Microsoft Alerts

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2887505)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2887505
September 17, 2013 - "Microsoft is investigating public reports of a vulnerability in all supported versions of Internet Explorer. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. Applying the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," prevents the exploitation of this issue. See the Suggested Actions section of this advisory for more information. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
* http://support.microsoft.com/kb/2887505#FixItForMe
"Notes about this Fix it solution:
- You must restart Internet Explorer after you apply this Fix it solution.
- The Fix it solution that is described in this section applies only (to) 32-bit versions of Internet Explorer.
- You must have security update 2870699 installed for this Fix it to provide effective protection against this issue. For more information about security update 2870699... view the article in the Microsoft Knowledge Base:
2870699 MS13-069: Cumulative security update for Internet Explorer: September 10, 2013
This Fix it solution is not intended to be a replacement for any security update..."
Last Review: September 18, 2013 - Revision: 2.2
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
Microsoft Internet Explorer 6.0"

MS13-069: http://support.microsoft.com/kb/2870699
Last Review: September 18, 2013 - Revision: 2.0

- https://blogs.technet.com/b/msrc/arc...edirected=true
17 Sep 2013
___

- https://atlas.arbor.net/briefs/
High Severity
September 20, 2013 21:24
The latest Internet Explorer vulnerability is being used in targeted attacks and it's just a matter of time before larger-scale attacks take place.
Analysis: Once exploit code of this nature reaches the public, or semi-public sources, those that are paying attention (both "whitehat" and "blackhat" researchers, typically) have the information for defense and for offense. While this exploit code is not yet known to have been leveraged in any exploit kit and only in the context of targeted attacks, it is just a matter of time before the exploit becomes weaponized and expands past it's current use in targeted attacks and is use for cybercrime related activities. EMET is helpful, as is providing other hardening techniques such as whitelisting and application sandboxing where appropriate. 0day exploits are a fact of life, and there is evidence to suggest that this particular vulnerability has been exploited in the wild for some time.
Source: http://www.net-security.org/article.php?id=1885
19 Sep 2013 - "... The simplest way to avoid this risk is to use a browser other than Internet Explorer..."

- https://secunia.com/advisories/54884/
Release Date: 2013-09-18
Criticality: Extremely Critical
Impact: System access
Solution Status: Partial Fix...
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3893 - 9.3 (HIGH)
Provided and/or discovered by: Reported as a 0-day...

- http://community.websense.com/blogs/...2013-3893.aspx
18 Sep 2013 - "... close to 70% of Windows-based PCs are vulnerable..."
___

- http://www.fireeye.com/blog/technica...2013-3893.html
Sep 21, 2013 - "... Despite the targeted nature of these attacks, the exploit identifies numerous language packs (en, zh, fr, de, ja, pt, ko, ru) and software versions, which is uses to specify the correct ROP chain. Commented-out code suggests that the exploit initially targeted IE8 XP users, and IE8 and IE9 Windows 7 users who also had MS Office 2007 installed. In our tests, we observed that the exploit ran -successfully- on systems running both MS Office 2007 and 2010..."

- http://community.websense.com/blogs/...-reported.aspx
26 Sep 2013 - "... attacks utilizing the most recent Internet Explorer zero-day (CVE-2013-3893) are more prevalent than previously thought... We have seen the CVE-2013-3893 exploit targeting Japanese firms in the financial industry, being hosted on a Taiwanese IP address (hxxp: //220.229.238.123 /tn/images/index.html) as of September 25th..."

[AplusWebMaster]

FYI...

- http://www.infoworld.com/t/microsoft...fiascos-227220
Sep 20, 2013 - "This month's Black Tuesday - Sept. 10, 2013 - enters the record books as Microsoft's most patch-botching month in history... The release dilemma is quite straightforward: Microsoft has to test the patches without letting them leak to the bad guys. Conventional wisdom dictates that if the bad guys can reverse engineer the patches before they roll down the Automatic Update chute, Windows as we know it will cease to exist... In September we had 116 patches on Black Tuesday. Twelve of them were subsequently yanked... mixing security with nonsecurity patches and pushing out more than a hundred at a time - that's just stupid. If Windows and Office are in such bad shape that we have to reboot twice a month, so be it..."
___

Office 2010 Starter Edition: File type associations missing after September 2013 Update
- http://blogs.technet.com/b/office_su...13-update.aspx
18 Sep 2013 - "... we have received reports of file type associations missing after installing KB2589275*. After installing this update, some users have reported they are unable to open files by double-clicking them, that the file type icons have changed, and that they must go to the application to open files... How to fix this issue: There are several options available to repair this issue. Each will restore Office products to a fully functional state. These are permanent fixes rather than having to revert to opening files inside the applications..."
* http://support.microsoft.com/kb/2589275
[Download has apparently been revoked.]
___

MS13-063 - KB 2859537 ...
- http://support.microsoft.com/kb/2859537/en-us
Last Review: September 19, 2013 - Revision: 4.0 - "... Known issues with this security update:
While you are installing this security update, or after you install this security update on computer that is running Windows 7 SP1 or Windows Server 2008 R2 SP1, you may experience either of the following issues: You may receive a STOP 0x6B error message when you restart a computer after you perform a specific System Restore operation...
Note: Not all STOP 0x6B errors are caused by the issues that are described in this article.
Some users may experience issues with certain programs after they install security update 2859537. In some cases the programs may not successfully start..."

MS13-063: Vulnerabilities in Windows kernel could allow elevation of privilege
- http://technet.microsoft.com/en-us/s...letin/ms13-063
V1.2 (September 13, 2013): Corrected update replacement for all affected software excluding Windows XP and Windows 8. This is an informational change only.

[AplusWebMaster]

FYI...

MS13-068 - KB2794707- and Office 2010 SP2 - 2687455
Not all the Office patches are ready to install; the Office 2010 SP2 release still has issues.
- https://windowssecrets.com/patch-wat...ffice-updates/
Sep 25, 2013 - "Microsoft should soon push out Office 2010 SP2 to everyone getting Windows updates automatically. (Previously, those users might have seen KB 2687455 listed in Windows Update but unchecked for installation.) I’m still not ready to give the full thumbs-up to this major update. As noted in MS forums*, some Office 2010 users who installed SP2 continue to receive false error messages in their application event log when they start up Outlook. The good news: the error is cosmetic. There’s no actual error, but the Office event logs could become cluttered with messages such as “Calendar Folder property is missing.” An event log filled with false errors can make it difficult to find the records of other PC problems — they roll off the the log sooner than normal and the event you’re looking for is gone. This problem can also occur after installing KB 2794707, a September security update for an Outlook vulnerability. We have several shared calendars in my office, and my event log is filled with the Event 27 “Calendar Folder property is missing” error. There’s currently no ETA on a fix for this issue. Because it’s consider cosmetic, it might be a low priority for Microsoft; however, I don’t find it reassuring to be told to ignore an error. Fortunately, the vulnerability patched by KB 2794707 is difficult to exploit, according to a Microsoft Security Research & Defense post**.
What to do: There’s probably no real harm in installing KBs 2687455 (Office 2010 SP2) and 2794707 (MS13-068). But it’s just as probable there’s no real harm in waiting until Microsoft provides a fix for these fixes. I recommend keeping both updates on -hold- for a while longer."
* http://social.technet.microsoft.com/...er-property-is

** http://blogs.technet.com/b/srd/archi...n-outlook.aspx

Office 2010 Service Pack 2
- http://support.microsoft.com/kb/2687455
Last Review: August 20, 2013 - Revision: 4.0

- http://support.microsoft.com/kb/2794707
Last Review: October 2, 2013 - Revision: 2.0
Applies to: Microsoft Outlook 2010

[AplusWebMaster]

FYI...

Metasploit releases CVE-2013-3893 ...
- https://community.rapid7.com/communi...use-after-free
Sep 30, 2013 - "Recently the public has shown a lot of interest in the new Internet Explorer vulnerability (CVE-2013-3893) that has been exploited in the wild, which was initially discovered in Japan. At the time of this writing there is still no patch available, but there is still at least a temporary fix-it that you can apply from Microsoft, which can be downloaded here*... The vulnerability affects Internet Explorer from 6 all the way to 11, however, the exploit in the wild primarily targets Internet Explorer 8 on Windows XP, and Internet Explorer 8 and 9 on Windows 7... The Metasploit module currently can be only tested on Internet Explorer 9 on Windows 7 SP1 with either Office 2007 or Office 2010 installed..."
* https://support.microsoft.com/kb/2887505#FixItForMe
Microsoft Fix it 51001

- https://isc.sans.edu/diary.html?storyid=16697
Last Updated: 2013-10-01 19:57:14 UTC... Version: 2

[AplusWebMaster]

FYI...

- https://technet.microsoft.com/en-us/...letin/ms13-oct
October 08, 2013 - "This bulletin summary lists security bulletins released for October 2013...
(Total of -8-)

Microsoft Security Bulletin MS13-080 - Critical
Cumulative Security Update for Internet Explorer (2879017)
- http://technet.microsoft.com/en-us/s...letin/ms13-080
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
V1.2 (October 8, 2013): Bulletin revised to announce that the 2884101 update is available via Windows Update.
V1.3 (October 10, 2013): Bulletin revised to remove CVE-2013-3871 from the vulnerabilities addressed by this update. Including this CVE in the original security bulletin text was a documentation error. CVE-2013-3871 is scheduled to be addressed in a future security update. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.

- http://support.microsoft.com/kb/2884101
Last Review: October 8, 2013 - Revision: 2.0

Microsoft Security Bulletin MS13-081 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
- http://technet.microsoft.com/en-us/s...letin/ms13-081
Critical - Remote Code Execution - Requires restart - Microsoft Windows
V1.1 (October 9, 2013): Bulletin revised to announce a detection change to correct an offering issue for the 2847311 update for Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) and Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation). This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.

Microsoft Security Bulletin MS13-082 - Critical
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)
- http://technet.microsoft.com/en-us/s...letin/ms13-082
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework
V1.1 (October 10, 2013): Bulletin revised to indicate that Server Core installations of Windows Server 2012 are affected by the vulnerability addressed in the 2861194 update. This is an informational change only. There were no changes to the detection logic or the security update files. Customers who have already successfully updated their systems do not need to take any action.

Microsoft Security Bulletin MS13-083 - Critical
Vulnerability in Windows Common Control Library Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...letin/ms13-083
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-084 - Important
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)
- http://technet.microsoft.com/en-us/s...letin/ms13-084
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software

Microsoft Security Bulletin MS13-085 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)
- http://technet.microsoft.com/en-us/s...letin/ms13-085
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS13-086 - Important
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)
- http://technet.microsoft.com/en-us/s...letin/ms13-086
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS13-087 - Important
Vulnerability in Silverlight Could Allow Information Disclosure (2890788)
- http://technet.microsoft.com/en-us/s...letin/ms13-087
Important - Information Disclosure - Does not require restart - Microsoft Silverlight
___

- http://blogs.technet.com/b/msrc/arch...edirected=true
"... eight bulletins – four Critical and four Important - which address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight... resolves 10 issues in Internet Explorer..."

Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesy...0_Priority.jpg

Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesy...0_Severity.jpg
___

- http://blogs.technet.com/b/office_su...e-release.aspx
8 Oct 2013 - "The October 2013 Public Update release for Office is now live. There are 24 security updates (3 bulletins) and 35 non-security updates..."
(Long list at the URL above.)
___

- https://secunia.com/advisories/54884/ - MS13-080
- https://secunia.com/advisories/55052/ - MS13-081
- https://secunia.com/advisories/55043/ - MS13-082
- https://secunia.com/advisories/55106/ - MS13-083
- https://secunia.com/advisories/55131/ - MS13-084
- https://secunia.com/advisories/55141/ - MS13-085
- https://secunia.com/advisories/55143/ - MS13-086
- https://secunia.com/advisories/55149/ - MS13-087
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=16760
Last Updated: 2013-10-08 17:30:03 UTC

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2887505)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2887505
Updated: October 08, 2013 - Version: 2.0 - "... We have issued MS13-080* to address the Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893)..."
* https://technet.microsoft.com/en-us/...letin/ms13-080

- https://secunia.com/advisories/54884/
Last Update: 2013-10-11
Criticality: Extremely Critical
CVE Reference(s): CVE-2013-3872, CVE-2013-3873, CVE-2013-3874, CVE-2013-3875, CVE-2013-3882, CVE-2013-3885, CVE-2013-3886, CVE-2013-3893*, CVE-2013-3897
... vulnerability is currently being actively exploited in targeted attacks.

- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3872 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3873 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3874 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3875 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3882 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3885 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3886 - 9.3 (HIGH)
* https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3893 - 9.3 (HIGH)
Last revised: 10/10/2013
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3897 - 9.3 (HIGH)
Last revised: 10/10/2013 - "... as exploited in the wild in September and October 2013..."

- http://www.darkreading.com/attacks-b...ndly=this-page
Oct 09, 2013

- http://community.websense.com/blogs/...h-profile.aspx
9 Oct 2013 - CVE-2013-3897
___

Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.microsoft.com/en-us/s...visory/2862973
Updated: October 08, 2013 - Version: 1.2 - "Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks... Note that the 2862966 update is a prerequisite and must be applied before this update can be installed. The 2862966 update contains associated framework changes to Microsoft Windows. For more information, see Microsoft Knowledge Base Article 2862966.
Known Issues. Microsoft Knowledge Base Article 2862973 documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues..."
- http://support.microsoft.com/kb/2862966
Last Review: August 27, 2013 - Revision: 4.0
- http://support.microsoft.com/kb/2862973
Last Review: August 15, 2013 - Revision: 2.0

[AplusWebMaster]

FYI...

KB 2878890 patch brings back two-year-old KB 951847 - repeatedly...
- http://www.infoworld.com/t/microsoft...eatedly-228538
Oct 10, 2013 - "Another Black Tuesday, another -botched- patch. Applying this week's KB 2878890* patch on some Windows XP and Server 2003 SP2 machines causes a two-year-old .Net Framework roll-up patch, KB 951847**, to resurface. Windows Update not only prompts WinXP/Server 2003 users to (re-)install the big, old .Net patch, it keeps pestering over and over again to (re-)install it, even if the WU install logs say it's been installed. Fortunately, there's a fix. Although we don't yet know the details - and Microsoft hasn't acknowledged, much less fixed, the problem - there's a steady stream of complaints, comments, and questions about the botched patch on Microsoft's Answers forum. The problem seems to affect older WinXP/Server 2003 installations, likely those with older versions of .Net Framework installed. Advice from the forum mods (who haven't received definitive guidance from Microsoft yet) is that turning off KB 951847 - unchecking the box on the Windows Update list - is a prudent way to get rid of the annoyance..."
* http://technet.microsoft.com/en-us/s...letin/MS13-082
V1.0 Oct 8, 2013

... MAY be:
- http://support.microsoft.com/kb/2861189
Last Review: October 8, 2013 - Revision: 1.0
** http://support.microsoft.com/kb/951847
Last Review: August 18, 2011 - Revision: 9.0

MS13-082 ...
- http://www.infoworld.com/t/microsoft...ent-1077827614
"... The specific KB number you see depends on which version of Windows you're using and which version of .NET is being patched. There's a full list of KB numbers/patch files in the KB 2878890 article here: http://support.microsoft.com/kb/2878890 ... . I count 18 of them..."
___

MS13-081: Description of the security update for USB drivers: October 8, 2013
- http://support.microsoft.com/kb/2862330
[Oct 11 ... now -unchecked- in Download list - Win7. Problems likely "under investigaton"...]
___

- https://windowssecrets.com/patch-wat...leanup-update/
Susan Bradley - Oct 10, 2013 - "... rated critical for all supported desktop versions of Internet Explorer... Along with the vulnerability reported in the Sept. 17 MS Security Advisory, the update covers -nine- related vulnerabilities...
- What to do: Install KB 2879017 (MS13-080*) as soon as offered..."
* http://technet.microsoft.com/en-us/s...letin/MS13-080
V1.3 (October 10, 2013): Bulletin revised to remove CVE-2013-3871 from the vulnerabilities addressed by this update. Including this CVE in the original security bulletin text was a documentation error. CVE-2013-3871 is scheduled to be addressed in a future security update. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.
- http://support.microsoft.com/kb/2879017
Last Review: October 9, 2013 - Revision: 4.0
Applies to:
•Internet Explorer 11
•Internet Explorer 10
•Windows Internet Explorer 9
•Windows Internet Explorer 8
•Windows Internet Explorer 7
•Microsoft Internet Explorer 6.0 ...
___

Update is available that enables you to delete outdated Windows updates by using a new option in the Disk Cleanup wizard in Windows 7 SP1
- http://support.microsoft.com/kb/2852386/en-us
"... Status: Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section...
Last Review: October 8, 2013 - Revision: 1.0
Applies to:
Windows 7 Service Pack 1, when used with:
Windows 7 Enterprise
Windows 7 Home Basic
Windows 7 Home Premium
Windows 7 Professional
Windows 7 Starter
Windows 7 Ultimate ..."

[AplusWebMaster]

FYI...

MS13-081 KB2862330 update "problems" ...
- http://msmvps.com/blogs/bradley/arch...-problems.aspx
Sat, Oct 12 2013

"Microsoft 'Confirms' KB2862330 Windows 7 Update 'Problems':
- http://news.softpedia.com/news/Micro...s-390567.shtml

So let's get the story straight. KB2862330 from the moment it was released indicated it might need -two- reboots to be properly installed.
Microsoft stated that in the known issues* section at the top of the security bulletin from the moment it was released.
The system will reboot, start again and rather than coming up, will just restart a second time. It's expected and -not- a bug.
There are a few folks seeing issues with this update and quite frankly I expect it. This is a lot of updates in the kernel section with impact to usb drivers. Where we have a ton of third party development. And not always the greatest third party development.
So let's not blow these statements out of proportion to the reality."

MS13-081: Description of the security update for USB drivers
* http://support.microsoft.com/kb/2862330
Last Review: October 8, 2013 - Revision: 1.0
"Known issues with this security update: After you install security update 2862330, your computer may restart two times. For more information updates that require multiple restart, click the following article number to view the article in the Microsoft Knowledge Base:
2894518** Software updates that require multiple reboots may cause task sequence failure within Configuration Manager"
** http://support.microsoft.com/kb/2894518
Last Review: October 9, 2013 - Revision: 8.0

[AplusWebMaster]

FYI...

MS13-081 - Critical ... V1.2
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
- http://technet.microsoft.com/en-us/s...letin/ms13-081
V1.1 (October 9, 2013): Bulletin revised to announce a detection change to correct an offering issue for the 2847311 update for Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) and Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation). This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
V1.2 (October 16, 2013): For update 2855844*, corrected the update replacement for Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, and Windows Server 2008 R2 for x64-based Systems Service Pack 1. This is an informational change only.

* http://support.microsoft.com/kb/2855844
Oct 8, 2013 - Revision: 1.0

[AplusWebMaster]

FYI...

MS13-081 ...
- http://support.microsoft.com/kb/2862330
Last Review: Oct 29, 2013 - Rev 3.0
(See: "Known issues")

- http://msmvps.com/blogs/bradley/arch...wn-issues.aspx
Oct 18 2013
___

Botched patch installs .Net Framework 3.5 without warning or consent - even on systems that have studiously avoided .Net
- http://www.infoworld.com/t/microsoft...problem-229062
Oct 18, 2013