with bypass
FYI...
IE FixIt negated with bypass ...
- http://www.securitytracker.com/id/1027930
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4792 - 9.3 (HIGH)
Updated: Jan 4 2013
Original Entry Date: Dec 30 2012
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Version(s): IE6,7,8
... the vendor has provided the Microsoft Fix it solution, "MSHTML Shim Workaround"... the Microsoft Fix it solution can be bypassed using a variation of the original exploit http://blog.exodusintel.com/2013/01/...cve-2012-4792/
The vendor's advisory is available at:
http://technet.microsoft.com/en-us/s...visory/2794220
Mitigation: Use an alternative browser until a full patch is released for this issue.
:fear:
-
MS Security Bulletin Summary - Jan 2013
FYI...
- http://technet.microsoft.com/en-us/s...letin/ms13-jan
Jan 08, 2013 - "This bulletin summary lists security bulletins released for January 2013...
(Total of -7-)
Microsoft Security Bulletin MS13-001 - Critical
Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369)
- http://technet.microsoft.com/en-us/s...letin/ms13-001
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-002 - Critical
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)
- http://technet.microsoft.com/en-us/s...letin/ms13-002
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office, Microsoft Developer Tools, Microsoft Server Software
Microsoft Security Bulletin MS13-003 - Important
Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)
- http://technet.microsoft.com/en-us/s...letin/ms13-003
Important - Elevation of Privilege - Does not require restart - Microsoft Server Software
Microsoft Security Bulletin MS13-004 - Important
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324)
- http://technet.microsoft.com/en-us/s...letin/ms13-004
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS13-005 - Important
Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930)
- http://technet.microsoft.com/en-us/s...letin/ms13-005
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-006 - Important
Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)
- http://technet.microsoft.com/en-us/s...letin/ms13-006
Important - Security Feature Bypass - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-007 - Important
Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)
- http://technet.microsoft.com/en-us/s...letin/ms13-007
Important - Denial of Service - May require restart - Microsoft Windows, Microsoft .NET Framework
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=14854
Last Updated: 2013-01-08 18:02:06 UTC
___
Bulletin Deployment Priority
> https://blogs.technet.com/cfs-filesy...Deployment.png
Severity and Exploitabilty Index
> https://blogs.technet.com/cfs-filesy...3-Severity.png
- http://blogs.technet.com/b/msrc/arch...edirected=true
8 Jan 2013
___
- https://secunia.com/advisories/51640/ - MS13-001
- https://secunia.com/advisories/51773/ - MS13-002
- https://secunia.com/advisories/51686/ - MS13-003
- https://secunia.com/advisories/51777/ - MS13-004
- https://secunia.com/advisories/51704/ - MS13-005
- https://secunia.com/advisories/51724/ - MS13-006
- https://secunia.com/advisories/51772/ - MS13-007
___
MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: January 9, 2013 - Revision: 118.7
- http://www.microsoft.com/security/pc...-families.aspx
"... added in this release...
• Ganelp
• Lefgroo..."
- https://blogs.technet.com/b/mmpc/arc...edirected=true
8 Jan 2013
Download:
- https://www.microsoft.com/download/e...ylang=en&id=16
File Name: Windows-KB890830-V4.16.exe - 16.8 MB
- https://www.microsoft.com/download/e...s.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.16.exe - 17.5 MB
.
-
Microsoft Security Advisories - 2013.01.08
FYI...
Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://technet.microsoft.com/en-us/s...dvisory/973811
• V1.14 (January 8, 2013): Updated the FAQ and Suggested Actions with information about attacks against NTLMv1 (NT LAN Manager version 1) and LAN Manager (LM) network authentication. Microsoft Fix it solutions for Windows XP and Windows Server 2003 are available to help protect against these attacks. Applying these Microsoft Fix it solutions enables NTLMv2 settings required for users to take advantage of Extended Protection for Authentication.
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.microsoft.com/en-us/s...visory/2755801
• V6.0 (January 8, 2013): Added KB2796096* to the Current update section.
* http://support.microsoft.com/kb/2796096
:fear::fear:
-
IE patch to be released 1.14.2013
FYI...
IE patch to be released 1.14.2013
- http://technet.microsoft.com/en-us/s...letin/ms13-jan
January 13, 2013 - Version: 2.0 - "This is an advance notification for one out-of-band security bulletin that Microsoft is intending to release on January 14, 2013. The bulletin addresses a security vulnerability in Internet Explorer..."
- https://blogs.technet.com/b/msrc/arc...edirected=true
"... We recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels. If you have automatic updates enabled on your PC, you won’t need to take any action. If you applied the Fix it released in Security Advisory 2794220, you won’t need to uninstall it before applying the security update..."
:fear:
-
MS13-008 - IEv6-8 Critical update released ...
FYI...
Microsoft Security Bulletin MS13-008 - Critical
Security Update for Internet Explorer (2799329)
- http://technet.microsoft.com/en-us/s...letin/ms13-008
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Jan 14, 2013
:fear:
-
MS Security Advisories 2013.01.14
FYI...
Microsoft Security Advisory (2798897)
Fraudulent Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/en-us/s...visory/2798897
V1.1 (January 14, 2013): Corrected the disallowed certificate list effective date to "Monday, December 31, 2012 (or later)" in the FAQ entry, "After applying the update, how can I verify the certificates in the Microsoft Untrusted Certificates Store?"
Microsoft Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2794220
V2.0 (January 14, 2013): Advisory updated to reflect publication of security bulletin.
MS13-008
:fear:
-
MS Security Bulletin Summary - February 2013
FYI...
- http://technet.microsoft.com/en-us/s...letin/ms13-feb
February 12, 2013 - "This bulletin summary lists security bulletins released for February 2013...
(Total of -12-)
Microsoft Security Bulletin MS13-009 - Critical
Cumulative Security Update for Internet Explorer (2792100)
- https://technet.microsoft.com/en-us/...letin/ms13-009
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-010 - Critical
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052)
- https://technet.microsoft.com/en-us/...letin/ms13-010
Critical - Remote Code Execution - May require restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-011 - Critical
Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)
- http://technet.microsoft.com/en-us/s...letin/ms13-011
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-012 - Critical
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279)
- http://technet.microsoft.com/en-us/s...letin/ms13-012
Critical - Remote Code Execution - May require restart - Microsoft Server Software
Microsoft Security Bulletin MS13-020 - Critical
Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968)
- http://technet.microsoft.com/en-us/s...letin/ms13-020
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-013 - Important
Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242)
- http://technet.microsoft.com/en-us/s...letin/ms13-013
Important - Remote Code Execution - May require restart Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS13-014 - Important
Vulnerability in NFS Server Could Allow Denial of Service (2790978)
- http://technet.microsoft.com/en-us/s...letin/ms13-014
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-015 - Important
Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)
- http://technet.microsoft.com/en-us/s...letin/ms13-015
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS13-016 - Important
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344)
- http://technet.microsoft.com/en-us/s...letin/ms13-016
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-017 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494)
- http://technet.microsoft.com/en-us/s...letin/ms13-017
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-018 - Important
Vulnerability in TCP/IP Could Allow Denial of Service (2790655)
- https://technet.microsoft.com/en-us/...letin/ms13-018
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-019 - Important
Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113)
- http://technet.microsoft.com/en-us/s...letin/ms13-019
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesy..._2D00_-png.png
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesy..._2D00_-png.png
- http://blogs.technet.com/b/msrc/arch...edirected=true
"... 12 bulletins, five Critical-class and seven Important-class, addressing 57 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Exchange and .NET Framework..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15142
Last Updated: 2013-02-13
- http://atlas.arbor.net/briefs/index#332003461
High Severity
Feb 13, 2013
Analysis: Many attackers are likely frustrated that their vulnerabilities have now been patched. However, those same attackers still have a significant window of opportunity because not everyone can, or will patch in a timely manner, as has been clearly demonstrated in the widespread use of commodity exploit kits as well as numerous targeted attacks that continue to reign in victims despite vulnerabilities being patched years ago in some cases. The most critical patches are for Internet Explorer, a major target for exploitation due to it's widespread use. Additional hardening in sensitive environments can help reduce the impact of exploitation attempts until patches can be deployed, and robust monitoring can help detect those exploit attempts to provide valuable security intelligence...
___
- https://secunia.com/advisories/52122/ - MS13-009
- https://secunia.com/advisories/52129/ - MS13-010
- https://secunia.com/advisories/52130/ - MS13-011
- https://secunia.com/advisories/52133/ - MS13-012
- https://secunia.com/advisories/52136/ - MS13-013
- https://secunia.com/advisories/52138/ - MS13-014
- https://secunia.com/advisories/52143/ - MS13-015
- https://secunia.com/advisories/52156/ - MS13-016
- https://secunia.com/advisories/52157/ - MS13-017
- https://secunia.com/advisories/52158/ - MS13-018
- https://secunia.com/advisories/52162/ - MS13-019
- https://secunia.com/advisories/52184/ - MS13-020
- https://secunia.com/advisories/52164/ - IE10 Flash
___
MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: February 12, 2013 - Revision: 119.0
- http://www.microsoft.com/security/pc...-families.aspx
"... added in this release...
• Sirefef..."
Download:
- https://www.microsoft.com/download/e...ylang=en&id=16
File Name: Windows-KB890830-V4.17.exe - 17.6 MB
- https://www.microsoft.com/download/e...s.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.17.exe - 18.3 MB
.
-
Win7 IE10 released
FYI...
Win7 IE10 released
- http://windows.microsoft.com/en-us/i...wide-languages
Feb 26, 2013
"Catch 22" ...
- http://arstechnica.com/information-t...for-windows-7/
Feb 26, 2013 - "... Windows Update will, in its default configuration, install it silently and automatically. Over the coming months, Microsoft will classify Internet Explorer 10 as "important" in more and more markets to ensure it is installed automatically as widely as possible. This marks a significant change from Microsoft's past practices. Traditionally, the company has released new browsers only as optional updates... Internet Explorer 10 on Windows 7 will be near-identical to its Windows 8 counterpart. This includes features such as support for the Pointer Events touch API and hardware acceleration using Direct2D and DirectWrite. To that end, installing Internet Explorer 10 on Windows 7 -requires- the installation of a platform update that brings Windows 7's version of these APIs in line with Windows 8... There will be one important difference between the versions, however. Internet Explorer 10 on Windows 8 includes an embedded version of Flash that gets its updates from Windows Update, rather than through Adobe's installer. On Windows 7, Flash will not be embedded. Instead, it will use the same ActiveX plugin as Internet Explorer 9 did. Updates will have to be installed using Adobe's updater, not Microsoft's."
___
From: Susan Bradley - http://msmvps.com/blogs/bradley/
Subject: Tracking BSOD's after KB2670838
- http://answers.microsoft.com/thread/...c-5dc6f0f55d37
28 Feb 2013
I'd not be rushing that one out just yet
- https://www.infoworld.com/t/microsof...-update-213802
March 04, 2013 - "... This buggy patch was part of the non-security-related patches typically released on the fourth Tuesday of the month. Since Microsoft switched the patch over to "Optional" on Thursday, it won't be offered automatically to those with Automatic Update turned on. But if you've already downloaded it, Windows may try to install it over and over again.If you've been bit by this bad patch, fortunately the solution is easy -- if you know where the problem came from and how to get rid of it.
> From a blue screen, re-start your PC. Click Start (yes, this is Windows 7) -> Control Panel -> Uninstall a Program. On the left, click the link to View Installed Updates. Scroll way down to KB 2670838, which should be at or near the top of the section marked Microsoft Windows. Double-click on the patch to uninstall it. Re-boot.
Next, just to make sure your system doesn't pick up the patch again, click Start -> Control Panel -> System and Security. Under Windows Update, click the link to Check for Updates. Click the link that says XX Optional Updates are Available. Right-click KB 2670383 and choose Hide.
And while you're at it, make sure Automatic Update is turned off. Last year, Microsoft pushed five different bad patches through Automatic Update. So far this year,the company is running at its usual rate of one really buggy patch every two or three months..."
IEv10 does not install on a hybrid graphics system
- http://support.microsoft.com/kb/2823483/en-us
Last Review: March 12, 2013 - Revision: 8.0
Applies to: Internet Explorer 10, Windows 7 Service Pack 1
___
- http://support.microsoft.com/kb/2670838
Last Review: February 26, 2013 - Revision: 4.0
"... a platform update for Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This update improves the features and performance of the following components:
• Direct2D
• DirectWrite
• Direct3D
• Windows Imaging Component (WIC)
• Windows Advanced Rasterization Platform (WARP)
• Windows Animation Manager (WAM)
• XPS Document API
• H.264 Video Decoder
• JPEG XR codec ..."
:fear::fear:
-
MS Security Bulletin Summary - March 2013
FYI...
- http://technet.microsoft.com/en-us/s...letin/ms13-mar
March 12, 2013 - "This bulletin summary lists security bulletins released for March 2013.
