Microsoft Alerts

[AplusWebMaster]

FYI...

Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/...curity/3009008
V2.0 (October 29, 2014): Revised advisory to announce the deprecation of SSL 3.0, to clarify the workaround instructions for disabling SSL 3.0 on Windows servers and on Windows clients, and to announce the availability of a Microsoft Fix it solution for Internet Explorer. For more information see Knowledge Base Article 3009008*.
* https://support.microsoft.com/kb/3009008#FixItForMe
Last Review: Oct 29, 2014 - Rev: 2.3
Disable SSL 3.0 in Internet Explorer - Microsoft Fix it 51024

[AplusWebMaster]

FYI...

- https://technet.microsoft.com/library/security/ms14-nov
Nov 11, 2014 - "This bulletin summary lists security bulletins released for November 2014...
(Total of -14-)

Microsoft Security Bulletin MS14-064 - Critical
Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
- https://technet.microsoft.com/library/security/MS14-064
Critical - Remote Code Execution - May requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-065 - Critical
Cumulative Security Update for Internet Explorer (3003057)
- https://technet.microsoft.com/library/security/MS14-065
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS14-066 - Critical
Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
- https://technet.microsoft.com/library/security/MS14-066
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-067 - Critical
Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958)
- https://technet.microsoft.com/library/security/MS14-067
Critical - Remote Code Execution - May require restart - Microsoft Windows

MS14-068: Release date to be determined.

Microsoft Security Bulletin MS14-069 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710)
- https://technet.microsoft.com/library/security/MS14-069
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS14-070 - Important
Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)
- https://technet.microsoft.com/library/security/MS14-070
Important - Elevation of Privilege - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-071 - Important
Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)
- https://technet.microsoft.com/library/security/MS14-071
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-072 - Important
Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)
- https://technet.microsoft.com/library/security/MS14-072
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS14-073 - Important
Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431)
- https://technet.microsoft.com/library/security/MS14-073
Elevation of Privilege - May require restart - Microsoft Server Software

Microsoft Security Bulletin MS14-074 - Important
Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)
- https://technet.microsoft.com/library/security/MS14-074
Important - Security Feature Bypass - Requires restart - Microsoft Windows

MS14-075: Release date to be determined.

Microsoft Security Bulletin MS14-076 - Important
Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998)
- https://technet.microsoft.com/library/security/MS14-076
Important - Security Feature Bypass - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-077 - Important
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381)
- https://technet.microsoft.com/library/security/MS14-077
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-078 - Moderate
Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (2992719)
- https://technet.microsoft.com/library/security/MS14-078
Moderate - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft Office

Microsoft Security Bulletin MS14-079 - Moderate
Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (3002885)
- https://technet.microsoft.com/library/security/MS14-079
Moderate - Denial of Service - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/arch...4-updates.aspx

Assessing Risk
- http://blogs.technet.com/b/srd/archi...y-updates.aspx
11 Nov 2014

Exploitability Index
- http://technet.microsoft.com/en-us/s.../cc998259.aspx
___

- http://www.securitytracker.com/id/1031184 - MS14-064
- http://www.securitytracker.com/id/1031185 - MS14-065
- http://www.securitytracker.com/id/1031186 - MS14-066
- http://www.securitytracker.com/id/1031187 - MS14-067
-
- http://www.securitytracker.com/id/1031189 - MS14-069
- http://www.securitytracker.com/id/1031190 - MS14-070
- http://www.securitytracker.com/id/1031191 - MS14-071
- http://www.securitytracker.com/id/1031188 - MS14-072
- http://www.securitytracker.com/id/1031192 - MS14-073
- http://www.securitytracker.com/id/1031193 - MS14-074
-
- http://www.securitytracker.com/id/1031194 - MS14-076
- http://www.securitytracker.com/id/1031195 - MS14-077
- http://www.securitytracker.com/id/1031196 - MS14-078
- http://www.securitytracker.com/id/1031197 - MS14-078
- http://www.securitytracker.com/id/1031198 - MS14-079
___

November 2014 Office Update Release
- http://blogs.technet.com/b/office_su...ce-update.aspx
11 Nov 2014 - "... There are 5 security updates (3 bulletins) and 33 non-security updates...

NOTICE: Support for Microsoft Office 2010 SP1 ended on 10/14/14. All subsequent Office 2010 updates, beginning with this set, will only apply provided Office 2010 SP2 is installed. See KB2687455* for more information about acquiring Office 2010 SP2 ...
* https://support.microsoft.com/kb/2687455
___

ISC Analysis:
- https://isc.sans.edu/diary.html?storyid=18941
2014-11-11
___

MS Advisories - Nov 2014:

MS Security Advisory 2755801
Update for vulns in Flash Player in IE
- https://technet.microsoft.com/en-us/...curity/2755801
Nov 11, 2014 V31.0 - "... update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."

MS Security Advisory 3010060
Vulnerability in Microsoft OLE Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/...curity/3010060
Nov 11, 2014 V2.0 - "... We have issued Microsoft Security Bulletin MS14-064* to address this issue..."
* https://technet.microsoft.com/library/security/MS14-064

.

[AplusWebMaster]

FYI...

KB 3003743, IE11 ...
- http://www.infoworld.com/article/284...-security.html
Nov 13, 2014 - "... sporadic reports of KB 3003743* - part of MS14-074 - breaking concurrent RDP sessions. Poster turducken on the My Digital Life forums pins it down:
Today's updates includes KB3003743 and with it comes termsrv.dll version 6.1.7601.18637
Jason Hart has also tweeted that KB 3003743 kills NComputing's virtualization software..."
* https://support.microsoft.com/kb/3003743
Last Review: Nov 11, 2014 - Rev: 1.2

[AplusWebMaster]

FYI...

MS14-066: Known issues ...
- https://support.microsoft.com/kb/2992611
Last Review: Nov 14, 2014 - Rev: 3.0
See: Known issues with this security update:
" We are aware of an issue in certain configurations in which TLS 1.2 is enabled by default, and TLS negotiations may fail. When this problem occurs, TLS 1.2 connections are dropped, processes hang (stop responding), or services become intermittently unresponsive..."

Security Update MS14-066 causes major performance problems in Microsoft Access / SQL Server applications
- http://darrenmyher.wordpress.com/201...-applications/
Nov 13, 2014
___

Hold off installing MS14-066 / KB 2992611
- http://blogs.msmvps.com/spywaresucks...66-kb-2992611/
Nov 16, 2014 - "Word is it is breaking stuff, including the ability to access using secure sites using Chrome.
Possible fixes if you’re already affected:
- Open gpedit.msc
- Go to computer configuration > administrative templates > Network > SSL Configuration Settings > - SSL Cipher Suite Order: Set it to enabled
- Reboot
The policy populates the Windows registry with the legacy cipher suites less the 4 new cipher suites added by MS14-066 /2992611. The list of ciphers used can be viewed by enabling the policy then reviewing the list of ciphers in the dialog box
Or: Remove MS14-066 / KB 2992611 and reboot.
Amazon Advisory: https://aws.amazon.com/security/secu...-066-advisory/ "

- http://www.infoworld.com/article/284...iis-sites.html
Nov 17, 2014 - "... we're sitting here with a bad patch, almost a week after Black Tuesday, and the patch is -still- being offered through Automatic Update. Microsoft hasn't pulled it, in spite of one acknowledged major problem, another that's the talk of the SQL Server community, and a few hangers-on that may clobber your machines. Amazon raised a red flag on Wednesday..."

MS14-066 Advisory
- https://aws.amazon.com/security/secu...-066-advisory/
2014/11/14 5:30PM PST - "We are continuing to investigate the reported issues with the patch that was supplied for MS14-066. This updated status is being provided for the service below. We will continue to update this Security Bulletin for the other services previously identified as more information becomes available.
Amazon Relational Database Service (RDS):
Amazon RDS will build and deploy any required updates to affected RDS SQL Server instances. Any needed updates will require a restart of the RDS database instance. Communication of the specific timing of the update for each instance will be communicated via email or AWS Support directly to customers prior to any instance restart...

We will continue provide updates to this security bulletin.
___

WinShock (KB2992611) Patch breaks IIS
- https://social.technet.microsoft.com...serversecurity
Last entry (as of date/time of this post): Nov 16, 2014 12:01 AM
___

- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-6321 - 10.0 (HIGH)
Last revised: 11/12/2014
> http://technet.microsoft.com/security/bulletin/MS14-066

[AplusWebMaster]

FYI...

MS Security Bulletin MS14-068 - Critical
Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)
- https://technet.microsoft.com/library/security/MS14-068
Critical - Elevation of Privilege - Requires restart - Microsoft Windows
Nov 18, 2014 - Ver: 1.0
- https://support.microsoft.com/kb/3011780

- http://blogs.technet.com/b/srd/archi...2014-6324.aspx
18 Nov 2014

- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-6324 - 9.0 (HIGH)
Last revised: 11/19/2014 - "... as exploited in the wild in November 2014..."
___

MS14-066/KB 2992611/WinShock - more problems reported
- http://www.infoworld.com/article/284...hock-mess.html
Nov 18, 2014 - "... an entire collection of real, bona fide problems that accompany many installations of KB 2992611.
- On Nov. 12, Amazon issued an advisory about the botched Microsoft patch:
[ http://aws.amazon.com/security/secur...-066-advisory/ ]
'We have received reports that the patch that Microsoft supplied for MS14-066 has been causing issues, specifically that TLS 1.2 sessions are disconnecting during key exchange.
While we investigate this issue with the patch provided, we suggest that our customers review their security groups and ensure that external access to Windows instances have been appropriately restricted to the extent possible.'
Now IBM has chimed in with its own advisory:
[ http://www-01.ibm.com/support/docvie...id=swg21690217 ]
After applying the OS patch, B2B Integrator and FileGateway are unable to start up with the following error:
The driver could not establish a secure connection to SQL Server by using Secure Sockets
Layer (SSL) encryption. Error: "SQL Server returned an incomplete response. The connection has been closed.".
[2014-04-22 06:21:32.25] ERRORDTL [1398162092250]com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server returned an incomplete response. The connection has been closed."
IBM further advises, as of early Tuesday morning, "There is currently no workaround for this issue with the OS patch."
Even BlackBerry - has officially diagnosed a conflict between KB 2992611 and its Print To Go product..."
[ https://supportforums.blackberry.com...2866644/page/3 ]

> http://www.infoworld.com/article/284...b-3000850.html
Nov 18, 2014
___

- https://technet.microsoft.com/library/security/ms14-066
V2.0 (November 18, 2014): Bulletin revised to announce the reoffering of the 2992611 update to systems running Windows Server 2008 R2 and Windows Server 2012. The reoffering addresses known issues that a small number of customers experienced with the new TLS cipher suites that were included in the original release. Customers running Windows Server 2008 R2 or Windows Server 2012 who installed the 2992611 update prior to the November 18 reoffering should reapply the update. See Microsoft Knowledge Base Article 2992611 for more information.
> https://support.microsoft.com/kb/2992611
Last Review: Nov 18, 2014 - Rev: 4.1
... Note: If you downloaded and then installed this security update from the Microsoft Download Center for Windows Server 2008 R2 or Windows Server 2012, we recommend that you reinstall the security update from the Download Center. When you click the Download button, you will be prompted to select the check boxes for updates 2992611 and 3018238. Click to select both updates, and then click Next to continue with the updates. These packages -will- require -two- restarts in sequence during installation.
> http://support2.microsoft.com/kb/3011780
Last Review: Nov 18, 2014 - Rev: 1.0
___

November 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
> https://support2.microsoft.com/kb/3000850
Last Review: Nov 18, 2014 - Rev: 1.0

[AplusWebMaster]

FYI...

MS14-066: Updated... again
- https://support.microsoft.com/kb/2992611
Last Review: Nov 19, 2014 - Rev: 5.0 ...
___

- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-6321 - 10.0 (HIGH)
Last revised: 11/19/2014

[AplusWebMaster]

FYI...

MS14-066: Revised - again ...
- https://support.microsoft.com/kb/2992611
Last Review: Nov 22, 2014 - Rev: 9.3
Also see: "Known issues with this security update..."

[AplusWebMaster]

FYI...

Update for vulns in Adobe Flash Player in IE10, 11
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/...curity/2755801
Updated: Nov 25, 2014 V32.0 - "... update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... described in Adobe Security bulletin APSB14-26*..."
* https://helpx.adobe.com/security/pro...apsb14-26.html
Nov 25, 2014 - "... update to Adobe Flash Player 15.0.0.239..."

- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-8439 - 7.5 (HIGH)

[AplusWebMaster]

FYI...

- https://technet.microsoft.com/library/security/ms14-dec
Dec 4, 2014 - "This is an advance notification of security bulletins that Microsoft is intending to release on December 9, 2014...
(Total of -7-)

Bulletin 1 - Important - Elevation of Privilege - May require restart- Microsoft Exchange
Bulletin 2 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 3 - Critical - Remote Code Execution - May require restart - Microsoft Office
Bulletin 4 - Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 5 - Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 6 - Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 7 - Important - Information Disclosure - May require restart - Microsoft Windows

.

[AplusWebMaster]

FYI...

IE9 0-day ...
- https://secunia.com/advisories/60610/
Release Date: 2014-12-08
Criticality: Highly Critical
Where: From remote
Impact: System access
Solution Status: Unpatched
Software: Microsoft Internet Explorer 9.x
CVE Reference(s): https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-8967 - 6.8
Description: ... vulnerability is caused due to a use-after-free error when handling CElement objects and can be exploited to cause memory corruption via a specially crafted HTML element with "display:run-in" style applied. Successful exploitation of this vulnerability may allow execution of arbitrary code...
- http://www.zerodayinitiative.com/advisories/ZDI-14-403/
2014-12-04