Page 47 of 47 FirstFirst ... 374344454647
Results 461 to 467 of 467

Thread: Microsoft Alerts

  1. #461
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Lenovo releases Security Advisory... more

    FYI...

    Lenovo Releases Security Advisory
    - https://www.us-cert.gov/ncas/current...urity-Advisory
    Jan 19, 2018 - "Lenovo has released security updates to address a vulnerability affecting Enterprise Network Operating System (ENOS) firmware. An attacker could exploit this vulnerability to obtain sensitive information.
    NCCIC/US-CERT encourages users and administrators to review the Lenovo Security Advisory* for more information and apply the necessary updates or mitigations."

    Enterprise Networking Operating System (ENOS) Authentication Bypass in Lenovo and IBM RackSwitch and BladeCenter Products
    * https://support.lenovo.com/us/en/pro...rity/len-16095
    Lenovo Security Advisory: LEN-16095
    Potential Impact: An attacker could gain access to the switch management interface, permitting settings changes that could result in exposing traffic passing through the switch, subtle malfunctions in the attached infrastructure, and partial or complete denial of service.
    Severity: High
    Scope of Impact: Lenovo-specific
    CVE Identifier: CVE-2017-3765 ...
    ___

    Meltdown-Spectre: Intel says newer chips also hit by unwanted reboots after patch
    Intel's firmware fix for Spectre is also causing higher reboots on Kaby Lake and Skylake CPUs
    - http://www.zdnet.com/article/meltdow...s-after-patch/
    Jan 18, 2018

    Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
    - https://security-center.intel.com/ad...nguageid=en-fr
    Last revised: Jan 17, 2018
    ___

    Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products
    - http://www.dell.com/support/article/...oducts?lang=en
    Last Date Modified: 01/19/2018 07:46 AM
    ___

    More Windows patches, primarily previews, point to escalating problems this month
    Five Windows patches and nine for .NET released yesterday, Patch Wednesday “C,” leave many of us wondering what we did to deserve such abuse. Yes, there are bugs
    - https://www.computerworld.com/articl...his-month.html
    Jan 18, 2018
    ___

    ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
    - https://portal.msrc.microsoft.com/en...sory/ADV180002
    Security Advisory
    Published: 01/03/2018 | Last Updated : 01/19/2018
    Revisions
    Version Date Description
    1.0 01/03/2018 Information published.
    2.0 01/03/2018 Revised ADV180002 to announce release of SQL 2016 and 2017 updates.
    3.0 01/05/2018 The following updates have been made: Revised the Affected Products table to include Windows 10 Version 1709 for x64-based Systems because the update provides mitigations for ADV180002. Corrected the security update numbers for the 2016 and 2017 SQL Server Cumulative Updates. Removed Windows Server 2012 and Windows Server 2012 (Server Core installation) from the Affected Products table because there are no mitigations available for ADV180002 for these products. Revised the Affected Products table to include Monthly Rollup updates for Windows 7 and Windows Server 2008 R2. Customers who install monthly rollups should install these updates to receive the mitigations against the vulnerabilities discussed in this advisory. In the Recommended Actions section, added information for Surface customers. Added an FAQ to explain why Windows Server 2008 and Windows Server 2012 will not receive mitigations for these vulnerabilities. Added an FAQ to explain the protection against these vulnerabilties for customers using x86 architecture.
    4.0 01/09/2018 Revised the Affected Products table to include updates for supported editions of Microsoft SQL Server 2008, Microsoft SQL Server 2008, and Microsoft SQL Server 2016 because these updates provide mitigations for ADV180002.
    4.1 01/10/2018 Added FAQs to provide more details about the following: the vulnerabilities described in this advisory, what systems are at risk from the vulnerabilities, how customers can be protected against each specific vulnerability, information for customers with AMD-based devices.
    5.0 01/12/2018 Revised the Affected Products table to include updates for supported editions of Microsoft SQL Server 2014 because these updates provide mitigations for ADV180002.
    6.0 01/16/2018 Revised the Affected Products table to include updates for supported editions of Microsoft SQL Server 2012 because these updates provide mitigations for ADV180002.
    7.0 01/18/2018 On January 5, 2018, Microsoft re-released KB4056898 (Security Only) for Windows 8.1 and Windows Server 2012 R2 to address a known issue. Customers who have installed the original package on 1/3/2018 should reinstall the update.
    8.0 01/18/2018 Microsoft has released security update 4073291 to provide additional protections for the 32-bit (x86) version of Windows 10 Version 1709 related to CVE 2017-5754 (“Meltdown”). Microsoft recommends that customers running Windows 10 Version 1709 for 32-bit systems install the update as soon as possible. Microsoft continues to work to provide 32-bit (x86) protections for other supported Windows versions but does not have a release schedule at this time. The update is currently available via the Microsoft Update Catalog only, and will be included in subsequent updates. This update does not apply to x64 (64-bit) systems.
    9.0 01/19/2018 1 - Updated FAQ #10 to announce that Microsoft has resumed updating all AMD devices with the Windows operating system security update to help protect against the chipset vulnerabilities known as Spectre and Meltdown. See the FAQ for links to information on how to download the update for your operating system. Customers with AMD-based devices should install the updates to be protected from the vulnerabilities discussed in this advisory. 2 - Added an update to FAQ #7 that security update 4073291 is available to provide additional protections for the 32-bit (x86) version of Windows 10 Version 1709 related to CVE 2017-5754 (“Meltdown”).
    ___

    Patching meltdown: Windows fixes, sloppy .NET, warnings about Word and Outlook
    If you thought this month’s Windows/Office/.NET patching debacle couldn’t get any worse...
    - https://www.computerworld.com/articl...d-outlook.html
    Jan 19, 2018

    Last edited by AplusWebMaster; 2018-01-20 at 17:44.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #462
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Intel says you should NOT install its Meltdown firmware fixes

    FYI...

    Intel says you should NOT install its Meltdown firmware fixes
    The warning, which encompasses just about every Intel processor out there, from all PC manufacturers, takes effect immediately. And there’s no indication when it will get fixed
    - https://www.computerworld.com/articl...are-fixes.html
    Jan 22, 2018 - "... Intel just announced* that you need to hold off on all of its new patches..."

    * https://newsroom.intel.com/news/root...-and-partners/
    Jan 22, 2018 - "As we start the week, I want to provide an update on the reboot issues we reported Jan. 11. We have now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it. Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed. Based on this, we are updating our guidance for customers and partners:
    We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior.
    We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week...
    I will keep you updated as we learn more and thank you for your patience..."
    (More detail at the URLs above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #463
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Updates - status

    FYI...

    ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
    Security Advisory
    Published: 01/03/2018 | Last Updated : 01/26/2018
    - https://portal.msrc.microsoft.com/en...sory/ADV180002
    10.0 01/22/2018 Added FAQ #11 to address customer concerns about reboot issues with microcode on devices with older Intel processors. 2. Revised the Affected Products table to add Monthly Rollup updates for supported editions of Windows 8.1 and Windows Server 2012 R2. Customers who install Monthly Rollups should install these updates to be protected from the vulnerabilities described in this advisory.
    11.0 01/26/2018 Updated FAQ #11 with further guidance for customers who are experiencing reboot issues on Intel devices.
    ___

    Microsoft Patch Alert: Lots of lingering problems in a very messy month
    - https://www.computerworld.com/articl...th.html?page=6
    Jan 25, 2018 - "... recommend that you hold off on applying this month’s patches..."

    - https://www.askwoody.com/ms-defcon-system/
    "... Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it."

    Windows 10 Version 1709 KB4073291 (OS Build 16299.201)
    - https://support.microsoft.com/en-us/...date-kb4056892
    Last Updated: Jan 26, 2018
    "Known issues in this update... Microsoft is working on a resolution and will provide an update in an upcoming release."

    Update to Disable Mitigation against Spectre, Variant 2
    Applies to: Windows 7 Service Pack 1, Windows 8.1, Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, Windows 10 Version 1703, Windows 10 version 1709, Windows Server 2008 R2 Standard, Windows Server 2012 R2 Standard
    - https://support.microsoft.com/en-us/...ctre-variant-2
    Last Updated: Jan 26, 2018

    Last edited by AplusWebMaster; 2018-01-28 at 01:26.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #464
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation January patches - Get Windows updated...

    FYI...

    January patches - Get Windows updated...
    ...We’ve gone five whole days without a new Windows or Office patch. The latest ones have a few identified problems, but for most people now’s the right time to get the January patches installed
    - https://www.computerworld.com/articl...s-updated.html
    Feb 5, 2018 - "... General caveats:
    Don’t install any firmware updates...
    Make sure your antivirus is copacetic with this month’s patches...
    Make a full system image -backup- before you install the January patches...
    As is always the case, DON’T CHECK ANYTHING THAT’S UNCHECKED. In particular, don’t be tempted to install anything marked 'Preview'..."

    - https://www.askwoody.com/2018/ms-def...o-get-patched/
    Feb 5, 2018 - "... Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #465
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Windows Update - turn off

    FYI...

    Get Windows Update locked down in preparation for this month’s problems
    ...If February turns out half as bad as January... make sure Windows Update is turned off. Temporarily, of course...
    - https://www.computerworld.com/articl...-problems.html
    Feb 12, 2018 - "... an unconscionable number of patches left bricked machines and busted programs in their wake. With the onslaught of February security patches due... you should take a few minutes to make sure Microsoft’s problems won’t immediately turn into your problems..."
    ___

    Feb 2018 Security Updates
    - https://portal.msrc.microsoft.com/en...1-000d3a33c573
    Feb 13, 2018 - "The February security release consists of security updates for the following software:
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    ChakraCore
    Adobe Flash..."
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Feb 13, 2018

    Last edited by AplusWebMaster; 2018-02-13 at 23:31.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #466
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Updates - Feb 2018

    FYI...

    Get Windows Update locked down in preparation for this month’s problems
    ...If February turns out half as bad as January... make sure Windows Update is turned off. Temporarily, of course...
    - https://www.computerworld.com/articl...-problems.html
    Feb 12, 2018 - "... an unconscionable number of patches left bricked machines and busted programs in their wake. With the onslaught of February security patches due... you should take a few minutes to make sure Microsoft’s problems won’t immediately turn into your problems..."
    ___

    Feb 2018 Security Updates
    - https://portal.msrc.microsoft.com/en...1-000d3a33c573
    Feb 13, 2018 - "The February security release consists of security updates for the following software:
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    ChakraCore
    Adobe Flash..."
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Feb 13, 2018
    ___

    Security Update Summary
    - https://portal.msrc.microsoft.com/en...idance/summary

    Feb 2018 Office Update Release
    - https://blogs.technet.microsoft.com/...pdate-release/
    Feb 13, 2018 - "The February 2018 Public Update releases for Office are now available! This month, there are 14 security updates and 22 non-security updates. All of the security and non-security updates are listed in KB article 4077965*.
    A new version of Office 2013 Click-To-Run is available: 15.0.5007.1000
    A new version of Office 2010 Click-To-Run is available: 14.0.7194.5000"
    * https://support.microsoft.com/en-us/...crosoft-office
    ___

    Microsoft Security Updates February 2018 release
    - https://www.ghacks.net/2018/02/13/mi...-2018-release/
    Feb 13, 2018 - "... guide lists all security and non-security updates that Microsoft released since the January Patch Day. Each patch is listed with its name, description, and link to Microsoft..."

    February Patch Tuesday – 55 Microsoft vulnerabilities patched, 45 for Adobe
    - https://blog.qualys.com/laws-of-vuln...d-45-for-adobe
    Feb 13, 2018

    Last edited by AplusWebMaster; 2018-02-14 at 20:48.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #467
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Patch Alert - February

    FYI...

    Ms Patch Alert: February's fixes aren’t as bad as last month, but problems abound
    ... All is not well. The Win10 Fall Creators Update cumulative update is bluescreening some PCs and dropping USB connections for many — and there’s a bug in the Win7 Monthly Rollups that cause a boot-to-black
    - https://www.computerworld.com/articl...ms-abound.html
    Feb 26, 2018 - "... Microsoft is working on a resolution and will provide an update in an upcoming release. Workaround steps are available in KB4091240.
    > https://support.microsoft.com/en-us/...ry-13-2018-upd
    Applies to: Windows 10
    ... Microsoft is working on a resolution and will provide an update in an upcoming release. Workaround steps are available in KB4075150.
    - https://support.microsoft.com/en-us/...stalling-the-j
    Applies to: Win10, Win7, Win8.1
    Last Updated: Feb 26, 2018
    As you might imagine, both manual workarounds require an advanced degree in Microsoft Patch bugology... If you’d rather wait until the coast is clear, and prefer not to sweat the small stuff, make sure you have Outlook fixed if you need to then go get a cup of coffee. Check back again in a few days, to see whether Microsoft has finally given us a version of Win10 1709 that actually, you know, works – and if there are any further problems with the second cumulative updates for 1703 and 1611. Don’t expect a fix for the Win7 boot to black screen problem..."
    ___

    > https://www.askwoody.com/ms-defcon-system/
    "MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it."
    ___

    MS Patches - bug warnings, another Office CtR, and the return of KB 2952664
    ... This month’s fourth-Tuesday patches includes a bevy of bug notices and a warning to uninstall old Previews, the fourth “Monthly Channel” update this month for Office 365, and our old snooping friend KB 2952664
    - https://www.computerworld.com/articl...html?nsdr=true
    Feb 28, 2018

    February 13, 2018—KB4074598 (Monthly Rollup)
    Applies to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
    - https://support.microsoft.com/en-us/...date-kb4074598
    "Known issues in this update...
    Microsoft is working on a resolution and will provide an update in an upcoming release..."
    Last Updated: Feb 28, 2018

    February 13, 2018—KB4074587 (Security-only update)
    Applies to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
    - https://support.microsoft.com/en-us/...date-kb4074587
    "Known issues in this update...
    Microsoft is working on a resolution and will provide an update in an upcoming release..."
    Last Updated: Feb 28, 2018

    Last edited by AplusWebMaster; 2018-03-05 at 13:05.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •