MS problems with 6 KB's in latest Automatic Update
FYI...
MS botches six Windows patches in latest Automatic Update
Microsoft acknowledges it has problems with KB 2876063, KB 2859537, KB 2873872, KB 2843638, KB 2843639, and KB 2868846 -- all released earlier this week
- http://www.infoworld.com/t/microsoft...-update-224988
August 15, 2013 (Details at the URL above)
___
KB 2876063
- http://support.microsoft.com/kb/2876063 - MS13-061
Last Review: August 27, 2013 - Revision: 3.0
KB 2859537
- http://support.microsoft.com/kb/2859537 - MS13-063
Last Review: August 16, 2013 - Revision: 3.0 <<
KB 2873872
- http://support.microsoft.com/kb/2873872 - MS13-066
Last Review: August 19, 2013 - Revision: 4.0 <<
KB 2843638
- http://support.microsoft.com/kb/2843638 - MS13-066
Last Review: August 23, 2013 - Revision: 8.0
KB 2843639
- http://support.microsoft.com/kb/2843639 - MS13-066
Last Review: August 19, 2013 - Revision: 9.0 <<
KB 2868846
- http://support.microsoft.com/kb/2868846 - MS13-066
Last Review: August 19, 2013 - Revision: 8.0 <<
___
- https://technet.microsoft.com/en-us/...letin/ms13-061
V2.0 (August 14, 2013): Rereleased bulletin to remove the 2874216 updates for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2 to address an issue with the updates. See the Update FAQ for details.
- https://technet.microsoft.com/en-us/...letin/ms13-063
V1.1 (August 14, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
- https://technet.microsoft.com/en-us/...letin/ms13-066
V3.0 (August 19, 2013): Rereleased bulletin to announce the reoffering of the 2843638 update for Active Directory Federation Services 2.0 on Windows Server 2008 and Windows Server 2008 R2. See the Update FAQ for details.
Important Announcement: AD FS 2.0 and MS13-066
- https://blogs.technet.com/b/askds/ar...edirected=true
Update (8/19/13): We have republished MS13-066 with a corrected version of the hotfixes that contributed to this problem. If you had held off on installing the update, it should be safe to install on all of your ADFS servers now.
The updated security bulletin is here:
- http://technet.microsoft.com/en-us/s...letin/MS13-066
- http://support.microsoft.com/kb/2843638
Last Review: August 23, 2013 - Revision: 8.0
- http://support.microsoft.com/kb/2843639
Last Review: August 19, 2013 - Revision: 9.0 <<
:fear::fear::sad:
MS releases revisions to existing Updates
FYI...
MS releases revisions to existing Updates
- https://isc.sans.edu/diary.html?storyid=16448
Last Updated: 2013-08-27 20:49:12 - "... patches have undergone signficant revision according to Microsoft. The following patches were updated today by Microsoft, and are set to roll in the automatic updates:
* MS13 - July 2013 / MS13-057 - Critical
- https://technet.microsoft.com/securi...letin/ms13-jul
Updated: Tuesday, August 27, 2013
V3.0 (August 27, 2013): For MS13-057, bulletin revised to rerelease security update 2803821 for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; security update 2834902 for Windows XP and Windows Server 2003; security update 2834903 for Windows XP; security update 2834904 for Windows XP and Windows Server 2003; and security update 2834905 for Windows XP. Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 customers should install the rereleased updates that apply to their systems. See the bulletin for details.
- https://technet.microsoft.com/en-us/...letin/ms13-057
V3.0 (August 27, 2013): Bulletin revised to rerelease security update 2803821 for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; security update 2834902 for Windows XP and Windows Server 2003; security update 2834903 for Windows XP; security update 2834904 for Windows XP and Windows Server 2003; and security update 2834905 for Windows XP. Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 customers should install the rereleased updates. See the Update FAQ for more information.
* MS13 - August 2013 / MS13-061 - Critical
- https://technet.microsoft.com/securi...letin/ms13-aug
Updated: Tuesday, August 27, 2013
V3.0 (August 27, 2013): For MS13-061, bulletin revised to announce the reoffering of the 2874216 update for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2. See the bulletin for details.
- https://technet.microsoft.com/en-us/...letin/ms13-061
V3.0 (August 27, 2013): Rereleased bulletin to announce the reoffering of the 2874216 update for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2. See the Update FAQ for details.
___
Office 2010 update
- https://support.microsoft.com/kb/2825640/en-us
Last Review: August 27, 2013 - Revision: 1.0 - "... This update fixes some issues that occur when you install Service Pack 2 (SP2) for Office 2010. Additionally, this update contains stability and performance improvements..."
:fear::fear:
Microsoft advisories updated 2013.08.27 ...
FYI...
Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- https://technet.microsoft.com/en-us/...visory/2862973
V1.1 (August 27, 2013): Revised advisory to announce that the 2862973 update is available from the Microsoft Update Catalog.
Microsoft Security Advisory (2854544)
Updates to Improve Cryptography and Digital Certificate Handling in Windows
- https://technet.microsoft.com/en-us/...visory/2854544
V1.1 (August 13, 2013): Added the 2862966 and 2862973 updates to the Available Updates and Release Notes section.
V1.2 (August 27, 2013): Revised advisory to announce that the 2862973 update is available from the Microsoft Update Catalog.
:fear::fear:
MS Security Bulletin Summary - September 2013
FYI...
- https://technet.microsoft.com/en-us/...letin/ms13-sep
Sep 10, 2013 - "This bulletin summary lists security bulletins released for September 2013...
(Total of 13*)
* http://blogs.technet.com/b/msrc/arch...edirected=true
10 Sep 2013 - "... This month we released 13 bulletins – four Critical and nine Important – which addressed 47 unique CVEs in Microsoft Windows, Office, Internet Explorer and SharePoint..."
Microsoft Security Bulletin MS13-067 - Critical
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
- http://technet.microsoft.com/en-us/s...letin/ms13-067
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
V1.2 (September 13, 2013): Revised bulletin to announce a detection change for the Excel Services on Microsoft SharePoint Server 2007 update (2760589). This is a detection change only. There were no changes to the update files. Customers who have successfully installed the update do not need to take any action.
Microsoft Security Bulletin MS13-068 - Critical
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)
- http://technet.microsoft.com/en-us/s...letin/ms13-068
Critical - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-069 - Critical
Cumulative Security Update for Internet Explorer (2870699)
- https://technet.microsoft.com/en-us/...letin/ms13-069
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-070 - Critical
Vulnerability in OLE Could Allow Remote Code Execution (2876217)
- https://technet.microsoft.com/en-us/...letin/ms13-070
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-071 - Important
Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)
- https://technet.microsoft.com/en-us/...letin/ms13-071
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-072 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
- https://technet.microsoft.com/en-us/...letin/ms13-072
Important - Remote Code Execution - May require restart - Microsoft Office
V1.1 (September 13, 2013): Revised bulletin to announce detection changes for the Microsoft Office 2007 update (2760411) and the Microsoft Word 2010 update (2767913). These are detection changes only. There were no changes to the update files. Customers who have successfully installed the updates do not need to take any action. Also updated the Known Issues entry in the Knowledge Base Article section from "Yes" to "None".
Microsoft Security Bulletin MS13-073 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)
- http://technet.microsoft.com/en-us/s...letin/ms13-073
Important - Remote Code Execution - May require restart - Microsoft Office
V1.1 (September 13, 2013): Revised bulletin to announce detection changes for the Microsoft Excel 2003 update (2810048), Microsoft Excel 2007 update (2760583), Microsoft Excel Viewer update (2760590), and Microsoft Office Compatibility Pack update (2760588). These are detection changes only. There were no changes to the update files. Customers who have successfully installed the updates do not need to take any action. Also updated the Known Issues entry in the Knowledge Base Article section from "Yes" to "None".
Microsoft Security Bulletin MS13-074 - Important
Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)
- http://technet.microsoft.com/en-us/s...letin/ms13-074
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-075 - Important
Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)
- http://technet.microsoft.com/en-us/s...letin/ms13-075
Important - Elevation of Privilege - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-076 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)
- http://technet.microsoft.com/en-us/s...letin/ms13-076
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-077 - Important
Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)
- http://technet.microsoft.com/en-us/s...letin/ms13-077
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-078 - Important
Vulnerability in FrontPage Could Allow Information Disclosure (2825621)
- http://technet.microsoft.com/en-us/s...letin/ms13-078
Important - Information Disclosure - May require restart - Microsoft Office
Microsoft Security Bulletin MS13-079 - Important
Vulnerability in Active Directory Could Allow Denial of Service (2853587)
- http://technet.microsoft.com/en-us/s...letin/ms13-079
Important - Denial of Service - May require restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/arch...edirected=true
10 Sep 2013
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesy...3.DP-Slide.PNG
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesy...rity-Slide.PNG
___
- https://secunia.com/advisories/54741/ - MS13-067
- https://secunia.com/advisories/54729/ - MS13-068
- https://secunia.com/advisories/54725/ - MS13-069
- https://secunia.com/advisories/54735/ - MS13-070
- https://secunia.com/advisories/54736/ - MS13-071
- https://secunia.com/advisories/54737/ - MS13-072
- https://secunia.com/advisories/54739/ - MS13-073
- https://secunia.com/advisories/51856/ - MS13-074
- https://secunia.com/advisories/54742/ - MS13-075
- https://secunia.com/advisories/54743/ - MS13-076
- https://secunia.com/advisories/54745/ - MS13-077
- https://secunia.com/advisories/54747/ - MS13-078
- https://secunia.com/advisories/54750/ - MS13-079
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=16538
Last Updated: 2013-09-10 18:24:55 UTC ...(Version: 1)
.
MS botches still more patches in latest Automatic Update
FYI...
MS botches still more patches in latest Automatic Update
... the day after Black Tuesday. Watch out for automatic patches KB 2817630, KB 2810009, KB 2760411, KB 2760588, and KB 2760583
- http://www.infoworld.com/t/microsoft...-update-226594
Sep 11, 2013 - "No sooner did Microsoft release the latest round of Black Tuesday patches, than screams of agony began sounding all over the Internet. At this point, I've seen -verified- problems with KB 2817630, KB 2810009, KB 2760411, KB 2760588, and KB 2760583... No guidance for handling the problem is on offer in the usual forums, because the people moderating the forums haven't a clue what went wrong and Microsoft isn't saying a thing..."
:fear::fear: :sad:
Patch Tuesday Aftermath - cont'd...
FYI...
Reboot Wednesday: Yesterday's Patch Tuesday Aftermath
- https://isc.sans.edu/forums/diary/Re...ftermath/16556
Comments: 15 hours ago ... [Susan Bradley]
"KB2810009 users are reporting error 80242009 upon install see:
http://social.technet.microsoft.com/...b2810009-issue
Next: Office 2007 updates:
1.Security Fixes MS13-072 and MS13-073 MS13-074
KB2760411
KB2760588
KB2760583
http://answers.microsoft.com/en-us/w...=1378836774249
Two security updates released yesterday MS13-072, MS13-073 and MS13-074, These are installing fine but if you scan the machine again for updates, show up again and again and again. Currently there is -no- fix available for these other than to say that the update is applied but it is not getting properly detected. The product group is aware of the issues and are working on it.
Outlook 2013 - see http://blogs.technet.com/b/office_su...ic-update.aspx "
___
- https://windowssecrets.com/patch-wat...ptember-fixes/
Sep 11, 2013
___
MS13-073: Description of the security update for Microsoft Office Excel 2007 ...
- http://support.microsoft.com/kb/2760583/en-us
Last Review: September 13, 2013 - Revision: 4.0
"... Known issues with this update: Customers may have been repeatedly offered this update even though it was already installed. Note: This issue is resolved by a detection change released September 13, 2013. This change did not affect the updated files. This change only affects the way that we offer the updates to customers..."
//
MS pulls botched KB 2871630 - many Office patch problems remain
FYI...
MS pulls botched KB 2871630 - many Office patch problems remain
- http://www.infoworld.com/t/microsoft...-remain-226690
Sep 12, 2013 - "... KB 2871630, the one that caused the folder list in Outlook 2013 to disappear - was pulled early Wednesday morning...
While KB 2876130 is reined in for the moment, a whole slew of this month's patches are still causing problems on some machines:
• Two Office 2007 security updates - MS13-072 / KB2760411 and KB2760588 - and one Excel 2007 security update - MS13-073 / KB2760583 - are installing over and over again... The KB articles now say, "You may be repeatedly offered this update even though it is already installed. Microsoft is researching this problem and will post more information in this article when the information becomes available." At this point there's no additional information.
• The MS13-073 / KB 2810048 security patch for Excel 2003 installs over and over again. Two Answers forum threads in English - as well as several in other languages - have more than a hundred entries...
• The installer for the MS13-074 / KB 2810009 security patch for Access 2013 is failing with an error code 80242009... As of 11:00 p.m. Thursday, the TechNet MS13-074 article says "Known issues: None"
• The MS13-068 / KB 2794707 Outlook 2010 security patch is throwing off an error that looks just like the problem Microsoft encountered with Outlook in the Office 2010 SP 2 update, where the Calendar Folder property is empty. I've been told that Microsoft considers the problem to be "cosmetic" and it's relegated to "won't fix" status..."
___
MS13-072
- http://support.microsoft.com/kb/2760411
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Office Basic 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007 Home Use Program
Microsoft Office Home and Student 2007
Microsoft Office Professional 2007
Microsoft Office Professional Plus 2007
Microsoft Office Small Business 2007
Microsoft Office Standard 2007
MS13-073
- http://support.microsoft.com/kb/2760583
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Office Excel 2007
Microsoft Office Excel 2007 (Home and Student version)
MS13-073
- http://support.microsoft.com/kb/2760588
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Office Excel 2007
Microsoft Office Excel 2007 (Home and Student version)
MS13-073
- http://support.microsoft.com/kb/2810048
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 3.0
Applies to:
Microsoft Office 2003 Service Pack 3, when used with:
Microsoft Office Excel 2003
MS13-074
- http://support.microsoft.com/kb/2810009
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Access 2013
:fear: :fear: :sad: