-
MS yanks second botched Surface update ...
FYI...
MS yanks second botched Surface update ...
MS pulls the bad December firmware update for the Surface Pro 2 - with no hint as to when a fix is coming or what afflicted customers should do
- http://www.infoworld.com/t/microsoft...-months-232943
Dec 19, 2013 - "... On Dec. 10, Microsoft released a firmware update that was intended to improve stability, push updated Wi-Fi drivers, and promote better cover interaction with sleep, screen dimming, and more on the Surface Pro 2. Microsoft keeps a list of the firmware changes on one obscure page on its website* - not in the Knowledge Base, -not- on the official Windows blog. That page has no indication at all that the botched patch has been pulled..."
* http://www.microsoft.com/surface/en-...istory?lc=1041
:sad: :fear:
-
MS pulls plug on MSE for XP
FYI...
MS pulls plug on MSE for XP
- http://www.infoworld.com/t/microsoft...dows-xp-233721
Jan 8, 2014 - "... the official end of support Web page* now states that 'Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP on this date'... "
* http://windows.microsoft.com/en-us/w...d-support-help
"... after April 8, 2014, technical assistance for Windows XP will no longer be available, including automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP on this date..."
:fear::fear:
-
MS Security Bulletin Summary - January 2014
FYI...
- https://technet.microsoft.com/en-us/...letin/ms14-jan
Jan 14, 2014 - "This bulletin summary lists security bulletins released for January 2014...
(Total of -4-)
Microsoft Security Bulletin MS14-001 - Important
Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)
- https://technet.microsoft.com/en-us/...letin/ms14-001
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS14-002 - Important
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)
- https://technet.microsoft.com/en-us/...letin/ms14-002
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-003 - Important
Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)
- https://technet.microsoft.com/en-us/...letin/ms14-003
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-004 - Important
Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)
- https://technet.microsoft.com/en-us/...letin/ms14-004
Important - Denial of Service - May require restart - Microsoft Dynamics AX
___
Deployment Priority, Severity, Exploit Index
- https://blogs.technet.com/cfs-file.a...2D00_Final.jpg
- https://blogs.technet.com/b/msrc/arc...n-release.aspx
____
- https://secunia.com/advisories/56201/ - MS14-001
- https://secunia.com/advisories/55809/ - MS14-002
- https://secunia.com/advisories/56275/ - MS14-003
- https://secunia.com/advisories/56277/ - MS14-004
___
January 2014 Office Update Release
- http://blogs.technet.com/b/office_su...ce-update.aspx
14 Jan 2014 - "There are 12 security updates (1 bulletin) and 1 non-security update...
SECURITY UPDATES: MS14-001...
NON-SECURITY UPDATES: To improve stability and performance for Outlook 2013...
• Update for Microsoft Outlook 2013 KB2850061: http://support.microsoft.com/kb/2850061
Please note that these updates are all found in their corresponding versions of Office Click-to-Run: Office 2013: 15.0.4551.1512 ..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17429
Last Updated: 2014-01-14 18:03:19 UTC
.
-
MS Security Advisories - 2014.01.14 ...
FYI...
Microsoft Security Advisory (2914486)
Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege
- http://technet.microsoft.com/en-us/s...visory/2914486
Updated: Jan 14, 2014 - "... We have issued MS14-002* to address the Kernel NDProxy Vulnerability (CVE-2013-5065)..."
* https://technet.microsoft.com/en-us/...letin/ms14-002
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5065 - 7.2 (HIGH)
___
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/s...visory/2755801
Updated: Jan 14, 2014 - "... update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... available via Windows Update*..."
* https://update.microsoft.com/
___
Microsoft Security Advisory (2916652)
Improperly Issued Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/en-us/s...visory/2916652
V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
:fear::fear:
-
KB 2913431 - Win7 ...
FYI...
Update fixes an issue that causes Windows to crash
- http://support.microsoft.com/kb/2913431/en-us
Last Review: January 14, 2014 - Revision: 1.1 - "This update fixes an issue that may cause a Windows 7 or Windows Server 2008 R2-based computer to crash. This issue occurs when a program that uses Windows Filtering Platform (such as an antivirus program) is running on the computer... This update is available from Windows Update..."
:fear::fear:
-
XP - brief extention...
FYI...
XP - brief extention...
- https://blogs.technet.com/b/mmpc/arc...edirected=true
15 Jan 2014 - "... To help organizations complete their migrations, Microsoft will continue to provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015. This does -not- affect the end-of-support date of Windows XP, or the supportability of Windows XP for other Microsoft products, which deliver and apply those signatures. For enterprise customers, this applies to System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune running on Windows XP. For consumers, this applies to Microsoft Security Essentials..."
OS market share
- http://www.netmarketshare.com/operat...10&qpcustomd=0
Dec 2013
:fear:
-
MS13-081 re-released ...
FYI...
Microsoft Security Bulletin MS13-081 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
- http://technet.microsoft.com/en-us/s...letin/ms13-081
V2.0 (January 14, 2014): Rereleased bulletin to announce the reoffering of the 2862330 update to systems running Windows 7 or Windows Server 2008 R2. See the Update FAQ* for details..." *"... Customers who already installed the original update will be re-offered the 2862330 update and are encouraged to apply it at the earliest opportunity..."
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3128 - 9.3 (HIGH)
- http://support.microsoft.com/kb/2862330
"This security update was originally released on October 8, 2013. The security update was rereleased on January 14, 2014, for computers that are running Windows 7 Service Pack 1 (SP1) or Windows Server 2008 R2 SP1. The rerelease addresses an issue in which one of the drivers of the USB 2.0 core stack is not updated in some specific computer configurations."
Last Review: Jan 14, 2014 - Revision: 8.0
___
MS13-098: Vulnerability in Windows could allow remote code execution
- http://support.microsoft.com/kb/2893294
Last Review: Dec 20, 2013 - Revision: 3.0
MS13-101: Security update for Windows kernel-mode drivers
- http://support.microsoft.com/kb/2893984
Last Review: Dec 17, 2013 - Revision: 2.0
Description of Software Update Services and Windows Server Update Services changes in content for 2014
- http://support.microsoft.com/kb/894199
Last Review: Jan 16, 2014 - Revision: 18.1
:fear:
-
MS Exchange Server 2010 - Workaround...
FYI...
Folder views are not updated when you arrange by categories in Outlook after you apply Exchange Server 2010 Service Pack 3 Update Rollup 3 or Update Rollup 4
- http://support.microsoft.com/kb/2925273/en-us
"Workaround:
> To work around this problem when you sort messages by categories, you can update the folder view when you select a different folder view, such as Date (Conversations), and then return to the Categories view.
> To work around this problem when it occurs only in online-mode in the Outlook client, you can use Outlook in cached mode. Or, if it is possible, you can use OWA to make the change to the folder view."
Last Review: Feb 3, 2014 - Revision: 4.1
Applies to: Microsoft Exchange Server 2010 Service Pack 3
:fear::fear:
-
MS13-098 - Known issues ...
FYI...
MS13-098 - Known issues ...
- http://support.microsoft.com/kb/2893294/en-us
"... Known issues with this security update:
After you install this security update on a computer that is running Windows Vista or Windows Server 2008, the computer name might change to "MINWINPC." When this problem occurs, you cannot log on to computer even if you restart the computer. When you try to log on, you may receive an error message that resembles the following:
The username or password is incorrect.
This issue occurs when you install the security update on a system that has partly corrupted data or when the following registry key does not exist..."
Last Review: Feb 3, 2014 - Rev: 4.0
MS Security Bulletin MS13-098 - Critical
Vulnerability in Windows Could Allow Remote Code Execution (2893294)
- http://technet.microsoft.com/en-us/s...letin/ms13-098
:fear: :sad:
-
MS Security Advisory (2755801)
FYI...
MS Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/s...visory/2755801
Updated: Feb 04, 2014 Ver: 19.0 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service..."
- https://support.microsoft.com/kb/2929825
Last Review: Feb 4, 2014 - Rev: 2.0
:fear:
-
MS Security Bulletin Summary - Feb 2014
FYI...
- https://technet.microsoft.com/en-us/...letin/ms14-feb
Feb 11, 2014 - "This bulletin summary lists security bulletins released for February 2014...
(Total of -7-)
Microsoft Security Bulletin MS14-010 - Critical
Cumulative Security Update for Internet Explorer (2909921)
- https://technet.microsoft.com/en-us/...letin/ms14-010
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS14-011 - Critical
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
- https://technet.microsoft.com/en-us/...letin/ms14-011
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-007 - Critical
Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)
- https://technet.microsoft.com/en-us/...letin/ms14-007
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-008 - Critical
Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/...letin/ms14-008
Critical - Remote Code Execution - May require restart - Microsoft Security Software
Microsoft Security Bulletin MS14-009 - Important
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)
- https://technet.microsoft.com/en-us/...letin/ms14-009
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS14-005 - Important
Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)
- https://technet.microsoft.com/en-us/...letin/ms14-005
Important - Information Disclosure - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-006 - Important
Vulnerability in IPv6 Could Allow Denial of Service (2904659)
- https://technet.microsoft.com/en-us/...letin/ms14-006
Important - Denial of Service - Requires restart - Microsoft Windows
___
Deployment Priority, Severity, and Exploit Index
- https://blogs.technet.com/cfs-file.a...Deployment.jpg
- https://blogs.technet.com/b/msrc/arc...y-updates.aspx
___
- https://secunia.com/advisories/56771/ - MS14-005 ...Reported as a 0-day.
- https://secunia.com/advisories/56775/ - MS14-006
- https://secunia.com/advisories/56781/ - MS14-007
- https://secunia.com/advisories/56788/ - MS14-008
- https://secunia.com/advisories/56793/ - MS14-009
- https://secunia.com/advisories/56796/ - MS14-010
- https://secunia.com/advisories/56814/ - MS14-011
___
February 2014 Office Updates Release
- https://blogs.technet.com/b/office_s...edirected=true
11 Feb 2014 - "... There are 0 security updates and 8 non-security updates...
NON-SECURITY UPDATES
To improve stability and performance for Office 2010
• Update for Microsoft SharePoint Workspace 2010 (KB2760601)
• Update for Microsoft InfoPath 2010 (KB2817396)
• Update for Microsoft InfoPath 2010 (KB2817369)
• Update for Microsoft Office 2010 (KB2837583)
• Update for Microsoft OneNote 2010 (KB2837595)
• Update for Microsoft Outlook 2010 (KB2687567)
• Update for Microsoft PowerPoint 2010 (KB2775360) ...
There are no Outlook Junk Email Filter updates for February. The next Outlook Junk Email Filters updates will ship in the March 2014 update...
There is no Click-to-Run 2013 update for February. The next Click-to-Run update will ship in the April 2014 update..."
Office 365 - Multi-Factor Authentication
- http://blogs.office.com/2014/02/10/m...or-office-365/
Feb 10, 2014
___
- http://krebsonsecurity.com/2014/02/s...kwave-windows/
Feb 11, 2014 - "... seven patch bundles addressing at least 31 vulnerabilities in Windows and related software... The cumulative, critical security update for all versions of Internet Explorer (MS14-010) fixes two dozen vulnerabilities, including one that Microsoft says has already been publicly disclosed. The other patch that Microsoft specifically called out — MS14-011 — addresses a vulnerability in VBScript that could cause problems for IE users..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17615
Last Updated: 2014-02-11 18:11:29
.
-
MS Security Advisories - 02.11.2014
FYI...
Microsoft Security Advisory (2915720)
Changes in Windows Authenticode Signature Verification
- http://technet.microsoft.com/en-us/s...visory/2915720
Feb 11, 2014 - Ver: 1.2
Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.microsoft.com/en-us/s...visory/2862973
Feb 11, 2014 - Ver: 2.0
:fear:
-
Install MS14-010 for IE when offered ...
FYI...
- http://windowssecrets.com/patch-watc...et-year-round/
Feb 12, 2014 - "... Patch Tuesday’s Internet Explorer patch fixes -24- vulnerabilities, most susceptible to remote code-execution exploits. KB 2909921 is a -critical- update for IE versions 6–11*, on -all- supported Windows workstations. If you’re still running IE9, KB 2909921 will fix a related VBScript threat. But all other supported versions of IE need KB 2928390 ...
What to do: Attacks using the vulnerabilities patched by KB 2909921 (MS14-010) could appear soon. Install this update when offered..."
* MS14-010: Cumulative security update for Internet Explorer ...
- http://technet.microsoft.com/security/bulletin/MS14-010
- http://support.microsoft.com/kb/2909921
Last Review: Feb 11, 2014 - Rev: 1.0
___
MS14-011 - VBScript Scripting Engine ...
- http://technet.microsoft.com/security/bulletin/MS14-011
- http://support.microsoft.com/kb/2928390
Last Review: Feb 11, 2014 - Rev: 1.0
:fear::fear:
-
IE10 0-day in-the-wild...
FYI...
IE10 0-Day found in Watering Hole Attack
- http://www.fireeye.com/blog/technica...-attack-2.html
Feb 13, 2014 - "FireEye Labs has identified a new Internet Explorer (IE) zero-day exploit hosted on a breached website based in the U.S. It’s a brand new zero-day that targets IE 10 users visiting the compromised website – a classic drive-by download attack. Upon successful exploitation, this zero-day attack will download a XOR encoded payload from a remote server, decode and execute it. This post was intended to serve as a warning to the general public. We are collaborating with the Microsoft Security team on research activities..."
- http://www.fireeye.com/blog/uncatego...s-website.html
Feb 13, 2014 - "... Mitigation: The exploit targets IE 10 with Adobe Flash. It aborts exploitation if the user is browsing with a different version of IE or has installed Microsoft’s Experience Mitigation Toolkit (EMET). So installing EMET or updating to IE 11 prevents this exploit from functioning..."
Related: http://www.fireeye.com/blog/technica...-pdf-time.html
Feb 13, 2013 - "... In response to the many requests we’ve received for more detailed information, we would like to let our readers know that we have been working with Adobe and have jointly agreed to refrain from posting the technical details of the zero-day at this time. This post was intended to serve as a warning to the general public. We will update this post with more information at a later time."
- https://isc.sans.edu/diary.html?storyid=17642
Last Updated: 2014-02-14 04:11:27 UTC
___
- http://www.securitytracker.com/id/1029765
> https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0322 - 9.3 (HIGH)
Updated: Feb 20 2014
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Description: ... A specific exploit is active that targets version 10 but -exits- if Microsoft’s Experience Mitigation Toolkit (EMET) is detected...
This vulnerability is being actively exploited...
FireEye reported this vulnerability.
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The "MSHTML Shim Workaround" Microsoft Fix it solution will prevent exploitation.
The vendor's advisory is available at:
- https://technet.microsoft.com/security/advisory/2934088
Microsoft Fix it 51007
Watering hole attack using IE 10 0-day
> http://www.symantec.com/connect/site...y-diagram1.png
15 Feb 2014
MS IE10 - CMarkup Use-After-Free vuln
- https://secunia.com/advisories/56974/
Last Update: 2014-02-20
Criticality: Extremely Critical
Where: From remote
Impact: System access
Solution: Apply FixIt.
Original Advisory: Microsoft (KB2934088):
Last Review: Feb 19, 2014 - Rev: 1.0
Enable MSHTML shim workaround - Microsoft Fix it 51007*
... Before you install this Fix it solution, you must first install the latest updates for Internet Explorer 9 or Internet Explorer 10. To install the most current update for Internet Explorer, go to the following Microsoft webpage:
- http://update.microsoft.com/microsoftupdate
* http://support.microsoft.com/kb/2934088#FixItForMe
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0322 - 9.3 (HIGH)
Last revised: 02/18/2014 - "... as exploited in the wild in January and February 2014."
.
- http://www.kb.cert.org/vuls/id/732479
Last revised: 19 Feb 2014
- http://arstechnica.com/security/2014...tack-ms-warns/
Feb 13 2014 - "... surreptitiously installed -malware- on computers running a fully patched version 10 of the Internet Explorer browser. The attacks also work on IE 9... strongly consider switching to another browser altogether. Google Chrome has long received high marks for security, as has Mozilla Firefox."
- http://www.theinquirer.net/inquirer/...ks-on-military
Feb 14 2014 - "... just avoid the Microsoft browser altogether by running an alternative like Google Chrome or Mozilla Firefox."
:fear::fear: :mad:
-
IE9,10 - MS Fix it 51007...
FYI...
Microsoft Security Advisory (2934088)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2934088
Feb 19, 2014
- http://support.microsoft.com/kb/2934088
Last Review: Feb 19, 2014 - Rev: 1.0
Enable MSHTML shim workaround - Microsoft Fix it 51007*
... Before you install this Fix it solution, you must first install the latest updates for Internet Explorer 9 or Internet Explorer 10. To install the most current update for Internet Explorer, go to the following Microsoft webpage:
- http://update.microsoft.com/microsoftupdate
* http://support.microsoft.com/kb/2934088#FixItForMe
- http://support.microsoft.com/kb/2909921 - MS14-010
Last Review: Mar 12, 2014 - Rev: 2.0
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0322 - 9.3 (HIGH)
Last revised: 03/06/2014 - "... as exploited in the wild in January and February 2014."
- http://atlas.arbor.net/briefs/index#-1535410988
High Severity
20 Feb 2014
"... 0day exploit code for Internet Explorer 10. IE 9 is also vulnerable. Earlier exploit activity around CVE-2014-0322 has also been observed. The actual exploit code has been made publicly available. A security bulletin and fix-it are available from Microsoft..."
___
- https://blogs.technet.com/b/msrc/arc...edirected=true
Feb 19, 2014 - "... impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are -not- affected..."
:fear::fear:
-
MS Security Advisories - 2.19-20.2014 ...
FYI...
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/s...visory/2755801
Updated: Feb 20, 2014 - "... Microsoft released an update (2934802) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-07. For more information about this update, including download links, see Microsoft Knowledge Base Article 2934802*.
Prerequisite: This update is not cumulative and requires that cumulative update 2916626**, released on January 14, 2014, be installed. The previous update (2929825), released on February 4, 2014, is not a dependency; the fixes it contains have been rolled into this current update (2934802).
Note: Updates for Windows RT and Windows RT 8.1 are available via Windows Update**..."
* https://support.microsoft.com/kb/2934802
** https://support.microsoft.com/kb/2916626
*** http://update.microsoft.com/microsoftupdate
- https://secunia.com/advisories/57067/
Release Date: 2014-02-21
Criticality: Highly Critical
Where: From remote
Impact: Exposure of sensitive information, System access...
For more information: https://secunia.com/SA57057/
Solution: Apply updates...
___
Microsoft Security Advisory (2934088)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2934088
Feb 19, 2014
- http://support.microsoft.com/kb/2934088
Last Review: Feb 19, 2014 - Rev: 1.0
Enable MSHTML shim workaround - Microsoft Fix it 51007*
... Before you install this Fix it solution, you must first install the latest updates for Internet Explorer 9 or Internet Explorer 10. To install the most current update for Internet Explorer, go to the following Microsoft webpage:
- http://update.microsoft.com/microsoftupdate
* http://support.microsoft.com/kb/2934088#FixItForMe
- http://support.microsoft.com/kb/2909921 - MS14-010
Last Review: Feb 11, 2014 - Rev: 1.0
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0322 - 9.3 (HIGH)
Last revised: 02/21/2014 - "... as exploited in the wild in January and February 2014"
- http://atlas.arbor.net/briefs/index#-1535410988
High Severity
20 Feb 2014
"... 0day exploit code for Internet Explorer 10. IE 9 is also vulnerable. Earlier exploit activity around CVE-2014-0322 has also been observed. The actual exploit code has been made publicly available. A security bulletin and fix-it are available from Microsoft..."
:fear::fear:
-
MS Security Advisory 2014.02.27 ...
FYI...
Microsoft Security Advisory (2871690)
Update to Revoke Non-compliant UEFI Modules
- http://technet.microsoft.com/en-us/s...visory/2871690
Updated: Feb 27, 2014 Ver: 2.0 - "Microsoft is announcing the availability of an update for Windows 8 and Windows Server 2012 that revokes the digital signatures for nine private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are either not in compliance with our certification program or their authors have requested that the packages be revoked. At the time of this release, these UEFI modules are not known to be available publicly...
... The -rereleased- update* addresses an issue where specific third-party BIOS versions did not properly validate the signature of the original update... The 2871777 update** is a -prerequisite- and must be applied before this update can be installed..."
* https://support.microsoft.com/kb/2871690
Last Review: Feb 27, 2014 - Rev: 2.0
Also see: Known issues with this security update...
** https://support.microsoft.com/kb/2871777
Last Review: Sep 18, 2013 - Rev: 6.0
Applies to: Win8, winSvr2012
:fear:
-
MS Security Advisory 2.28.2014 ...
FYI...
Microsoft Security Advisory (2862152)
Vulnerability in DirectAccess and IPsec Could Allow Security Feature Bypass
- http://technet.microsoft.com/en-us/s...visory/2862152
Published: Nov 12, 2013 | Updated: Feb 28, 2014 Ver: 1.1 - "Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how server connections are authenticated to clients in either DirectAccess or IPsec site-to-site tunnels. An attacker who successfully exploited the vulnerability could use a specially crafted DirectAccess server to pose as a legitimate DirectAccess Server in order to establish connections with legitimate DirectAccess clients. The attacker-controlled system, appearing to be a legitimate server, could cause a client system to automatically authenticate and connect with the attacker-controlled system, allowing the attacker to intercept the target user's network traffic and potentially determine their encrypted domain credentials. Microsoft is not aware of any active attacks that are exploiting this vulnerability as of the release of this advisory.
Recommendation: Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service*.
Note: In addition to installing the update, additional administrative steps are required to be protected from the vulnerability described in this advisory. Please see the Suggested Actions section of this advisory for more information... customers must also follow the configuration guidance provided in Microsoft Knowledge Base Article 2862152** to be fully protected from the vulnerability..."
• V1.0 (November 12, 2013): Advisory published.
• V1.1 (February 28, 2014): Advisory -revised- to announce a detection change in the 2862152 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows Server 2012 R2, and Windows RT 8.1. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
* http://update.microsoft.com/microsoftupdate/
** http://support.microsoft.com/kb/2862152
Last Review: Dec 2, 2013 - Rev: 2.0
.
-
MS Security Bulletin Summary - March 2014
FYI...
- https://technet.microsoft.com/en-us/...letin/ms14-mar
March 11, 2014 - "This bulletin summary lists security bulletins released for March 2014...
(Total of -5-)
Microsoft Security Bulletin MS14-012 - Critical
Cumulative Security Update for Internet Explorer (2925418)
- https://technet.microsoft.com/en-us/...letin/ms14-012
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS14-013 - Critical
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)
- https://technet.microsoft.com/en-us/...letin/ms14-013
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-014 - Important
Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)
- https://technet.microsoft.com/en-us/...letin/ms14-014
Important - Security Feature Bypass - Does not require restart - Microsoft Silverlight
Microsoft Security Bulletin MS14-015 - Important
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)
- https://technet.microsoft.com/en-us/...letin/ms14-015
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-016 - Important
Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)
- https://technet.microsoft.com/en-us/...letin/ms14-016
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___
Description of the Office updates: March 11, 2014
- http://support.microsoft.com/kb/2937335
"... Microsoft released the following nonsecurity updates... We recommend that you install all updates that apply to you..."
- https://blogs.technet.com/b/office_s...e-release.aspx
11 Mar 2014 - "... There are no security updates and 10 non-security updates..."
___
- http://krebsonsecurity.com/2014/03/a...urity-updates/
11 Mar 2014 - "... five bulletins address -23- distinct security weaknesses... The Internet Explorer patch is rated -critical- for virtually all supported versions of IE, and plugs at least -18- security holes, including a severe weakness in IE 9 and 10 that is already being exploited in targeted attacks..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17795
Last Updated: 2014-03-11 17:23:47 UTC
___
- https://blogs.technet.com/b/msrc/arc...y-updates.aspx
Deployment Priority, Severity, and Exploit Index
- https://blogs.technet.com/resized-im...Deployment.jpg
- http://blogs.technet.com/b/srd/archi...y-updates.aspx
11 Mar 2014
___
- https://secunia.com/advisories/56974/ - MS14-012
- https://secunia.com/advisories/57325/ - MS14-013
- http://www.securitytracker.com/id/1029902 - MS14-014
- https://secunia.com/advisories/57330/ - MS14-015
- http://www.securitytracker.com/id/1029901 - MS14-016
.
-
MS Security Advisories - 3.11.2014 ...
FYI...
Microsoft Security Advisory (2934088)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2934088
Updated: March 11, 2014 - "... We have issued MS14-012* to address this issue. For more information about this issue, including download links for an available security update, please review MS14-012..."
* https://technet.microsoft.com/en-us/...letin/ms14-012
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/s...visory/2755801
Updated: March 11, 2014 Version: 21.0 - "... announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."
:fear:
-
MS14-012 - Rev. 2.0
FYI...
MS14-012: Cumulative security update for Internet Explorer
- https://support.microsoft.com/kb/2925418
Last Review: Mar 14, 2014 - Rev. 2.0
:fear: :confused:
-
MS SharePoint 2013 - Hotfix ...
FYI...
An important fix for SharePoint Foundation 2013 SP1 has just been released
- http://blogs.technet.com/b/stefan_go...-released.aspx
20 Mar 2014 - "When looking in the last couple of days at the KB article for SP1 for SharePoint Foundation 2013* you might have seen the following comment:
Notice: A known issue in SharePoint Foundation 2013 SP1 can affect the functionality of the Search WebPart. We encourage you to limit production installations of SharePoint Foundation 2013 SP1 until a fix is available. SharePoint Server 2013 is not affected by this issue.
Today we have released March 2014 Public Update (PU) for SharePoint Foundation 2013** which fixes this problem. Be aware that this fix is only necessary for SharePoint Foundation 2013 installations. SharePoint Server 2013 is not affected by the problem..."
(More detail at the technet URL above.)
Tags: SharePoint 2013, Hotfix Info
* http://support.microsoft.com/kb/2817439
Last Review: Mar 1, 2014 - Rev: 3.0
** http://support.microsoft.com/kb/2760625
Last Review: Mar 20, 2014 - Rev: 1.0
___
- http://windowssecrets.com/patch-watc...ws-xp-support/
Mar 13, 2014 Susan Bradley - "... I plan to post alerts of security issues you might face come April 9. Because Windows Server 2003 will still get updates for another year, we’ll have a better idea of what vulnerabilities XP users face and what’s not getting patched..."
:fear:
-
MS Security Advisory 2953095 ...
FYI...
Microsoft Security Advisory (2953095)
Vulnerability in Microsoft Word Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/...visory/2953095
Mar 24, 2014 - "Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Applying the Microsoft Fix it solution*, "Disable opening RTF content in Microsoft Word," prevents the exploitation of this issue through Microsoft Word... The vulnerability is a remote code execution vulnerability. The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code. The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer. Note that by default, Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013. On completion of investigation for this vulnerability, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
• V1.1 (March 27, 2014): Updated Advisory FAQ to clarify that Microsoft WordPad is not affected by the issue and to help explain how the issue is specific to Microsoft Word.
* https://support.microsoft.com/kb/2953095#FixItForMe
Microsoft Fix it 51010
- http://blogs.technet.com/b/srd/archi...etections.aspx
24 Mar 2014
___
- https://secunia.com/advisories/57577/
Criticality: Extremely Critical
Where: From remote
Impact: System access...
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-1761 - 9.3 (HIGH)
"... as exploited in the wild in March 2014."
Reported as a 0-Day...
Original Advisory: https://technet.microsoft.com/en-us/...visory/2953095
0-Day Exploit Targeting Word, Outlook
- http://krebsonsecurity.com/2014/03/m...-2010-exploit/
Mar 24, 2014
- https://www.computerworld.com/s/arti..._unpatched_bug
Mar 24, 2014 - "... exploits are triggered just by -previewing- malicious messages in Outlook 2007, 2010 and 2013..."
:fear::fear:
-
MS Security Bulletin Summary - April 2014
FYI...
- https://technet.microsoft.com/en-us/...letin/ms14-apr
April 08, 2014 - "This bulletin summary lists security bulletins released for April 2014...
(Total of -4-)
Microsoft Security Bulletin MS14-017 - Critical
Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...letin/ms14-017
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps
Microsoft Security Bulletin MS14-018 - Critical
Cumulative Security Update for Internet Explorer (2950467)
- http://technet.microsoft.com/en-us/s...letin/ms14-018
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS14-019 - Important
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...letin/ms14-019
Important - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-020 - Important
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)
- http://technet.microsoft.com/en-us/s...letin/ms14-020
Important - Remote Code Execution - May require restart - Microsoft Office
___
- http://blogs.technet.com/b/msrc/arch...y-updates.aspx
Deployment Priority, Severity, and Exploit Index
- http://blogs.technet.com/cfs-file.as...deployment.jpg
[ Open link target in IE ]
___
MS14-019 - MSRD info:
- http://blogs.technet.com/b/srd/archi...-bat-file.aspx
8 Apr 2014
___
April 2014 Office Update Release
- http://blogs.technet.com/b/office_su...e-release.aspx
8 Apr 2014 - "... There are 13 security updates (2 bulletins) and 28 non-security updates..."
MS14-017, MS14-020
___
- https://secunia.com/advisories/57577/ - MS14-017
- https://secunia.com/advisories/57586/ - MS14-018
- https://secunia.com/advisories/57642/ - MS14-019
- https://secunia.com/advisories/57652/ - MS14-020
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17923
Last Updated: 2014-04-08 20:23:09 UTC - Version: 3
.
-
MS Security Advisories 2014.04.08 ...
FYI...
Microsoft Security Advisory (2953095)
Vulnerability in Microsoft Word Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2953095
Last Updated: April 8, 2014 - "... We have issued MS14-017* to address this issue..."
* http://technet.microsoft.com/en-us/s...letin/ms14-017
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/s...visory/2755801
Last Updated: April 8, 2014 - V22.0
:fear:
-
Win 8.1 Update KB 2919355
FYI...
Windows 8.1 Update woes continue with errors 80070020, 80073712, 800F081F, 80242FFF, and 800F0922
WSUS is still down, as general update failures and complaints pile up in the two days since the release of Windows 8.1 Update
- http://www.infoworld.com/t/microsoft...00f0922-240249
April 10, 2014
- http://support.microsoft.com/kb/2919355
Last Review: April 11, 2014 - Rev: 9.0
- http://blogs.technet.com/b/wsus/arch...-over-ssl.aspx
8 Apr 2014 - "There is a -known- issue which causes some PCs updated with the Windows 8.1 Update (KB 2919355) to stop scanning against Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2 or WSUS 3.2) servers which are configured to use SSL and have not enabled TLS 1.2... we recommend that you -suspend- deployment of this update in your organization until we release the update that resolves this issue..."
- http://www.infoworld.com/t/microsoft...servers-240129
April 08, 2014 - "... Microsoft has -blocked- Windows 8.1 Update from WSUS servers, so it is no longer available for iT admins to distribute to their users. Individuals can still download the update directly through Windows Update..."
___
MS yanks SharePoint 2013 SP1, KB 2817429
... Microsoft has pulled the two-week-old SP1 for SharePoint 2013
- http://www.infoworld.com/t/microsoft...2817429-239969
Apr 07, 2014
- http://support.microsoft.com/kb/2817429
Last Review: April 3, 2014 - Rev: 4.0
"Notice: We have recently uncovered an issue with this Service Pack 1 package that may prevent customers who have Service Pack 1 from deploying future public or cumulative updates. As a precautionary measure, we have deactivated the download page until a new package is published."
:fear: :confused:
-
April 2014 Office Update - Visio 2013 ...
FYI...
April 2014 Office Update ...
- http://blogs.technet.com/b/office_su...e-release.aspx
"... Update for Microsoft Visio 2013 (KB2837632)*
*NOTE: Visio 2013 KB http://support.microsoft.com/kb/2837632 has been updated to correct a targeting issue. -Prior- to April 11 the update incorrectly targeted Visio 2013 -and- Office 2013. The update has now been corrected and will only target Visio 2013 installs. We apologize for any inconvenience this may have caused..."
- http://support.microsoft.com/kb/2837632
Last Review: April 11, 2014 Rev: 1.0 (?)
Applies to
• Microsoft Visio Professional 2013
• Microsoft Visio Standard 2013
___
481MB Visio 2013 patch ... ?
- http://www.infoworld.com/t/patch-man...ch-joke-240140
April 09, 2014
:fear::fear:
-
MS update for Win 8.1
FYI...
MS info regarding the latest Update for Win 8.1
- http://blogs.technet.com/b/gladiator...ndows-8-1.aspx
12 Apr 2014 - "Microsoft has been listening to customer feedback. Much of this feedback has been received and some of the results are being given back to our users of Windows 8.1 in the form of updates. Recently, a very big update for Windows 8.1 was released... Since Microsoft wants to ensure that customers benefit from the best support and servicing experience and to coordinate and simplify servicing across both Windows Server 2012 R2, Windows 8.1 RT and Windows 8.1, this update will be considered a new servicing/support baseline. What this means is those users who have elected to install updates manually will have 30 days to install Windows 8.1 Update on Windows 8.1 devices; after this 30-day window - and beginning with the May Patch Tuesday, Windows 8.1 user's devices without the update installed will no longer receive security updates. This means that Windows 8.1 users - starting patch Tuesday in May 2014 and beyond - will require this update to be installed. If the Windows 8.1 Update is not installed, those newer updates will be considered “not applicable”..."
- http://support.microsoft.com/kb/2919355
Last Review: April 14, 2014 - Rev: 10.0
___
- http://www.infoworld.com/t/microsoft...support-240407
April 14, 2014
:fear::fear:
-
MS14-018 - Rev. 3.0 ...
FYI...
MS14-018 ...
- http://support.microsoft.com/kb/2936068
Last Review: April 16, 2014 - Rev: 3.0
___
Microsoft fixes Windows 8.1 Update for corporate WSUS servers
- http://www.infoworld.com/t/microsoft...servers-240654
April 16, 2014 - "... it will continue to make Windows 8.1 security patches available to WSUS customers until August's Patch Tuesday. Previous announcements said that patches to Windows 8.1 would be cut off in May. This stay of execution for this patch applies only to those who receive security patches through WSUS. Windows 8.1 customers who get their patches through Windows Update (or Microsoft Update) have to install the Windows 8.1 Update/KB 2919355 patch by May 13 if they wish to continue receiving security patches for their machines..."
- http://blogs.technet.com/b/wsus/arch...-over-ssl.aspx
16 Apr 2014
- https://support.microsoft.com/kb/2919355
Apr 16, 2014 - Rev: 11.0
Apr 17, 2014 - Rev: 12.0
Apr 18, 2014 - Rev: 13.0
Last Review: Apr 25, 2014 - Rev: 16.0
- https://support.microsoft.com/kb/2959977
Last Review: April 17, 2014 - Rev: 3.0
:confused:
-
Ms kb 2952664 ? ...
FYI...
MS KB 2952664 ...
... scarce details from Microsoft...
- http://www.infoworld.com/t/microsoft...2952664-241047
Apr 24, 2014 - "... Windows 7 users are wondering what's up with KB 2952664*, an "important" patch that arrived unannounced... there appears to be no compelling reason to install the patch."
Compatibility update for upgrading Windows 7
* https://support.microsoft.com/kb/2952664
Last Review: Apr 22, 2014 - Rev: 1.0
:confused:
-
IE0-day - 4.26.2014 ...
FYI...
Microsoft Security Advisory 2963983
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.microsoft.com/en-US/...curity/2963983
April 26, 2014 8:25 PM - "Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
Suggested Actions: Apply Workarounds... Deploy the Enhanced Mitigation Experience Toolkit 4.1 ...
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-1776 - 10.0 (HIGH)
Last revised: 04/28/2014 - "... Use-after-free vulnerability in VGX.DLL... as exploited in the wild in April 2014"
- https://www.us-cert.gov/ncas/current...rability-Being
April 28, 2014 - "... consider employing an alternative web browser until an official update is available..."
- http://www.fireeye.com/blog/uncatego...d-attacks.html
April 26, 2014 - "... exploit leverages a previously unknown use-after-free vulnerability, and uses a well-known Flash exploitation technique* to achieve arbitrary memory access and bypass Windows’ ASLR and DEP protections..."
* http://www.fireeye.com/blog/technica...-exploits.html
- http://blog.trendmicro.com/trendlabs...rsions-in-use/
Apr 27, 2014 - "... some workarounds have been provided by Microsoft as part of their advisory; of these enabling Enhanced Protected Mode (an IE10 and IE11-only feature) is the easiest to do. In addition, the exploit code requires Adobe Flash to work, so disabling or removing the Flash Player from IE also reduces the risk from this vulnerability as well..."
- http://blogs.technet.com/b/msrc/arch...-advisory.aspx
Tags: Advisory, Zero-Day Exploit, Security, Internet Explorer (IE), Vulnerability"
:fear::fear:
-
MS Security Advisory 2755801
FYI...
MS Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/...curity/2755801
V23.0 (April 28, 2014): Added the 2961887 update to the Current Update section.
On April 28, 2014, Microsoft released an update (2961887) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-13*. For more information about this update, including download links, see Microsoft Knowledge Base Article 2961887** ...
* http://helpx.adobe.com/security/prod...apsb14-13.html
** https://support.microsoft.com/kb/2961887
Last Review: April 28, 2014 - Rev: 1.0
- https://technet.microsoft.com/en-us/...curity/2963983
V1.1 (April 29, 2014): Updated advisory to clarify workarounds to help prevent exploitation of the vulnerability described in this advisory. See Advisory FAQ for details.
:fear::fear:
-
V23.1 MS Security Advisory 2755801
FYI...
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/...curity/2755801
V23.1 (April 30, 2014): Revised advisory to clarify that the 2961887* update is -not- cumulative and requires that the 2942844** update be installed for affected systems to be offered the update.
* https://support.microsoft.com/kb/2961887
Last Review: Apr 8, 2014 - Rev: 1.0
** https://support.microsoft.com/kb/2942844
Last Review: Apr 8, 2014 - Rev: 1.0
___
An update is available for EMET Certificate Trust default rules
- https://support.microsoft.com/kb/2961016
Last Review: Apr 29, 2014 - Rev: 1.0
Applies to: Enhanced Mitigation Experience Toolkit 4.1
Enhanced Mitigation Experience Toolkit
- https://support.microsoft.com/kb/2458544
Last Review: Apr 30, 2014 - Rev: 9.0
:confused:
___
Microsoft Security Advisory 2963983
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/...curity/2963983
Updated: May 1, 2014 Ver: 2.0 - "Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS14-021* to address this issue..."
* https://technet.microsoft.com/library/security/ms14-021
May 1, 2014
- https://support.microsoft.com/kb/2965111
Last Review: May 1, 2014 - Rev: 1.2
> http://update.microsoft.com/
:spider:
-
MS14-021 IE - Critical
FYI...
MS14-021 - Critical / Security Update for Internet Explorer (2965111)
- https://technet.microsoft.com/library/security/ms14-021
May 1, 2014 - "This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers... Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service*..."
* http://update.microsoft.com/microsoftupdate
- https://support.microsoft.com/kb/2965111
Last Review: May 1, 2014 - Rev: 1.2
___
- http://www.securitytracker.com/id/1030154
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-1776 - 10.0 (HIGH)
May 1 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6, 7, 8, 9, 10, 11
Description: A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user. This vulnerability is being actively exploited in targeted attacks.
Solution: The vendor has issued a fix (2965111)...
Vendor URL: https://technet.microsoft.com/library/security/ms14-021
___
- http://atlas.arbor.net/briefs/index#1200596255
Extreme Severity
May 01, 2014
... IE 0-day vulnerability currently being exploited in targeted attacks... out-of-band patch for this vulnerability should be applied immediately.
:fear:
-
Win8.1 update - Rev: 17.0
FYI...
Win8.1 update ...
- https://support.microsoft.com/kb/2919355
Apr 16, 2014 - Rev: 11.0
Apr 17, 2014 - Rev: 12.0
Apr 18, 2014 - Rev: 13.0
Apr 25, 2014 - Rev: 16.0
Last Review: May 4, 2014 - Rev: 17.0
:fear: :sad:
-
Win8.1 update - Rev 18.0 ...
FYI...
Win8.1 update ...
- https://support.microsoft.com/kb/2919355
Apr 16, 2014 - Rev: 11.0
Apr 17, 2014 - Rev: 12.0
Apr 18, 2014 - Rev: 13.0
Apr 25, 2014 - Rev: 16.0
May 4, 2014 - Rev: 17.0
Last Review: May 5, 2014 - Rev: 18.0
- http://www.infoworld.com/t/microsoft...2919355-241891
May 05, 2014
- http://www.infoworld.com/t/microsoft...t-fixes-242016
May 06, 2014
:fear::fear: :sad:
-
MS Security Advisory 2962393
FYI...
Microsoft Security Advisory 2962393
Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client
- https://technet.microsoft.com/en-us/...curity/2962393
May 5, 2014 - "Microsoft is announcing the availability of an update for the Juniper Networks Windows In-Box Junos Pulse Client for Windows 8.1 and Windows RT 8.1. The update addresses a vulnerability in the Juniper VPN client by updating the affected Juniper VPN client libraries contained in affected versions of Microsoft Windows... Microsoft released an update for the Juniper Networks Windows In-Box Junos Pulse VPN client. The update addresses the vulnerability described in Juniper Security Advisory JSA10623*. For more information about this update, including download links, see Microsoft Knowledge Base Article 2962393**.
Note: Updates for Windows RT 8.1 are available via Windows Update."
* https://kb.juniper.net/InfoCenter/in...nt&id=JSA10623
Last Updated: 30 Apr 2014
Version: 43.0
** https://support.microsoft.com/kb/2962393
Last Review: May 5, 2014 - Rev: 1.1
:fear:
-
MS SIRv16: Jul 2013 to Dec 2013
FYI...
MS SIR Volume 16: July 2013 to December 2013
- http://www.microsoft.com/security/sir/default.aspx
- http://blogs.technet.com/b/mmpc/arch...-measures.aspx
7 May 2014 - "Microsoft’s Security Intelligence Report volume 16 (SIRv16) was released today, providing threat trends on malware encounter rates, infection rates, vulnerabilities, exploits, and more for 110 countries/regions worldwide. The report is designed to help IT and security professionals better protect themselves and their organizations from cyberattacks. Malware data is gathered from the Malicious Software Removal Tool (MSRT), which is used to calculate the infection rate (Computers Cleaned per Mille (CCM), and our real-time protection products are used to derive the encounter rate. One of the more notable findings included in the report was an increase in worldwide infection rates and encounter rates. About 21.2 percent of reporting computers encountered malware each quarter in 2013. We also saw an infection rate of 11.7 CCM. More specifically, the infection rate increased from a CCM rate of 5.6 in the third quarter of 2013 to 17.8 in the fourth—a threefold increase, and the largest infection rate increase ever measured by the MSRT between two consecutive quarters. This rise was predominantly affected by malware using deceptive tactics, influenced by three families not unfamiliar to readers of this blog: Sefnit, and its related families Rotbrow and Brantall..."
___
Malware infections tripled in late 2013, Microsoft finds
- https://www.computerworld.com/s/arti...icrosoft_finds
May 7, 2014
- http://www.infoworld.com/t/malware/f...crosoft-242130
May 08, 2014
:fear::fear:
-
Win8.1 update Rev ...
FYI...
Win8.1 update ...
- https://support.microsoft.com/kb/2919355
Apr 16, 2014 - Rev: 11.0
Apr 17, 2014 - Rev: 12.0
Apr 18, 2014 - Rev: 13.0
Apr 25, 2014 - Rev: 16.0
May 4, 2014 - Rev: 17.0
May 5, 2014 - Rev: 18.0
May 7, 2014 - Rev: 19.0
Last Review: May 9, 2014 - Rev: 20.0
- http://www.infoworld.com/t/microsoft...t-fixes-242016
May 06, 2014
- http://www.infoworld.com/t/microsoft...te-dogs-242213
May 09, 2014
___
- https://www.computerworld.com/s/arti...ers_a_reprieve
May 12, 2014 - "For the third time in the last four weeks, Microsoft today backed away from a customer cutoff as it postponed enforcement of the Windows 8.1 Update migration deadline until June 10. On Monday - and just a day before its May Patch Tuesday slate of security fixes - Microsoft said consumers have four more weeks to move from Windows 8.1 to Windows 8.1 Update before their devices would be barred from receiving further patches. The deadline change was the third in the past month, following an earlier Windows 8.1 Update extension for business users... When Microsoft launched Windows 8.1 Update (Win8.1U) on April 8, it told all customers using Windows 8.1 that they had to upgrade to the new refresh within five weeks, or by May 13. Failure to do so, Microsoft said, would block devices running Windows 8.1 from receiving security updates scheduled to ship that day, as well as all future security and non-security updates to the OS. Business customers howled, calling the mandate a repudiation of Microsoft's long-standing policy of giving customers 24 months to upgrade to a service pack. Although Win8.1U was not labeled as such, many saw similarities to Microsoft's service packs and believed Win8.1U should hew to that policy. Within a week, Microsoft changed its tune, and gave companies a three-month extension. Enterprises and other organizations that rely on WSUS (Windows Server Update Services), Windows Intune or System Center Configuration Manager to obtain and deploy patches have until August 12 to migrate from Windows 8.1 to Win8.1U..."
- http://www.infoworld.com/t/microsoft...eadline-242339
May 12, 2014
:fear::fear::fear:
-
MS Security Bulletin Summary - May 2014
FYI...
- https://technet.microsoft.com/library/security/ms14-may
May 13, 2014 Ver: 2.0 - "This bulletin summary lists security bulletins released for May 2014...
(Total of -8-)
Microsoft Security Bulletin MS14-029 - Critical
Security Update for Internet Explorer (2962482)
- https://technet.microsoft.com/library/security/ms14-029
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0310 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-1815 - 9.3 (HIGH)
Last revised: 05/14/2014 - "... as exploited in the wild in May 2014..."
Microsoft Security Bulletin MS14-022 - Critical
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166)
- https://technet.microsoft.com/library/security/ms14-022
Critical - Remote Code Execution - May require restart - Microsoft Server Software, Productivity Software
Microsoft Security Bulletin MS14-023 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037)
- https://technet.microsoft.com/library/security/ms14-023
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS14-025 - Important
Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486)
- https://technet.microsoft.com/library/security/ms14-025
Important - Elevation of Privilege - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-026 - Important
Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)
- https://technet.microsoft.com/library/security/ms14-026
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS14-027 - Important
Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488)
- https://technet.microsoft.com/library/security/ms14-027
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-028 - Important
Vulnerabilities in iSCSI Could Allow Denial of Service (2962485)
- https://technet.microsoft.com/library/security/ms14-028
Important - Denial of Service - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-024 - Important
Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033)
- https://technet.microsoft.com/library/security/ms14-024
Important - Security Feature Bypass - May require restart - Microsoft Office
___
- http://blogs.technet.com/b/msrc/arch...y-updates.aspx
13 May 2014
Assessing risk for the May 2014 security updates
- http://blogs.technet.com/b/srd/archi...y-updates.aspx
13 May 2014
___
May 2014 Office Update
- http://blogs.technet.com/b/office_su...e-release.aspx
13 May 2014 - "There are 31 security updates (3 bulletins*) and 30 non-security updates..."
* MS14-022, MS14-023, MS14-024
___
- http://www.securitytracker.com/id/1030227 - MS14-022
- http://www.securitytracker.com/id/1030230 - MS14-023
- http://www.securitytracker.com/id/1030235 - MS14-024
- http://www.securitytracker.com/id/1030231 - MS14-025
- http://www.securitytracker.com/id/1030232 - MS14-026
- http://www.securitytracker.com/id/1030233 - MS14-027
- http://www.securitytracker.com/id/1030234 - MS14-028
- http://www.securitytracker.com/id/1030224 - MS14-029
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18113
Last Updated: 2014-05-13 17:23:09 UTC
___
Patch Tuesday Updates: Microsoft, Adobe
... Malicious actors often use security updates to write their own exploits targeting unpatched systems
- http://atlas.arbor.net/briefs/
Extreme Severity
May 16, 2014
.