Microsoft Alerts

[AplusWebMaster]

FYI...

- https://technet.microsoft.com/library/security/ms15-feb
Feb 10, 2015 - "This bulletin summary lists security bulletins released for February 2015...
(Total of -9-)

Microsoft Security Bulletin MS15-009 - Critical
Security Update for Internet Explorer (3034682)
- https://technet.microsoft.com/library/security/MS15-009
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-010 - Critical
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
- https://technet.microsoft.com/library/security/MS15-010
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-011 - Critical
Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
- https://technet.microsoft.com/library/security/MS15-011
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-012 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)
- https://technet.microsoft.com/library/security/MS15-012
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-013 - Important
Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
- https://technet.microsoft.com/library/security/MS15-013
Important - Security Feature Bypass - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-014 - Important
Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)
- https://technet.microsoft.com/library/security/MS15-014
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-015 - Important
Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
- https://technet.microsoft.com/library/security/MS15-015
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-016 - Important
Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)
- https://technet.microsoft.com/library/security/MS15-016
Important - Information Disclosure - May require restart- Microsoft Windows

Microsoft Security Bulletin MS15-017 - Important
Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)
- https://technet.microsoft.com/library/security/MS15-017
Important - Elevation of Privilege - Requires restart - Microsoft Server Software
___

- http://blogs.technet.com/b/msrc/arch...5-updates.aspx
10 Feb 2015 - "... we released nine security bulletins – three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software...
We re-released one Security Bulletin:
MS14-083 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
- https://technet.microsoft.com/library/security/ms14-083
One new Security Advisory was released:
Update for Windows Command Line Auditing (3004375).
- https://technet.microsoft.com/en-us/...y/3004375.aspx
One Security Advisory was revised:
Vulnerability in SSL 3.0 Could Allow Information Disclosure (3009008).
- https://technet.microsoft.com/en-us/...y/3009008.aspx
We also announced changes related to SSL 3.0 and you can read more about these on the IE blog:
- http://blogs.msdn.com/b/ie/
___

Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/...curity/3009008
Published: October 14, 2014 | Updated: February 10, 2015
Version: 2.2

Update for Windows Command Line Auditing
- https://technet.microsoft.com/en-us/...curity/3004375
Published: February 10, 2015
Version: 1.0
___

Feb 2015 Office Update Release
- http://blogs.technet.com/b/office_su...e-release.aspx
10 Feb 2015 - "... There are 16 security updates (2 bulletins) and 53 non-security updates..."

- http://technet.microsoft.com/en-us/security/ms15-012

- http://technet.microsoft.com/en-us/security/ms15-013
___

- http://www.securitytracker.com/id/1031723 - MS15-009
- http://www.securitytracker.com/id/1031718 - MS15-010
- http://www.securitytracker.com/id/1031719 - MS15-011
- http://www.securitytracker.com/id/1031720 - MS15-012
- http://www.securitytracker.com/id/1031721 - MS15-013
- http://www.securitytracker.com/id/1031722 - MS15-014
- http://www.securitytracker.com/id/1031724 - MS15-015
- http://www.securitytracker.com/id/1031725 - MS15-016
- http://www.securitytracker.com/id/1031726 - MS15-017
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=19315
2015-02-10 18:36:06 UTC

.

[AplusWebMaster]

FYI...

MS Patches appear to be causing problems ...
- https://isc.sans.edu/diary.html?storyid=19317
Last Updated: 2015-02-10 21:05:12 UTC - "... We have received multiple reports of Microsoft patches causing machines to hang. There is also a report that Microsoft has pulled one of the patches. Specifically, we have had issues reported with the Visual Studio Patch. We will continue to monitor the situation and keep you posted..."
Comments:
1] http://forums.overclockers.co.uk/sho...php?p=27612025
KB3001652 is not a security update but is the one causing freezing of computers while installing. Reports are it's been pulled and when we do a WSUS sync we're not seeing it.
2] Also see:
- http://windowsitpro.com/security/fir...s-installation and:
- http://www.infoworld.com/article/288...-problems.html
On one system I got a installation window and I had to accept the Eula and continue and finish the installation. On two other system I terminated the 'vstor_redist.exe *32' process! The Windows Update installation continued with the other updates after this.
3] "... none of today's Microsoft bulletins/advisories even mentions Visual Studio, and KB3001652 was released in Sept. 2014. The KB article hasn't been updated, either (which would normally be done if the patch was re-released).
4] I think what is happening is one of the patches from this month is breaking detection of the VS patch from Oct '14, which triggers it to reinstall but it cannot complete successfully for whatever reason..."
___

Visual Studio patch rollup KB 3001652 causes widespread freezing problems
The Black Tuesday patches have been out for just a few hours, and there are multiple reports about KB 3001652 freezing and/or failing with error 0x80070659
- http://www.infoworld.com/article/288...-problems.html
Feb 10, 2015 - "I’m seeing reports all over the Web that the just-released KB 3001652*, Visual Studio 2010 Tools for Office Runtime cumulative update, is causing all sorts of problems. As of this moment, the patch is still offered through Windows Update and corporate WSUS servers... Even more mystifying:
KB 3001652 was released last October. There's no indication why it's coming down the Windows Update chute -this- month. Indeed, the master list of WU/WSUS patches for this year doesn't even mention KB 3001652..."
* http://support.microsoft.com/kb/3001652 - [ ... using I/E ]
Last Review: October 14, 2014 - Revision: 1.0
???

[AplusWebMaster]

FYI...

Botched Windows patch KB 3001652 re-issued and appears to be working
Yesterday's bad Visual Studio 2010 patch has just been re-released sans the original's flaws
- http://www.infoworld.com/article/288...e-working.html
Feb 11, 2015 - "Much to its credit, Microsoft yanked the bad Visual Studio 2010 patch, KB 3001652*, within hours of its release yesterday. Reports of the patch's hangs and errors rapidly piled in from all over the internet. Today we have another version of the patch appearing in Windows Update, and on Windows Server Update Services. Based on a very small sample, it looks like the new version installs just fine. KB 3001652 has a convoluted history. Originally released last October, it was somehow re-released in this month's Black Tuesday drop, on Feb 10. The KB article doesn't mention anything about either Tuesday's or today's (Wednesday's) modifications to the patch - the article hasn’t been updated since last October. Microsoft's official Windows Update/WSUS patch list, KB 894199**, doesn't list the Tuesday botched update, nor does it list today's apparently good update. I have no idea why the patch was re-issued this month, what was wrong with the October version, why it had to be re-issued or updated, and why the botched patch triggered so many problems. Perhaps Microsoft will tell us."
* https://support.microsoft.com/kb/3001652
Last Review: Oct 14, 2014 - Rev: 1.0

** https://support2.microsoft.com/kb/894199/en-us
Last Review: Feb 10, 2015 - Rev: 126.0
___

- http://windowssecrets.com/patch-watc...urity-updates/
Feb 11, 2015 - "... Staying true to current form, Microsoft had to recall one of its patches almost immediately - but not soon enough for some Windows users... Starting off with another flawed patch:
A Visual Studio update is further proof that enabling automatic updates in Windows Update can be hazardous. KB 3001652 was a rollup patch for Visual Studio 2010 Tools for Office Runtime. According to the update’s info page, it’s “required to run Microsoft Office–based solutions that are built by using Microsoft Visual Studio 2010, Visual Studio 2012, and Visual Studio 2013.” In my opinion, this patch should never have been released pre-checked for automatic updating.
Soon after KB 3001652 was released, there were widespread reports — including posts in the Windows Secrets Lounge — that it was causing system hangs during installation. To regain access to their machines, the affected users had to do a hard reboot or manually stop the Windows Update service.
Not surprisingly, Microsoft quickly -recalled- the patch but then re-issued it the next day.
- What to do: If you have Windows Update set to automatic, I hope you were able to regain control of your computer quickly. But given Microsoft’s recent spate of bad patches, I suggest you set Windows Update to “Download updates but let me choose whether to install them.” If KB 3001652 shows up in Windows Update, I suggest putting it on-hold for a couple of weeks..."
___

Microsoft Excel Support Team Blog
[ 'NOT seeing a fix for December's Excel issue other than the fixit... ]
- http://blogs.technet.com/b/the_micro...-updates-.aspx
18 Dec 2014

[AplusWebMaster]

FYI...

Microsoft yanks KB 2920732 patch for killing PowerPoint 2013 on Windows RT
If you were unlucky enough to install KB 2920732, there’s no way to uninstall it
- http://www.infoworld.com/article/288...xc0000428.html
Feb 12, 2015 - "In a situation that may foreshadow Windows 10 patching problems, the Black Tuesday patch KB 2920732 has brought PowerPoint 2013 on Windows RT systems to its knees. Worse, because of the way Windows RT works, there's no way to back out the update. Your only solution, until Microsoft releases a fixed patch, is to "refresh" your system to reinstall Windows and clobber your installed programs..."
> https://support.microsoft.com/KB/2920732
Last Review: Feb 11, 2015 - Rev: 2.0 - "Notice:
This update is currently unavailable. It is being revised to address an issue that is under investigation. The update will be restored when the issue is resolved."
Applies to:
- Microsoft PowerPoint 2013
- Microsoft Office Home and Student 2013 RT
___

- https://atlas.arbor.net/briefs/index#-1022314154
High Severity
Feb 12, 2015

[AplusWebMaster]

FYI...

Microsoft's SSL 3.0 Poodle-busting patch KB 3023607 breaks popular Cisco VPN client
Cisco verifies that installing KB 3023607 may lead to 'Failed to initialize connection subsystem' errors with AnyConnect VPN
- http://www.infoworld.com/article/288...nyconnect.html
Feb 13, 2015 - MS15-009 - KB3023607
> https://supportforums.cisco.com/disc...anyconnect-smc

- https://support.microsoft.com/KB/3023607

- https://isc.sans.edu/diary.html?storyid=19331
Last Updated: 2015-02-13 17:32:03 UTC
___

Users report that KB 2956128 is causing Outlook failures
Microsoft is asking for help in narrowing down a problem facing admins with Outlook 2010 and Exchange 2013
- http://www.infoworld.com/article/288...-failures.html
Feb 13, 2015 - OL2010 - KB2956128
- https://social.technet.microsoft.com...?forum=outlook

- https://support.microsoft.com/KB/2956128
___

MS15-010 ...
- https://support.microsoft.com/kb/3036220
Last Review: Feb 12, 2015 - Rev: 3.0
"... Known issues in security update 3013455:
After you install security update 3013455, you may notice some text quality degradation in certain scenarios. The problem occurs on computers that are running the following operating systems:
Windows Server 2008 SP2
Windows Server 2003 SP2
Windows Vista SP2 ..."
___

MS15-009 - I/E
- http://atlas.arbor.net/briefs/index#-1022314154
High Severity
Feb 12, 2015

- https://support.microsoft.com/kb/3021952
Last Review: Feb 16, 2015 - Rev: 4.0

[AplusWebMaster]

FYI...

Patch Mayhem: Feb Patch Failures...
- https://isc.sans.edu/diary.html?storyid=19337
Last Updated: 2015-02-16 15:03:48 UTC - "February was -is- another rough month for anybody having to apply Microsoft patches. We had a couple of posts already covering the Microsoft patch issues, but due to the number of problems... quick overview of what has failed so far..."
(See the isc URL above.)
___

Bulletins on revision other than 1.0:

(Total of -9- released)

MS15-009
- https://support.microsoft.com/kb/3021952 - Rev: 5.0

MS15-010
- https://support.microsoft.com/kb/3036220 - Rev: 3.0

MS15-011
- https://support.microsoft.com/kb/3000483 - Rev: 3.0

MS15-015
- https://support.microsoft.com/kb/3031432 - Rev: 2.0
___

MS14-083 re-released:
- https://support.microsoft.com/kb/3017347 - Rev: 2.0

SSL 3.0 Could Allow Information Disclosure:
- https://support.microsoft.com/kb/3009008 - Rev: 2.3

[AplusWebMaster]

FYI...

Secure Channel cumulative update changes TLS protocol renegotiation and fallback behavior
"... This update was first included the February cumulative security update for Internet Explorer (MS15-009).
Note: This update is only offered as a companion package to some Internet Explorer updates to complement changes in Internet Explorer 11 that obsoletes SSL 3.0..."

- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-3566

"...Known issue:
After you apply this update, when you use a Cisco AnyConnect Secure Mobility Client application to establish virtual private network (VPN) connections in Windows 8.1 or Windows Server 2012 R2, you receive the following error message:
Failed to Initialize connection subsystem.
Fix it for me...
To install or remove this Fix it solution, click the Fix it button or link under the Enable this fix it heading or the Disable this fix it heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it Wizard.
Install AppCompat shim
Microsoft Fix it 51033"
- http://support.microsoft.com/kb/3023607
Last Review: Feb 17, 2015 - Rev: 3.0
Applies to:
Windows Server 2012 R2 Datacenter
Windows Server 2012 R2 Essentials
Windows Server 2012 R2 Foundation
Windows Server 2012 R2 Standard
Windows 8.1 Enterprise
Windows 8.1 Pro
Windows 8.1
Windows RT 8.1
Windows Server 2008 R2 Service Pack 1, when used with:
Windows Server 2008 R2 Datacenter
Windows Server 2008 R2 Enterprise
Windows Server 2008 R2 Standard
Windows Server 2008 R2 for Itanium-Based Systems
Windows Server 2008 R2 Foundation
Windows 7 Service Pack 1, when used with:
Windows 7 Ultimate
Windows 7 Enterprise
Windows 7 Professional
Windows 7 Home Premium
Windows 7 Home Basic
Windows 7 Starter

- http://www.infoworld.com/article/288...nnect-vpn.html
Feb 17, 2015
___

Update for PowerPoint 2013 (KB2956149)
- https://support2.microsoft.com/kb/2956149
Last Review: Feb 17, 2015 - Rev: 2.0
Applies to:
Microsoft PowerPoint 2013

- http://www.infoworld.com/article/288...ing-again.html
Feb 17, 2015

[AplusWebMaster]

FYI...

Vulnerabilities in Group Policy could allow security policy bypassing (MS15-011, MS15-014, CVE-2015-0008, CVE-2015-0009)
- https://dirteam.com/sander/2015/02/1...cve-2015-0009/
Feb 11, 2015 ...

MS15-011: Vulnerability in Group Policy ...
- http://support2.microsoft.com/kb/3000483
Last Review: Feb 11, 2015 - Rev: 3.0

MS15-014: Vulnerability in Group Policy ...
- http://support2.microsoft.com/kb/3004361
Last Review: Feb 10, 2015 - Rev: 1.0

Overview of Server Message Block signing
- http://support2.microsoft.com/kb/887429
Last Review: Sep 11, 2011 - Rev: 3.0

MS15-011 & MS15-014: Hardening Group Policy
- http://blogs.technet.com/b/srd/archi...up-policy.aspx
10 Feb 2015

- https://technet.microsoft.com/en-us/...=ws.10%29.aspx

- https://technet.microsoft.com/en-us/...urity/MS15-011

- https://technet.microsoft.com/en-us/...urity/MS15-014

[AplusWebMaster]

FYI...

MS15-010: MS Security Bulletin MS15-010 V1.1
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
- https://technet.microsoft.com/en-us/...urity/MS15-010
Updated: Feb 18, 2015
V1.1 (February 18, 2015): "Bulletin revised to add an Update FAQ that explains why there are two packages on the Microsoft Download Center pages for affected editions of Windows Server 2003, Windows Server 2008, and Windows Vista. The additional package (3037639*) is not needed to be protected from the vulnerabilities addressed by the 3013455 update; it simply corrects a text quality problem that some customers experienced after installing the 3013455** update on the indicated systems."

Fix for text quality degradation after security update 3013455 (MS15-010) is installed
* https://support.microsoft.com/kb/3037639
Last Review: Feb 20, 2015 - Rev: 3.0
Applies to:
Windows Server 2008 ...
Windows Server 2003 ...
Windows Vista SP2 ...

** https://support.microsoft.com/kb/3013455
Last Review: Feb 19, 2015 - Rev: 3.0

- http://www.infoworld.com/article/288...rver-2003.html
Feb 18, 2015

[AplusWebMaster]

FYI...

Symantec - Corrupt IPS def file update impacted 32-bit versions of I/E
- http://www.symantec.com/connect/blog...ernet-explorer
21 Feb 2015 - "On February 20, 2015, Symantec received reports stating that 32-bit versions of Internet Explorer had been crashing after the application of the Intrusion Prevention System (IPS) 20150220.001 definition package. We can confirm that this definition package impacted 32-bit versions of Internet Explorer on computers with the following Symantec and Norton products installed:
Symantec Endpoint Protection 12.1
Norton Security
Norton Security with Backup
Norton 360
Norton Internet Security
Only Symantec Endpoint Protection clients that receive content from a pre-RU2 SEPM, or pre-RU2 clients that run LiveUpdate directly to Symantec may be affected.
Solution: Based on our analysis, the issue was caused by a corrupt file in the virus definition set. Symantec recreated a snapshot of the same definition package as 20150221.001 and released it through our LiveUpdate servers. Definition package updates are automatically deployed by Norton and Symantec Endpoint Protection every four hours, unless users manually download them for unmanaged computers or administrators manually deploy them to their managed clients from the SEP Management Server. Users can also manually deploy the update before it is deployed automatically."