(Total of -7-)
Microsoft Security Bulletin MS13-021 - Critical
Cumulative Security Update for Internet Explorer (2809289)
- https://technet.microsoft.com/en-us/...letin/ms13-021
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-022 - Critical
Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)
- http://technet.microsoft.com/en-us/s...letin/ms13-022
Critical - Remote Code Execution - Does not require restart - Microsoft Silverlight
Microsoft Security Bulletin MS13-023 - Critical
Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261)
- http://technet.microsoft.com/en-us/s...letin/ms13-023
Critical - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-024 - Critical
Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)
- http://technet.microsoft.com/en-us/s...letin/ms13-024
Critical - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS13-025 - Important
Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264)
- http://technet.microsoft.com/en-us/s...letin/ms13-025
Important - Information Disclosure - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-026 - Important
Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682)
- https://www.microsoft.com/technet/se...letin/MS13-026
Important - Information Disclosure - Does not require restart - Microsoft Office
Microsoft Security Bulletin MS13-027 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)
- http://technet.microsoft.com/en-us/s...letin/MS13-027
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesy...1.DP-Slide.PNG
Severity and Exploitability index
- https://blogs.technet.com/cfs-filesy...rity-Slide.PNG
- https://blogs.technet.com/b/msrc/arc...edirected=true
12 Mar 2013
- https://blogs.technet.com/b/srd/arch...edirected=true
12 Mar 2013 - "... seven security bulletins addressing 20 CVE’s..."
- https://www.computerworld.com/s/arti...ial_USB_hijack
"... nine critical vulnerabilities in the bulletin MS13-021 for Internet Explorer. They affect -every- current version of Internet Explorer, versions 6 through 10..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15385
Last Updated: 2013-03-13 08:48:46 UTC
___
MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: March 12, 2013 - Revision: 120.0
- http://www.microsoft.com/security/pc...-families.aspx
"... added in this release...
• Wecykler..."
- https://blogs.technet.com/b/mmpc/arc...edirected=true
11 Mar 2013
Download:
- https://www.microsoft.com/download/e...ylang=en&id=16
File Name: Windows-KB890830-V4.18.exe - 18.6 MB
- https://www.microsoft.com/download/e...s.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.18.exe - 19.3 MB
.
-
Windows 7 SP1 to start rolling out on Windows Update
FYI...
Windows 7 SP1 to start rolling out on Windows Update
- http://blogs.windows.com/windows/b/b...ws-update.aspx
Mar 18, 2013 - "... Windows 7 RTM (with no service pack) will no longer be supported as of April 9th, 2013..."
:fear:
-
MS Security Advisory 2819682 ...
FYI...
Microsoft Security Advisory (2819682)
Security Updates for Microsoft Windows Store Applications
- http://technet.microsoft.com/en-us/s...visory/2819682
March 26, 2013 - "Microsoft is announcing the availability of security updates for Windows Store applications running on Windows 8, Windows RT, and Windows Server 2012 (Windows Server 2012 Server Core installations are not affected). The updates address vulnerabilities that are detailed in the Knowledge Base articles associated with each update..."
> http://support.microsoft.com/kb/2832006
March 26, 2013 - Revision: 1.0
Applies to:
Windows RT
Windows 8
Windows 8 Enterprise
Windows 8 Pro
Windows Server 2012 Datacenter
Windows Server 2012 Essentials
Windows Server 2012 Foundation
Windows Server 2012 Standard
___
- https://secunia.com/advisories/52779/
Release Date: 2013-03-27
Impact: Spoofing
Where: From remote...
Original Advisory:
- http://technet.microsoft.com/en-us/s...visory/2819682
- http://support.microsoft.com/kb/2832006
:fear:
-
Skype v6.3.0.105 released
FYI...
Skype v6.3.0.105 released
- https://secunia.com/advisories/52867/
Release Date: 2013-04-02
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
... vulnerabilities are reported in versions prior to 6.3.0.105.
Solution: Update to version 6.3.0.105.
Original Advisory: http://blogs.skype.com/2013/03/14/sk...3-for-windows/
___
Skypemageddon by bitcoining
- https://www.securelist.com/en/blog/2..._by_bitcoining
April 04 2013 - "... malware connects to its C2 server located in Germany... 213.165.68.138
- https://www.virustotal.com/en/file/4...c037/analysis/
File name: skype-img-04_04-2013-exe.exe
Detection ratio: 32/46
Analysis date: 2013-04-08
:fear::fear:
-
MS Security Bulletin Advance Notification - April 2013
FYI...
- https://technet.microsoft.com/en-us/...letin/ms13-apr
April 04, 2013 - "This is an advance notification of security bulletins that Microsoft is intending to release on April 9, 2013...
(Total of -9-)
Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 2 - Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 3 - Important - Information Disclosure - May require restart - Microsoft Office, Microsoft Server Software
Bulletin 4 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 5 - Important - Denial of Service - Requires restart - Microsoft Windows
Bulletin 6 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 7 - Important - Elevation of Privilege - Requires restart - Microsoft Security Software
Bulletin 8 - Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
Bulletin 9 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
.
-
MS - End of Support dates ...
FYI...
MS - End of Support ...
- https://blogs.technet.com/b/rmilne/a...edirected=true
8 Apr 2013 - "...
Outlook 2003 will transition out of extended support on 8th of April 2014
Exchange Server 2003 will transition out of extended support on 8th of April 2014
Windows XP will transition out of extended support on 8th of April 2014
Exchange 2010 SP2 will transition out of support on 8th April 2014
And as non Exchange specific item, please also note Windows 2003:
Windows Server 2003 will transition out of extended support on 14th of July 2015 ..."
:fear:
-
MS Security Bulletin Summary - April 2013
FYI...
- https://technet.microsoft.com/en-us/...letin/ms13-apr
April 09, 2013 - "This bulletin summary lists security bulletins released for April 2013...
(Total of -9-)
Microsoft Security Bulletin MS13-028 - Critical
Cumulative Security Update for Internet Explorer (2817183)
- https://technet.microsoft.com/en-us/...letin/ms13-028
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-029 - Critical
Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)
- https://technet.microsoft.com/en-us/...letin/ms13-029
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-030 - Important
Vulnerability in SharePoint Could Allow Information Disclosure (2827663)
- https://technet.microsoft.com/en-us/...letin/ms13-030
Important - Information Disclosure - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS13-031 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170)
- https://technet.microsoft.com/en-us/...letin/ms13-031
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-032 - Important
Vulnerability in Active Directory Could Lead to Denial of Service (2830914)
- https://technet.microsoft.com/en-us/...letin/ms13-032
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-033 - Important
Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)
- https://technet.microsoft.com/en-us/...letin/ms13-033
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-034 - Important
Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482)
- http://technet.microsoft.com/en-us/s...letin/ms13-034
Important - Elevation of Privilege - Requires restart - Microsoft Security Software
Microsoft Security Bulletin MS13-035 - Important
Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)
- https://technet.microsoft.com/en-us/...letin/ms13-035
Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS13-036 - Important
Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)
- https://technet.microsoft.com/en-us/...letin/ms13-036
Important - Elevation of Privilege - Requires restart - Microsoft Windows
V2.0 (April 11, 2013): Added links to Microsoft Knowledge Base Article 2823324 and Microsoft Knowledge Base Article 2839011 under Known Issues. Removed Download Center links for Microsoft security update 2823324. Microsoft recommends that customers uninstall this update. See the Update FAQ for details.
MS13-036: Description of the security update for the Windows file system kernel-mode driver (ntfs.sys):
* http://support.microsoft.com/kb/2823324/en-us
Last Review: April 11, 2013 - Revision: 2.1 - See: "Known issues with this security update... Microsoft recommends that customers -uninstall- this update..."
MS13-036: Description of the security update for the Windows kernel-mode driver (win32k.sys)
- http://support.microsoft.com/default...;en-us;2808735
Last Review: April 9, 2013 - Revision: 1.0 - "Known issues with this security update: After you install this security update, certain Multiple Master fonts cannot be installed..."
___
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesy...D00_Slide2.PNG
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesy...D00_Slide1.PNG
- http://blogs.technet.com/b/msrc/arch...edirected=true
- http://blogs.technet.com/b/srd/archi...edirected=true
9 Apr 2013 - "... nine security bulletins addressing 13 CVE’s..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15577
Last Updated: 2013-04-09 17:59:33 UTC
___
- https://secunia.com/advisories/52874/ - MS13-028
- https://secunia.com/advisories/52911/ - MS13-029
- https://secunia.com/advisories/52914/ - MS13-030
- https://secunia.com/advisories/52916/ - MS13-031
- https://secunia.com/advisories/52917/ - MS13-032
- https://secunia.com/advisories/52919/ - MS13-033
- https://secunia.com/advisories/52921/ - MS13-034
- https://secunia.com/advisories/52928/ - MS13-035
- https://secunia.com/advisories/52930/ - MS13-036
___
MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: April 9, 2013 - Revision: 121.0
- http://www.microsoft.com/security/pc...-families.aspx
"... added in this release...
• Babonock
• Redyms
• Vesenlosow..."
- https://blogs.technet.com/b/mmpc/arc...edirected=true
Download:
- https://www.microsoft.com/download/e...ylang=en&id=16
File Name: Windows-KB890830-V4.19.exe - 18.7 MB
- https://www.microsoft.com/download/e...s.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.19.exe - 19.4 MB
.
-
MS13-036 problems...
FYI...
MS13-036 problems - KB2823324 / KB2829996
- https://isc.sans.edu/diary.html?storyid=15593
Last Updated: 2013-04-11 02:13:03 UTC
- https://isc.sans.edu/diary/KB2823324.../15593#comment
Date: Wed, 10 Apr 2013 14:53:23 -0700
From: Susan Bradley - patchmanagement.org
Subject: MS13-036 / KB2829996
Getting early unconfirmed reports in Brazil that MS13-036 / KB2829996 MS13-036 is causing system hangs that require replacing ntfs.sys to get the machines up and running again so they can perform a system restore...
___
Stop 0xc000000e startup error in Windows 7 after you install security update 2823324*
- https://support.microsoft.com/kb/2839011
Last Review: April 12, 2013 - Revision: 2.0
"Microsoft is investigating behavior wherein systems may not recover from a restart or applications cannot load after security update 2823324 is applied. We recommend that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the 2823324 update while we investigate..."
MS13-036: Description of the security update for the Windows file system kernel-mode driver (ntfs.sys):
* http://support.microsoft.com/kb/2823324/en-us
Last Review: April 12, 2013 - Revision: 2.2 - See: "Known issues with this security update..."
- https://blogs.technet.com/b/msrc/arc...edirected=true
MSRCTeam | 11 Apr 2013 7:10 PM
:sad: :fear:
-
MS Repair Disk for KB2823324
FYI...
Repair Disk for KB2823324 and KB2782476 (KB2840165)
To help customers who are experiencing difficulties restarting their systems after installation of security update 2823324
- https://www.microsoft.com/en-us/down....aspx?id=38435
4/17/2013
Thanks to Susan Bradley for posting it @ patchmanagement.org
:fear:
-
MS13-036 rereleased
FYI...
Microsoft Security Bulletin MS13-036 - Important
Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)
- http://technet.microsoft.com/en-us/s...letin/ms13-036
V3.0 (April 23, 2013): Rereleased bulletin to replace the 2823324 update with the 2840149 update for NTFS.sys when installed on supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. See the Update FAQ* for details.
* "To address known issues with security update 2823324, Microsoft rereleased bulletin MS13-036 to replace the 2823324 update with the 2840149 update for NTFS.sys when installed on all affected versions of Microsoft Windows. Security update 2823324 was expired on April 11, 2013. Microsoft strongly recommends that customers with the 2823324 update still installed should -uninstall- the update prior to applying the 2840149 update*. All customers should apply the 2840149 update, which replaces the expired 2823324 update."
** http://support.microsoft.com/kb/2840149
- https://blogs.technet.com/b/msrc/arc...edirected=true
23 Apr 2013
___
- http://technet.microsoft.com/en-us/s...letin/ms13-036
Updated: Wednesday, April 24, 2013
Revisions:
• V1.0 (April 9, 2013): Bulletin published.
• V2.0 (April 11, 2013): Added links to Microsoft Knowledge Base Article 2823324 and Microsoft Knowledge Base Article 2839011 under Known Issues. Removed Download Center links for Microsoft security update 2823324. Microsoft recommends that customers uninstall this update. See the Update FAQ for details.
• V2.1 (April 17, 2013): Added FAQs to provide additional guidance for customers who are having difficulties restarting their systems after installing security update 2823324. See the Update FAQ for details.
• V3.0 (April 23, 2013): Rereleased bulletin to replace the 2823324 update with the 2840149 update for NTFS.sys when installed on supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. See the Update FAQ for details.
• V3.1 (April 24, 2013): Corrected KB article hyperlink and incorrect KB numbers for Windows 7 for x64-based Systems and Windows Server 2008 R2 for Itanium-based Systems in the Affected Software table. These are informational changes only.
- https://windowssecrets.com/newslette...r-docs/#story6
April 24, 2013
MS13-036 (2808735, 2823324, 2840149)
> A Windows kernel update causes havoc for some
... recommend keeping KB 2808735, also included in MS13-036, on hold, too ..."
:fear:
-
IEv8 vuln attacks in-the-wild
FYI...
Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2847140
May 03, 2013 - "Microsoft is investigating public reports of a vulnerability in IEv8. Microsoft is aware of attacks that attempt to exploit this vulnerability. Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.
This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
- https://blogs.technet.com/b/msrc/arc...edirected=true
3 May 2013 - "... impacts Internet Explorer 8... This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message..."
___
- http://arstechnica.com/security/2013...s-researchers/
May 4, 2013
- http://www.invincea.com/2013/05/part...-ie8-zero-day/
May 3, 2013 - "... driveby download exploit of IE8... to install the Poison Ivy backdoor Trojan..."
- https://www.virustotal.com/en/file/e...77fb/analysis/
File name: stub.EXE
Detection ratio: 26/46
Analysis date: 2013-05-02
- http://www.securitytracker.com/id/1028514
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-1347
May 4 2013
Vendor Confirmed: Yes
Version(s): 8
Versions 6, 7, 9, and 10 are not affected.
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: No solution was available at the time of this entry.
The vendor's advisory is available at:
http://technet.microsoft.com/en-us/s...visory/2847140
:mad:
-
IE8 0-Day update...
FYI...
IE8 0-Day update ...
- https://isc.sans.edu/diary.html?storyid=15734
Last Updated: 2013-05-06 14:33:57 UTC - "... a Metasploit module was released to exploit the recent Internet Explorer 8 vulnerability. The vulnerability has also been assigned CVE-2013-1347..."
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-1347 - 10.0 (HIGH)
Last revised: 05/06/2013 - "... as exploited in the wild in May 2013."
- http://technet.microsoft.com/security/advisory/2847140
May 03, 2013
:fear::fear:
-
IEv8 FixIt available for CVE-2013-1347
FYI...
Fix it for IEv8 available
- http://support.microsoft.com/kb/2847140#FixItForMe
Last Review: May 9, 2013 - Revision: 2.0 - "... CVE-2013-1347 MSHTML Shim Workaround... To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard..." Microsoft Fix it 50992
- https://blogs.technet.com/b/msrc/arc...edirected=true
8 May 2013 - "... applying the Fix it does not require a reboot. We encourage all customers using Internet Explorer 8 to apply this Fix it to help protect their systems..."
- http://technet.microsoft.com/en-us/s...visory/2847140
• V1.1 (May 8, 2013): Added link to Microsoft Fix it solution, "CVE-2013-1347 MSHTML Shim Workaround," that prevents exploitation of this issue.
- http://www.securitytracker.com/id/1028514
"... This is currently being actively exploited in targeted attacks. Solution: ... As a workaround apply the Microsoft Fix it solution "CVE-2013-1347 MSHTML Shim Workaround" to mitigate the vulnerability..."
:fear:
-
MS Security Bulletin Summary - May 2013
FYI...
- https://technet.microsoft.com/en-us/...letin/ms13-may
May 14, 2013 - "This bulletin summary lists security bulletins released for May 2013...
(Total of -10-)
Microsoft Security Bulletin MS13-037 - Critical
Cumulative Security Update for Internet Explorer (2829530)
- https://technet.microsoft.com/en-us/...letin/ms13-037
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-038 - Critical
Security Update for Internet Explorer (2847204)
- https://technet.microsoft.com/en-us/...letin/ms13-038
Critical - Remote Code Execution - May require restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-039 - Important
Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)
- https://technet.microsoft.com/en-us/...letin/ms13-039
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-040 - Important
Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)
- http://technet.microsoft.com/en-us/s...letin/ms13-040
Important - Spoofing - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS13-041 - Important
Vulnerability in Lync Could Allow Remote Code Execution (2834695)
- https://technet.microsoft.com/en-us/...letin/ms13-041
Important - Remote Code Execution - May require restart - Microsoft Lync
Microsoft Security Bulletin MS13-042 - Important
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)
- https://technet.microsoft.com/en-us/...letin/ms13-042
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-043 - Important
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)
- https://technet.microsoft.com/en-us/...letin/ms13-043
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-044 - Important
Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)
- https://technet.microsoft.com/en-ca/...letin/ms13-044
Important - Information Disclosure - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-045 - Important
Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)
- https://technet.microsoft.com/en-us/...letin/ms13-045
Important - Information Disclosure - May require restart - Microsoft Windows Essentials
Microsoft Security Bulletin MS13-046 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221)
- https://technet.microsoft.com/en-us/...letin/ms13-046
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/arch...edirected=true
"... 10 bulletins, addressing 33 vulnerabilities in Microsoft products..."
Bulletin Deployment Priority
> https://blogs.technet.com/cfs-filesy...t-Priority.png
Severity and Exploitability Index
> https://blogs.technet.com/cfs-filesy...lity-Index.png
MS13-037 addressing Pwn2own vulnerabilities
- https://blogs.technet.com/b/srd/arch...edirected=true
14 May 2013
___
May 2013 Security Bulletin Webcast Q&A
- https://blogs.technet.com/b/msrc/p/m...edirected=true
May 15, 2013
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15791
Last Updated: 2013-05-14 17:52:27 UTC
___
- https://secunia.com/advisories/53327/ - MS13-037
- https://secunia.com/advisories/53314/ - MS13-038 - IE 8
- https://secunia.com/advisories/53340/ - MS13-039
- https://secunia.com/advisories/53350/ - MS13-040
- https://secunia.com/advisories/53363/ - MS13-041
- https://secunia.com/advisories/53370/ - MS13-042
- https://secunia.com/advisories/53379/ - MS13-043
- https://secunia.com/advisories/53380/ - MS13-044
- https://secunia.com/advisories/53383/ - MS13-045
- https://secunia.com/advisories/53385/ - MS13-046
___
MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: May 14, 2013 - Revision: 122.0
- https://blogs.technet.com/b/mmpc/arc...edirected=true
14 May 2013 - "... added three new families to this month’s Malicious Software Removal Tool (MSRT): Win32/FakeDef, Win32/Vicenor, and Win32/Kexqoud..."
(More detail and Screenshots at the URL above.)
Download:
- https://www.microsoft.com/en-us/down...l-details.aspx
File Name: Windows-KB890830-V4.20.exe - 19.3 MB
Windows Malicious Software Removal Tool x64:
File Name: Windows-KB890830-x64-V4.20.exe - 20.0 MB
___
- https://krebsonsecurity.com/2013/05/...ity-updates-2/
"<soapbox>On a side note..Dear Microsoft: Please stop asking people to install Silverlight every time they visit a Microsoft.com property. I realize that Silverlight is a Microsoft product, but it really is not needed to view information about security updates. In keeping with the principle of reducing the attack surface of an operating system, you should not be foisting additional software on visitors who are coming to you for information on how to fix bugs and vulnerabilities in Microsoft products that they already have installed. </soapbox>"
> https://krebsonsecurity.com/wp-conte...ilverlight.png
.
-
Microsoft Security Advisories 2013.05.14 ...
FYI...
Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2847140
Updated: Tuesday, May 14, 2013 Version: 2.0 - "... We have issued MS13-038* to address this issue..."
* https://technet.microsoft.com/en-us/...letin/ms13-038
Microsoft Security Advisory (2820197)
Update Rollup for ActiveX Kill Bits
- http://technet.microsoft.com/en-us/s...visory/2820197
May 14, 2013 - "... This update includes kill bits to prevent the following ActiveX controls from being run in Internet Explorer:
• Honeywell Enterprise Buildings Integrator. The following Class Identifier relates to a request by Honeywell to set a kill bit for an ActiveX control that is vulnerable. The class identifier (CLSIDs) for this ActiveX control is:
{0d080d7d-28d2-4f86-bfa1-d582e5ce4867}
• SymmetrE and ComfortPoint Open Manager. The following Class Identifier relates to a request by Honeywell to set a kill bit for an ActiveX control that is vulnerable. The class identifier (CLSIDs) for this ActiveX control is:
{29e9b436-dfac-42f9-b209-bd37bafe9317} ..."
Microsoft Security Advisory (2846338)
Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2846338
May 14, 2013 - "... Only x64-based versions of the Malware Protection Engine are affected... The Microsoft Malware Protection Engine is a part of several Microsoft antimalware products. See the Affected Software section for a list of affected products..."
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
- http://technet.microsoft.com/en-us/s...visory/2755801
Updated: Tuesday, May 14, 2013 - "... update addresses the vulnerabilities described in Adobe Security bulletin APSB13-14*..."
* https://www.adobe.com/support/securi...apsb13-14.html
"... Flash Player 11.7.700.202 for Windows 8..."
:fear::fear::fear::fear:
-
MS Security Bulletin Summary - June 2013
FYI...
- https://technet.microsoft.com/en-us/...letin/ms13-jun
June 11, 2013 - "This bulletin summary lists security bulletins released for June 2013...
(Total of -5-)
Microsoft Security Bulletin MS13-047 - Critical
Cumulative Security Update for Internet Explorer (2838727)
- https://technet.microsoft.com/en-us/...letin/ms13-047
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-048 - Important
Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229)
- https://technet.microsoft.com/en-us/...letin/ms13-048
Important - Information Disclosure - Requires restart - Microsoft Windows
- https://support.microsoft.com/kb/2839229
Last Review: June 15, 2013 - Revision: 4.1 - "... MS13-048... Known issues with this security update:
Customers who use non-updated versions of certain Kingsoft software products may experience issues installing this security update. In some cases, systems may not successfully restart after security update 2839229 is applied, and customers may encounter a blue or blank screen. We are aware that Kingsoft antivirus and browser product components (kisknl.sys, knbdrv.sys, and dgsafe.sys) may be affected. We recommend that customers update their Kingsoft software to the latest versions -before- security update 2839229 is applied..."
Microsoft Security Bulletin MS13-049 - Important
Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690)
- https://technet.microsoft.com/en-us/...letin/ms13-049
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-050 - Important
Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/...letin/ms13-050
Important - Elevation of privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-051 - Important
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571)
- https://technet.microsoft.com/en-us/...letin/ms13-051
Important - Remote Code Execution - May require restart - Microsoft Office
___
- http://blogs.technet.com/b/srd/archi...edirected=true
11 Jun 2013 - "MS13-051... We have seen this vulnerability exploited in targeted 0day attacks in the wild..."
- https://krebsonsecurity.com/2013/06/...flash-windows/
11 Jun 2013 - "... five updates address 23 vulnerabilities in Windows, Internet Explorer, and Office..."
- http://blogs.technet.com/b/msrc/arch...edirected=true
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesy...3-DP-Slide.PNG
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesy...d-Severity.PNG
___
- https://secunia.com/advisories/53728/ - MS13-047
- https://secunia.com/advisories/53739/ - MS13-048
- https://secunia.com/advisories/53741/ - MS13-049
- https://secunia.com/advisories/53742/ - MS13-050
- https://secunia.com/advisories/53747/ - MS13-051
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15977
Last Updated: 2013-06-11 17:10:35 UTC
___
MSRT
- https://support.microsoft.com/?kbid=890830
June 11, 2013 - Revision: 123.0
- http://www.microsoft.com/security/pc...-families.aspx
"... added in this release...
• Tupym..."
Download:
- https://www.microsoft.com/en-us/down...l-details.aspx
Windows-KB890830-V5.1.exe - 19.1 MB
... Change systems:
Windows Malicious Software Removal Tool x64:
Windows-KB890830-x64-V5.1.exe - 19.9 MB
.
-
MS Security Advisories - 2013.06.11
FYI...
Microsoft Security Advisory (2854544)
Update to Improve Cryptography and Digital Certificate Handling in Windows
- http://technet.microsoft.com/en-us/s...visory/2854544
June 11, 2013 - "... Microsoft released an update (2813430) for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT..."
* http://support.microsoft.com/kb/2813430
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
- http://technet.microsoft.com/en-us/s...visory/2755801
June 11, 2013 - Version: 13.0
:fear::fear:
-
MS13-029 re-released for XPSP3 ...
FYI...
MS13-029 re-released for XPSP3 ...
Microsoft Security Bulletin MS13-029 - Critical
- https://technet.microsoft.com/en-us/...letin/ms13-029
... Update FAQ: Why was this bulletin revised on June 25, 2013?
Microsoft revised this bulletin to rerelease the 2813347 update for Remote Desktop Connection 7.0 Client on Windows XP Service Pack 3. The rereleased update addresses an issue with the original update that caused the update to be incorrectly reoffered to systems running in specific configurations. Microsoft recommends that customers running the affected software apply the rereleased security update immediately...
V2.0 (June 25, 2013): Revised bulletin to rerelease the 2813347 update for Remote Desktop Connection 7.0 Client on Windows XP Service Pack 3. Microsoft recommends that customers running the affected software apply the rereleased security update immediately...
- https://support.microsoft.com/kb/2828223
Last Review: June 25, 2013 - Revision: 2.0
:fear::fear:
-
MS Security Bulletin Summary - July 2013
FYI...
- https://technet.microsoft.com/en-us/...letin/ms13-jul
July 09, 2013 - "This bulletin summary lists security bulletins released for July 2013...
(Total of -7-)
Microsoft Security Bulletin MS13-052 - Critical
Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
- https://technet.microsoft.com/en-us/...letin/ms13-052
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Silverlight
Microsoft Security Bulletin MS13-053 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)
- https://technet.microsoft.com/en-us/...letin/ms13-053
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-054 - Critical
Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)
- https://technet.microsoft.com/en-us/...letin/ms13-054
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office, Microsoft Visual Studio, Microsoft Lync
Microsoft Security Bulletin MS13-055 - Critical
Cumulative Security Update for Internet Explorer (2846071)
- https://technet.microsoft.com/en-us/...letin/ms13-055
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
V1.1 (July 9, 2013): Bulletin revised to announce that Microsoft is aware of targeted attacks attempting to exploit the vulnerability described in CVE-2013-3163 through Internet Explorer 8. Applying this security update protects customers from exploitation of this vulnerability.
- https://atlas.arbor.net/briefs/index#31300424
High Severity
July 11, 2013
A 0day Internet Explorer exploit has been used in one or more targeted attack campaigns. Microsoft is aware of the issue but patching has yet to take place, leaving a window of vulnerability now that the issue is more well known.
Analysis: It is impossible to avoid all 0day attacks because by their very nature, few will know of the vulnerability. It's not secret that nation-states, security contractors and intelligence agencies have access to many vulnerabilities that are developed in-house or are part of covert markets. Despite this persistent problem with an unknown attack surface, reduction of attack surface is key, along with robust monitoring of resources of value for indicators of compromise. On the host side, Microsofts EMET technology stymies this particular exploit, although in general EMET can be evaded. Despite it's weaknesses, EMET is an extra layer of defense and it's low deployment likely means that some attackers will be less likely to attempt to bypass it's defenses. In the meanwhile, indicators from this particular attack can be useful to help determine if your organization has been targeted.
Source: http://blogs.technet.com/b/srd/archi...r-so-long.aspx
10 Jul 2013 - "... addressed by yesterday’s Microsoft Security Bulletin MS13-055. If you have not yet updated, please do so at the earliest possible..."
Microsoft Security Bulletin MS13-056 - Critical
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)
- https://technet.microsoft.com/en-us/...letin/ms13-056
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-057 - Critical
Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
- https://technet.microsoft.com/en-us/...letin/ms13-057
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-058 - Important
Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)
- https://technet.microsoft.com/en-us/...letin/ms13-058
Important - Elevation of Privilege - Does not require restart - Microsoft Security Software
___
- http://blogs.technet.com/b/msrc/arch...edirected=true
9 Jul 2013
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesy...ly-2013-DP.png
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesy...3-Severity.png
___
- https://secunia.com/advisories/54025/ - MS13-052
- https://secunia.com/advisories/53435/ - MS13-053
- https://secunia.com/advisories/54057/ - MS13-054
- https://secunia.com/advisories/54060/ - MS13-055
- https://secunia.com/advisories/54061/ - MS13-056
- https://secunia.com/advisories/54062/ - MS13-057
- https://secunia.com/advisories/54063/ - MS13-058
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=16126
Last Updated: 2013-07-09 18:22:06 UTC... (Version: 2)
- https://atlas.arbor.net/briefs/index#-271320476
Extreme Severity
July 11, 2013 21:27
Microsoft and Adobe release critical updates. There are apparently two in-the-wild exploits for Microsoft vulnerabilities that are patched herein, so quick deployment is important.
Analysis: One of the Microsoft security holes was disclosed to the public via sharing of exploit code. This has unsurprisingly resulted in the vulnerability being exploited in the wild. There is additional evidence to suggest another one of the vulnerabilities is also being exploited, and details are emergent. No known attacks are taking advantage of the security holes patched by Adobe, however it is always likely that resourceful attackers have known of at least some of these vulnerabilities and have used them in targeted attacks.
Source: https://krebsonsecurity.com/2013/07/...tical-updates/
___
July 2013 Office Update Release
- https://blogs.technet.com/b/office_s...edirected=true
9 Jul 2013
___
- https://www.computerworld.com/s/arti...rosoft_Windows
July 9, 2013 - "... 17 of the 34 vulnerabilities covered in the bulletins address IE..."
- http://www.securitytracker.com/id/1028745
CVE Reference: CVE-2013-3115, CVE-2013-3143, CVE-2013-3144, CVE-2013-3145, CVE-2013-3146, CVE-2013-3147, CVE-2013-3148, CVE-2013-3149, CVE-2013-3150, CVE-2013-3151, CVE-2013-3152, CVE-2013-3153, CVE-2013-3161, CVE-2013-3162, CVE-2013-3163, CVE-2013-3164, CVE-2013-3166
Jul 9 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6, 7, 8, 9, 10 ...
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/s...visory/2755801
V14.0 (July 9, 2013): Added the 2857645 update to the Current Update section.
Current Update: On July 9, 2013, Microsoft released an update (2857645) for all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-17*. For more information about this update, including download links, see Microsoft Knowledge Base Article 2857645**. Note: The update for Windows RT is available via Windows Update only. The 2857645 update is also available for Internet Explorer 11 Preview in Windows 8.1 Preview and Windows 8.1 RT Preview releases. The update is available via Windows Update.
* http://www.adobe.com/support/securit...apsb13-17.html
CVE-2013-3344, CVE-2013-3345, CVE-2013-3347
Flash Player in Internet Explorer 10
** http://support.microsoft.com/kb/2857645
July 9, 2013
___
MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: July 9, 2013 - Revision: 124.0
- http://www.microsoft.com/security/pc...-families.aspx
"... list includes every major virus and worm family the tool provides detection and cleaning capabilities for since its initial release on January 11, 2005..."
Download:
- https://www.microsoft.com/en-us/down...l-details.aspx
Windows-KB890830-V5.2.exe
Windows Malicious Software Removal Tool x64:
Windows-KB890830-x64-V5.2.exe
.
-
Problems with MS13-057 ...
FYI...
Problems with MS13-057...
Half your video missing in Windows Movie Maker?[1] MS13-057 to blame.
- http://blog.dynamoo.com/2013/07/half...n-windows.html
16 July 2013 - "... I am not alone.. an InfoWorld post* also indicates that there are problems with Adobe Premiere Pro, Techsmith Camtasia Studio, Serif MoviePlus X6 plus some games due to the MS13-057 update pushed out a week ago. If you are experiencing critical problems with missing video, then the only thing to do seems to be to uninstall the Windows Media Player patch listed as KB2803821 or KB2834904. If this isn't causing a problem then you may as well keep the patch in place to protect your system. I would expect another patch to be re-issued soon."
* https://www.infoworld.com/t/microsof...2834904-222636
July 12, 2013
1) https://lh3.ggpht.com/-k5l-sYmfu54/U...Q/s400/wmm.jpg
___
- https://isc.sans.edu/diary.html?storyid=16168
Last Updated: 2013-07-15 21:34:45 UTC
___
MS13-057: Description of the security update for Windows Media Format Runtime 9 and 9.5 (wmvdmod.dll), and for Windows Media Player 11 and 12
- http://support.microsoft.com/default...;en-us;2803821
Last Review: August 13, 2013 - Revision: 8.0 - "... If you use Adobe Premier Pro CS6, Camtasia Studio 8.1, or Serif MoviePlus X6, you may experience issues after installing 2803821. In some cases, WMV video files may fail to successfully encode or decode. Upon completion of the investigation, Microsoft will take appropriate action to help protect our customers. This may include providing mitigations and workarounds or re-releasing this security update."
___
3 more botched Windows patches: KB 2803821, KB 2840628, and KB 2821895
Two Black Tuesday patches -- MS 13-052 and MS 13-057 -- and last month's nonsecurity patch KB 2821895 cause a variety of problems
- https://www.infoworld.com/t/microsof...2821895-222807
July 16, 2013
MS13-052: https://support.microsoft.com/kb/2861561
Last Review: July 11, 2013 - Revision: 2.0
MS13-057: https://support.microsoft.com/kb/2847883
Last Review: July 17, 2013 - Revision: 4.0
KB 2821895: https://support.microsoft.com/kb/2821895
Last Review: June 20, 2013 - Revision: 5.0
:fear: :sad:
-
MS Security Bulletin Summary - August 2013
FYI...
- https://technet.microsoft.com/en-us/...letin/ms13-aug
August 13, 2013 - "This bulletin summary lists security bulletins released for August 2013...
(Total of -8-)
Microsoft Security Bulletin MS13-059 - Critical
Cumulative Security Update for Internet Explorer (2862772)
- https://technet.microsoft.com/en-us/...letin/ms13-059
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-060 - Critical
Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2850869)
- https://technet.microsoft.com/en-us/...letin/ms13-060
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-061 - Critical
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)
- https://technet.microsoft.com/en-us/...letin/ms13-061
Critical - Remote Code Execution - May require restart - Microsoft Server Software
Microsoft Security Bulletin MS13-062 - Important
Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege (2849470)
- https://technet.microsoft.com/en-us/...letin/ms13-062
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-063 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2859537)
- https://technet.microsoft.com/en-us/...letin/ms13-063
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-064 - Important
Vulnerability in Windows NAT Driver Could Allow Denial of Service (2849568)
- https://technet.microsoft.com/en-us/...letin/ms13-064
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-065 - Important
Vulnerability in ICMPv6 could allow Denial of Service (2868623)
- https://technet.microsoft.com/en-us/...letin/ms13-065
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-066 - Important
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/...letin/ms13-066
Important - Information Disclosure - May require restart - Microsoft Windows
___
MS13-052: Vulnerabilities in .NET Framework and Silverlight could allow remote code execution
- https://support.microsoft.com/kb/2861561
August 13, 2013 This security update has been re-released and contains some updated articles. We recommend that you apply this updated security update.
Last Review: August 13, 2013 - Revision: 5.0
- https://technet.microsoft.com/en-us/...letin/MS13-052
Updated: August 13, 2013
MS13-057: Description of the security update for Windows Media Format Runtime 9 and 9.5 (wmvdmod.dll), and for Windows Media Player 11 and 12
- http://support.microsoft.com/default...;en-us;2803821
"... issue resolved for Win7 and Win Svr 2008R2...
re-released version of security update 2803821 - August 13, 2013..."
Last Review: August 13, 2013 - Revision: 8.0
- https://technet.microsoft.com/en-us/...letin/MS13-057
Updated: August 13, 2013
___
- http://blogs.technet.com/b/msrc/arch...edirected=true
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesy...3-DP-Slide.PNG
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesy...d-XI-Slide.PNG
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=16358
Last Updated: 2013-08-13 17:28:40
- http://www.theinquirer.net/inquirer/...r-and-exchange
Aug 14 2013 - "... MS13-059 fixes 11 vulnerabilities in all versions of IE from IE6 to IE10... two patches for address space layout randomisation (ALSR) bypasses this month in MS13-059 for IE and MS13-063 in the Windows kernel..."
___
- https://secunia.com/advisories/53998/ - MS13-059
- https://secunia.com/advisories/54364/ - MS13-060
- https://secunia.com/advisories/54392/ - MS13-061
- https://secunia.com/advisories/54394/ - MS13-062
- https://secunia.com/advisories/54406/ - MS13-063
- https://secunia.com/advisories/54420/ - MS13-064
- https://secunia.com/advisories/54440/ - MS13-065
- https://secunia.com/advisories/54459/ - MS13-066
___
MSRT
- https://support.microsoft.com/?kbid=890830
August 13, 2013 - Revision: 125.0
- http://www.microsoft.com/security/pc...-families.aspx
"... list includes every major virus and worm family the tool provides detection and cleaning capabilities for since its initial release on January 11, 2005..."
Download:
- https://www.microsoft.com/en-us/down...l-details.aspx
Windows-KB890830-V5.3.exe
Windows Malicious Software Removal Tool x64:
Windows-KB890830-x64-V5.3.exe
.
-
MS Security Advisories - 8.13.2013 ...
FYI...
Microsoft Security Advisory (2861855)
Updates to Improve Remote Desktop Protocol Network-level Authentication
- http://technet.microsoft.com/en-us/s...visory/2861855
August 13, 2013
Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.microsoft.com/en-us/s...visory/2862973
August 13, 2013
Microsoft Security Advisory (2854544)
Updates to Improve Cryptography and Digital Certificate Handling in Windows
- http://technet.microsoft.com/en-us/s...visory/2854544
Published: June 11, 2013 | Updated: August 13, 2013
Microsoft security advisories: RDP and MD5 deprecation in Microsoft root certificates
- https://isc.sans.edu/diary.html?storyid=16361
Last Updated: 2013-08-13 18:12:43
:fear::fear::fear:
-
MS13-061 rescinded ...
FYI...
MS13-061 rescinded ...
- https://blogs.technet.com/b/exchange...edirected=true
14 Aug 2013 - "Late last night we became aware of an issue with MS13-061 security update for Exchange Server 2013. Specifically, after the installation of the security update, the Content Index for mailbox databases shows as Failed and the Microsoft Exchange Search Host Controller service is renamed. For those that have already installed the MS13-061 security update for Exchange Server 2013, we already have KB 2879739* that provides the steps on how to resolve this issue. However, due to this issue and that it affects all Mailbox server installations, we have decided to pull the MS13-061 security update temporarily.
Note: This issue does not occur in Exchange 2010 or Exchange 2007. You can proceed with testing and deploying Exchange 2007 SP3 RU11, Exchange 2010 SP2 RU7, and Exchange 2010 SP3 RU2.
Recommendation: If you have already installed MS13-061 security update on your Exchange 2013 servers, we recommend following the steps in KB 2879739 to resolve the issue. If you have not installed MS13-061 security update on your Exchange 2013 servers, we recommend not proceeding with the update at this time..."
Update 2874216 breaks the content index in Exchange Server 2013
* https://support.microsoft.com/kb/2879739 - MS13-061
Last Review: August 20, 2013 - Revision: 5.0 <<
Applies to:
- Microsoft Exchange Server 2013 Enterprise
- Microsoft Exchange Server 2013 Standard
:fear: