Page 11 of 47 FirstFirst ... 78910111213141521 ... LastLast
Results 101 to 110 of 467

Thread: Microsoft Alerts

  1. #101
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Word exploit/FixIt ...

    FYI...

    Clarification on Security Advisory 2896666 ...
    - https://blogs.technet.com/b/msrc/arc...edirected=true
    7 Nov 2013
    ___

    Microsoft Security Advisory (2896666)
    Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
    - http://technet.microsoft.com/en-us/s...visory/2896666
    5 Nov 2013 - "Microsoft is investigating private reports of a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Microsoft Office products. The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images...
    Workarounds: Disable the TIFF codec
    Note See Microsoft Knowledge Base Article 2896666* to use the automated Microsoft Fix it solution..."
    * https://support.microsoft.com/kb/2896666
    Enable this Fix it - Microsoft Fix it 51004...

    - https://support.microsoft.com/kb/2896666#appliesto

    - http://blogs.technet.com/b/srd/archi...documents.aspx
    5 Nov 2013 - "... Security Advisory 2896666 which includes a proactive Fix it workaround for blocking this attack..."
    ___

    - https://secunia.com/advisories/55584/
    Release Date: 2013-11-06
    Criticality: Extremely Critical
    Where: From remote
    Impact: System access ...
    ... vulnerability is currently being actively exploited in targeted attacks.
    Provided and/or discovered by: Reported as 0-day.
    Original Advisory: Microsoft (KB2896666):
    http://technet.microsoft.com/en-us/s...visory/2896666

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3906 - 9.3 (HIGH)
    Last revised: 11/07/2013 - "... allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013"

    0-Day Attack on Office...
    - http://krebsonsecurity.com/2013/11/m...ack-on-office/
    5 Nov 2013 - "... the exploit combines multiple techniques to bypass exploit mitigation techniques such as data execution prevention (DEP) and address space layout randomization (ASLR). The company says this exploit will -not- affect Office 2013, but will affect older versions such as Office 2003 and Office 2007..."

    - http://blogs.technet.com/b/srd/archive/2013/11.aspx
    Nov 5, 2013 - "... the exploit combines multiple techniques to bypass DEP and ASLR protections... Office 2010 uses the vulnerable graphic library, it is only affected only when running on older platforms such as Windows XP or Windows Server 2003, but it is -not- affected when running on newer Windows families (7, 8 and 8.1)..."

    Last edited by AplusWebMaster; 2013-11-09 at 13:59.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #102
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Ms13-081/kb 2862330 ...

    FYI...

    MS13-081/KB 2862330 went down the automatic update chute, triggering blue screens and endless re-installs. It still isn't fixed
    - http://www.infoworld.com/t/microsoft...00000ca-230201
    Nov 5, 2013 - "Last month's Black Tuesday crop included yet another stinker: MS13-081*/KB 2862330**, a "critical" Windows USB driver update that reaches into the Windows kernel, modifying all the USB 2.0 driver programs. Microsoft knew before the patch was released that it had an odd double-reboot tendency... As it turns out, that was the least of MS13-081's worries. The day after the patch appeared, Microsoft's Answers forum lit up with complaints. Here's a partial list of the problems Windows customers have experienced, after installing the patch:
    • Windows 7 and Windows Server 2008 R2 may throw up a Blue Screen 0x000000D1 or 0x000000CA or 9x00000050 upon boot.
    • Windows 7 and Server 2008 R2 machines may reboot, then stall at 32 percent. The only solution is to unplug the machine, then run a system restore -- necessary because the reboots stall at the same point in an endless cycle.
    • After an extended period of time on reboot, Windows 2008 R2 shows the message "Please wait for modules installer," then "Failure configuring windows updates reverting change." Windows rolls back the changes, but tries to do them again.
    • Windows XP has the same infinite-loop installation of the patch.
    • There are also reports of failing USB keyboards and mice - at least one user reports his Microsoft Mouse won't work after installing the patch.
    To date, I've seen no indication that Microsoft has isolated the source of the problem. There is no new version of the patch. There is, however, a very convoluted series of manual patching steps you can take if you feel an urgent need to install the patch. Look for the three scenarios in the KB 2862330 article. It helps if you have a degree in Computer Science. Although Microsoft hasn't completely pulled the patch - it still appears as an Important update in Windows 7 Automatic Update - the selection box is unchecked. Unless you manually check the box, the update will -not- be installed. The universal advice at this point is to refrain from installing the patch - hide it in Automatic Update if you have to. Since the patch is no longer installed by default, and almost a month after its release we still don't have an update, it's a safe assumption that the patch isn't quite as pressing as its "Critical" rating might indicate."
    * http://technet.microsoft.com/en-us/s...letin/ms13-081

    ** http://support.microsoft.com/kb/2862330
    Last Review: Oct 29, 2013 - Rev 3.0

    Last edited by AplusWebMaster; 2013-11-07 at 00:51.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #103
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation New IE 0-Day vuln exploiting msvcrt.dll

    FYI...

    New IE 0-Day vuln exploiting msvcrt.dll
    - https://isc.sans.edu/diary.html?storyid=16985
    Last Updated: 2013-11-09 13:41:19 UTC - "FireEye Labs has discovered an "exploit that leverages a new information leakage vulnerability and an IE out-of-bounds memory access vulnerability to achieve code execution." [1] Based on their analysis, it affects IE 7, 8, 9 and 10. According to Microsoft, the vulnerability can be mitigated by EMET.[2][3] Additional information on FireEye Labs post available..."

    1] http://www.fireeye.com/blog/technica...le-attack.html
    2] https://isc.sans.edu/forums/diary/EM...download/16019
    3] http://www.microsoft.com/en-us/downl....aspx?id=39273
    ___

    ... or (once again) use an alternative browser!

    Last edited by AplusWebMaster; 2013-11-09 at 19:08.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #104
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation IE 0-Day vuln exploiting msvcrt.dll ...

    FYI...

    IE 0-Day vuln exploiting msvcrt.dll ...
    - https://isc.sans.edu/diary.html?storyid=16985
    Last Updated: 2013-11-11 23:41:53 UTC ... Version: 3 - "... Update: FireEye Labs provided additional information on the recently discovered IE zero-day exploit that is currently in the wild and has been named Trojan.APT.9002 (aka Hydraq/McRAT variant). They have published additional information on the Trojan that only runs in memory and leave very little artifacts that can help identify infected clients. Additional information about the Trojan can be found here(1) which also includes a list of domains, MD5 hash and User-Agent information.
    Update 2: Microsoft is releasing tomorrow a fix for this vulnerability* (CVE-2013-3918) affecting Explorer ActiveX Control as "Bulletin 3" as MS13-090 listed in the November Microsoft Patch Tuesday Preview**..."
    1) http://www.fireeye.com/blog/technica...ss-method.html

    * http://blogs.technet.com/b/msrc/arch...e-tuesday.aspx

    - https://blogs.technet.com/b/msrc/arc...edirected=true
    7 Nov 2013 - "... this release won’t include an update for the issue first described in Security Advisory 2896666..."

    ** https://isc.sans.edu/forums/diary/16982

    - https://www.virustotal.com/en/ip-add...3/information/

    - https://www.virustotal.com/en/ip-add...4/information/
    ___

    - https://secunia.com/advisories/55611/
    Last Update: 2013-11-13
    Criticality: Extremely Critical
    Where: From remote
    Impact: System access ...
    Software: Microsoft Internet Explorer 10.x, 9.x, 8.x, 7.x
    CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3918 - 9.3 (HIGH)
    ... vulnerability is caused due to an error within an ActiveX control...
    Solution: Apply update...
    - http://technet.microsoft.com/en-us/s...letin/ms13-090
    Nov 12, 2013

    Last edited by AplusWebMaster; 2013-11-30 at 07:03.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #105
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - November 2013

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms13-nov
    Nov 12, 2013 - "This bulletin summary lists security bulletins released for November 2013...
    (Total of -8-)

    Microsoft Security Bulletin MS13-088 - Critical
    Cumulative Security Update for Internet Explorer (2888505)
    - https://technet.microsoft.com/en-us/...letin/ms13-088
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

    Microsoft Security Bulletin MS13-089 - Critical
    Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)
    - https://technet.microsoft.com/en-us/...letin/ms13-089
    Critical - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS13-090 - Critical
    Cumulative Security Update of ActiveX Kill Bits (2900986)
    - https://technet.microsoft.com/en-us/...letin/ms13-090
    Critical - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS13-091 - Important
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
    - https://technet.microsoft.com/en-us/...letin/ms13-091
    Important - Remote Code Execution - May require restart - Microsoft Office

    Microsoft Security Bulletin MS13-092 - Important
    Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)
    - https://technet.microsoft.com/en-us/...letin/ms13-092
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS13-093 - Important
    Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)
    - http://technet.microsoft.com/en-us/s...letin/ms13-093
    Important - Information Disclosure - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS13-094 - Important
    Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)
    - http://technet.microsoft.com/en-us/s...letin/ms13-094
    Important - Information Disclosure - May require restart - Microsoft Office

    Microsoft Security Bulletin MS13-095 - Important
    Vulnerability in Digital Signatures Could Allow Denial of Service (2868626)
    - https://technet.microsoft.com/en-us/...letin/ms13-095
    Important - Denial of Service - Requires restart - Microsoft Windows
    ___

    - http://blogs.technet.com/b/msrc/arch...edirected=true
    12 Nov 2013

    Bulletin Deployment Priority
    - https://blogs.technet.com/cfs-filesy...de_5F00_DP.png

    Severity and Exploitability Index
    - https://blogs.technet.com/cfs-filesy...0_Severity.png
    ___

    - https://secunia.com/advisories/55054/ - MS13-088
    - https://secunia.com/advisories/50000/ - MS13-089
    - https://secunia.com/advisories/55611/ - MS13-090
    - https://secunia.com/advisories/55539/ - MS13-091
    - https://secunia.com/advisories/55550/ - MS13-092
    - https://secunia.com/advisories/55558/ - MS13-093
    - https://secunia.com/advisories/55574/ - MS13-094
    - https://secunia.com/advisories/55629/ - MS13-095
    ___

    November 2013 Office Update Release
    - http://blogs.technet.com/b/office_su...e-release.aspx
    12 Nov 2013 - "... There are 8 security updates (2 bulletins) and 18 non-security updates..."
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=17003
    2013-11-12 18:00:41 UTC
    ___

    November 2013 Security Bulletin Release - Q&A
    - https://blogs.technet.com/b/msrc/p/n...edirected=true
    Nov 13, 2013
    "... Q: Regarding the TIFF registry change (Fix it) in Microsoft Security Advisory 2896666, can you explain how this will affect TIFF usage?...
    A: TIFF images will be blocked on the affected software and platforms listed in the advisory..."

    .
    Last edited by AplusWebMaster; 2013-11-16 at 15:59.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #106
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisories - 2013.11.12 ...

    FYI...

    Microsoft Security Advisory (2896666)
    Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
    - http://technet.microsoft.com/en-us/s...visory/2896666
    V1.1 (November 12, 2013): Clarified the scope of the active attacks, clarified affected software configurations, and revised workarounds...

    - http://atlas.arbor.net/briefs/index#2125368770
    High Severity
    15 Nov 2013 15:38:46 +0000
    The CVE-2013-3906* vulnerability has been leveraged by several threat actors. Organizations are strongly encouraged to ensure they are protected against this seriously vulnerability which has yet to be patched. A workaround is available**.
    Source: http://www.fireeye.com/blog/technica...2013-3906.html

    * https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3906 - 9.3 (HIGH)

    ** https://support.microsoft.com/kb/2896666
    Last Review: Nov 12, 2013 - Rev 3.0
    Microsoft Fix it 51004
    ___

    Microsoft Security Advisory (2880823)
    Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program
    - http://technet.microsoft.com/en-us/s...visory/2880823
    Nov 12, 2013 - "Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing after January 1, 2016. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
    Recommendation: Microsoft recommends that certificate authorities no longer sign newly generated certificates using the SHA-1 hashing algorithm and begin migrating to SHA-2. Microsoft also recommends that customers replace their SHA-1 certificates with SHA-2 certificates at the earliest opportunity. Please see the Suggested Actions section of this advisory for more information..."

    Microsoft Security Advisory (2868725)
    Update for Disabling RC4
    - http://technet.microsoft.com/en-us/s...visory/2868725
    Nov 12, 2013 - "Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT to address known weaknesses in RC4. The update supports the removal of RC4 as an available cipher on affected systems through registry settings. It also allows developers to remove RC4 in individual applications through the use of the SCH_USE_STRONG_CRYPTO flag in the SCHANNEL_CRED structure. These options are -not- enabled by default.
    Recommendation. Microsoft recommends that customers download and install the update immediately and then test the new settings in their environments. Please see the Suggested Actions section of this advisory for more information..."

    Microsoft Security Advisory (2862152)
    Vulnerability in DirectAccess Could Allow Security Feature Bypass
    - http://technet.microsoft.com/en-us/s...visory/2862152
    Nov 12, 2013 - "Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how DirectAccess authenticates DirectAccess server connections to DirectAccess clients. An attacker who successfully exploited the vulnerability could use a specially crafted DirectAccess server to pose as a legitimate DirectAccess Server in order to establish connections with legitimate DirectAccess clients. The attacker-controlled system, appearing to be a legitimate server, could cause a client system to automatically authenticate and connect with the attacker-controlled system, allowing the attacker to intercept the target user's network traffic and potentially determine their encrypted domain credentials. Microsoft is not aware of any active attacks that are exploiting this vulnerability as of the release of this advisory.
    Recommendation: Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.
    Note: In addition to installing the update, additional administrative steps are required to be protected from the vulnerability described in this advisory. Please see the Suggested Actions section of this advisory for more information..."
    ___

    Microsoft Security Advisory (2854544)
    Updates to Improve Cryptography and Digital Certificate Handling in Windows
    - http://technet.microsoft.com/en-us/s...visory/2854544
    V1.3 (November 12, 2013): Added the 2868725 update and Root Certificates Policy announcement to the Available Updates and Release Notes section.

    Last edited by AplusWebMaster; 2013-11-17 at 18:34.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #107
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation XP update locks machines...

    FYI...

    XP update locks machines with SVCHOST red lined at 100%: Fix it with KB 2879017...
    - http://www.infoworld.com/t/microsoft...2879017-230733
    Nov 13, 2013 - "... when Windows Update accesses the Microsoft website to gather a list of available updates, the machine can lock up for five, 10, 15 minutes - or more - with the CPU and fan running at 100 percent. Then, if the customer waits long enough for the updates to appear, and clicks to install them, the XP machine goes racing away again for another five or 10 or more minutes, with the CPU redlined at 100 percent... The best solution appears to be a manual update to Internet Explorer. Yes, Microsoft has messed up wuauclt.exe so badly that it has to be repaired by installing an IE update - not a Windows update - to get it working properly. The fix is part of the October cumulative IE patch known as MS13-080/ KB 2879017*. If you manually download and install the October cumulative patch, then you should be able to use Windows Update with no problems... You would think that simply upgrading to the latest version of IE would solve the problem, but it doesn't. You have to manually download and apply the patch for your version of IE..."
    * http://technet.microsoft.com/en-us/s...letin/MS13-080

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #108
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Ms13-088 - kb2888505 ...

    FYI...

    MS13-088 - KB2888505
    - http://windowssecrets.com/patch-watc...h-placeholder/
    Nov 13, 2013 - "This month’s cumulative IE update fixes -10- newly reported vulnerabilities. KB 2888505 is rated -critical- for Versions 6–11. The only version to get a pass is the new Internet Explorer 11 for Windows 7. This update also includes -17- nonsecurity fixes, as detailed in MS Support article 2888505*... you must keep IE updated, even if you typically use another browser. IE is more than a browser: it’s a key component of the Windows operating system..."
    * http://support.microsoft.com/default...;en-us;2888505

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #109
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Question MS to fix XP update issue 'soon' ...

    FYI...

    MS to fix XP update SVCHOST redline issue 'soon'
    - http://www.infoworld.com/t/microsoft...ue-soon-230940
    Nov 15, 2013 - "... The Microsoft Update team has analyzed the latest manifestation, come up with an explanation, and has promised that a permanent solution will arrive "as soon as possible." Windows Update team member Doug Neal has just posted a message to the Patch Management Mailing List that explains what's happening when Windows XP's Windows Update agent, wuauclt.exe (running in a SVCHOST wrapper), drives CPU utilization to 100 percent - and can keep WinXP machines pegged at 100 percent for -15- minutes or longer.
    'The problem is caused by the Windows Update client evaluating an exceptionally long supersedence chain - something IE6 and IE7 have more than any other version of IE due to their time in market. Each 'link' in the chain doubles the CPU resources needed to evaluate it over the previous version. The chain is so long that the design stymies the WUA client.'
    ... Neal concludes by saying:
    'While I can't provide a date for when this will be done, we know it's an issue affecting customer PCs and we're working to get it out as soon as possible to halt the impact'..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #110
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Question KB 2670838 - fuzzy fonts ...

    FYI...

    KB 2670838 - fuzzy fonts ...
    - http://www.infoworld.com/t/microsoft...ndows-7-231035
    Nov 18, 2013 - "... Microsoft didn't solve the problem, but it did publish a list of video drivers thought to conflict with the patch. The company also modified the installer to avoid planting the font-busting patch on machines running the identified bad video drivers. That list, toward the bottom of article KB 2670838*, has gone through -eight- major revisions... seeing complaints all over the Web that installing Internet Explorer 11 on Windows 7 can -trigger- the same problem - and the fuzzy fonts appear even on machines that aren't running any of the identified problematic video drivers... also seeing reports that the fuzzy fonts crop up on Firefox, Chrome, and - remarkably - Internet Explorer itself. Some people report that the fuzziness goes away if the pages are refreshed enough times. Others see fuzzy characters only on some pages, but very similar pages don't have the problem. If you have a case of the font fuzzies and are using IE10, the only known solution involves uninstalling KB 2670838. But if you've installed IE11, you may or may not have KB 2670838 - and if you do have it, uninstalling doesn't fix the problem..."
    * http://support.microsoft.com/kb/2670838/en-us
    Sep 30, 2013 - Rev 8.0

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •