Page 8 of 47 FirstFirst ... 45678910111218 ... LastLast
Results 71 to 80 of 467

Thread: Microsoft Alerts

  1. #71
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - May 2013

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms13-may
    May 14, 2013 - "This bulletin summary lists security bulletins released for May 2013...
    (Total of -10-)

    Microsoft Security Bulletin MS13-037 - Critical
    Cumulative Security Update for Internet Explorer (2829530)
    - https://technet.microsoft.com/en-us/...letin/ms13-037
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

    Microsoft Security Bulletin MS13-038 - Critical
    Security Update for Internet Explorer (2847204)
    - https://technet.microsoft.com/en-us/...letin/ms13-038
    Critical - Remote Code Execution - May require restart - Microsoft Windows, Internet Explorer

    Microsoft Security Bulletin MS13-039 - Important
    Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)
    - https://technet.microsoft.com/en-us/...letin/ms13-039
    Important - Denial of Service - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS13-040 - Important
    Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)
    - http://technet.microsoft.com/en-us/s...letin/ms13-040
    Important - Spoofing - May require restart - Microsoft Windows, Microsoft .NET Framework

    Microsoft Security Bulletin MS13-041 - Important
    Vulnerability in Lync Could Allow Remote Code Execution (2834695)
    - https://technet.microsoft.com/en-us/...letin/ms13-041
    Important - Remote Code Execution - May require restart - Microsoft Lync

    Microsoft Security Bulletin MS13-042 - Important
    Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)
    - https://technet.microsoft.com/en-us/...letin/ms13-042
    Important - Remote Code Execution - May require restart - Microsoft Office

    Microsoft Security Bulletin MS13-043 - Important
    Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)
    - https://technet.microsoft.com/en-us/...letin/ms13-043
    Important - Remote Code Execution - May require restart - Microsoft Office

    Microsoft Security Bulletin MS13-044 - Important
    Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)
    - https://technet.microsoft.com/en-ca/...letin/ms13-044
    Important - Information Disclosure - May require restart - Microsoft Office

    Microsoft Security Bulletin MS13-045 - Important
    Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)
    - https://technet.microsoft.com/en-us/...letin/ms13-045
    Important - Information Disclosure - May require restart - Microsoft Windows Essentials

    Microsoft Security Bulletin MS13-046 - Important
    Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221)
    - https://technet.microsoft.com/en-us/...letin/ms13-046
    Important - Elevation of Privilege - Requires restart - Microsoft Windows
    ___

    - http://blogs.technet.com/b/msrc/arch...edirected=true
    "... 10 bulletins, addressing 33 vulnerabilities in Microsoft products..."

    Bulletin Deployment Priority
    > https://blogs.technet.com/cfs-filesy...t-Priority.png

    Severity and Exploitability Index
    > https://blogs.technet.com/cfs-filesy...lity-Index.png

    MS13-037 addressing Pwn2own vulnerabilities
    - https://blogs.technet.com/b/srd/arch...edirected=true
    14 May 2013
    ___

    May 2013 Security Bulletin Webcast Q&A
    - https://blogs.technet.com/b/msrc/p/m...edirected=true
    May 15, 2013
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=15791
    Last Updated: 2013-05-14 17:52:27 UTC
    ___

    - https://secunia.com/advisories/53327/ - MS13-037
    - https://secunia.com/advisories/53314/ - MS13-038 - IE 8
    - https://secunia.com/advisories/53340/ - MS13-039
    - https://secunia.com/advisories/53350/ - MS13-040
    - https://secunia.com/advisories/53363/ - MS13-041
    - https://secunia.com/advisories/53370/ - MS13-042
    - https://secunia.com/advisories/53379/ - MS13-043
    - https://secunia.com/advisories/53380/ - MS13-044
    - https://secunia.com/advisories/53383/ - MS13-045
    - https://secunia.com/advisories/53385/ - MS13-046
    ___

    MSRT
    - https://support.microsoft.com/?kbid=890830
    Last Review: May 14, 2013 - Revision: 122.0

    - https://blogs.technet.com/b/mmpc/arc...edirected=true
    14 May 2013 - "... added three new families to this month’s Malicious Software Removal Tool (MSRT): Win32/FakeDef, Win32/Vicenor, and Win32/Kexqoud..."
    (More detail and Screenshots at the URL above.)

    Download:
    - https://www.microsoft.com/en-us/down...l-details.aspx
    File Name: Windows-KB890830-V4.20.exe - 19.3 MB
    Windows Malicious Software Removal Tool x64:
    File Name: Windows-KB890830-x64-V4.20.exe - 20.0 MB
    ___

    - https://krebsonsecurity.com/2013/05/...ity-updates-2/
    "<soapbox>On a side note..Dear Microsoft: Please stop asking people to install Silverlight every time they visit a Microsoft.com property. I realize that Silverlight is a Microsoft product, but it really is not needed to view information about security updates. In keeping with the principle of reducing the attack surface of an operating system, you should not be foisting additional software on visitors who are coming to you for information on how to fix bugs and vulnerabilities in Microsoft products that they already have installed. </soapbox>"
    > https://krebsonsecurity.com/wp-conte...ilverlight.png

    .
    Last edited by AplusWebMaster; 2013-05-18 at 14:15.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #72
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Microsoft Security Advisories 2013.05.14 ...

    FYI...

    Microsoft Security Advisory (2847140)
    Vulnerability in Internet Explorer Could Allow Remote Code Execution
    - http://technet.microsoft.com/en-us/s...visory/2847140
    Updated: Tuesday, May 14, 2013 Version: 2.0 - "... We have issued MS13-038* to address this issue..."
    * https://technet.microsoft.com/en-us/...letin/ms13-038

    Microsoft Security Advisory (2820197)
    Update Rollup for ActiveX Kill Bits
    - http://technet.microsoft.com/en-us/s...visory/2820197
    May 14, 2013 - "... This update includes kill bits to prevent the following ActiveX controls from being run in Internet Explorer:
    • Honeywell Enterprise Buildings Integrator. The following Class Identifier relates to a request by Honeywell to set a kill bit for an ActiveX control that is vulnerable. The class identifier (CLSIDs) for this ActiveX control is:
    {0d080d7d-28d2-4f86-bfa1-d582e5ce4867}
    • SymmetrE and ComfortPoint Open Manager. The following Class Identifier relates to a request by Honeywell to set a kill bit for an ActiveX control that is vulnerable. The class identifier (CLSIDs) for this ActiveX control is:
    {29e9b436-dfac-42f9-b209-bd37bafe9317} ..."

    Microsoft Security Advisory (2846338)
    Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution
    - http://technet.microsoft.com/en-us/s...visory/2846338
    May 14, 2013 - "... Only x64-based versions of the Malware Protection Engine are affected... The Microsoft Malware Protection Engine is a part of several Microsoft antimalware products. See the Affected Software section for a list of affected products..."

    Microsoft Security Advisory (2755801)
    Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
    - http://technet.microsoft.com/en-us/s...visory/2755801
    Updated: Tuesday, May 14, 2013 - "... update addresses the vulnerabilities described in Adobe Security bulletin APSB13-14*..."
    * https://www.adobe.com/support/securi...apsb13-14.html
    "... Flash Player 11.7.700.202 for Windows 8..."

    Last edited by AplusWebMaster; 2013-05-14 at 22:37.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #73
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - June 2013

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms13-jun
    June 11, 2013 - "This bulletin summary lists security bulletins released for June 2013...
    (Total of -5-)

    Microsoft Security Bulletin MS13-047 - Critical
    Cumulative Security Update for Internet Explorer (2838727)
    - https://technet.microsoft.com/en-us/...letin/ms13-047
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

    Microsoft Security Bulletin MS13-048 - Important
    Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229)
    - https://technet.microsoft.com/en-us/...letin/ms13-048
    Important - Information Disclosure - Requires restart - Microsoft Windows
    - https://support.microsoft.com/kb/2839229
    Last Review: June 15, 2013 - Revision: 4.1 - "... MS13-048... Known issues with this security update:
    Customers who use non-updated versions of certain Kingsoft software products may experience issues installing this security update. In some cases, systems may not successfully restart after security update 2839229 is applied, and customers may encounter a blue or blank screen. We are aware that Kingsoft antivirus and browser product components (kisknl.sys, knbdrv.sys, and dgsafe.sys) may be affected. We recommend that customers update their Kingsoft software to the latest versions -before- security update 2839229 is applied..."

    Microsoft Security Bulletin MS13-049 - Important
    Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690)
    - https://technet.microsoft.com/en-us/...letin/ms13-049
    Important - Denial of Service - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS13-050 - Important
    Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege
    - https://technet.microsoft.com/en-us/...letin/ms13-050
    Important - Elevation of privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS13-051 - Important
    Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571)
    - https://technet.microsoft.com/en-us/...letin/ms13-051
    Important - Remote Code Execution - May require restart - Microsoft Office
    ___

    - http://blogs.technet.com/b/srd/archi...edirected=true
    11 Jun 2013 - "MS13-051... We have seen this vulnerability exploited in targeted 0day attacks in the wild..."

    - https://krebsonsecurity.com/2013/06/...flash-windows/
    11 Jun 2013 - "... five updates address 23 vulnerabilities in Windows, Internet Explorer, and Office..."

    - http://blogs.technet.com/b/msrc/arch...edirected=true

    Bulletin Deployment Priority
    - https://blogs.technet.com/cfs-filesy...3-DP-Slide.PNG

    Severity and Exploitability Index
    - https://blogs.technet.com/cfs-filesy...d-Severity.PNG
    ___

    - https://secunia.com/advisories/53728/ - MS13-047
    - https://secunia.com/advisories/53739/ - MS13-048
    - https://secunia.com/advisories/53741/ - MS13-049
    - https://secunia.com/advisories/53742/ - MS13-050
    - https://secunia.com/advisories/53747/ - MS13-051
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=15977
    Last Updated: 2013-06-11 17:10:35 UTC
    ___

    MSRT
    - https://support.microsoft.com/?kbid=890830
    June 11, 2013 - Revision: 123.0

    - http://www.microsoft.com/security/pc...-families.aspx
    "... added in this release...
    • Tupym..."

    Download:
    - https://www.microsoft.com/en-us/down...l-details.aspx
    Windows-KB890830-V5.1.exe - 19.1 MB
    ... Change systems:
    Windows Malicious Software Removal Tool x64:
    Windows-KB890830-x64-V5.1.exe - 19.9 MB

    .
    Last edited by AplusWebMaster; 2013-06-15 at 15:00.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #74
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisories - 2013.06.11

    FYI...

    Microsoft Security Advisory (2854544)
    Update to Improve Cryptography and Digital Certificate Handling in Windows
    - http://technet.microsoft.com/en-us/s...visory/2854544
    June 11, 2013 - "... Microsoft released an update (2813430) for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT..."
    * http://support.microsoft.com/kb/2813430

    Microsoft Security Advisory (2755801)
    Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
    - http://technet.microsoft.com/en-us/s...visory/2755801
    June 11, 2013 - Version: 13.0

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #75
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS13-029 re-released for XPSP3 ...

    FYI...

    MS13-029 re-released for XPSP3 ...
    Microsoft Security Bulletin MS13-029 - Critical
    - https://technet.microsoft.com/en-us/...letin/ms13-029
    ... Update FAQ: Why was this bulletin revised on June 25, 2013?
    Microsoft revised this bulletin to rerelease the 2813347 update for Remote Desktop Connection 7.0 Client on Windows XP Service Pack 3. The rereleased update addresses an issue with the original update that caused the update to be incorrectly reoffered to systems running in specific configurations. Microsoft recommends that customers running the affected software apply the rereleased security update immediately...

    V2.0 (June 25, 2013): Revised bulletin to rerelease the 2813347 update for Remote Desktop Connection 7.0 Client on Windows XP Service Pack 3. Microsoft recommends that customers running the affected software apply the rereleased security update immediately...

    - https://support.microsoft.com/kb/2828223
    Last Review: June 25, 2013 - Revision: 2.0

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #76
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - July 2013

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms13-jul
    July 09, 2013 - "This bulletin summary lists security bulletins released for July 2013...
    (Total of -7-)

    Microsoft Security Bulletin MS13-052 - Critical
    Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
    - https://technet.microsoft.com/en-us/...letin/ms13-052
    Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Silverlight

    Microsoft Security Bulletin MS13-053 - Critical
    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)
    - https://technet.microsoft.com/en-us/...letin/ms13-053
    Critical - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS13-054 - Critical
    Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)
    - https://technet.microsoft.com/en-us/...letin/ms13-054
    Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office, Microsoft Visual Studio, Microsoft Lync

    Microsoft Security Bulletin MS13-055 - Critical
    Cumulative Security Update for Internet Explorer (2846071)
    - https://technet.microsoft.com/en-us/...letin/ms13-055
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
    V1.1 (July 9, 2013): Bulletin revised to announce that Microsoft is aware of targeted attacks attempting to exploit the vulnerability described in CVE-2013-3163 through Internet Explorer 8. Applying this security update protects customers from exploitation of this vulnerability.
    - https://atlas.arbor.net/briefs/index#31300424
    High Severity
    July 11, 2013
    A 0day Internet Explorer exploit has been used in one or more targeted attack campaigns. Microsoft is aware of the issue but patching has yet to take place, leaving a window of vulnerability now that the issue is more well known.
    Analysis: It is impossible to avoid all 0day attacks because by their very nature, few will know of the vulnerability. It's not secret that nation-states, security contractors and intelligence agencies have access to many vulnerabilities that are developed in-house or are part of covert markets. Despite this persistent problem with an unknown attack surface, reduction of attack surface is key, along with robust monitoring of resources of value for indicators of compromise. On the host side, Microsofts EMET technology stymies this particular exploit, although in general EMET can be evaded. Despite it's weaknesses, EMET is an extra layer of defense and it's low deployment likely means that some attackers will be less likely to attempt to bypass it's defenses. In the meanwhile, indicators from this particular attack can be useful to help determine if your organization has been targeted.
    Source: http://blogs.technet.com/b/srd/archi...r-so-long.aspx
    10 Jul 2013 - "... addressed by yesterday’s Microsoft Security Bulletin MS13-055. If you have not yet updated, please do so at the earliest possible..."

    Microsoft Security Bulletin MS13-056 - Critical
    Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)
    - https://technet.microsoft.com/en-us/...letin/ms13-056
    Critical - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS13-057 - Critical
    Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
    - https://technet.microsoft.com/en-us/...letin/ms13-057
    Critical - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS13-058 - Important
    Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)
    - https://technet.microsoft.com/en-us/...letin/ms13-058
    Important - Elevation of Privilege - Does not require restart - Microsoft Security Software
    ___

    - http://blogs.technet.com/b/msrc/arch...edirected=true
    9 Jul 2013

    Bulletin Deployment Priority
    - https://blogs.technet.com/cfs-filesy...ly-2013-DP.png

    Severity and Exploitability Index
    - https://blogs.technet.com/cfs-filesy...3-Severity.png
    ___

    - https://secunia.com/advisories/54025/ - MS13-052
    - https://secunia.com/advisories/53435/ - MS13-053
    - https://secunia.com/advisories/54057/ - MS13-054
    - https://secunia.com/advisories/54060/ - MS13-055
    - https://secunia.com/advisories/54061/ - MS13-056
    - https://secunia.com/advisories/54062/ - MS13-057
    - https://secunia.com/advisories/54063/ - MS13-058
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=16126
    Last Updated: 2013-07-09 18:22:06 UTC... (Version: 2)

    - https://atlas.arbor.net/briefs/index#-271320476
    Extreme Severity
    July 11, 2013 21:27
    Microsoft and Adobe release critical updates. There are apparently two in-the-wild exploits for Microsoft vulnerabilities that are patched herein, so quick deployment is important.
    Analysis: One of the Microsoft security holes was disclosed to the public via sharing of exploit code. This has unsurprisingly resulted in the vulnerability being exploited in the wild. There is additional evidence to suggest another one of the vulnerabilities is also being exploited, and details are emergent. No known attacks are taking advantage of the security holes patched by Adobe, however it is always likely that resourceful attackers have known of at least some of these vulnerabilities and have used them in targeted attacks.
    Source: https://krebsonsecurity.com/2013/07/...tical-updates/
    ___

    July 2013 Office Update Release
    - https://blogs.technet.com/b/office_s...edirected=true
    9 Jul 2013
    ___

    - https://www.computerworld.com/s/arti...rosoft_Windows
    July 9, 2013 - "... 17 of the 34 vulnerabilities covered in the bulletins address IE..."
    - http://www.securitytracker.com/id/1028745
    CVE Reference: CVE-2013-3115, CVE-2013-3143, CVE-2013-3144, CVE-2013-3145, CVE-2013-3146, CVE-2013-3147, CVE-2013-3148, CVE-2013-3149, CVE-2013-3150, CVE-2013-3151, CVE-2013-3152, CVE-2013-3153, CVE-2013-3161, CVE-2013-3162, CVE-2013-3163, CVE-2013-3164, CVE-2013-3166
    Jul 9 2013
    Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 6, 7, 8, 9, 10 ...

    Microsoft Security Advisory (2755801)
    Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
    - http://technet.microsoft.com/en-us/s...visory/2755801
    V14.0 (July 9, 2013): Added the 2857645 update to the Current Update section.
    Current Update: On July 9, 2013, Microsoft released an update (2857645) for all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-17*. For more information about this update, including download links, see Microsoft Knowledge Base Article 2857645**. Note: The update for Windows RT is available via Windows Update only. The 2857645 update is also available for Internet Explorer 11 Preview in Windows 8.1 Preview and Windows 8.1 RT Preview releases. The update is available via Windows Update.
    * http://www.adobe.com/support/securit...apsb13-17.html
    CVE-2013-3344, CVE-2013-3345, CVE-2013-3347
    Flash Player in Internet Explorer 10
    ** http://support.microsoft.com/kb/2857645
    July 9, 2013
    ___

    MSRT
    - https://support.microsoft.com/?kbid=890830
    Last Review: July 9, 2013 - Revision: 124.0

    - http://www.microsoft.com/security/pc...-families.aspx
    "... list includes every major virus and worm family the tool provides detection and cleaning capabilities for since its initial release on January 11, 2005..."

    Download:
    - https://www.microsoft.com/en-us/down...l-details.aspx
    Windows-KB890830-V5.2.exe
    Windows Malicious Software Removal Tool x64:
    Windows-KB890830-x64-V5.2.exe

    .
    Last edited by AplusWebMaster; 2013-07-12 at 14:28.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #77
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Problems with MS13-057 ...

    FYI...

    Problems with MS13-057...
    Half your video missing in Windows Movie Maker?[1] MS13-057 to blame.
    - http://blog.dynamoo.com/2013/07/half...n-windows.html
    16 July 2013 - "... I am not alone.. an InfoWorld post* also indicates that there are problems with Adobe Premiere Pro, Techsmith Camtasia Studio, Serif MoviePlus X6 plus some games due to the MS13-057 update pushed out a week ago. If you are experiencing critical problems with missing video, then the only thing to do seems to be to uninstall the Windows Media Player patch listed as KB2803821 or KB2834904. If this isn't causing a problem then you may as well keep the patch in place to protect your system. I would expect another patch to be re-issued soon."
    * https://www.infoworld.com/t/microsof...2834904-222636
    July 12, 2013

    1) https://lh3.ggpht.com/-k5l-sYmfu54/U...Q/s400/wmm.jpg
    ___

    - https://isc.sans.edu/diary.html?storyid=16168
    Last Updated: 2013-07-15 21:34:45 UTC
    ___

    MS13-057: Description of the security update for Windows Media Format Runtime 9 and 9.5 (wmvdmod.dll), and for Windows Media Player 11 and 12
    - http://support.microsoft.com/default...;en-us;2803821
    Last Review: August 13, 2013 - Revision: 8.0 - "... If you use Adobe Premier Pro CS6, Camtasia Studio 8.1, or Serif MoviePlus X6, you may experience issues after installing 2803821. In some cases, WMV video files may fail to successfully encode or decode. Upon completion of the investigation, Microsoft will take appropriate action to help protect our customers. This may include providing mitigations and workarounds or re-releasing this security update."
    ___

    3 more botched Windows patches: KB 2803821, KB 2840628, and KB 2821895
    Two Black Tuesday patches -- MS 13-052 and MS 13-057 -- and last month's nonsecurity patch KB 2821895 cause a variety of problems
    - https://www.infoworld.com/t/microsof...2821895-222807
    July 16, 2013

    MS13-052: https://support.microsoft.com/kb/2861561
    Last Review: July 11, 2013 - Revision: 2.0

    MS13-057: https://support.microsoft.com/kb/2847883
    Last Review: July 17, 2013 - Revision: 4.0

    KB 2821895: https://support.microsoft.com/kb/2821895
    Last Review: June 20, 2013 - Revision: 5.0

    Last edited by AplusWebMaster; 2013-08-13 at 20:51.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #78
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - August 2013

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms13-aug
    August 13, 2013 - "This bulletin summary lists security bulletins released for August 2013...
    (Total of -8-)

    Microsoft Security Bulletin MS13-059 - Critical
    Cumulative Security Update for Internet Explorer (2862772)
    - https://technet.microsoft.com/en-us/...letin/ms13-059
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

    Microsoft Security Bulletin MS13-060 - Critical
    Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2850869)
    - https://technet.microsoft.com/en-us/...letin/ms13-060
    Critical - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS13-061 - Critical
    Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)
    - https://technet.microsoft.com/en-us/...letin/ms13-061
    Critical - Remote Code Execution - May require restart - Microsoft Server Software

    Microsoft Security Bulletin MS13-062 - Important
    Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege (2849470)
    - https://technet.microsoft.com/en-us/...letin/ms13-062
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS13-063 - Important
    Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2859537)
    - https://technet.microsoft.com/en-us/...letin/ms13-063
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS13-064 - Important
    Vulnerability in Windows NAT Driver Could Allow Denial of Service (2849568)
    - https://technet.microsoft.com/en-us/...letin/ms13-064
    Important - Denial of Service - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS13-065 - Important
    Vulnerability in ICMPv6 could allow Denial of Service (2868623)
    - https://technet.microsoft.com/en-us/...letin/ms13-065
    Important - Denial of Service - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS13-066 - Important
    Vulnerability in Active Directory Federation Services Could Allow Information Disclosure
    - https://technet.microsoft.com/en-us/...letin/ms13-066
    Important - Information Disclosure - May require restart - Microsoft Windows
    ___

    MS13-052: Vulnerabilities in .NET Framework and Silverlight could allow remote code execution
    - https://support.microsoft.com/kb/2861561
    August 13, 2013 This security update has been re-released and contains some updated articles. We recommend that you apply this updated security update.
    Last Review: August 13, 2013 - Revision: 5.0
    - https://technet.microsoft.com/en-us/...letin/MS13-052
    Updated: August 13, 2013

    MS13-057: Description of the security update for Windows Media Format Runtime 9 and 9.5 (wmvdmod.dll), and for Windows Media Player 11 and 12
    - http://support.microsoft.com/default...;en-us;2803821
    "... issue resolved for Win7 and Win Svr 2008R2...
    re-released version of security update 2803821 - August 13, 2013..."
    Last Review: August 13, 2013 - Revision: 8.0
    - https://technet.microsoft.com/en-us/...letin/MS13-057
    Updated: August 13, 2013
    ___

    - http://blogs.technet.com/b/msrc/arch...edirected=true

    Bulletin Deployment Priority
    - https://blogs.technet.com/cfs-filesy...3-DP-Slide.PNG

    Severity and Exploitability Index
    - https://blogs.technet.com/cfs-filesy...d-XI-Slide.PNG
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=16358
    Last Updated: 2013-08-13 17:28:40

    - http://www.theinquirer.net/inquirer/...r-and-exchange
    Aug 14 2013 - "... MS13-059 fixes 11 vulnerabilities in all versions of IE from IE6 to IE10... two patches for address space layout randomisation (ALSR) bypasses this month in MS13-059 for IE and MS13-063 in the Windows kernel..."
    ___

    - https://secunia.com/advisories/53998/ - MS13-059
    - https://secunia.com/advisories/54364/ - MS13-060
    - https://secunia.com/advisories/54392/ - MS13-061
    - https://secunia.com/advisories/54394/ - MS13-062
    - https://secunia.com/advisories/54406/ - MS13-063
    - https://secunia.com/advisories/54420/ - MS13-064
    - https://secunia.com/advisories/54440/ - MS13-065
    - https://secunia.com/advisories/54459/ - MS13-066
    ___

    MSRT
    - https://support.microsoft.com/?kbid=890830
    August 13, 2013 - Revision: 125.0

    - http://www.microsoft.com/security/pc...-families.aspx
    "... list includes every major virus and worm family the tool provides detection and cleaning capabilities for since its initial release on January 11, 2005..."

    Download:
    - https://www.microsoft.com/en-us/down...l-details.aspx
    Windows-KB890830-V5.3.exe
    Windows Malicious Software Removal Tool x64:
    Windows-KB890830-x64-V5.3.exe

    .
    Last edited by AplusWebMaster; 2013-08-14 at 17:30.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #79
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisories - 8.13.2013 ...

    FYI...

    Microsoft Security Advisory (2861855)
    Updates to Improve Remote Desktop Protocol Network-level Authentication
    - http://technet.microsoft.com/en-us/s...visory/2861855
    August 13, 2013

    Microsoft Security Advisory (2862973)
    Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
    - http://technet.microsoft.com/en-us/s...visory/2862973
    August 13, 2013

    Microsoft Security Advisory (2854544)
    Updates to Improve Cryptography and Digital Certificate Handling in Windows
    - http://technet.microsoft.com/en-us/s...visory/2854544
    Published: June 11, 2013 | Updated: August 13, 2013

    Microsoft security advisories: RDP and MD5 deprecation in Microsoft root certificates
    - https://isc.sans.edu/diary.html?storyid=16361
    Last Updated: 2013-08-13 18:12:43

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #80
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS13-061 rescinded ...

    FYI...

    MS13-061 rescinded ...
    - https://blogs.technet.com/b/exchange...edirected=true
    14 Aug 2013 - "Late last night we became aware of an issue with MS13-061 security update for Exchange Server 2013. Specifically, after the installation of the security update, the Content Index for mailbox databases shows as Failed and the Microsoft Exchange Search Host Controller service is renamed. For those that have already installed the MS13-061 security update for Exchange Server 2013, we already have KB 2879739* that provides the steps on how to resolve this issue. However, due to this issue and that it affects all Mailbox server installations, we have decided to pull the MS13-061 security update temporarily.
    Note: This issue does not occur in Exchange 2010 or Exchange 2007. You can proceed with testing and deploying Exchange 2007 SP3 RU11, Exchange 2010 SP2 RU7, and Exchange 2010 SP3 RU2.
    Recommendation: If you have already installed MS13-061 security update on your Exchange 2013 servers, we recommend following the steps in KB 2879739 to resolve the issue. If you have not installed MS13-061 security update on your Exchange 2013 servers, we recommend not proceeding with the update at this time..."

    Update 2874216 breaks the content index in Exchange Server 2013
    * https://support.microsoft.com/kb/2879739 - MS13-061
    Last Review: August 20, 2013 - Revision: 5.0 <<
    Applies to:
    - Microsoft Exchange Server 2013 Enterprise
    - Microsoft Exchange Server 2013 Standard

    Last edited by AplusWebMaster; 2013-08-21 at 15:21.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •