Microsoft Alerts

[AplusWebMaster]

FYI...

Security Update Summary
> https://portal.msrc.microsoft.com/en...idance/summary
See -all- KB's dated 06/28/2017
___

June 27, 2017, update for Outlook 2010 (KB3015545)
- https://support.microsoft.com/en-us/...2010-kb3015545
Last Review: Jun 28, 2017 - Rev. 14
Last Review: Jun 28, 2017 - Rev: 20

June 27, 2017, update for Outlook 2013 (KB3191849)
- https://support.microsoft.com/en-us/...2013-kb3191849
Last Review: Jun 27, 2017 - Rev: 13
Last Review: Jun 30, 2017 - Rev: 16
___

New ransomware, old techniques: Petya adds worm capabilities
- https://blogs.technet.microsoft.com/...-capabilities/
June 27, 2017

Update on Petya malware attacks
- https://blogs.technet.microsoft.com/...lware-attacks/
June 28, 2017

- https://www.us-cert.gov/ncas/alerts/TA17-181A
July 01, 2017 - "... Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable... US-CERT received a sample of this Petya ransomware variant and performed a detailed malware analysis. The team found that this Petya variant encrypts the victim’s files with a dynamically generated, 128-bit key and creates a unique ID of the victim. However, there is no evidence of a relationship between the encryption key and the victim’s ID, which means it may not be possible for the attacker to decrypt the victim’s files even if the ransom is paid..."
___

- https://www.catalog.update.microsoft...px?q=KB4022716
2017-06 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4022716)
Last Modified: 6/28/2017

- https://support.microsoft.com/en-us/...date-kb4022716
Last Review: Jun 27, 2017 - Rev: 25
___

- https://www.catalog.update.microsoft...px?q=KB4022723
2017-06 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4022723)
2017-06 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4022723)
2017-06 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4022723)

- https://support.microsoft.com/en-us/...date-kb4022723
Last Review: Jun 27, 2017 - Rev: 29
Last Review: Jun 29, 2017 - Rev: 36
___

- https://www.catalog.update.microsoft...px?q=KB4032693
2017-06 Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB4032693)
Last Modified: 6/26/2017
2017-06 Cumulative Update for Windows 10 Version 1511 for x86-based Systems (KB4032693)
Last Modified: 6/26/2017

- https://support.microsoft.com/en-us/...date-kb4032693
Last Review: Jun 27, 2017 - Rev: 12
Last Review: Jun 29, 2017 - Rev: 19

> https://www.neowin.net/news/windows-...eres-whats-new
Jun 27, 2017 [More detail...]

[AplusWebMaster]

FYI...

September 2017 Non-Security Office Update Release
- https://blogs.technet.microsoft.com/...pdate-release/
Sep 5, 2017 - "Listed below are the non-security updates we released on the Download Center and Microsoft Update. See the linked KB articles for more information.

Office 2013
Update for Microsoft Office 2013 (KB3172484)
- https://support.microsoft.com/help/3172484
Update for Microsoft Office 2013 (KB3172512)
- https://support.microsoft.com/help/3172512
Update for Microsoft Office 2013 (KB3203486)
- https://support.microsoft.com/help/3203486
Update for Microsoft Office 2013 (KB3213536)
- https://support.microsoft.com/help/3213536
Update for Microsoft Office 2013 (KB4011087)
- https://support.microsoft.com/help/4011087
Update for Microsoft Office 2013 (KB4011106)
- https://support.microsoft.com/help/4011106
Update for Microsoft Project 2013 (KB4011109)
- https://support.microsoft.com/help/4011109
Update for Microsoft Visio 2013 (KB3191936)
- https://support.microsoft.com/help/3191936
Update for Microsoft Word 2013 (KB4011105)
- https://support.microsoft.com/help/4011105

Office 2016
Update for Microsoft Access 2016 (KB4011032)
- https://support.microsoft.com/help/4011032
Update for Microsoft Office 2016 (KB3191923)
- https://support.microsoft.com/help/3191923
Update for Microsoft Office 2016 (KB3191924)
- https://support.microsoft.com/help/3191924
Update for Microsoft Office 2016 (KB3203478)
- https://support.microsoft.com/help/3203478
Update for Microsoft Office 2016 (KB3203482)
- https://support.microsoft.com/help/3203482
Update for Microsoft Office 2016 (KB4011093)
- https://support.microsoft.com/help/4011093
Update for Microsoft Office 2016 (KB4011099)
- https://support.microsoft.com/help/4011099
Update for Microsoft Office 2016 (KB4011102)
- https://support.microsoft.com/help/4011102
Update for Microsoft Office 2016 Language Interface Pack (KB4011098)
- https://support.microsoft.com/help/4011098
Update for Microsoft OneNote 2016 (KB4011092)
- https://support.microsoft.com/help/4011092
Update for Microsoft Project 2016 (KB4011101)
- https://support.microsoft.com/help/4011101
Update for Microsoft Visio 2016 (KB4011096)
- https://support.microsoft.com/help/4011096
Update for Microsoft Word 2016 (KB4011039)
- https://support.microsoft.com/help/4011039
___

- https://www.computerworld.com/articl...carefully.html
Sep 5, 2017 - "August was a banner month for Windows and Office customers. If I counted correctly, we saw patches on -14- different days last month... current list of outstanding problems... it’s time for you to get the August patches out of the way..."
(More detail at the computerworld URL above.)

[AplusWebMaster]

FYI...

- https://askwoody.com/2017/ms-defcon-...get-caught-up/
Oct 27, 2017 - "There are isolated problems with current patches, but they are well-known and documented on this site..."

- https://www.computerworld.com/articl...-crawlies.html
Oct 27, 2017

Fixes or workarounds for recent Office issues
Applies To: Excel 2016 Word 2016 Outlook 2016 PowerPoint 2016 More...
- https://support.office.com/en-us/art...rs=en-US&ad=US

- https://www.computerworld.com/articl...y-rollout.html

- https://social.technet.microsoft.com...win10itprovirt

[AplusWebMaster]

FYI...

MS Malware Protection Engine - Remote Code Execution Vuln
> https://portal.msrc.microsoft.com/en...CVE-2017-11937
12/06/2017 Critical - "... First version of the Microsoft Malware Protection Engine with this vulnerability addressed: Version 1.1.14405.2 ..."

> https://portal.msrc.microsoft.com/en...idance/summary
12/06/2017

- https://www.securitytracker.com/id/1039972
CVE Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-11937
Dec 7 2017
Impact: Execution of arbitrary code via network, Root access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 1.1.14306.0 ...
Impact: A remote user can create content that, when scanned by the target Microsoft Malware Protection Engine, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (1.1.14405.2)...

Microsoft Issues Fix for Microsoft Exchange Server
> https://www.securitytracker.com/id/1039973
Dec 7 2017

Microsoft Issues Fix for Microsoft Forefront Endpoint Protection
> https://www.securitytracker.com/id/1039974
Dec 7 2017

Microsoft Issues Fix for Microsoft Windows Defender
> https://www.securitytracker.com/id/1039975
Dec 7 2017

> https://support.microsoft.com/en-us/...nt-information
___

- https://www.us-cert.gov/ncas/current...tection-Engine
Dec 7, 2017

[AplusWebMaster]

FYI...

Lenovo Releases Security Advisory
- https://www.us-cert.gov/ncas/current...urity-Advisory
Jan 19, 2018 - "Lenovo has released security updates to address a vulnerability affecting Enterprise Network Operating System (ENOS) firmware. An attacker could exploit this vulnerability to obtain sensitive information.
NCCIC/US-CERT encourages users and administrators to review the Lenovo Security Advisory* for more information and apply the necessary updates or mitigations."

Enterprise Networking Operating System (ENOS) Authentication Bypass in Lenovo and IBM RackSwitch and BladeCenter Products
* https://support.lenovo.com/us/en/pro...rity/len-16095
Lenovo Security Advisory: LEN-16095
Potential Impact: An attacker could gain access to the switch management interface, permitting settings changes that could result in exposing traffic passing through the switch, subtle malfunctions in the attached infrastructure, and partial or complete denial of service.
Severity: High
Scope of Impact: Lenovo-specific
CVE Identifier: CVE-2017-3765 ...
___

Meltdown-Spectre: Intel says newer chips also hit by unwanted reboots after patch
Intel's firmware fix for Spectre is also causing higher reboots on Kaby Lake and Skylake CPUs
- http://www.zdnet.com/article/meltdow...s-after-patch/
Jan 18, 2018

Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
- https://security-center.intel.com/ad...nguageid=en-fr
Last revised: Jan 17, 2018
___

Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products
- http://www.dell.com/support/article/...oducts?lang=en
Last Date Modified: 01/19/2018 07:46 AM
___

More Windows patches, primarily previews, point to escalating problems this month
Five Windows patches and nine for .NET released yesterday, Patch Wednesday “C,” leave many of us wondering what we did to deserve such abuse. Yes, there are bugs
- https://www.computerworld.com/articl...his-month.html
Jan 18, 2018
___

ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
- https://portal.msrc.microsoft.com/en...sory/ADV180002
Security Advisory
Published: 01/03/2018 | Last Updated : 01/19/2018
Revisions
Version Date Description
1.0 01/03/2018 Information published.
2.0 01/03/2018 Revised ADV180002 to announce release of SQL 2016 and 2017 updates.
3.0 01/05/2018 The following updates have been made: Revised the Affected Products table to include Windows 10 Version 1709 for x64-based Systems because the update provides mitigations for ADV180002. Corrected the security update numbers for the 2016 and 2017 SQL Server Cumulative Updates. Removed Windows Server 2012 and Windows Server 2012 (Server Core installation) from the Affected Products table because there are no mitigations available for ADV180002 for these products. Revised the Affected Products table to include Monthly Rollup updates for Windows 7 and Windows Server 2008 R2. Customers who install monthly rollups should install these updates to receive the mitigations against the vulnerabilities discussed in this advisory. In the Recommended Actions section, added information for Surface customers. Added an FAQ to explain why Windows Server 2008 and Windows Server 2012 will not receive mitigations for these vulnerabilities. Added an FAQ to explain the protection against these vulnerabilties for customers using x86 architecture.
4.0 01/09/2018 Revised the Affected Products table to include updates for supported editions of Microsoft SQL Server 2008, Microsoft SQL Server 2008, and Microsoft SQL Server 2016 because these updates provide mitigations for ADV180002.
4.1 01/10/2018 Added FAQs to provide more details about the following: the vulnerabilities described in this advisory, what systems are at risk from the vulnerabilities, how customers can be protected against each specific vulnerability, information for customers with AMD-based devices.
5.0 01/12/2018 Revised the Affected Products table to include updates for supported editions of Microsoft SQL Server 2014 because these updates provide mitigations for ADV180002.
6.0 01/16/2018 Revised the Affected Products table to include updates for supported editions of Microsoft SQL Server 2012 because these updates provide mitigations for ADV180002.
7.0 01/18/2018 On January 5, 2018, Microsoft re-released KB4056898 (Security Only) for Windows 8.1 and Windows Server 2012 R2 to address a known issue. Customers who have installed the original package on 1/3/2018 should reinstall the update.
8.0 01/18/2018 Microsoft has released security update 4073291 to provide additional protections for the 32-bit (x86) version of Windows 10 Version 1709 related to CVE 2017-5754 (“Meltdown”). Microsoft recommends that customers running Windows 10 Version 1709 for 32-bit systems install the update as soon as possible. Microsoft continues to work to provide 32-bit (x86) protections for other supported Windows versions but does not have a release schedule at this time. The update is currently available via the Microsoft Update Catalog only, and will be included in subsequent updates. This update does not apply to x64 (64-bit) systems.
9.0 01/19/2018 1 - Updated FAQ #10 to announce that Microsoft has resumed updating all AMD devices with the Windows operating system security update to help protect against the chipset vulnerabilities known as Spectre and Meltdown. See the FAQ for links to information on how to download the update for your operating system. Customers with AMD-based devices should install the updates to be protected from the vulnerabilities discussed in this advisory. 2 - Added an update to FAQ #7 that security update 4073291 is available to provide additional protections for the 32-bit (x86) version of Windows 10 Version 1709 related to CVE 2017-5754 (“Meltdown”).
___

Patching meltdown: Windows fixes, sloppy .NET, warnings about Word and Outlook
If you thought this month’s Windows/Office/.NET patching debacle couldn’t get any worse...
- https://www.computerworld.com/articl...d-outlook.html
Jan 19, 2018