Page 27 of 47 FirstFirst ... 1723242526272829303137 ... LastLast
Results 261 to 270 of 467

Thread: Microsoft Alerts

  1. #261
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS patch issues - April 2015

    FYI...

    KB 3045999 conflicts with McAfee (error c0000018), Romax, VirtualBox
    - http://www.infoworld.com/article/291...irtualbox.html
    Apr 27, 2015 - "... it now appears as if an “elevation of privilege” patch for Windows, MS 15-038/KB 3045999, causes intermittent problems with a wide array of software.
    McAfee ServicePortal reports:
    - https://kc.mcafee.com/corporate/inde...ent&id=KB84538
    'Several applications fail to start after you install Microsoft Patch MS15-038 on systems with DLP [Data Loss Prevention for] Endpoint. Affected applications include, but are not limited to:
    CMD.EXE
    Explorer.EXE
    MMC-based applications
    Microsoft Office applications
    PowerShell
    Example startup errors include:
    csc.exe- Application Error -- The application was unable to start correctly (0xc0000142)
    iexplore.exe- Application Error -- The application was unable to start correctly (0xc0000018)
    mmc.exe- Application Error -- The application was unable to start correctly (0xc0000018)
    cmd.exe- Application Error -- The application was unable to start correctly (0xc0000018)'
    Romax reports:
    - http://support.romaxtech.com/entries...Romax-Software
    '... an error message from Xenocode Virtual Application Studio ISV, “The applications were unable to load a required virtual machine component. Please contact the publisher of this application for more information.” They go on to say:
    We have become aware that a specific Microsoft Windows update KB3045999 published on 13th April 2015 prevents all Romax software from starting up. If your Romax software works, we recommend you immediately contact your IT department and ask them to stop installation of Microsoft Windows update KB3045999. If you are receiving the … error message when starting Romax software then please check if this update has been installed; if it has then this update will need to be uninstalled...'
    VirtualBox users:
    - https://forums.virtualbox.org/viewto...art=45#p318687
    '... I too am getting the error "supR3HardenedWinReadErrorInfoDevice: 'ntdll.dll: 7981 differences between 0x300c and 0x4fff in #1 (.text), first: 4c != 1f.'" I've been using this install of VBox for years (installing updates as they arrive), and after just installing Windows Updates (last updated in March 2015, these were April 2015 updates), none of my VM's (various flavors of Windows & Linux) will start up...' "

    MS15-038 ...
    - https://support.microsoft.com/en-us/kb/3045999
    Last Review: Apr 14, 2015 - Rev: 1.0
    ___

    Win10 patch KB 3055415 released with no details
    - http://www.infoworld.com/article/291...o-details.html
    Apr 27, 2015 - "Microsoft just released a new patch for Windows 10. Like all Windows 10 patches, you get to install it whether you want to or not, and it'll be automatically installed for you, likely overnight. 'Update for Windows Technical Preview April Update for x64-based systems (KB3055415)' forces a reboot. Inside Windows, you get this illuminating notice:
    'Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.' ..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #262
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Win Svr 2003 SP2 - reinstall MS15-032 / LAPS Security Advisory

    FYI...

    MS15-032: MS Internet Explorer Multiple Bugs Let Remote Users Bypass ASLR and Execute Arbitrary Code
    - http://www.securitytracker.com/id/1032108
    Updated: May 1 2015
    [Editor's note: On April 30, 2015, the vendor updated their advisory to indicate that users of IE on Windows Server 2003 SP2 who installed update 3038314 -prior- to April 22, 2015 should -re-install- update 3038314.]

    - https://technet.microsoft.com/library/security/ms15-032
    V2.0 (April 30, 2015): Updated bulletin to inform customers running Internet Explorer on Windows Server 2003 SP2 that the 3038314 update on the Microsoft Download Center was updated on April 22, 2015. Microsoft recommends that customers who installed the 3038314 update -prior- to April 22 should -reinstall- the update to be fully protected from the vulnerabilities discussed in this bulletin.

    - https://support.microsoft.com/en-us/kb/3038314
    Last Review: Apr 29, 2015 - Rev: 5.0

    Cumulative Security Update for IE 7 for Windows Server 2003 (KB3038314)
    Download: https://www.microsoft.com/en-us/down....aspx?id=46688
    File Name: IE7-WindowsServer2003-KB3038314-x86-ENU.exe
    ___

    Microsoft Security Advisory 3062591
    Local Administrator Password Solution (LAPS) Now Available
    - https://technet.microsoft.com/en-us/...curity/3062591
    May 1, 2015 - "Microsoft is offering the Local Administrator Password Solution (LAPS) that provides a solution to the issue of using a common local account with an identical password on every computer in a domain. LAPS resolves this issue by setting a different, random password for the common local administrator account on every computer in the domain. Domain administrators using the solution can determine which users, such as helpdesk administrators, are authorized to read passwords.
    Compromised identical local account credentials could allow elevation of privilege if an attacker uses them to elevate from a local user/administrator to a domain/enterprise administrator. Local administrator credentials are needed for occasions when logon is required without domain access. In large environments, password management can become complex, leading to poor security practices, and such environments greatly increase the risk of a Pass-the-Hash (PtH) credential replay attack.
    LAPS simplifies password management while helping customers implement recommended defenses against cyberattacks. In particular, the solution mitigates the risk of lateral escalation that results when customers use the same administrative local account and password combination on their computers...
    For more information, see:
    - https://support.microsoft.com/kb/3062591
    Last Review: May 1, 2015 - Rev: 1.0

    Microsoft Download Center
    - https://www.microsoft.com/downloads/...3-6818fc2f07ec

    Last edited by AplusWebMaster; 2015-05-02 at 01:53.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #263
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Patch Watch update: Cleaning up April’s leftovers

    FYI...

    Patch Watch update: Cleaning up April’s leftovers
    - http://windowssecrets.com/patch-watc...ils-leftovers/
    May 7, 2015 - "Most of Microsoft’s attention is likely focused on Windows 10, which might explain why we’ve seen updates for Windows 7 and 8 dribbled out over the past month. Some of the updates have a clear agenda: preparing our Win7 and Win8 systems for the transition to Windows 10.
    > MS15-032 (3038314) - Still tracking Internet Explorer–update issues:
    KB 3038314 was April’s cumulative IE patch. It’s critical to install all IE security updates, but April’s was especially so — it fixed vulnerabilities publicly revealed at the recent Pwn2Own hacking contest. Unfortunately, the update did not go well for all Windows users. As noted in its info page, some users who upgraded from IE 8 to IE 11 received an 'error code 80092004' message.
    What’s more, other IE users discovered that they couldn’t add additional search providers after installing the update. At this time, it’s -unclear- whether Microsoft is working on this issue. Making things even more confusing, Microsoft apparently -reissued- the update on April 22, though there’s no information in the update’s information pages to explain why.
    REVISION: The reissued KB 3038313 was for Windows Server 2003 -only-.
    What to do: If you downloaded and installed KB 3038314 from the Microsoft Download Center before April 22, you should go back and download it again. If you ran into the search-provider issue, you can try uninstalling KB 3038314 (MS15-032), adding any new search providers you want, and then reinstalling the update — and hope that Microsoft fixes the problem soon.
    > MS15-041 - .NET Framework updates calmly sail through:
    .NET updates were once notoriously troublesome. But most of that went away when Microsoft ended support for Windows XP. .NET fixes are still somewhat confusing because a particular update is made up of numerous separate patches for different versions of .NET. For example, April’s KB 3048010 includes the following specific fixes:
    KB 3037572 for .NET 1.1 SP1
    KB 3037573 for .NET 2.0 SP2
    KB 3037574 for .NET 4
    KB 3037575 for .NET 3.5 (Win8)
    KB 3037576 for .NET 3.5 (Win8 and Server 2012)
    KB 3037577 for .NET 2.0 SP2 (Server 2003)
    KB 3037578 for .NET 4
    KB 3037579 for .NET 4.5, 4.5.1, and 4.5.2 (Win8 and Server 2012)
    KB 3037580 for .NET 4.5, 4.5.1, and 4.5.2
    KB 3037581 for .NET 4.5, 4.5.1, and 4.5.2 "
    ___

    Update to enable the Diagnostics Tracking Service in Windows
    - https://support.microsoft.com/en-us/kb/3022345
    May 6, 2015 - Rev: 4.0

    - http://www.infoworld.com/article/291...two-weeks.html
    May 7, 2015

    Last edited by AplusWebMaster; 2015-05-10 at 17:17.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #264
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - May 2015

    FYI...

    - https://technet.microsoft.com/library/security/ms15-may
    May 12, 2015 - "This bulletin summary lists security bulletins released for May 2015...
    (Total of -13-)

    Microsoft Security Bulletin MS15-043 - Critical
    Cumulative Security Update for Internet Explorer (3049563)
    - https://technet.microsoft.com/library/security/MS15-043
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

    Microsoft Security Bulletin MS15-044 - Critical
    Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)
    - https://technet.microsoft.com/library/security/MS15-044
    Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, Microsoft Silverlight

    Microsoft Security Bulletin MS15-045 - Critical
    Vulnerability in Windows Journal Could Allow Remote Code Execution (3046002)
    - https://technet.microsoft.com/library/security/MS15-045
    Critical - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS15-046 - Important
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181)
    - https://technet.microsoft.com/library/security/MS15-046
    Important - Remote Code Execution - May require restart - Microsoft Office

    Microsoft Security Bulletin MS15-047 - Important
    Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (3058083)
    - https://technet.microsoft.com/library/security/MS15-047
    Important - Remote Code Execution - May require restart - Microsoft Server Software

    Microsoft Security Bulletin MS15-048 - Important
    Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)
    - https://technet.microsoft.com/library/security/MS15-048
    Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework

    Microsoft Security Bulletin MS15-049 - Important
    Vulnerability in Silverlight Could Allow Elevation of Privilege (3058985)
    - https://technet.microsoft.com/library/security/MS15-049
    Important - Elevation of Privilege - Does not require restart - Microsoft Silverlight

    Microsoft Security Bulletin MS15-050 - Important
    Vulnerability in Service Control Manager Could Allow Elevation of Privilege (3055642)
    - https://technet.microsoft.com/library/security/MS15-050
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS15-051 - Important
    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)
    - https://technet.microsoft.com/library/security/MS15-051
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS15-052 - Important
    Vulnerability in Windows Kernel Could Allow Security Feature Bypass (3050514)
    - https://technet.microsoft.com/library/security/MS15-052
    Important - Security Feature Bypass - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS15-053 - Important
    Vulnerabilities in JScript and VBScript Scripting Engines Could Allow Security Feature Bypass (3057263)
    - https://technet.microsoft.com/library/security/MS15-053
    Important - Security Feature Bypass - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS15-054 - Important
    Vulnerability in Microsoft Management Console File Format Could Allow Denial of Service (3051768)
    - https://technet.microsoft.com/library/security/MS15-054
    Important - Denial of Service - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS15-055 - Important
    Vulnerability in Schannel Could Allow Information Disclosure (3061518)
    - https://technet.microsoft.com/en-us/...urity/MS15-055
    Important - Information Disclosure - Requires restart - Microsoft Windows
    ___

    - http://blogs.technet.com/b/msrc/arch...5-updates.aspx
    12 May 2015 - "... we released 13 security bulletins...
    We also released one new Security Advisory:
    Update to Default Cipher Suite Priority Order (3042058)
    - https://technet.microsoft.com/en-us/...y/3042058.aspx
    One Security Advisory was revised:
    Update for Adobe Flash Player in Internet Explorer (2755801)
    - https://technet.microsoft.com/en-us/...y/2755801.aspx
    ___

    - http://www.securitytracker.com/id/1032282 - MS15-043
    - http://www.securitytracker.com/id/1032281 - MS15-044
    - http://www.securitytracker.com/id/1032280 - MS15-045
    - http://www.securitytracker.com/id/1032295 - MS15-046
    - http://www.securitytracker.com/id/1032296 - MS15-047
    - http://www.securitytracker.com/id/1032297 - MS15-048
    - http://www.securitytracker.com/id/1032298 - MS15-049
    - http://www.securitytracker.com/id/1032299 - MS15-050
    - http://www.securitytracker.com/id/1032294 - MS15-051
    - http://www.securitytracker.com/id/1032292 - MS15-052
    - http://www.securitytracker.com/id/1032290 - MS15-053
    - http://www.securitytracker.com/id/1032286 - MS15-054
    - http://www.securitytracker.com/id/1032283 - MS15-055
    ___

    May 2015 Office Update Release
    - http://blogs.technet.com/b/office_su...e-release.aspx
    12 May 2015 - "... There are -27- security updates (3 bulletins) and -48- non-security updates...
    - http://technet.microsoft.com/en-us/security/ms15-044
    - http://technet.microsoft.com/en-us/security/ms15-046
    - http://technet.microsoft.com/en-us/security/ms15-047 ..."
    ___

    ISC Analysis:
    - https://isc.sans.edu/diary.html?storyid=19685
    2015-05-12

    .
    Last edited by AplusWebMaster; 2015-05-15 at 23:55.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #265
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS's latest massive round of patches ...

    FYI...

    MS's latest massive round of patches...
    - http://www.infoworld.com/article/292...the-shaft.html
    May 13, 2015 - "... The toll from Microsoft's Patch Tuesday includes 13 security bulletins, three of them critical; one new and one updated Security Advisory; one re-issued .Net security patch; KB 3037580, which "may have to be reinstalled;" 34 re-issued non-security patches for Windows, several of which have been updated multiples times; and a whopping -48- re-issued non-security patches for Office... Complaints are starting to roll in, and many people report that their PCs hang after installing the patches and rebooting; Windows just sits there at "Stage 1 of 3" or "Stage 3 of 3" in the installation process. Fortunately, the old three-finger salute seems to solve the problem. KB 3049563, this month's massive Internet Explorer cumulative patch, supersedes KB 3038314, which was last month's massive Internet Explorer cumulative patch. No definitive word yet on whether the new version continues to block adding search engines and/or fails with installer error 80092004. Contradictory advice on the .Net 4.5 patch re-release ,KB 3037580, has some users wagging their heads. In the official patch update list, Microsoft says "This update may have to be reinstalled," but the KB article clearly says, "Notice/May 12, 2015 /This security update has been re-released and contains updated files. We recommend that you apply this security update." Our old friends KB 3022345 and KB 3048043 are back -- for the fourth and third time, respectively -- having just been re-re-released last week. Those are the patches for fixing screen flickering in Windows 8.1 and enabling the "Diagnostic Tracking Service" in Windows 7, 8.1, and Server 2012 R2. I still have no idea what, precisely, the Diagnostic Tracking Service patch does and how it relates to the Customer Experience Improvement Program, which used to be an 'opt-in' program. We also have yet another critical kernel patch, MS15-044/KB 3057110, because a sufficiently sentient font can take over your computer, even if the font is sitting on a Web page..."
    (More detail at the infoworld URL above.)
    ___

    - https://isc.sans.edu/forums/diary/Ma...Summary/19685/
    Comments:
    > "Win7/64bit computer stuck at Stage 1 of 3 - 23% complete. (after being told to reboot after patching). I seem to remember this happening 2-3 months ago..."
    > "Looks like KB3061518 is breaking client communications with Catia (DSLS) license servers. Removing the update fixes the problem."
    > "Systems stuck on configuring updates stage 3 of 3. [can also be 1 of 3 or 2 of 3 as noted above]. Solution: hit control alt delete. No root cause, no one particular update has been identified."
    > "Had one of those happen today, where CTRL-ALT-DEL worked. My system from yesterday tho was completely locked up and its problem happened BEFORE the reboot. The little circle was not spinning and there was no hard drive activity. Did a hard reset on that one and everything came up fine... and all patches showed as installed."

    > http://windowssecrets.com/patch-watc...ate-confusion/
    May 13, 2015

    Last edited by AplusWebMaster; 2015-05-14 at 14:56.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #266
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS updates KB 3057110, KB 3045171 cause Win7 PCs to crash

    FYI...

    MS updates KB 3057110, KB 3045171 cause Win7 PCs to crash
    GDI+ updates freeze Win7 and earlier PCs when using GsDraw and other drawing tools to create text outline-based path objects
    - http://www.infoworld.com/article/292...-to-crash.html
    May 19, 2015 - "Microsoft has issued an acknowledgment that MS15-044/KB 3057110 and MS15-051/KB 3045171* -- both massive font driver updates that fix TrueType font handling in Windows, .Net Framework, Office, Lync, and Silverlight - can cause Windows 7 and -earlier- PCs to freeze. The official warning goes like this:
    ' After you install this security update, you experience crashes when you use Windows GDI+ to create text outline-based path objects on a computer that is running Windows 7 or an earlier version of Windows. We are aware of this issue and will address it in the near future.' ..."

    MS15-044 and MS15-051 ...
    * https://support.microsoft.com/en-us/kb/3045171
    Last Review: May 18, 2015 - Rev: 5.0
    "Known issues with this security update:
    After you install this security update (3045171), you experience crashes when you use Windows GDI+ to create text outline-based path objects on a computer that is running Windows 7 or an earlier version of Windows.
    We are aware of this issue and will address it in the near future."

    MS15-044 ...
    - https://support.microsoft.com/en-us/kb/3057110
    Last Review: May 18, 2015 - Rev: 3.0
    "Known issues with this security update:
    After you install this security update (3057110), you experience crashes when you use Windows GDI+ to create text outline-based path objects on a computer that is running Windows 7 or an earlier version of Windows.
    We are aware of this issue and will address it in the near future."
    ___

    April 2015 servicing stack update for Windows 7 and Windows Server 2008 R2
    - https://support.microsoft.com/en-us/kb/3020369
    Last Review: May 20, 2015 - Rev: 6.0
    "Known issues for this update:
    - Restart stuck on "Stage 3 of 3": After you install update 3020369 together with other updates, a restart may be required to complete the installation. During this restart, you may find yourself stuck on "Stage 3 of 3." If you encounter this issue, press Ctrl+Alt+Delete to continue to log on. This should occur only one time and does not prevent updates from installing successfully.
    - An update installation fails after you install update 3020369: When you install update 3020369 together with other updates, you may encounter a timing issue that causes the update tried immediately after you install update 3020369 to fail. This issue only affects the update tried immediately after update 3020369. As soon as update 3020369 is installed, another try to install the failed update should be successful..."

    - http://www.infoworld.com/article/292...oot-hangs.html
    May 19, 2015
    ___

    Microsoft Security Bulletin MS15-046 - Important
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181)
    - https://technet.microsoft.com/en-us/...urity/MS15-046
    V2.0 (May 19, 2015): Bulletin revised to announce the release of the Microsoft Office for Mac 14.5.1 update. The release addresses a potential issue with Microsoft Outlook for Mac when customers install the Microsoft Office for Mac 14.5.0 update. Customers who have not already installed the 14.5.0 update should install the 14.5.1 update to be fully protected from this vulnerability. To avoid the possibility of future issues with Microsoft Outlook for Mac, Microsoft recommends that customers running Office for Mac software who have already successfully installed the 14.5.0 update also apply the 14.5.1 update even though they are already protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3048688* for more information.
    * https://support.microsoft.com/en-us/kb/3048688
    Last Review: May 19, 2015 - Rev: 1.0

    Last edited by AplusWebMaster; 2015-05-20 at 14:12.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #267
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Update to enable the Diagnostics Tracking Service in Windows - KB3022345

    FYI...

    Update to enable the Diagnostics Tracking Service in Windows
    Notice: The current version of this hotfix, Version 2, was published on May 6, 2015. The previous version of this hotfix was Version 1.005. Both versions provide the same functionality and protection except that Version 2 includes a minor update to support devices that do not contain U.S. English language files. However, the current hotfix is not a compatible upgrade to Version 1.005 and may cause an error (800F0922) if it is installed over the old version. We recommend that you install this hotfix if you have not already installed it. If you have installed the original version of this hotfix and you want the added functionality, we recommend that you wait for an upcoming version that will be a compatible upgrade to either version.
    - https://support2.microsoft.com/defau...;en-us;3022345
    Summary: This update enables the Diagnostics Tracking Service in Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1. This tracking service collects data about functional issues in Windows.
    This update contains the following two manifests that are occasionally updated by the Diagnostic Tracking Service:
    telemetry.ASM-WindowsDefault.json
    utc.app.json
    The two files are marked as static files in the update. When an advanced user runs the System File Checker Tool (sfc.exe), the files are unintentionally flagged as corrupted. There is no impact or corruption on a device that is running this update, and this issue will be fixed in a later service update...
    Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations."
    Last Review: June 4, 2015 - Rev: 7.0
    "This update has been replaced by the latest update for customer experience and diagnostic telemetry that was first released on June 2, 2015. To obtain the update, see 3068708 Update* for customer experience and diagnostic telemetry."
    * https://support.microsoft.com/en-us/kb/3068708
    Last Review: 06/18/2015- Rev: 4.0

    Last edited by AplusWebMaster; 2015-07-02 at 13:50.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #268
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS15-044 - V2.0 May 21, 2015

    FYI...

    MS15-044: Description of the security update for the .NET Framework 3.5.1 on Win7 SP1 and Win Svr 2008 R2 SP1
    - https://support.microsoft.com/en-us/kb/3048070
    Last Review: May 21, 2015 - Rev: 2.0

    MS Security Bulletin MS15-044 - Critical
    Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)
    - https://technet.microsoft.com/library/security/ms15-044
    V2.0 (May 21, 2015): Bulletin revised to announce the availability of a -new- update (3065979) that fixes a known issue that some customers experienced after installing the 3045171 security update on all supported editions of Windows 7/Windows 2008 R2 and earlier systems. The 3045171 security update causes customer applications to crash while attempting to create text-outline-based path objects using GDI+. Customers who are experiencing this known issue can correct the problem by installing the 3065979 update. See Microsoft Knowledge Base Article 3065979* for more information and download links.

    MS15-044 ...
    - https://support.microsoft.com/en-us/kb/3057110
    Last Review: May 25, 2015 - Rev: 7.0

    "GsDraw error (1): GenericError" error occurs and application crashes when you create text outline in Windows
    * https://support.microsoft.com/en-us/kb/3065979
    Last Review: May 22, 2015 - Rev: 2.0

    MS15-044 and MS15-051: Description of the security update for Windows font drivers
    - https://support.microsoft.com/en-us/kb/3045171
    Last Review: May 21, 2015 - Rev: 6.0

    April 2015 servicing stack update for Windows 7 and Windows Server 2008 R2
    - https://support.microsoft.com/en-us/kb/3020369
    Last Review: May 27, 2015 - Rev: 7.0
    "... Known issues for this update: Restart stuck on "Stage 3 of 3"
    After you install update 3020369 together with other updates, a restart may be required to complete the installation. During this restart, you may find yourself stuck on "Stage 3 of 3."
    If you encounter this issue, press Ctrl+Alt+Delete to continue to log on. This should occur only one time and does not prevent updates from installing successfully.
    An update installation fails after you install update 3020369
    When you install update 3020369 together with other updates, you may encounter a timing issue that causes the update tried immediately after you install update 3020369 to fail.
    This issue only affects the update tried immediately after update 3020369. As soon as update 3020369 is installed, another try to install the failed update should be successful.
    Note: In managed environments, such as by using Windows Server Update Services (WSUS), you can avoid either of these issues by deploying this update as a stand-alone update."
    ___

    - http://www.infoworld.com/article/292...b-3045171.html
    May 22, 2015
    ___

    KB 3022345... again.
    - http://www.infoworld.com/article/292...c-scannow.html
    May 26, 2015
    - https://support2.microsoft.com/defau...;en-us;3022345
    Last Review: June 4, 2015 - Rev: 7.0
    "This update has been replaced by the latest update for customer experience and diagnostic telemetry that was first released on June 2, 2015. To obtain the update, see 3068708 Update* for customer experience and diagnostic telemetry."
    * https://support.microsoft.com/en-us/kb/3068708
    Last Review: 06/18/2015 - Rev: 4.0
    ___

    Patching and servicing of Windows and Linux - survey and email contact
    - http://blogs.technet.com/b/filecab/a...l-contact.aspx
    19 May 2015 - "... We are studying customer patching pain points and behaviors within Linux and Windows Server environments across operating systems and applications. If you are a stakeholder in the patching/updating process for your company and would like to share your thoughts and feedback, please take a few minutes to fill out the following survey:
    - https://www.surveymonkey.com/r/YYZKBS3
    If you want to give us direct and deep feedback, please email us at:
    patchfeed@microsoft.com
    Again, we are interested in feedback and experiences from both Windows Server administrators as well as Linux sysadmins..."

    Last edited by AplusWebMaster; 2015-07-02 at 13:54.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #269
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS reclassifies Win10 -nagware- patches, KB 2952664 and 2976978 ...

    FYI...

    MS reclassifies Win10 -nagware- patches, KB 2952664 and 2976978 ...
    Users with Automatic Update turned on in Win7 or 8.1, will now get the latest Windows 10 rollout software
    - http://www.infoworld.com/article/293...important.html
    Jun 5, 2015 - "... Microsoft changed the rating of two Win10 -nagware- patches, KB 2952664 and KB 2976978, from Optional to Important. I wrote about both patches two days ago*, when they were both still listed as Optional. By moving from Optional to Important, Microsoft is sending the patches down the Automatic Update chute. Anyone who has Automatic Update turned on will get the new Win10 advertising... If I counted correctly, this is the -17th- version of the Windows 7 patch KB 2952664 and the -12th- version of the Windows 8.1 patch KB 2976978. In the past, KB 2952664 has caused lots of problems, while KB 2976978 has been benign. The KB article for the Windows 8.1 patch still says it "performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program [CEIP] in order to determine whether compatibility issues may be encountered when the latest Windows operating system is installed." I'm still mystified by that description, because I don't understand why people running the Get Windows 10 program are, in fact, opting into the CEIP. I don't see anything different about the patches. Presumably they have more under-the-covers changes to ease the world into Windows 10."
    * http://www.infoworld.com/article/293...b-2977759.html

    - https://support.microsoft.com/en-us/kb/2952664
    Last Review: June 3, 2015 - Rev: 9.0

    - https://support.microsoft.com/en-us/kb/2976978
    Last Review: June 2, 2015 - Rev: 10.0
    ___

    - http://www.infoworld.com/article/293...new-level.html
    Jun 8, 2015 - "... Anybody who installs a new OS - any OS - on the first day of release is just begging for trouble."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #270
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - June 2015

    FYI...

    > https://technet.microsoft.com/library/security/ms15-jun
    June 9, 2015 - "This bulletin summary lists security bulletins released for June 2015...
    (Total of -8-)

    Microsoft Security Bulletin MS15-056 - Critical
    Cumulative Security Update for Internet Explorer (3058515)
    - https://technet.microsoft.com/library/security/MS15-056
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

    Microsoft Security Bulletin MS15-057 - Critical
    Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890)
    - https://technet.microsoft.com/library/security/MS15-057
    Critical - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS15-059 - Important
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)
    - https://technet.microsoft.com/library/security/MS15-059
    Important - Remote Code Execution - May require restart - Microsoft Office

    Microsoft Security Bulletin MS15-060 - Important
    Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)
    - https://technet.microsoft.com/library/security/MS15-060
    Important - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS15-061 - Important
    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)
    - https://technet.microsoft.com/library/security/MS15-061
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS15-062 - Important
    Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)
    - https://technet.microsoft.com/library/security/MS15-062
    Important - Elevation of Privilege - Does not require restart - Microsoft Windows

    Microsoft Security Bulletin MS15-063 - Important
    Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)
    - https://technet.microsoft.com/library/security/MS15-063
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS15-064 - Important
    Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)
    - https://technet.microsoft.com/library/security/MS15-064
    Important - Elevation of Privilege - Does not require restart - Microsoft Exchange Server
    ___

    MS15-056: http://www.securitytracker.com/id/1032521
    MS15-057: http://www.securitytracker.com/id/1032522
    MS15-059: http://www.securitytracker.com/id/1032523
    MS15-060: http://www.securitytracker.com/id/1032524
    MS15-061: http://www.securitytracker.com/id/1032525
    MS15-062: http://www.securitytracker.com/id/1032526
    MS15-063: http://www.securitytracker.com/id/1032527
    MS15-064: http://www.securitytracker.com/id/1032528
    ___

    - http://blogs.technet.com/b/msrc/arch...5-updates.aspx
    9 Jun 2015 - "... we released 8 security bulletins...
    We released one new Security Advisory:
    Update for Juniper Network Windows In-Box Junos Pulse Client (2962393)
    - https://technet.microsoft.com/en-us/...y/2962393.aspx
    One Security Advisory has been revised:
    Update for Adobe Flash Player in Internet Explorer (2755801)
    - https://technet.microsoft.com/en-us/...y/2755801.aspx
    ___

    June 2015 Office Update Release
    - http://blogs.technet.com/b/office_su...e-release.aspx
    9 Jun 2015 - "... There are 16 security updates (2 bulletins) and 45 non-security updates..."

    MS15-059: http://technet.microsoft.com/en-us/security/ms15-059

    MS15-046 :https://technet.microsoft.com/en-us/security/ms15-046
    "... To address issues with the security updates for all affected Microsoft Office 2010 software, Microsoft re-released MS15-046...
    V1.0 (May 12, 2015): Bulletin published.
    V2.0 (May 19, 2015): Bulletin revised...
    V3.0 (June 9, 2015): To address issues with the security updates for all affected Microsoft Office 2010 software, Microsoft re-released MS15-046 to comprehensively address CVE-2015-1682. Microsoft recommends that customers running affected Office 2010 software should install the security updates released with this bulletin revision to be fully protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3057181* for more information and download links."
    * https://support.microsoft.com/en-us/kb/3057181
    Last Review: June 9, 2015 - Rev: 2.0

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-1682 / 9.3 (HIGH)
    ___

    HTTP Strict Transport Security comes to Internet Explorer 11 on Windows 8.1 and Windows 7
    - http://blogs.windows.com/msedgedev/2...and-windows-7/
    June 9, 2015 - "In February, we released the first preview of HTTP Strict Transport Security in Internet Explorer 11 in the Windows 10 Insider Preview. The HTTP Strict Transport Security (HSTS) policy protects against variants of man-in-the-middle attacks that can strip TLS out of communications with a server, leaving the user vulnerable. With today’s monthly security updates (KB 3058515), we’re bringing the protections offered by HSTS to Internet Explorer 11 on Windows 8.1 and Windows 7. HSTS is also available in both Internet Explorer 11 and Microsoft Edge on Windows 10. Site developers can use HSTS policies to secure connections by opting in to an HSTS preload list, which registers websites to be hardcoded by Microsoft Edge, Internet Explorer, and other browsers to redirect HTTP traffic to HTTPS. Communications with these websites from the initial connection are automatically upgraded to be secure..."
    MS15-056: https://support.microsoft.com/en-us/kb/3058515
    Last Review: June 9, 2015 - Rev: 1.0
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=19781
    2015-06-09
    ___

    - http://www.theinquirer.net/inquirer/...stery-omission
    Jun 10 2015 - "... There's no MS15-058. We don't know why this is. Perhaps something was pulled at the last minute, or perhaps there's an out-of-band coming up..."

    .
    Last edited by AplusWebMaster; 2015-06-10 at 20:44.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •