-
MS problems with 6 KB's in latest Automatic Update
FYI...
MS botches six Windows patches in latest Automatic Update
Microsoft acknowledges it has problems with KB 2876063, KB 2859537, KB 2873872, KB 2843638, KB 2843639, and KB 2868846 -- all released earlier this week
- http://www.infoworld.com/t/microsoft...-update-224988
August 15, 2013 (Details at the URL above)
___
KB 2876063
- http://support.microsoft.com/kb/2876063 - MS13-061
Last Review: August 27, 2013 - Revision: 3.0
KB 2859537
- http://support.microsoft.com/kb/2859537 - MS13-063
Last Review: August 16, 2013 - Revision: 3.0 <<
KB 2873872
- http://support.microsoft.com/kb/2873872 - MS13-066
Last Review: August 19, 2013 - Revision: 4.0 <<
KB 2843638
- http://support.microsoft.com/kb/2843638 - MS13-066
Last Review: August 23, 2013 - Revision: 8.0
KB 2843639
- http://support.microsoft.com/kb/2843639 - MS13-066
Last Review: August 19, 2013 - Revision: 9.0 <<
KB 2868846
- http://support.microsoft.com/kb/2868846 - MS13-066
Last Review: August 19, 2013 - Revision: 8.0 <<
___
- https://technet.microsoft.com/en-us/...letin/ms13-061
V2.0 (August 14, 2013): Rereleased bulletin to remove the 2874216 updates for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2 to address an issue with the updates. See the Update FAQ for details.
- https://technet.microsoft.com/en-us/...letin/ms13-063
V1.1 (August 14, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
- https://technet.microsoft.com/en-us/...letin/ms13-066
V3.0 (August 19, 2013): Rereleased bulletin to announce the reoffering of the 2843638 update for Active Directory Federation Services 2.0 on Windows Server 2008 and Windows Server 2008 R2. See the Update FAQ for details.
Important Announcement: AD FS 2.0 and MS13-066
- https://blogs.technet.com/b/askds/ar...edirected=true
Update (8/19/13): We have republished MS13-066 with a corrected version of the hotfixes that contributed to this problem. If you had held off on installing the update, it should be safe to install on all of your ADFS servers now.
The updated security bulletin is here:
- http://technet.microsoft.com/en-us/s...letin/MS13-066
- http://support.microsoft.com/kb/2843638
Last Review: August 23, 2013 - Revision: 8.0
- http://support.microsoft.com/kb/2843639
Last Review: August 19, 2013 - Revision: 9.0 <<
:fear::fear::sad:
-
MS13-066 re-released
FYI...
MS13-066 re-released
- https://technet.microsoft.com/en-us/...letin/ms13-066
Updated: August 19, 2013 - "... Update FAQ: Why was this bulletin rereleased on August 19, 2013?
Microsoft rereleased this bulletin to announce the reoffering of the 2843638 update for Active Directory Federation Services 2.0 on Windows Server 2008 and Windows Server 2008 R2. The rereleased update addresses an issue in the original offerings that caused AD FS to stop working if the previously released RU3 rollup QFE (update 2790338) had not been installed; the rerelease removes this requirement. Furthermore, in creating this rerelease, Microsoft has consolidated the fixes contained in the two original updates (2843638 and 2843639) into a single 2843638 update. Customers who already installed the original updates will be reoffered the 2843638 update and are encouraged to apply it at the earliest opportunity. Note that when the installation is complete, customers will see only the 2843638 update in the list of installed updates."
V3.0 (August 19, 2013): Rereleased bulletin to announce the reoffering of the 2843638 update for Active Directory Federation Services 2.0 on Windows Server 2008 and Windows Server 2008 R2. See the Update FAQ for details.
- https://support.microsoft.com/kb/2873872
Last Review: August 19, 2013 - Revision: 4.0
- https://support.microsoft.com/kb/2843638
Last Review: August 23, 2013 - Revision: 8.0
- https://support.microsoft.com/kb/2843639
Last Review: August 19, 2013 - Revision: 9.0
:fear::fear:
-
Ms13-063 kb2859537 ...
FYI...
MS13-063 KB2859537 ...
- http://www.infoworld.com/t/microsoft...2859537-225314
Aug 21, 2013 - "... Microsoft published a "Known issues" paragraph in the KB 2859537* Knowledge Base article, but it hadn't pulled the patch. As of this morning, the patch is no longer being offered (it's -unchecked- in the Automatic Update list), and the Known issues paragraph has been modified a bit... Since MS13-063 is a Windows Kernel update - always problematic, reaching into the inner sanctum - a lot of people have reported problems... Microsoft is interested in 0xc0000005 crashes, even if (especially if) you thought you had a genuine copy of Windows 7 or Vista..."
- https://technet.microsoft.com/en-us/...letin/ms13-063
Updated: August 14, 2013
* https://support.microsoft.com/kb/2859537
Last Review: August 16, 2013 - Revision: 3.0
:fear::fear:
-
MS releases revisions to existing Updates
FYI...
MS releases revisions to existing Updates
- https://isc.sans.edu/diary.html?storyid=16448
Last Updated: 2013-08-27 20:49:12 - "... patches have undergone signficant revision according to Microsoft. The following patches were updated today by Microsoft, and are set to roll in the automatic updates:
* MS13 - July 2013 / MS13-057 - Critical
- https://technet.microsoft.com/securi...letin/ms13-jul
Updated: Tuesday, August 27, 2013
V3.0 (August 27, 2013): For MS13-057, bulletin revised to rerelease security update 2803821 for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; security update 2834902 for Windows XP and Windows Server 2003; security update 2834903 for Windows XP; security update 2834904 for Windows XP and Windows Server 2003; and security update 2834905 for Windows XP. Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 customers should install the rereleased updates that apply to their systems. See the bulletin for details.
- https://technet.microsoft.com/en-us/...letin/ms13-057
V3.0 (August 27, 2013): Bulletin revised to rerelease security update 2803821 for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; security update 2834902 for Windows XP and Windows Server 2003; security update 2834903 for Windows XP; security update 2834904 for Windows XP and Windows Server 2003; and security update 2834905 for Windows XP. Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 customers should install the rereleased updates. See the Update FAQ for more information.
* MS13 - August 2013 / MS13-061 - Critical
- https://technet.microsoft.com/securi...letin/ms13-aug
Updated: Tuesday, August 27, 2013
V3.0 (August 27, 2013): For MS13-061, bulletin revised to announce the reoffering of the 2874216 update for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2. See the bulletin for details.
- https://technet.microsoft.com/en-us/...letin/ms13-061
V3.0 (August 27, 2013): Rereleased bulletin to announce the reoffering of the 2874216 update for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2. See the Update FAQ for details.
___
Office 2010 update
- https://support.microsoft.com/kb/2825640/en-us
Last Review: August 27, 2013 - Revision: 1.0 - "... This update fixes some issues that occur when you install Service Pack 2 (SP2) for Office 2010. Additionally, this update contains stability and performance improvements..."
:fear::fear:
-
Microsoft advisories updated 2013.08.27 ...
FYI...
Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- https://technet.microsoft.com/en-us/...visory/2862973
V1.1 (August 27, 2013): Revised advisory to announce that the 2862973 update is available from the Microsoft Update Catalog.
Microsoft Security Advisory (2854544)
Updates to Improve Cryptography and Digital Certificate Handling in Windows
- https://technet.microsoft.com/en-us/...visory/2854544
V1.1 (August 13, 2013): Added the 2862966 and 2862973 updates to the Available Updates and Release Notes section.
V1.2 (August 27, 2013): Revised advisory to announce that the 2862973 update is available from the Microsoft Update Catalog.
:fear::fear:
-
MS Security Bulletin Summary - September 2013
FYI...
- https://technet.microsoft.com/en-us/...letin/ms13-sep
Sep 10, 2013 - "This bulletin summary lists security bulletins released for September 2013...
(Total of 13*)
* http://blogs.technet.com/b/msrc/arch...edirected=true
10 Sep 2013 - "... This month we released 13 bulletins – four Critical and nine Important – which addressed 47 unique CVEs in Microsoft Windows, Office, Internet Explorer and SharePoint..."
Microsoft Security Bulletin MS13-067 - Critical
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
- http://technet.microsoft.com/en-us/s...letin/ms13-067
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
V1.2 (September 13, 2013): Revised bulletin to announce a detection change for the Excel Services on Microsoft SharePoint Server 2007 update (2760589). This is a detection change only. There were no changes to the update files. Customers who have successfully installed the update do not need to take any action.
Microsoft Security Bulletin MS13-068 - Critical
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)
- http://technet.microsoft.com/en-us/s...letin/ms13-068
Critical - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-069 - Critical
Cumulative Security Update for Internet Explorer (2870699)
- https://technet.microsoft.com/en-us/...letin/ms13-069
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-070 - Critical
Vulnerability in OLE Could Allow Remote Code Execution (2876217)
- https://technet.microsoft.com/en-us/...letin/ms13-070
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-071 - Important
Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)
- https://technet.microsoft.com/en-us/...letin/ms13-071
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-072 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
- https://technet.microsoft.com/en-us/...letin/ms13-072
Important - Remote Code Execution - May require restart - Microsoft Office
V1.1 (September 13, 2013): Revised bulletin to announce detection changes for the Microsoft Office 2007 update (2760411) and the Microsoft Word 2010 update (2767913). These are detection changes only. There were no changes to the update files. Customers who have successfully installed the updates do not need to take any action. Also updated the Known Issues entry in the Knowledge Base Article section from "Yes" to "None".
Microsoft Security Bulletin MS13-073 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)
- http://technet.microsoft.com/en-us/s...letin/ms13-073
Important - Remote Code Execution - May require restart - Microsoft Office
V1.1 (September 13, 2013): Revised bulletin to announce detection changes for the Microsoft Excel 2003 update (2810048), Microsoft Excel 2007 update (2760583), Microsoft Excel Viewer update (2760590), and Microsoft Office Compatibility Pack update (2760588). These are detection changes only. There were no changes to the update files. Customers who have successfully installed the updates do not need to take any action. Also updated the Known Issues entry in the Knowledge Base Article section from "Yes" to "None".
Microsoft Security Bulletin MS13-074 - Important
Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)
- http://technet.microsoft.com/en-us/s...letin/ms13-074
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-075 - Important
Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)
- http://technet.microsoft.com/en-us/s...letin/ms13-075
Important - Elevation of Privilege - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-076 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)
- http://technet.microsoft.com/en-us/s...letin/ms13-076
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-077 - Important
Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)
- http://technet.microsoft.com/en-us/s...letin/ms13-077
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-078 - Important
Vulnerability in FrontPage Could Allow Information Disclosure (2825621)
- http://technet.microsoft.com/en-us/s...letin/ms13-078
Important - Information Disclosure - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-079 - Important
Vulnerability in Active Directory Could Allow Denial of Service (2853587)
- http://technet.microsoft.com/en-us/s...letin/ms13-079
Important - Denial of Service - May require restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/arch...edirected=true
10 Sep 2013
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesy...3.DP-Slide.PNG
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesy...rity-Slide.PNG
___
- https://secunia.com/advisories/54741/ - MS13-067
- https://secunia.com/advisories/54729/ - MS13-068
- https://secunia.com/advisories/54725/ - MS13-069
- https://secunia.com/advisories/54735/ - MS13-070
- https://secunia.com/advisories/54736/ - MS13-071
- https://secunia.com/advisories/54737/ - MS13-072
- https://secunia.com/advisories/54739/ - MS13-073
- https://secunia.com/advisories/51856/ - MS13-074
- https://secunia.com/advisories/54742/ - MS13-075
- https://secunia.com/advisories/54743/ - MS13-076
- https://secunia.com/advisories/54745/ - MS13-077
- https://secunia.com/advisories/54747/ - MS13-078
- https://secunia.com/advisories/54750/ - MS13-079
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=16538
Last Updated: 2013-09-10 18:24:55 UTC ...(Version: 1)
.
-
MS botches still more patches in latest Automatic Update
FYI...
MS botches still more patches in latest Automatic Update
... the day after Black Tuesday. Watch out for automatic patches KB 2817630, KB 2810009, KB 2760411, KB 2760588, and KB 2760583
- http://www.infoworld.com/t/microsoft...-update-226594
Sep 11, 2013 - "No sooner did Microsoft release the latest round of Black Tuesday patches, than screams of agony began sounding all over the Internet. At this point, I've seen -verified- problems with KB 2817630, KB 2810009, KB 2760411, KB 2760588, and KB 2760583... No guidance for handling the problem is on offer in the usual forums, because the people moderating the forums haven't a clue what went wrong and Microsoft isn't saying a thing..."
:fear::fear: :sad:
-
Outlook 2013 - KB2817630
FYI...
Outlook 2013 Folder Pane Disappears After Installing September 2013 Public Update
- https://blogs.technet.com/b/office_s...edirected=true
11 Sep 2013 - "Shortly after publishing the September Public Update, we received notifications of a potential issue with Outlook 2013 after installing the non-security update KB2817630. Based on those reports we immediately removed the patch from Microsoft Update. If you haven’t already downloaded or installed the patch, you will not have these problems or be offered the problematic patch. In contrast to what has been reported, MS13-068 is not the cause nor is it affected by this issue...
Due to a version incompatibility between outlook.exe and mso.dll, a mismatched reference to a data structure causes the “Minimize” button in the navigation pane to render incorrectly, typically extremely large to the point that the navigation pane is "invisible" to the user. The issue only manifests when incompatible versions of outlook.exe and mso.dll exist on the system...
Two updates can get a user into this state. Installing the September Public Update delivers an updated version of mso.dll without updating outlook.exe, resulting in the incorrect user interface.
•If you have Automatic Updates enabled, visit the Add Remove Programs feature of your Windows Installation, and uninstall KB2817630. Close Outlook and restart.
•If you have installed the August Cumulative update (which you must do manually), removing KB2817347 will correct the issue. From the Add Remove Programs feature, select KB2817347 from the list and select “Uninstall.” Close Outlook and restart.
•If you have BOTH Updates installed, the problem is not evident. The issue only manifests when one of the updates has been installed. If you have updated to the September Public Update and you want to roll forward, install the August Cumulative update, KB2817347.
We are also working on re-publishing the September Public Update with the correct versions of both mso.dll and outlook.exe to ensure users with automatic updates enabled will receive the correct fix..."
___
Superceded by:
- http://blogs.technet.com/b/office_su...-and-sccm.aspx
Dated 12 Sep 2013, which in reality did not get the revisions released until 13 Sep 2013...
:fear::fear:
-
Patch Tuesday Aftermath - cont'd...
FYI...
Reboot Wednesday: Yesterday's Patch Tuesday Aftermath
- https://isc.sans.edu/forums/diary/Re...ftermath/16556
Comments: 15 hours ago ... [Susan Bradley]
"KB2810009 users are reporting error 80242009 upon install see:
http://social.technet.microsoft.com/...b2810009-issue
Next: Office 2007 updates:
1.Security Fixes MS13-072 and MS13-073 MS13-074
KB2760411
KB2760588
KB2760583
http://answers.microsoft.com/en-us/w...=1378836774249
Two security updates released yesterday MS13-072, MS13-073 and MS13-074, These are installing fine but if you scan the machine again for updates, show up again and again and again. Currently there is -no- fix available for these other than to say that the update is applied but it is not getting properly detected. The product group is aware of the issues and are working on it.
Outlook 2013 - see http://blogs.technet.com/b/office_su...ic-update.aspx "
___
- https://windowssecrets.com/patch-wat...ptember-fixes/
Sep 11, 2013
___
MS13-073: Description of the security update for Microsoft Office Excel 2007 ...
- http://support.microsoft.com/kb/2760583/en-us
Last Review: September 13, 2013 - Revision: 4.0
"... Known issues with this update: Customers may have been repeatedly offered this update even though it was already installed. Note: This issue is resolved by a detection change released September 13, 2013. This change did not affect the updated files. This change only affects the way that we offer the updates to customers..."
//
-
MS pulls botched KB 2871630 - many Office patch problems remain
FYI...
MS pulls botched KB 2871630 - many Office patch problems remain
- http://www.infoworld.com/t/microsoft...-remain-226690
Sep 12, 2013 - "... KB 2871630, the one that caused the folder list in Outlook 2013 to disappear - was pulled early Wednesday morning...
While KB 2876130 is reined in for the moment, a whole slew of this month's patches are still causing problems on some machines:
• Two Office 2007 security updates - MS13-072 / KB2760411 and KB2760588 - and one Excel 2007 security update - MS13-073 / KB2760583 - are installing over and over again... The KB articles now say, "You may be repeatedly offered this update even though it is already installed. Microsoft is researching this problem and will post more information in this article when the information becomes available." At this point there's no additional information.
• The MS13-073 / KB 2810048 security patch for Excel 2003 installs over and over again. Two Answers forum threads in English - as well as several in other languages - have more than a hundred entries...
• The installer for the MS13-074 / KB 2810009 security patch for Access 2013 is failing with an error code 80242009... As of 11:00 p.m. Thursday, the TechNet MS13-074 article says "Known issues: None"
• The MS13-068 / KB 2794707 Outlook 2010 security patch is throwing off an error that looks just like the problem Microsoft encountered with Outlook in the Office 2010 SP 2 update, where the Calendar Folder property is empty. I've been told that Microsoft considers the problem to be "cosmetic" and it's relegated to "won't fix" status..."
___
MS13-072
- http://support.microsoft.com/kb/2760411
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Office Basic 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007 Home Use Program
Microsoft Office Home and Student 2007
Microsoft Office Professional 2007
Microsoft Office Professional Plus 2007
Microsoft Office Small Business 2007
Microsoft Office Standard 2007
MS13-073
- http://support.microsoft.com/kb/2760583
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Office Excel 2007
Microsoft Office Excel 2007 (Home and Student version)
MS13-073
- http://support.microsoft.com/kb/2760588
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Office Excel 2007
Microsoft Office Excel 2007 (Home and Student version)
MS13-073
- http://support.microsoft.com/kb/2810048
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 3.0
Applies to:
Microsoft Office 2003 Service Pack 3, when used with:
Microsoft Office Excel 2003
MS13-074
- http://support.microsoft.com/kb/2810009
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Access 2013
:fear: :fear: :sad:
-
IE8, 9 targeted attacks...
FYI...
Microsoft Security Advisory (2887505)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2887505
September 17, 2013 - "Microsoft is investigating public reports of a vulnerability in all supported versions of Internet Explorer. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. Applying the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," prevents the exploitation of this issue. See the Suggested Actions section of this advisory for more information. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
* http://support.microsoft.com/kb/2887505#FixItForMe
"Notes about this Fix it solution:
- You must restart Internet Explorer after you apply this Fix it solution.
- The Fix it solution that is described in this section applies only (to) 32-bit versions of Internet Explorer.
- You must have security update 2870699 installed for this Fix it to provide effective protection against this issue. For more information about security update 2870699... view the article in the Microsoft Knowledge Base:
2870699 MS13-069: Cumulative security update for Internet Explorer: September 10, 2013
This Fix it solution is not intended to be a replacement for any security update..."
Last Review: September 18, 2013 - Revision: 2.2
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
Microsoft Internet Explorer 6.0"
MS13-069: http://support.microsoft.com/kb/2870699
Last Review: September 18, 2013 - Revision: 2.0
- https://blogs.technet.com/b/msrc/arc...edirected=true
17 Sep 2013
___
- https://atlas.arbor.net/briefs/
High Severity
September 20, 2013 21:24
The latest Internet Explorer vulnerability is being used in targeted attacks and it's just a matter of time before larger-scale attacks take place.
Analysis: Once exploit code of this nature reaches the public, or semi-public sources, those that are paying attention (both "whitehat" and "blackhat" researchers, typically) have the information for defense and for offense. While this exploit code is not yet known to have been leveraged in any exploit kit and only in the context of targeted attacks, it is just a matter of time before the exploit becomes weaponized and expands past it's current use in targeted attacks and is use for cybercrime related activities. EMET is helpful, as is providing other hardening techniques such as whitelisting and application sandboxing where appropriate. 0day exploits are a fact of life, and there is evidence to suggest that this particular vulnerability has been exploited in the wild for some time.
Source: http://www.net-security.org/article.php?id=1885
19 Sep 2013 - "... The simplest way to avoid this risk is to use a browser other than Internet Explorer..."
- https://secunia.com/advisories/54884/
Release Date: 2013-09-18
Criticality: Extremely Critical
Impact: System access
Solution Status: Partial Fix...
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3893 - 9.3 (HIGH)
Provided and/or discovered by: Reported as a 0-day...
- http://community.websense.com/blogs/...2013-3893.aspx
18 Sep 2013 - "... close to 70% of Windows-based PCs are vulnerable..."
___
- http://www.fireeye.com/blog/technica...2013-3893.html
Sep 21, 2013 - "... Despite the targeted nature of these attacks, the exploit identifies numerous language packs (en, zh, fr, de, ja, pt, ko, ru) and software versions, which is uses to specify the correct ROP chain. Commented-out code suggests that the exploit initially targeted IE8 XP users, and IE8 and IE9 Windows 7 users who also had MS Office 2007 installed. In our tests, we observed that the exploit ran -successfully- on systems running both MS Office 2007 and 2010..."
- http://community.websense.com/blogs/...-reported.aspx
26 Sep 2013 - "... attacks utilizing the most recent Internet Explorer zero-day (CVE-2013-3893) are more prevalent than previously thought... We have seen the CVE-2013-3893 exploit targeting Japanese firms in the financial industry, being hosted on a Taiwanese IP address (hxxp: //220.229.238.123 /tn/images/index.html) as of September 25th..."
:fear::fear:
-
M$ - most patch-botching month in history
FYI...
- http://www.infoworld.com/t/microsoft...fiascos-227220
Sep 20, 2013 - "This month's Black Tuesday - Sept. 10, 2013 - enters the record books as Microsoft's most patch-botching month in history... The release dilemma is quite straightforward: Microsoft has to test the patches without letting them leak to the bad guys. Conventional wisdom dictates that if the bad guys can reverse engineer the patches before they roll down the Automatic Update chute, Windows as we know it will cease to exist... In September we had 116 patches on Black Tuesday. Twelve of them were subsequently yanked... mixing security with nonsecurity patches and pushing out more than a hundred at a time - that's just stupid. If Windows and Office are in such bad shape that we have to reboot twice a month, so be it..."
___
Office 2010 Starter Edition: File type associations missing after September 2013 Update
- http://blogs.technet.com/b/office_su...13-update.aspx
18 Sep 2013 - "... we have received reports of file type associations missing after installing KB2589275*. After installing this update, some users have reported they are unable to open files by double-clicking them, that the file type icons have changed, and that they must go to the application to open files... How to fix this issue: There are several options available to repair this issue. Each will restore Office products to a fully functional state. These are permanent fixes rather than having to revert to opening files inside the applications..."
* http://support.microsoft.com/kb/2589275
[Download has apparently been revoked.]
___
MS13-063 - KB 2859537 ...
- http://support.microsoft.com/kb/2859537/en-us
Last Review: September 19, 2013 - Revision: 4.0 - "... Known issues with this security update:
While you are installing this security update, or after you install this security update on computer that is running Windows 7 SP1 or Windows Server 2008 R2 SP1, you may experience either of the following issues: You may receive a STOP 0x6B error message when you restart a computer after you perform a specific System Restore operation...
Note: Not all STOP 0x6B errors are caused by the issues that are described in this article.
Some users may experience issues with certain programs after they install security update 2859537. In some cases the programs may not successfully start..."
MS13-063: Vulnerabilities in Windows kernel could allow elevation of privilege
- http://technet.microsoft.com/en-us/s...letin/ms13-063
V1.2 (September 13, 2013): Corrected update replacement for all affected software excluding Windows XP and Windows 8. This is an informational change only.
:fear::fear:
-
MS13-068 -KB2794707- and Office 2010 SP2 - 2687455
FYI...
MS13-068 - KB2794707- and Office 2010 SP2 - 2687455
Not all the Office patches are ready to install; the Office 2010 SP2 release still has issues.
- https://windowssecrets.com/patch-wat...ffice-updates/
Sep 25, 2013 - "Microsoft should soon push out Office 2010 SP2 to everyone getting Windows updates automatically. (Previously, those users might have seen KB 2687455 listed in Windows Update but unchecked for installation.) I’m still not ready to give the full thumbs-up to this major update. As noted in MS forums*, some Office 2010 users who installed SP2 continue to receive false error messages in their application event log when they start up Outlook. The good news: the error is cosmetic. There’s no actual error, but the Office event logs could become cluttered with messages such as “Calendar Folder property is missing.” An event log filled with false errors can make it difficult to find the records of other PC problems — they roll off the the log sooner than normal and the event you’re looking for is gone. This problem can also occur after installing KB 2794707, a September security update for an Outlook vulnerability. We have several shared calendars in my office, and my event log is filled with the Event 27 “Calendar Folder property is missing” error. There’s currently no ETA on a fix for this issue. Because it’s consider cosmetic, it might be a low priority for Microsoft; however, I don’t find it reassuring to be told to ignore an error. Fortunately, the vulnerability patched by KB 2794707 is difficult to exploit, according to a Microsoft Security Research & Defense post**.
What to do: There’s probably no real harm in installing KBs 2687455 (Office 2010 SP2) and 2794707 (MS13-068). But it’s just as probable there’s no real harm in waiting until Microsoft provides a fix for these fixes. I recommend keeping both updates on -hold- for a while longer."
* http://social.technet.microsoft.com/...er-property-is
** http://blogs.technet.com/b/srd/archi...n-outlook.aspx
Office 2010 Service Pack 2
- http://support.microsoft.com/kb/2687455
Last Review: August 20, 2013 - Revision: 4.0
- http://support.microsoft.com/kb/2794707
Last Review: October 2, 2013 - Revision: 2.0
Applies to: Microsoft Outlook 2010
:fear::fear:
-
Metasploit releases CVE-2013-3893 ...
FYI...
Metasploit releases CVE-2013-3893 ...
- https://community.rapid7.com/communi...use-after-free
Sep 30, 2013 - "Recently the public has shown a lot of interest in the new Internet Explorer vulnerability (CVE-2013-3893) that has been exploited in the wild, which was initially discovered in Japan. At the time of this writing there is still no patch available, but there is still at least a temporary fix-it that you can apply from Microsoft, which can be downloaded here*... The vulnerability affects Internet Explorer from 6 all the way to 11, however, the exploit in the wild primarily targets Internet Explorer 8 on Windows XP, and Internet Explorer 8 and 9 on Windows 7... The Metasploit module currently can be only tested on Internet Explorer 9 on Windows 7 SP1 with either Office 2007 or Office 2010 installed..."
* https://support.microsoft.com/kb/2887505#FixItForMe
Microsoft Fix it 51001
- https://isc.sans.edu/diary.html?storyid=16697
Last Updated: 2013-10-01 19:57:14 UTC... Version: 2
:fear::fear::fear:
-
MS Security Bulletin Summary - October 2013
FYI...
- https://technet.microsoft.com/en-us/...letin/ms13-oct
October 08, 2013 - "This bulletin summary lists security bulletins released for October 2013...
(Total of -8-)
Microsoft Security Bulletin MS13-080 - Critical
Cumulative Security Update for Internet Explorer (2879017)
- http://technet.microsoft.com/en-us/s...letin/ms13-080
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
V1.2 (October 8, 2013): Bulletin revised to announce that the 2884101 update is available via Windows Update.
V1.3 (October 10, 2013): Bulletin revised to remove CVE-2013-3871 from the vulnerabilities addressed by this update. Including this CVE in the original security bulletin text was a documentation error. CVE-2013-3871 is scheduled to be addressed in a future security update. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.
- http://support.microsoft.com/kb/2884101
Last Review: October 8, 2013 - Revision: 2.0
Microsoft Security Bulletin MS13-081 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
- http://technet.microsoft.com/en-us/s...letin/ms13-081
Critical - Remote Code Execution - Requires restart - Microsoft Windows
V1.1 (October 9, 2013): Bulletin revised to announce a detection change to correct an offering issue for the 2847311 update for Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) and Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation). This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Microsoft Security Bulletin MS13-082 - Critical
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)
- http://technet.microsoft.com/en-us/s...letin/ms13-082
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework
V1.1 (October 10, 2013): Bulletin revised to indicate that Server Core installations of Windows Server 2012 are affected by the vulnerability addressed in the 2861194 update. This is an informational change only. There were no changes to the detection logic or the security update files. Customers who have already successfully updated their systems do not need to take any action.
Microsoft Security Bulletin MS13-083 - Critical
Vulnerability in Windows Common Control Library Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...letin/ms13-083
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-084 - Important
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)
- http://technet.microsoft.com/en-us/s...letin/ms13-084
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS13-085 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)
- http://technet.microsoft.com/en-us/s...letin/ms13-085
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-086 - Important
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)
- http://technet.microsoft.com/en-us/s...letin/ms13-086
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-087 - Important
Vulnerability in Silverlight Could Allow Information Disclosure (2890788)
- http://technet.microsoft.com/en-us/s...letin/ms13-087
Important - Information Disclosure - Does not require restart - Microsoft Silverlight
___
- http://blogs.technet.com/b/msrc/arch...edirected=true
"... eight bulletins – four Critical and four Important - which address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight... resolves 10 issues in Internet Explorer..."
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesy...0_Priority.jpg
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesy...0_Severity.jpg
___
- http://blogs.technet.com/b/office_su...e-release.aspx
8 Oct 2013 - "The October 2013 Public Update release for Office is now live. There are 24 security updates (3 bulletins) and 35 non-security updates..."
(Long list at the URL above.)
___
- https://secunia.com/advisories/54884/ - MS13-080
- https://secunia.com/advisories/55052/ - MS13-081
- https://secunia.com/advisories/55043/ - MS13-082
- https://secunia.com/advisories/55106/ - MS13-083
- https://secunia.com/advisories/55131/ - MS13-084
- https://secunia.com/advisories/55141/ - MS13-085
- https://secunia.com/advisories/55143/ - MS13-086
- https://secunia.com/advisories/55149/ - MS13-087
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=16760
Last Updated: 2013-10-08 17:30:03 UTC
.
-
MS Security Advisories - 2013.10.08 ...
FYI...
Microsoft Security Advisory (2887505)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2887505
Updated: October 08, 2013 - Version: 2.0 - "... We have issued MS13-080* to address the Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893)..."
* https://technet.microsoft.com/en-us/...letin/ms13-080
- https://secunia.com/advisories/54884/
Last Update: 2013-10-11
Criticality: Extremely Critical
CVE Reference(s): CVE-2013-3872, CVE-2013-3873, CVE-2013-3874, CVE-2013-3875, CVE-2013-3882, CVE-2013-3885, CVE-2013-3886, CVE-2013-3893*, CVE-2013-3897
... vulnerability is currently being actively exploited in targeted attacks.
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3872 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3873 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3874 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3875 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3882 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3885 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3886 - 9.3 (HIGH)
* https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3893 - 9.3 (HIGH)
Last revised: 10/10/2013
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3897 - 9.3 (HIGH)
Last revised: 10/10/2013 - "... as exploited in the wild in September and October 2013..."
- http://www.darkreading.com/attacks-b...ndly=this-page
Oct 09, 2013
- http://community.websense.com/blogs/...h-profile.aspx
9 Oct 2013 - CVE-2013-3897
___
Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.microsoft.com/en-us/s...visory/2862973
Updated: October 08, 2013 - Version: 1.2 - "Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks... Note that the 2862966 update is a prerequisite and must be applied before this update can be installed. The 2862966 update contains associated framework changes to Microsoft Windows. For more information, see Microsoft Knowledge Base Article 2862966.
Known Issues. Microsoft Knowledge Base Article 2862973 documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues..."
- http://support.microsoft.com/kb/2862966
Last Review: August 27, 2013 - Revision: 4.0
- http://support.microsoft.com/kb/2862973
Last Review: August 15, 2013 - Revision: 2.0
:fear::fear:
-
KB 2878890 patch brings back two-year-old KB 951847 - repeatedly
FYI...
KB 2878890 patch brings back two-year-old KB 951847 - repeatedly...
- http://www.infoworld.com/t/microsoft...eatedly-228538
Oct 10, 2013 - "Another Black Tuesday, another -botched- patch. Applying this week's KB 2878890* patch on some Windows XP and Server 2003 SP2 machines causes a two-year-old .Net Framework roll-up patch, KB 951847**, to resurface. Windows Update not only prompts WinXP/Server 2003 users to (re-)install the big, old .Net patch, it keeps pestering over and over again to (re-)install it, even if the WU install logs say it's been installed. Fortunately, there's a fix. Although we don't yet know the details - and Microsoft hasn't acknowledged, much less fixed, the problem - there's a steady stream of complaints, comments, and questions about the botched patch on Microsoft's Answers forum. The problem seems to affect older WinXP/Server 2003 installations, likely those with older versions of .Net Framework installed. Advice from the forum mods (who haven't received definitive guidance from Microsoft yet) is that turning off KB 951847 - unchecking the box on the Windows Update list - is a prudent way to get rid of the annoyance..."
* http://technet.microsoft.com/en-us/s...letin/MS13-082
V1.0 Oct 8, 2013
... MAY be:
- http://support.microsoft.com/kb/2861189
Last Review: October 8, 2013 - Revision: 1.0
** http://support.microsoft.com/kb/951847
Last Review: August 18, 2011 - Revision: 9.0
MS13-082 ...
- http://www.infoworld.com/t/microsoft...ent-1077827614
"... The specific KB number you see depends on which version of Windows you're using and which version of .NET is being patched. There's a full list of KB numbers/patch files in the KB 2878890 article here: http://support.microsoft.com/kb/2878890 ... . I count 18 of them..."
___
MS13-081: Description of the security update for USB drivers: October 8, 2013
- http://support.microsoft.com/kb/2862330
[Oct 11 ... now -unchecked- in Download list - Win7. Problems likely "under investigaton"...]
___
- https://windowssecrets.com/patch-wat...leanup-update/
Susan Bradley - Oct 10, 2013 - "... rated critical for all supported desktop versions of Internet Explorer... Along with the vulnerability reported in the Sept. 17 MS Security Advisory, the update covers -nine- related vulnerabilities...
- What to do: Install KB 2879017 (MS13-080*) as soon as offered..."
* http://technet.microsoft.com/en-us/s...letin/MS13-080
V1.3 (October 10, 2013): Bulletin revised to remove CVE-2013-3871 from the vulnerabilities addressed by this update. Including this CVE in the original security bulletin text was a documentation error. CVE-2013-3871 is scheduled to be addressed in a future security update. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.
- http://support.microsoft.com/kb/2879017
Last Review: October 9, 2013 - Revision: 4.0
Applies to:
•Internet Explorer 11
•Internet Explorer 10
•Windows Internet Explorer 9
•Windows Internet Explorer 8
•Windows Internet Explorer 7
•Microsoft Internet Explorer 6.0 ...
___
Update is available that enables you to delete outdated Windows updates by using a new option in the Disk Cleanup wizard in Windows 7 SP1
- http://support.microsoft.com/kb/2852386/en-us
"... Status: Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section...
Last Review: October 8, 2013 - Revision: 1.0
Applies to:
Windows 7 Service Pack 1, when used with:
Windows 7 Enterprise
Windows 7 Home Basic
Windows 7 Home Premium
Windows 7 Professional
Windows 7 Starter
Windows 7 Ultimate ..."
:sad: :fear:
-
MS13-081 KB2862330 update "problems" ...
FYI...
MS13-081 KB2862330 update "problems" ...
- http://msmvps.com/blogs/bradley/arch...-problems.aspx
Sat, Oct 12 2013
"Microsoft 'Confirms' KB2862330 Windows 7 Update 'Problems':
- http://news.softpedia.com/news/Micro...s-390567.shtml
So let's get the story straight. KB2862330 from the moment it was released indicated it might need -two- reboots to be properly installed.
Microsoft stated that in the known issues* section at the top of the security bulletin from the moment it was released.
The system will reboot, start again and rather than coming up, will just restart a second time. It's expected and -not- a bug.
There are a few folks seeing issues with this update and quite frankly I expect it. This is a lot of updates in the kernel section with impact to usb drivers. Where we have a ton of third party development. And not always the greatest third party development.
So let's not blow these statements out of proportion to the reality."
MS13-081: Description of the security update for USB drivers
* http://support.microsoft.com/kb/2862330
Last Review: October 8, 2013 - Revision: 1.0
"Known issues with this security update: After you install security update 2862330, your computer may restart two times. For more information updates that require multiple restart, click the following article number to view the article in the Microsoft Knowledge Base:
2894518** Software updates that require multiple reboots may cause task sequence failure within Configuration Manager"
** http://support.microsoft.com/kb/2894518
Last Review: October 9, 2013 - Revision: 8.0
:blink:
-
MS13-081 V1.2 - info change only
FYI...
MS13-081 - Critical ... V1.2
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
- http://technet.microsoft.com/en-us/s...letin/ms13-081
V1.1 (October 9, 2013): Bulletin revised to announce a detection change to correct an offering issue for the 2847311 update for Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) and Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation). This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
V1.2 (October 16, 2013): For update 2855844*, corrected the update replacement for Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, and Windows Server 2008 R2 for x64-based Systems Service Pack 1. This is an informational change only.
* http://support.microsoft.com/kb/2855844
Oct 8, 2013 - Revision: 1.0
:blink:
-
MS13-081: KB 2862330 "Known issues"...
FYI...
MS13-081 ...
- http://support.microsoft.com/kb/2862330
Last Review: Oct 29, 2013 - Rev 3.0
(See: "Known issues")
- http://msmvps.com/blogs/bradley/arch...wn-issues.aspx
Oct 18 2013
___
Botched patch installs .Net Framework 3.5 without warning or consent - even on systems that have studiously avoided .Net
- http://www.infoworld.com/t/microsoft...problem-229062
Oct 18, 2013
:fear::fear:
-
MS Word exploit/FixIt ...
FYI...
Clarification on Security Advisory 2896666 ...
- https://blogs.technet.com/b/msrc/arc...edirected=true
7 Nov 2013
___
Microsoft Security Advisory (2896666)
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2896666
5 Nov 2013 - "Microsoft is investigating private reports of a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Microsoft Office products. The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images...
Workarounds: Disable the TIFF codec
Note See Microsoft Knowledge Base Article 2896666* to use the automated Microsoft Fix it solution..."
* https://support.microsoft.com/kb/2896666
Enable this Fix it - Microsoft Fix it 51004...
- https://support.microsoft.com/kb/2896666#appliesto
- http://blogs.technet.com/b/srd/archi...documents.aspx
5 Nov 2013 - "... Security Advisory 2896666 which includes a proactive Fix it workaround for blocking this attack..."
___
- https://secunia.com/advisories/55584/
Release Date: 2013-11-06
Criticality: Extremely Critical
Where: From remote
Impact: System access ...
... vulnerability is currently being actively exploited in targeted attacks.
Provided and/or discovered by: Reported as 0-day.
Original Advisory: Microsoft (KB2896666):
http://technet.microsoft.com/en-us/s...visory/2896666
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3906 - 9.3 (HIGH)
Last revised: 11/07/2013 - "... allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013"
0-Day Attack on Office...
- http://krebsonsecurity.com/2013/11/m...ack-on-office/
5 Nov 2013 - "... the exploit combines multiple techniques to bypass exploit mitigation techniques such as data execution prevention (DEP) and address space layout randomization (ASLR). The company says this exploit will -not- affect Office 2013, but will affect older versions such as Office 2003 and Office 2007..."
- http://blogs.technet.com/b/srd/archive/2013/11.aspx
Nov 5, 2013 - "... the exploit combines multiple techniques to bypass DEP and ASLR protections... Office 2010 uses the vulnerable graphic library, it is only affected only when running on older platforms such as Windows XP or Windows Server 2003, but it is -not- affected when running on newer Windows families (7, 8 and 8.1)..."
:fear::fear:
-
Ms13-081/kb 2862330 ...
FYI...
MS13-081/KB 2862330 went down the automatic update chute, triggering blue screens and endless re-installs. It still isn't fixed
- http://www.infoworld.com/t/microsoft...00000ca-230201
Nov 5, 2013 - "Last month's Black Tuesday crop included yet another stinker: MS13-081*/KB 2862330**, a "critical" Windows USB driver update that reaches into the Windows kernel, modifying all the USB 2.0 driver programs. Microsoft knew before the patch was released that it had an odd double-reboot tendency... As it turns out, that was the least of MS13-081's worries. The day after the patch appeared, Microsoft's Answers forum lit up with complaints. Here's a partial list of the problems Windows customers have experienced, after installing the patch:
• Windows 7 and Windows Server 2008 R2 may throw up a Blue Screen 0x000000D1 or 0x000000CA or 9x00000050 upon boot.
• Windows 7 and Server 2008 R2 machines may reboot, then stall at 32 percent. The only solution is to unplug the machine, then run a system restore -- necessary because the reboots stall at the same point in an endless cycle.
• After an extended period of time on reboot, Windows 2008 R2 shows the message "Please wait for modules installer," then "Failure configuring windows updates reverting change." Windows rolls back the changes, but tries to do them again.
• Windows XP has the same infinite-loop installation of the patch.
• There are also reports of failing USB keyboards and mice - at least one user reports his Microsoft Mouse won't work after installing the patch.
To date, I've seen no indication that Microsoft has isolated the source of the problem. There is no new version of the patch. There is, however, a very convoluted series of manual patching steps you can take if you feel an urgent need to install the patch. Look for the three scenarios in the KB 2862330 article. It helps if you have a degree in Computer Science. Although Microsoft hasn't completely pulled the patch - it still appears as an Important update in Windows 7 Automatic Update - the selection box is unchecked. Unless you manually check the box, the update will -not- be installed. The universal advice at this point is to refrain from installing the patch - hide it in Automatic Update if you have to. Since the patch is no longer installed by default, and almost a month after its release we still don't have an update, it's a safe assumption that the patch isn't quite as pressing as its "Critical" rating might indicate."
* http://technet.microsoft.com/en-us/s...letin/ms13-081
** http://support.microsoft.com/kb/2862330
Last Review: Oct 29, 2013 - Rev 3.0
:sad:
-
New IE 0-Day vuln exploiting msvcrt.dll
FYI...
New IE 0-Day vuln exploiting msvcrt.dll
- https://isc.sans.edu/diary.html?storyid=16985
Last Updated: 2013-11-09 13:41:19 UTC - "FireEye Labs has discovered an "exploit that leverages a new information leakage vulnerability and an IE out-of-bounds memory access vulnerability to achieve code execution." [1] Based on their analysis, it affects IE 7, 8, 9 and 10. According to Microsoft, the vulnerability can be mitigated by EMET.[2][3] Additional information on FireEye Labs post available..."
1] http://www.fireeye.com/blog/technica...le-attack.html
2] https://isc.sans.edu/forums/diary/EM...download/16019
3] http://www.microsoft.com/en-us/downl....aspx?id=39273
___
... or (once again) use an alternative browser!
:fear::fear::sad:
-
IE 0-Day vuln exploiting msvcrt.dll ...
FYI...
IE 0-Day vuln exploiting msvcrt.dll ...
- https://isc.sans.edu/diary.html?storyid=16985
Last Updated: 2013-11-11 23:41:53 UTC ... Version: 3 - "... Update: FireEye Labs provided additional information on the recently discovered IE zero-day exploit that is currently in the wild and has been named Trojan.APT.9002 (aka Hydraq/McRAT variant). They have published additional information on the Trojan that only runs in memory and leave very little artifacts that can help identify infected clients. Additional information about the Trojan can be found here(1) which also includes a list of domains, MD5 hash and User-Agent information.
Update 2: Microsoft is releasing tomorrow a fix for this vulnerability* (CVE-2013-3918) affecting Explorer ActiveX Control as "Bulletin 3" as MS13-090 listed in the November Microsoft Patch Tuesday Preview**..."
1) http://www.fireeye.com/blog/technica...ss-method.html
* http://blogs.technet.com/b/msrc/arch...e-tuesday.aspx
- https://blogs.technet.com/b/msrc/arc...edirected=true
7 Nov 2013 - "... this release won’t include an update for the issue first described in Security Advisory 2896666..."
** https://isc.sans.edu/forums/diary/16982
- https://www.virustotal.com/en/ip-add...3/information/
- https://www.virustotal.com/en/ip-add...4/information/
___
- https://secunia.com/advisories/55611/
Last Update: 2013-11-13
Criticality: Extremely Critical
Where: From remote
Impact: System access ...
Software: Microsoft Internet Explorer 10.x, 9.x, 8.x, 7.x
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3918 - 9.3 (HIGH)
... vulnerability is caused due to an error within an ActiveX control...
Solution: Apply update...
- http://technet.microsoft.com/en-us/s...letin/ms13-090
Nov 12, 2013
:fear::fear:
-
MS Security Bulletin Summary - November 2013
FYI...
- https://technet.microsoft.com/en-us/...letin/ms13-nov
Nov 12, 2013 - "This bulletin summary lists security bulletins released for November 2013...
(Total of -8-)
Microsoft Security Bulletin MS13-088 - Critical
Cumulative Security Update for Internet Explorer (2888505)
- https://technet.microsoft.com/en-us/...letin/ms13-088
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-089 - Critical
Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)
- https://technet.microsoft.com/en-us/...letin/ms13-089
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-090 - Critical
Cumulative Security Update of ActiveX Kill Bits (2900986)
- https://technet.microsoft.com/en-us/...letin/ms13-090
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-091 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
- https://technet.microsoft.com/en-us/...letin/ms13-091
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-092 - Important
Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)
- https://technet.microsoft.com/en-us/...letin/ms13-092
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-093 - Important
Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)
- http://technet.microsoft.com/en-us/s...letin/ms13-093
Important - Information Disclosure - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-094 - Important
Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)
- http://technet.microsoft.com/en-us/s...letin/ms13-094
Important - Information Disclosure - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-095 - Important
Vulnerability in Digital Signatures Could Allow Denial of Service (2868626)
- https://technet.microsoft.com/en-us/...letin/ms13-095
Important - Denial of Service - Requires restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/arch...edirected=true
12 Nov 2013
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesy...de_5F00_DP.png
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesy...0_Severity.png
___
- https://secunia.com/advisories/55054/ - MS13-088
- https://secunia.com/advisories/50000/ - MS13-089
- https://secunia.com/advisories/55611/ - MS13-090
- https://secunia.com/advisories/55539/ - MS13-091
- https://secunia.com/advisories/55550/ - MS13-092
- https://secunia.com/advisories/55558/ - MS13-093
- https://secunia.com/advisories/55574/ - MS13-094
- https://secunia.com/advisories/55629/ - MS13-095
___
November 2013 Office Update Release
- http://blogs.technet.com/b/office_su...e-release.aspx
12 Nov 2013 - "... There are 8 security updates (2 bulletins) and 18 non-security updates..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17003
2013-11-12 18:00:41 UTC
___
November 2013 Security Bulletin Release - Q&A
- https://blogs.technet.com/b/msrc/p/n...edirected=true
Nov 13, 2013
"... Q: Regarding the TIFF registry change (Fix it) in Microsoft Security Advisory 2896666, can you explain how this will affect TIFF usage?...
A: TIFF images will be blocked on the affected software and platforms listed in the advisory..."
.
-
MS Security Advisories - 2013.11.12 ...
FYI...
Microsoft Security Advisory (2896666)
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2896666
V1.1 (November 12, 2013): Clarified the scope of the active attacks, clarified affected software configurations, and revised workarounds...
- http://atlas.arbor.net/briefs/index#2125368770
High Severity
15 Nov 2013 15:38:46 +0000
The CVE-2013-3906* vulnerability has been leveraged by several threat actors. Organizations are strongly encouraged to ensure they are protected against this seriously vulnerability which has yet to be patched. A workaround is available**.
Source: http://www.fireeye.com/blog/technica...2013-3906.html
* https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3906 - 9.3 (HIGH)
** https://support.microsoft.com/kb/2896666
Last Review: Nov 12, 2013 - Rev 3.0
Microsoft Fix it 51004
___
Microsoft Security Advisory (2880823)
Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.microsoft.com/en-us/s...visory/2880823
Nov 12, 2013 - "Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing after January 1, 2016. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
Recommendation: Microsoft recommends that certificate authorities no longer sign newly generated certificates using the SHA-1 hashing algorithm and begin migrating to SHA-2. Microsoft also recommends that customers replace their SHA-1 certificates with SHA-2 certificates at the earliest opportunity. Please see the Suggested Actions section of this advisory for more information..."
Microsoft Security Advisory (2868725)
Update for Disabling RC4
- http://technet.microsoft.com/en-us/s...visory/2868725
Nov 12, 2013 - "Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT to address known weaknesses in RC4. The update supports the removal of RC4 as an available cipher on affected systems through registry settings. It also allows developers to remove RC4 in individual applications through the use of the SCH_USE_STRONG_CRYPTO flag in the SCHANNEL_CRED structure. These options are -not- enabled by default.
Recommendation. Microsoft recommends that customers download and install the update immediately and then test the new settings in their environments. Please see the Suggested Actions section of this advisory for more information..."
Microsoft Security Advisory (2862152)
Vulnerability in DirectAccess Could Allow Security Feature Bypass
- http://technet.microsoft.com/en-us/s...visory/2862152
Nov 12, 2013 - "Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how DirectAccess authenticates DirectAccess server connections to DirectAccess clients. An attacker who successfully exploited the vulnerability could use a specially crafted DirectAccess server to pose as a legitimate DirectAccess Server in order to establish connections with legitimate DirectAccess clients. The attacker-controlled system, appearing to be a legitimate server, could cause a client system to automatically authenticate and connect with the attacker-controlled system, allowing the attacker to intercept the target user's network traffic and potentially determine their encrypted domain credentials. Microsoft is not aware of any active attacks that are exploiting this vulnerability as of the release of this advisory.
Recommendation: Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.
Note: In addition to installing the update, additional administrative steps are required to be protected from the vulnerability described in this advisory. Please see the Suggested Actions section of this advisory for more information..."
___
Microsoft Security Advisory (2854544)
Updates to Improve Cryptography and Digital Certificate Handling in Windows
- http://technet.microsoft.com/en-us/s...visory/2854544
V1.3 (November 12, 2013): Added the 2868725 update and Root Certificates Policy announcement to the Available Updates and Release Notes section.
:fear::fear::fear:
-
XP update locks machines...
FYI...
XP update locks machines with SVCHOST red lined at 100%: Fix it with KB 2879017...
- http://www.infoworld.com/t/microsoft...2879017-230733
Nov 13, 2013 - "... when Windows Update accesses the Microsoft website to gather a list of available updates, the machine can lock up for five, 10, 15 minutes - or more - with the CPU and fan running at 100 percent. Then, if the customer waits long enough for the updates to appear, and clicks to install them, the XP machine goes racing away again for another five or 10 or more minutes, with the CPU redlined at 100 percent... The best solution appears to be a manual update to Internet Explorer. Yes, Microsoft has messed up wuauclt.exe so badly that it has to be repaired by installing an IE update - not a Windows update - to get it working properly. The fix is part of the October cumulative IE patch known as MS13-080/ KB 2879017*. If you manually download and install the October cumulative patch, then you should be able to use Windows Update with no problems... You would think that simply upgrading to the latest version of IE would solve the problem, but it doesn't. You have to manually download and apply the patch for your version of IE..."
* http://technet.microsoft.com/en-us/s...letin/MS13-080
:fear::fear:
-
Ms13-088 - kb2888505 ...
FYI...
MS13-088 - KB2888505
- http://windowssecrets.com/patch-watc...h-placeholder/
Nov 13, 2013 - "This month’s cumulative IE update fixes -10- newly reported vulnerabilities. KB 2888505 is rated -critical- for Versions 6–11. The only version to get a pass is the new Internet Explorer 11 for Windows 7. This update also includes -17- nonsecurity fixes, as detailed in MS Support article 2888505*... you must keep IE updated, even if you typically use another browser. IE is more than a browser: it’s a key component of the Windows operating system..."
* http://support.microsoft.com/default...;en-us;2888505
:fear:
-
MS to fix XP update issue 'soon' ...
FYI...
MS to fix XP update SVCHOST redline issue 'soon'
- http://www.infoworld.com/t/microsoft...ue-soon-230940
Nov 15, 2013 - "... The Microsoft Update team has analyzed the latest manifestation, come up with an explanation, and has promised that a permanent solution will arrive "as soon as possible." Windows Update team member Doug Neal has just posted a message to the Patch Management Mailing List that explains what's happening when Windows XP's Windows Update agent, wuauclt.exe (running in a SVCHOST wrapper), drives CPU utilization to 100 percent - and can keep WinXP machines pegged at 100 percent for -15- minutes or longer.
'The problem is caused by the Windows Update client evaluating an exceptionally long supersedence chain - something IE6 and IE7 have more than any other version of IE due to their time in market. Each 'link' in the chain doubles the CPU resources needed to evaluate it over the previous version. The chain is so long that the design stymies the WUA client.'
... Neal concludes by saying:
'While I can't provide a date for when this will be done, we know it's an issue affecting customer PCs and we're working to get it out as soon as possible to halt the impact'..."
:fear: :sad:
-
KB 2670838 - fuzzy fonts ...
FYI...
KB 2670838 - fuzzy fonts ...
- http://www.infoworld.com/t/microsoft...ndows-7-231035
Nov 18, 2013 - "... Microsoft didn't solve the problem, but it did publish a list of video drivers thought to conflict with the patch. The company also modified the installer to avoid planting the font-busting patch on machines running the identified bad video drivers. That list, toward the bottom of article KB 2670838*, has gone through -eight- major revisions... seeing complaints all over the Web that installing Internet Explorer 11 on Windows 7 can -trigger- the same problem - and the fuzzy fonts appear even on machines that aren't running any of the identified problematic video drivers... also seeing reports that the fuzzy fonts crop up on Firefox, Chrome, and - remarkably - Internet Explorer itself. Some people report that the fuzziness goes away if the pages are refreshed enough times. Others see fuzzy characters only on some pages, but very similar pages don't have the problem. If you have a case of the font fuzzies and are using IE10, the only known solution involves uninstalling KB 2670838. But if you've installed IE11, you may or may not have KB 2670838 - and if you do have it, uninstalling doesn't fix the problem..."
* http://support.microsoft.com/kb/2670838/en-us
Sep 30, 2013 - Rev 8.0
:fear::sad:
-
CVE-2013-3918 Exploit...
FYI...
CVE-2013-3918 Exploit...
- http://www.threattracksecurity.com/i...-3918-exploit/
Nov 22, 2013 - "... If you haven’t updated your OS yet, -now- is the time to do it... We were able to retrieve a piece of the exploit malware... Here is a malformed HTML website I used to test the exploit on.
> http://www.threattracksecurity.com/i...4CACC6ED89.jpg
As you can see, there’s nothing special about it. All one can see is a white page with the text “Hello man” on it. What users don’t know is that infiltration and code execution happens in the background. They don’t see anything happening until it’s already too late..."
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3918 - 9.3 (HIGH)
Last revised: 11/15/2013 - "... as exploited in the wild in November 2013, aka 'InformationCardSigninHelper' Vulnerability."
Microsoft Security Bulletin MS13-090 - Critical
Cumulative Security Update of ActiveX Kill Bits (2900986)
- http://technet.microsoft.com/security/bulletin/MS13-090
___
- http://blog.trendmicro.com/trendlabs...light-exploit/
Nov 25, 2013 - "... independent security researchers found that the Angler Exploit Kit had added Silverlight to their list of targeted software, using CVE-2013-0074. When we analyzed the available exploit, we found that in addition to CVE-2013-0074, a second vulnerability, CVE-2013-3896, in order to bypass ASLR. These vulnerabilities are discussed in two separate Microsoft security bulletins, namely MS13-022 and MS13-087, respectively..."
:fear::fear: :sad:
-
MS Security Advisory 2914486 - 0-day exploit in wild
FYI...
Microsoft Security Advisory (2914486)
Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege
- http://technet.microsoft.com/en-us/s...visory/2914486
November 27, 2013 - "Microsoft is investigating new reports of a vulnerability in a kernel component of Windows XP and Windows Server 2003. We are aware of limited, targeted attacks that attempt to exploit this vulnerability. Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003. The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Microsoft is actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs..."
0 day exploit in wild
- https://isc.sans.edu/diary.html?storyid=17117
Last Updated: 2013-11-28 01:05:44 - "... the temporary fix outlined breaks some windows features, specifically some IPSEC VPN functions..."
- http://www.fireeye.com/blog/technica...-the-wild.html
November 27, 2013 - "... The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit..."
- http://www.adobe.com/support/downloa...atform=Windows
- https://atlas.arbor.net/briefs/index#-1423916473
High Severity
Published: Fri, 06 Dec 2013 00:00:26 +0000
Public exploit code has been released for CVE-2013-5065, a vulnerability in the Windows Kernel NDPROXY component that allows for privilege escalation attacks.
Analysis: .... With public exploit code available, the bar has been lowered significantly.
Source: http://1337day.com/exploits/21615
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5065 - 7.2 (HIGH)
Last revised: 11/29/2013 - "... as exploited in the wild in November 2013."
:fear::fear:
-
.NET Framework 4.5.1 ...
FYI...
.NET Framework 4.5.1
- http://windowssecrets.com/newsletter...ox-one/#story6
November 27, 2013 - "Skip this serving of .NET Framework 4.5.1... 2858725..."
KB 2858725
- http://support.microsoft.com/kb/2858725
Last Review: Nov 26, 2013 - Rev 4.0
How to temporarily block the installation of the .NET Framework 4.5.1 ...
- http://support.microsoft.com/kb/2721187
Last Review: Nov 26, 2013 - Rev 3.0
Applies to:
• Microsoft .NET Framework 4.5.1, when used with:
Windows Vista Ultimate
Windows 7 Ultimate
Windows Server 2008 Enterprise
Windows Server 2008 R2 Enterprise
Windows Server 2012 Standard
___
.NET Framework Cleanup Tool
- http://blogs.msdn.com/b/astebner/arc...8/8904493.aspx
:fear: :sad:
-
MS Security Advisory (2916652)
FYI...
MS Security Advisory (2916652)
Improperly Issued Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/en-us/s...visory/2916652
Dec 9, 2013 - "Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. The improperly issued subordinate CA certificate has been misused to issue SSL certificates for multiple sites, including Google web properties. These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. The subordinate CA certificate may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks. To help protect customers from potentially fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of certificates that are causing this issue. For more information about these certificates, see the Frequently Asked Questions section of this advisory... in addition to addressing the certificates described in this advisory, this update is cumulative and includes digital certificates described in previous advisories..."
:fear:
-
MS Security Bulletin Summary - December 2013
FYI...
- https://technet.microsoft.com/en-us/...letin/ms13-dec
Dec 10, 2013 - "This bulletin summary lists security bulletins released for December 2013...
(Total of -11-)
Microsoft Security Bulletin MS13-096 - Critical
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (2908005)
- https://technet.microsoft.com/en-us/...letin/ms13-096
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office, Microsoft Lync
• V1.1 (December 10, 2013): Clarified that users should -undo- the Disable the TIFF Codec workaround* and the Disable data collaboration in Lync workaround after applying the update. See the Update FAQ for more information. Added undo steps to the Disable data collaboration in Lync workaround...
* https://support.microsoft.com/kb/2908005
Disable this Fix it - 51005
• V1.2 (December 20, 2013): Revised the Based on the configuration of my system, how do I know if my system is affected? Update FAQ to include the updates that are applicable for each configuration...
Microsoft Security Bulletin MS13-097 - Critical
Cumulative Security Update for Internet Explorer (2898785)
- https://technet.microsoft.com/en-us/...letin/ms13-097
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-098 - Critical
Vulnerability in Windows Could Allow Remote Code Execution (2893294)
- https://technet.microsoft.com/en-us/...letin/ms13-098
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-099 - Critical
Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)
- https://technet.microsoft.com/en-us/...letin/ms13-099
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-105 - Critical
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)
- https://technet.microsoft.com/en-us/...letin/ms13-105
Critical - Remote Code Execution - Does not require restart - Microsoft Exchange
• V1.1 (December 10, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
Microsoft Security Bulletin MS13-100 - Important
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244)
- https://technet.microsoft.com/en-us/...letin/ms13-100
Important - Remote Code Execution - May require restart - Microsoft SharePoint
Microsoft Security Bulletin MS13-101 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)
- https://technet.microsoft.com/en-us/...letin/ms13-101
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-102 - Important
Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715)
- https://technet.microsoft.com/en-us/...letin/ms13-102
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-103 - Important
Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)
- https://technet.microsoft.com/en-us/...letin/ms13-103
Important - Elevation of Privilege - Does not require restart - Microsoft Developer Tools
Microsoft Security Bulletin MS13-104 - Important
Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)
- https://technet.microsoft.com/en-us/...letin/ms13-104
Important - Information Disclosure - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-106 - Important
Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass
- https://technet.microsoft.com/en-us/...letin/ms13-106
Important - Security Feature Bypass - May require restart - Microsoft Office
___
- http://blogs.technet.com/b/msrc/arch...edirected=true
Deployment Priority
- https://blogs.technet.com/cfs-filesy...2D00_550x0.jpg
- http://blogs.technet.com/b/srd/archi...y-updates.aspx
"... we released eleven security bulletins addressing 24 CVE’s..."
___
December 2013 Office Update Release
- http://blogs.technet.com/b/office_su...e-release.aspx
9 Dec 2013 - "... There are 12 security updates (4 bulletins) and 43 non-security updates..."
(More detail at the URL above.)
___
- https://secunia.com/advisories/55584/ - MS13-096
- https://secunia.com/advisories/55967/ - MS13-097
- https://secunia.com/advisories/55971/ - MS13-098
- https://secunia.com/advisories/55981/ - MS13-099
- https://secunia.com/advisories/55985/ - MS13-100
- https://secunia.com/advisories/55986/ - MS13-101
- https://secunia.com/advisories/55988/ - MS13-102
- https://secunia.com/advisories/55991/ - MS13-103
- https://secunia.com/advisories/56007/ - MS13-103
- https://secunia.com/advisories/55997/ - MS13-104
- https://secunia.com/advisories/55998/ - MS13-105
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5057 - MS13-106
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17198
Last Updated: 2013-12-10 20:39:23 UTC
___
0-Day Fixes From Adobe, Microsoft
- http://krebsonsecurity.com/2013/12/z...obe-microsoft/
Dec 10, 2013
.
-
MS Security Advisories - 12.10.2013
FYI...
Microsoft Security Advisory (2915720)
Changes in Windows Authenticode Signature Verification
- http://technet.microsoft.com/en-us/s...visory/2915720
Dec 10, 2013 - "Microsoft is announcing the availability of an update for all supported releases of Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with Security Bulletin MS13-098, but will not be enabled until June 10, 2014. Once enabled, the new default behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure. Note that after June 10, 2014, Windows will no longer recognize non-compliant binaries as signed... see the Suggested Actions section of this advisory for more information..."
Microsoft Security Advisory (2905247)
Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege
- http://technet.microsoft.com/en-us/s...visory/2905247
Dec 10, 2013 - "Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NET view state that exists when Machine Authentication Code (MAC) validation is disabled through configuration settings. The vulnerability could allow elevation of privilege and affects all supported versions of Microsoft .NET Framework except .NET Framework 3.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1. Any ASP.NET site for which view state MAC has become disabled through configuration settings is vulnerable to attack. An attacker who successfully exploited the vulnerability could use specially crafted HTTP content to inject code to be run in the context of the service account on the ASP.NET server. Microsoft is aware of general information available publicly that could be used to exploit this vulnerability, but is not aware of any active attacks... see the Suggested Actions section of this advisory for more information..."
Microsoft Security Advisory (2896666)
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2896666
Updated: Dec 10, 2013 - "... We have issued MS13-096* to address the Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2013-3906). For more information about this issue, including download links for an available security update, please review MS13-096..."
* https://technet.microsoft.com/en-us/...letin/ms13-096
Microsoft Security Advisory (2871690)
Update to Revoke Non-compliant UEFI Modules
- http://technet.microsoft.com/en-us/s...visory/2871690
Dec 10, 2013 - "Microsoft is announcing the availability of an update for Windows 8 and Windows Server 2012 that revokes the digital signatures for nine private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are either not in compliance with our certification program or their authors have requested that the packages be revoked. At the time of this release, these UEFI modules are not known to be available publicly. Microsoft is not aware of any misuse of the affected UEFI modules. Microsoft is proactively revoking these non-compliant modules as part of ongoing efforts to protect customers. This action only affects systems running Windows 8 and Windows Server 2012 that are capable of UEFI Secure Boot where the system is configured to boot via UEFI and Secure Boot is enabled. There is no action on systems that do not support UEFI Secure Boot or where it is disabled... Microsoft Knowledge Base Article 2871690* documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues..."
* https://support.microsoft.com/kb/2871690
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/s...visory/2755801
Dec 10, 2013 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update..."
:fear::fear:
-
MS Security Advisory 2916652 - V2.0 ...
FYI...
Microsoft Security Advisory (2916652)
Improperly Issued Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/en-us/s...visory/2916652
• V2.0 (December 12, 2013): Advisory revised to announce the availability of the 2917500 update for customers running Windows XP or Windows Server 2003, or for customers who choose not to install the automatic updater of revoked certificates. The 2917500 update* is available via the Microsoft Update service and from the download center. For more information, see the Suggested Actions section of this advisory.
* http://support.microsoft.com/kb/2917500
Last Review: December 12, 2013
:fear:
-
MS Office 2010 SP2 ...
FYI...
Event ID 27, "Calendar Folder property is missing," after you apply
Office 2010 SP2: http://support.microsoft.com/kb/2883156
- http://msmvps.com/blogs/bradley/arch...otfix-out.aspx
Dec 12 2013 - "If you are suffering from that
Try this hotfix..."
Description of the Outlook 2010 hotfix package (Outlook-x-none.msp):
December 10, 2013
- http://support.microsoft.com/kb/2849973
:fear:
-
MS Security Advisory 2915720 V1.1 ...
FYI...
Microsoft Security Advisory (2915720)
Changes in Windows Authenticode Signature Verification
- http://technet.microsoft.com/en-us/s...visory/2915720
• V1.1 (December 13, 2013): Corrected the registry key information in the Test the Improvement to Authenticode Signature Verification suggested action. Customers who have applied or plan to apply the suggested action should review the revised information.
:fear::fear:
-
MS to fix Win XP SVCHOST redlining 'ASAP' ...
FYI...
MS to fix Win XP SVCHOST redlining 'ASAP' ...
- http://www.infoworld.com/t/microsoft...ossible-232675
Dec 16, 2013 - "... the XP Windows Update agent WUAUCLT.EXE running in a SVCHOST wrapper redlines, taking 100 percent of the CPU for five, 10, 15 minutes - up to an hour or two. If you have Automatic Update enabled on your computer, that means every time you re-boot Windows XP your machine can lock up for hours on end; pull the plug, and the -same- thing happens over again. On Friday night we (finally) received an official explanation that describes why the problem happens, along with a description of what Microsoft is doing to resolve it and a promise that it'll get fixed "as soon as possible"... with something like half a billion Windows XP machines out there still connected to the Internet, it's a horrendous problem... Doug Neal, senior program manager for Windows and Microsoft Update, sent a message to the PatchManagement listserv on Friday night...
'In September we witnessed a large number of reports of SVCHOST taking high CPU for extended periods of time. This was primarily on Windows XP machines running IE6 or IE7. There were a few reports of this happening on Windows XP with IE8, but only a few.' ..."
:sad: :fear: