Page 16 of 47 FirstFirst ... 612131415161718192026 ... LastLast
Results 151 to 160 of 467

Thread: Microsoft Alerts

  1. #151
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation IE0-day - 4.26.2014 ...

    FYI...

    Microsoft Security Advisory 2963983
    Vulnerability in Internet Explorer Could Allow Remote Code Execution
    - https://technet.microsoft.com/en-US/...curity/2963983
    April 26, 2014 8:25 PM - "Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
    Suggested Actions: Apply Workarounds... Deploy the Enhanced Mitigation Experience Toolkit 4.1 ...

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-1776 - 10.0 (HIGH)
    Last revised: 04/28/2014 - "... Use-after-free vulnerability in VGX.DLL... as exploited in the wild in April 2014"

    - https://www.us-cert.gov/ncas/current...rability-Being
    April 28, 2014 - "... consider employing an alternative web browser until an official update is available..."

    - http://www.fireeye.com/blog/uncatego...d-attacks.html
    April 26, 2014 - "... exploit leverages a previously unknown use-after-free vulnerability, and uses a well-known Flash exploitation technique* to achieve arbitrary memory access and bypass Windows’ ASLR and DEP protections..."
    * http://www.fireeye.com/blog/technica...-exploits.html

    - http://blog.trendmicro.com/trendlabs...rsions-in-use/
    Apr 27, 2014 - "... some workarounds have been provided by Microsoft as part of their advisory; of these enabling Enhanced Protected Mode (an IE10 and IE11-only feature) is the easiest to do. In addition, the exploit code requires Adobe Flash to work, so disabling or removing the Flash Player from IE also reduces the risk from this vulnerability as well..."

    - http://blogs.technet.com/b/msrc/arch...-advisory.aspx
    Tags: Advisory, Zero-Day Exploit, Security, Internet Explorer (IE), Vulnerability"

    Last edited by AplusWebMaster; 2014-04-28 at 21:11.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #152
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory 2755801

    FYI...

    MS Security Advisory 2755801
    Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
    - https://technet.microsoft.com/en-us/...curity/2755801
    V23.0 (April 28, 2014): Added the 2961887 update to the Current Update section.
    On April 28, 2014, Microsoft released an update (2961887) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-13*. For more information about this update, including download links, see Microsoft Knowledge Base Article 2961887** ...
    * http://helpx.adobe.com/security/prod...apsb14-13.html

    ** https://support.microsoft.com/kb/2961887
    Last Review: April 28, 2014 - Rev: 1.0

    - https://technet.microsoft.com/en-us/...curity/2963983
    V1.1 (April 29, 2014): Updated advisory to clarify workarounds to help prevent exploitation of the vulnerability described in this advisory. See Advisory FAQ for details.

    Last edited by AplusWebMaster; 2014-04-30 at 04:33.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #153
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation V23.1 MS Security Advisory 2755801

    FYI...

    Microsoft Security Advisory 2755801
    Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
    - https://technet.microsoft.com/en-us/...curity/2755801
    V23.1 (April 30, 2014): Revised advisory to clarify that the 2961887* update is -not- cumulative and requires that the 2942844** update be installed for affected systems to be offered the update.

    * https://support.microsoft.com/kb/2961887
    Last Review: Apr 8, 2014 - Rev: 1.0

    ** https://support.microsoft.com/kb/2942844
    Last Review: Apr 8, 2014 - Rev: 1.0
    ___

    An update is available for EMET Certificate Trust default rules
    - https://support.microsoft.com/kb/2961016
    Last Review: Apr 29, 2014 - Rev: 1.0
    Applies to: Enhanced Mitigation Experience Toolkit 4.1

    Enhanced Mitigation Experience Toolkit
    - https://support.microsoft.com/kb/2458544
    Last Review: Apr 30, 2014 - Rev: 9.0


    ___

    Microsoft Security Advisory 2963983
    Vulnerability in Internet Explorer Could Allow Remote Code Execution
    - https://technet.microsoft.com/en-us/...curity/2963983
    Updated: May 1, 2014 Ver: 2.0 - "Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS14-021* to address this issue..."
    * https://technet.microsoft.com/library/security/ms14-021
    May 1, 2014

    - https://support.microsoft.com/kb/2965111
    Last Review: May 1, 2014 - Rev: 1.2

    > http://update.microsoft.com/

    Last edited by AplusWebMaster; 2014-05-05 at 19:03.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #154
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS14-021 IE - Critical

    FYI...

    MS14-021 - Critical / Security Update for Internet Explorer (2965111)
    - https://technet.microsoft.com/library/security/ms14-021
    May 1, 2014 - "This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers... Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service*..."
    * http://update.microsoft.com/microsoftupdate

    - https://support.microsoft.com/kb/2965111
    Last Review: May 1, 2014 - Rev: 1.2
    ___

    - http://www.securitytracker.com/id/1030154
    CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-1776 - 10.0 (HIGH)
    May 1 2014
    Impact: Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 6, 7, 8, 9, 10, 11
    Description: A vulnerability was reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user. This vulnerability is being actively exploited in targeted attacks.
    Solution: The vendor has issued a fix (2965111)...
    Vendor URL: https://technet.microsoft.com/library/security/ms14-021
    ___

    - http://atlas.arbor.net/briefs/index#1200596255
    Extreme Severity
    May 01, 2014
    ... IE 0-day vulnerability currently being exploited in targeted attacks... out-of-band patch for this vulnerability should be applied immediately.

    Last edited by AplusWebMaster; 2014-05-02 at 14:59.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #155
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Win8.1 update - Rev: 17.0

    FYI...

    Win8.1 update ...
    - https://support.microsoft.com/kb/2919355
    Apr 16, 2014 - Rev: 11.0
    Apr 17, 2014 - Rev: 12.0
    Apr 18, 2014 - Rev: 13.0
    Apr 25, 2014 - Rev: 16.0
    Last Review: May 4, 2014 - Rev: 17.0

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #156
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Win8.1 update - Rev 18.0 ...

    FYI...

    Win8.1 update ...
    - https://support.microsoft.com/kb/2919355
    Apr 16, 2014 - Rev: 11.0
    Apr 17, 2014 - Rev: 12.0
    Apr 18, 2014 - Rev: 13.0
    Apr 25, 2014 - Rev: 16.0
    May 4, 2014 - Rev: 17.0
    Last Review: May 5, 2014 - Rev: 18.0

    - http://www.infoworld.com/t/microsoft...2919355-241891
    May 05, 2014

    - http://www.infoworld.com/t/microsoft...t-fixes-242016
    May 06, 2014

    Last edited by AplusWebMaster; 2014-05-07 at 15:29.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #157
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory 2962393

    FYI...

    Microsoft Security Advisory 2962393
    Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client
    - https://technet.microsoft.com/en-us/...curity/2962393
    May 5, 2014 - "Microsoft is announcing the availability of an update for the Juniper Networks Windows In-Box Junos Pulse Client for Windows 8.1 and Windows RT 8.1. The update addresses a vulnerability in the Juniper VPN client by updating the affected Juniper VPN client libraries contained in affected versions of Microsoft Windows... Microsoft released an update for the Juniper Networks Windows In-Box Junos Pulse VPN client. The update addresses the vulnerability described in Juniper Security Advisory JSA10623*. For more information about this update, including download links, see Microsoft Knowledge Base Article 2962393**.
    Note: Updates for Windows RT 8.1 are available via Windows Update."

    * https://kb.juniper.net/InfoCenter/in...nt&id=JSA10623
    Last Updated: 30 Apr 2014
    Version: 43.0

    ** https://support.microsoft.com/kb/2962393
    Last Review: May 5, 2014 - Rev: 1.1

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #158
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS SIRv16: Jul 2013 to Dec 2013

    FYI...

    MS SIR Volume 16: July 2013 to December 2013
    - http://www.microsoft.com/security/sir/default.aspx

    - http://blogs.technet.com/b/mmpc/arch...-measures.aspx
    7 May 2014 - "Microsoft’s Security Intelligence Report volume 16 (SIRv16) was released today, providing threat trends on malware encounter rates, infection rates, vulnerabilities, exploits, and more for 110 countries/regions worldwide. The report is designed to help IT and security professionals better protect themselves and their organizations from cyberattacks. Malware data is gathered from the Malicious Software Removal Tool (MSRT), which is used to calculate the infection rate (Computers Cleaned per Mille (CCM), and our real-time protection products are used to derive the encounter rate. One of the more notable findings included in the report was an increase in worldwide infection rates and encounter rates. About 21.2 percent of reporting computers encountered malware each quarter in 2013. We also saw an infection rate of 11.7 CCM. More specifically, the infection rate increased from a CCM rate of 5.6 in the third quarter of 2013 to 17.8 in the fourth—a threefold increase, and the largest infection rate increase ever measured by the MSRT between two consecutive quarters. This rise was predominantly affected by malware using deceptive tactics, influenced by three families not unfamiliar to readers of this blog: Sefnit, and its related families Rotbrow and Brantall..."
    ___

    Malware infections tripled in late 2013, Microsoft finds
    - https://www.computerworld.com/s/arti...icrosoft_finds
    May 7, 2014

    - http://www.infoworld.com/t/malware/f...crosoft-242130
    May 08, 2014

    Last edited by AplusWebMaster; 2014-05-08 at 17:08.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #159
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Win8.1 update Rev ...

    FYI...

    Win8.1 update ...
    - https://support.microsoft.com/kb/2919355
    Apr 16, 2014 - Rev: 11.0
    Apr 17, 2014 - Rev: 12.0
    Apr 18, 2014 - Rev: 13.0
    Apr 25, 2014 - Rev: 16.0
    May 4, 2014 - Rev: 17.0
    May 5, 2014 - Rev: 18.0
    May 7, 2014 - Rev: 19.0
    Last Review: May 9, 2014 - Rev: 20.0

    - http://www.infoworld.com/t/microsoft...t-fixes-242016
    May 06, 2014

    - http://www.infoworld.com/t/microsoft...te-dogs-242213
    May 09, 2014
    ___

    - https://www.computerworld.com/s/arti...ers_a_reprieve
    May 12, 2014 - "For the third time in the last four weeks, Microsoft today backed away from a customer cutoff as it postponed enforcement of the Windows 8.1 Update migration deadline until June 10. On Monday - and just a day before its May Patch Tuesday slate of security fixes - Microsoft said consumers have four more weeks to move from Windows 8.1 to Windows 8.1 Update before their devices would be barred from receiving further patches. The deadline change was the third in the past month, following an earlier Windows 8.1 Update extension for business users... When Microsoft launched Windows 8.1 Update (Win8.1U) on April 8, it told all customers using Windows 8.1 that they had to upgrade to the new refresh within five weeks, or by May 13. Failure to do so, Microsoft said, would block devices running Windows 8.1 from receiving security updates scheduled to ship that day, as well as all future security and non-security updates to the OS. Business customers howled, calling the mandate a repudiation of Microsoft's long-standing policy of giving customers 24 months to upgrade to a service pack. Although Win8.1U was not labeled as such, many saw similarities to Microsoft's service packs and believed Win8.1U should hew to that policy. Within a week, Microsoft changed its tune, and gave companies a three-month extension. Enterprises and other organizations that rely on WSUS (Windows Server Update Services), Windows Intune or System Center Configuration Manager to obtain and deploy patches have until August 12 to migrate from Windows 8.1 to Win8.1U..."

    - http://www.infoworld.com/t/microsoft...eadline-242339
    May 12, 2014

    Last edited by AplusWebMaster; 2014-05-13 at 16:32.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #160
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - May 2014

    FYI...

    - https://technet.microsoft.com/library/security/ms14-may
    May 13, 2014 Ver: 2.0 - "This bulletin summary lists security bulletins released for May 2014...
    (Total of -8-)

    Microsoft Security Bulletin MS14-029 - Critical
    Security Update for Internet Explorer (2962482)
    - https://technet.microsoft.com/library/security/ms14-029
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0310 - 9.3 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-1815 - 9.3 (HIGH)
    Last revised: 05/14/2014 - "... as exploited in the wild in May 2014..."

    Microsoft Security Bulletin MS14-022 - Critical
    Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166)
    - https://technet.microsoft.com/library/security/ms14-022
    Critical - Remote Code Execution - May require restart - Microsoft Server Software, Productivity Software

    Microsoft Security Bulletin MS14-023 - Important
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037)
    - https://technet.microsoft.com/library/security/ms14-023
    Important - Remote Code Execution - May require restart - Microsoft Office

    Microsoft Security Bulletin MS14-025 - Important
    Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486)
    - https://technet.microsoft.com/library/security/ms14-025
    Important - Elevation of Privilege - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS14-026 - Important
    Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)
    - https://technet.microsoft.com/library/security/ms14-026
    Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework

    Microsoft Security Bulletin MS14-027 - Important
    Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488)
    - https://technet.microsoft.com/library/security/ms14-027
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS14-028 - Important
    Vulnerabilities in iSCSI Could Allow Denial of Service (2962485)
    - https://technet.microsoft.com/library/security/ms14-028
    Important - Denial of Service - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS14-024 - Important
    Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033)
    - https://technet.microsoft.com/library/security/ms14-024
    Important - Security Feature Bypass - May require restart - Microsoft Office
    ___

    - http://blogs.technet.com/b/msrc/arch...y-updates.aspx
    13 May 2014

    Assessing risk for the May 2014 security updates
    - http://blogs.technet.com/b/srd/archi...y-updates.aspx
    13 May 2014
    ___

    May 2014 Office Update
    - http://blogs.technet.com/b/office_su...e-release.aspx
    13 May 2014 - "There are 31 security updates (3 bulletins*) and 30 non-security updates..."
    * MS14-022, MS14-023, MS14-024
    ___

    - http://www.securitytracker.com/id/1030227 - MS14-022
    - http://www.securitytracker.com/id/1030230 - MS14-023
    - http://www.securitytracker.com/id/1030235 - MS14-024
    - http://www.securitytracker.com/id/1030231 - MS14-025
    - http://www.securitytracker.com/id/1030232 - MS14-026
    - http://www.securitytracker.com/id/1030233 - MS14-027
    - http://www.securitytracker.com/id/1030234 - MS14-028
    - http://www.securitytracker.com/id/1030224 - MS14-029
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=18113
    Last Updated: 2014-05-13 17:23:09 UTC
    ___

    Patch Tuesday Updates: Microsoft, Adobe
    ... Malicious actors often use security updates to write their own exploits targeting unpatched systems
    - http://atlas.arbor.net/briefs/
    Extreme Severity
    May 16, 2014

    .
    Last edited by AplusWebMaster; 2014-05-29 at 13:57.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •