Microsoft Alerts

[AplusWebMaster]

FYI...

Microsoft Security Bulletin MS15-115 - Critical
- https://technet.microsoft.com/library/security/MS15-115

- https://support.microsoft.com/en-us/kb/3097877
Last Review: 11/18/2015 18:50:00 - Rev: 9.0

[AplusWebMaster]

FYI...

MS pulls Win10 v 1511 Threshold 2 release from download page
- http://www.infoworld.com/article/300...load-page.html
Nov 23, 2015 - "... If you have a copy of the v 1511 ISO running around - you might've created it with the Media Creation Tool prior to last weekend, or you can still download it from MSDN - you can still upgrade straight to 1511. But if you don't have one in your back pocket, you get to upgrade twice. Why do I get the feeling that Microsoft is making this up as it goes along?"

[AplusWebMaster]

FYI...

Beware, latest Win10 Update may remove programs automatically
- http://www.ghacks.net/2015/11/24/bew...automatically/
Nov 24, 2015 - "Microsoft's Windows 10 operating system may uninstall programs - desktop programs that is - from the computer after installation of the big Fall update that the company released earlier this month. I noticed the issue on one PC that I upgraded to Windows 10 Version 1511 but not on other machines. The affected PC had Speccy*, a hardware information program, installed and Windows 10 notified me after the upgrade that the software had been -removed- from the system because of incompatibilities. There was no indication beforehand that something like this would happen, and what made this rather puzzling was the fact that a newly downloaded copy of Speccy would install and run fine on the upgraded system. According to reports on the Internet**, Speccy is not the only program affected by this. Others report that programs like CPU-Z, AMD Catalyst Control Center or CPUID were removed as well during the upgrade... While this could very well be a bug that slipped by Microsoft's quality control, it is a serious issue not only because of the removal itself, but also when it comes to the future of the operating system. The removal itself is bad enough. First, Microsoft should have the decency to inform users about the issue before the software is removed. Either do a check prior to running the upgrade or afterwards. Then, all reports indicate that the forcefully uninstalled software would install and run fine on the system without issues. This makes it more likely that a bug caused the issue and that it was not a deliberate action programmed into the update. The outlook is even worse. Who in their right mind would install an operating system that might remove installed software - maybe even paid for software or critical software - without user interaction or consent, especially if it turns out later that the software works just fine on the system? Windows 10 users give up control and since there is no way of telling if software will be removed after a Windows update, should consider backing up the system regularly before system updates so that it can be restored to an earlier stage if important software was removed by the update..."
* https://www.piriform.com/speccy

** https://www.reddit.com/r/Windows10/c..._apps_without/

> https://www.reddit.com/r/Windows10/c...10_decided_to/
___

Some settings may not have been retained when applying the November update (Version 1511)
- https://support.microsoft.com/en-us/kb/3121244
Last Review: 11/24/2015 22:01:00 - Rev: 1.0
Applies to: Windows 10
___

- http://windowssecrets.com/patch-watc...sers-security/
Nov 26, 2015 - "... on Jan. 12, 2016, Microsoft is folding up the tent on Internet Explorer 7 and 8. After that date, only IE 9 on Vista, IE 10 on Windows Server 2012, and IE 11 on Windows 7 and 8.1 will get security updates. If you stick with an outdated version of IE, your vulnerability to malware will rise quickly..."
> http://blogs.msdn.com/b/ie/archive/2...-explorer.aspx

- http://www.computerworld.com/article...o-upgrade.html
Dec 1, 2015 - "Nearly 370 million Internet Explorer users have just six weeks to upgrade their browsers... The retired browsers will continue working, but Microsoft will halt technical support and -stop- serving security updates for the banned versions. According to data released by measurement vendor Net Applications, 44.8% of all IE users ran a soon-to-be-outdated edition of the browser... Companies that require older editions of IE to run Web apps or services can upgrade to IE11, then rely on that browser's 'Enterprise Mode' to mimic the older versions' rendering engines. Last week, Microsoft announced some enhancements to Enterprise Mode, including support for HTTP ports, and issued a kit that walks IT administrators through the chore of configuring Enterprise Mode. That kit can be downloaded from here*..."
* https://technet.microsoft.com/en-us/browser/mt612809

> https://technet.microsoft.com/en-us/browser/mt126196

[AplusWebMaster]

FYI...

KB 3112336 and KB 3112343 are all about Win10
- http://www.infoworld.com/article/301...indows-10.html
Dec 2, 2015 - "Yesterday Microsoft released two big updates for its Windows Update Client. Those of you using Windows 7 have KB 3112343, and those with Windows 8.1 get KB 3112336.
Both updates appear to grease the skids for in-place upgrading to Windows 10. Unfortunately, the documentation is so sparse it's impossible to tell if the patches offer anything at all to users who don't intend to upgrade to Windows 10..."

Windows Update Client for Windows 7 and Windows Server 2008 R2
- https://support.microsoft.com/en-us/kb/3112343
Last Review: 12/02/2015 03:30:00 - Revision: 3.0
Applies to:
Windows Server 2008 R2 Service Pack 1
Windows 7 Service Pack 1

Windows Update Client for Windows 8.1 and Windows Server 2012 R2
- https://support.microsoft.com/en-us/kb/3112336
Last Review: 12/02/2015 03:30:00 - Revision: 3.0
Applies to:
Windows Server 2012 R2 Datacenter
Windows Server 2012 R2 Standard
Windows Server 2012 R2 Essentials
Windows Server 2012 R2 Foundation
Windows 8.1 Enterprise
Windows 8.1 Pro
Windows 8.1
Windows RT 8.1
___

Windows 10 devices can't connect to an 802.1X environment
- https://support.microsoft.com/en-us/kb/3121002
Last Review: 11/25/2015 00:55:00 - Rev: 2.0
Applies to:
Windows 10

[AplusWebMaster]

FYI...

Cumulative update KB 3116908 for Windows 10 version 1511 triggers errors
- http://www.infoworld.com/article/301...rs-errors.html
Dec 3, 2015 - "The sun may still be rising in the United States, but other parts of the world are already struggling with the latest cumulative update for Windows 10 version 1511 (a.k.a. build 10586, Threshold 2, or the Fall Update). The official Microsoft explanation for this new patch, known as KB 3116908, just says:
'This update includes improvements to enhance the functionality of Windows 10 Version 1511'...
Of course, if your PC is still stuck on the July 29 RTM version of Windows 10 - build 10240 - you are -not- getting any recent cumulative updates... Here's how to check your PC to see if you're on the latest upgrade trail. Start with the About Windows dialog (see screenshot*), which you can get to by typing "winver" in the Cortana search box and pressing Enter:
* http://core0.staticworld.net/images/...edium.idge.jpg
If you see "Version 10.0 (Build 10240)" on the second line, you're still running the original July 29 RTM version of Windows 10. There are many reasons why you might still be stuck on the original Win10. Perhaps the installer for version 1511 has repeatedly failed to run. Build 1511 also won't install if you upgraded from Win7 or 8.1 to Win10 fewer than 30 days previously and there's still a windows.old folder on your system. (If you aren't going to roll back to Win7 or 8.1, using an admin account, right-click on your c: drive and then choose Properties > Disk Cleanup > Clean up system files.) If you see "Version 1511 (OS Build 10586)," as in the screenshot, you have the first version of Threshold 2, which shipped on Nov. 12. Variously known as the Win10 Fall Update, November Update, Threshold 2, and other less-printable epithets, it's the version of Windows 10 that (in my opinion) should've been called Win 10.1 or Win10 SP1 or Win10 SU1... [released] just three weeks ago, Windows 10 version 1511 has gone through -several- major changes. Cumulative updates change the OS build number, and you can judge your PC's progress at installing those updates by looking at the build number... -Four- cumulative updates in three weeks, 230MB of changes with essentially no documentation... In addition, there have been several other updates to build 1511 whose exact functions have not been well documented..."

> https://support.microsoft.com/en-us/kb/3116908
Last Review: 12/03/2015 01:46:00 - Rev: 1.0

[AplusWebMaster]

FYI...

MS update IE mandate - 1.12.2016 update ...
- http://windowssecrets.com/patch-watc...sers-security/
Nov 26, 2015 - "... on Jan. 12, 2016, Microsoft is folding up the tent on Internet Explorer 7 and 8. After that date, only IE 9 on Vista, IE 10 on Windows Server 2012, and IE 11 on Windows 7 and 8.1 will get security updates. If you stick with an outdated version of IE, your vulnerability to malware will rise quickly..."
> http://blogs.msdn.com/b/ie/archive/2...-explorer.aspx

- http://www.computerworld.com/article...o-upgrade.html
Dec 1, 2015 - "Nearly 370 million Internet Explorer users have just six weeks to upgrade their browsers... The retired browsers will continue working, but Microsoft will halt technical support and -stop- serving security updates for the banned versions. According to data released by measurement vendor Net Applications, 44.8% of all IE users ran a soon-to-be-outdated edition of the browser... Companies that require older editions of IE to run Web apps or services can upgrade to IE11, then rely on that browser's 'Enterprise Mode' to mimic the older versions' rendering engines. Last week, Microsoft announced some enhancements to Enterprise Mode, including support for HTTP ports, and issued a kit that walks IT administrators through the chore of configuring Enterprise Mode. That kit can be downloaded from here*..."
* https://technet.microsoft.com/en-us/browser/mt612809

> https://technet.microsoft.com/en-us/browser/mt126196
___

IE11 for Win7...
> https://www.microsoft.com/en-us/down...7-details.aspx

[AplusWebMaster]

FYI...

IE Sunset and XP Embedded End of Support
- https://isc.sans.edu/diary.html?storyid=20459
Last Updated: 2015-12-08 - "... Rumor has it that with today's patch Tuesday, Microsoft may re-enable the auto-upgrade to Windows 10. You may flip the switch back to not update, but it will set itself to "on" once a day..."

[1] https://www.microsoft.com/en-us/Wind...-of-IE-support
[2] https://support.microsoft.com/en-us/...a=Windows%20XP
​[3] http://www.computerworld.com/article...-strategy.html

[AplusWebMaster]

FYI...

- https://technet.microsoft.com/en-us/...urity/ms15-Dec
Dec 8, 2015 - "This bulletin summary lists security bulletins released for December 2015...
(Total of -12-)

Microsoft Security Bulletin MS15-124 - Critical
Cumulative Security Update for Internet Explorer (3116180)
- https://technet.microsoft.com/library/security/MS15-124
Critical - Remote Code Execution- Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-125 - Critical
Cumulative Security Update for Microsoft Edge (3116184)
- https://technet.microsoft.com/library/security/MS15-125
Critical - Remote Code Execution- Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS15-126 - Critical
Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178)
- https://technet.microsoft.com/library/security/MS15-126
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-127 - Critical
Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465)
- https://technet.microsoft.com/library/security/MS15-127
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-128 - Critical
Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503)
- https://technet.microsoft.com/library/security/MS15-128
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft .NET Framework, MS Office, Skype for Business, Microsoft Lync, Silverlight

Microsoft Security Bulletin MS15-129 - Critical
Security Update for Silverlight to Address Remote Code Execution (3106614)
- https://technet.microsoft.com/library/security/MS15-129
Critical - Remote Code Execution - Does not require a restart - Microsoft Silverlight

Microsoft Security Bulletin MS15-130 - Critical
Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670)
- https://technet.microsoft.com/library/security/MS15-130
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-131 - Critical
Security Update for Microsoft Office to Address Remote Code Execution (3116111)
- https://technet.microsoft.com/library/security/MS15-131
Critical - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-132 - Important
Security Update for Microsoft Windows to Address Remote Code Execution (3116162)
- https://technet.microsoft.com/library/security/MS15-132
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-133 - Important
Security Update for Windows PGM to Address Elevation of Privilege (3116130)
- https://technet.microsoft.com/library/security/MS15-133
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-134 - Important
Security Update for Windows Media Center to Address Remote Code Execution (3108669)
- https://technet.microsoft.com/library/security/MS15-134
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-135 - Important
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075)
- https://technet.microsoft.com/library/security/MS15-135
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

MS15-124: http://www.securitytracker.com/id/1034315
MS15-125: http://www.securitytracker.com/id/1034316
MS15-126: http://www.securitytracker.com/id/1034317
MS15-127: http://www.securitytracker.com/id/1034323
MS15-128: http://www.securitytracker.com/id/1034329
- http://www.securitytracker.com/id/1034330
- http://www.securitytracker.com/id/1034331
- http://www.securitytracker.com/id/1034332
- http://www.securitytracker.com/id/1034333
- http://www.securitytracker.com/id/1034336
MS15-129: http://www.securitytracker.com/id/1034321
MS15-130: http://www.securitytracker.com/id/1034337
MS15-131: http://www.securitytracker.com/id/1034324
- http://www.securitytracker.com/id/1034325
MS15-132: http://www.securitytracker.com/id/1034338
MS15-133: http://www.securitytracker.com/id/1034339
MS15-134: http://www.securitytracker.com/id/1034335
MS15-135: http://www.securitytracker.com/id/1034334
___

- http://blogs.technet.com/b/msrc/arch...e-summary.aspx
Dec 8, 2015 - "... we released security updates to provide additional protections against malicious attackers..."

Security Advisories (3):

Microsoft Security Advisory 3057154
Update to Harden Use of DES Encryption
- https://technet.microsoft.com/en-us/...curity/3057154
Published: July 14, 2015 | Updated: Dec 8, 2015

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- https://technet.microsoft.com/en-us/...curity/2755801
Version: 51.0

Microsoft Security Advisory 3123040
Inadvertently Disclosed Digital Certificate Could Allow Spoofing
- https://technet.microsoft.com/en-us/...curity/3123040
Dec 8, 2015
___

December 2015 Office Update Release
- http://blogs.technet.com/b/office_su...e-release.aspx
8 Dec 2015 - "... there are 19 security updates (2 bulletins) and 61 non-security updates..."
MS15-128: https://technet.microsoft.com/en-us/...urity/MS15-128

MS15-131: https://technet.microsoft.com/en-us/...urity/MS15-131
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=20461
Last Updated: 2015-12-08

.

[AplusWebMaster]

FYI...

MS pulls botched patch KB 3114409 - triggered problems with Outlook 2010
- http://www.infoworld.com/article/301...look-2010.html
Dec 9, 2015 - "... Patch Tuesday update KB 3114409, intended to help admins keep Outlook 2010 from starting in safe mode, has in fact done just the opposite. Many Outlook 2010 customers report that installing KB 3114409 forces Outlook to start in safe mode. As of early Wednesday morning, the patch has been pulled, but if you're experiencing odd problems with Outlook 2010 -- it opens in safe mode only (always opens maximized and has no sounds, no reading pane, or other view settings that stick), has broken templates, and much more -- you should look at the KB 3114409 article* for instructions on how to -remove- the patch..."
* https://support.microsoft.com/en-us/kb/3114409
Last Review: 12/09/2015 05:42:00 - Rev: 4.0
"Notice: After you install this update, Outlook 2010 may start only in safe mode. If this issue occurs, uninstall the update. This update is no longer available now."
___

- https://isc.sans.edu/forums/diary/De...Tuesday/20461/
(17 Comments)

[AplusWebMaster]

FYI...

MS Security Bulletin MS15-124 - Critical
Cumulative Security Update for Internet Explorer (3116180)
- https://technet.microsoft.com/en-us/...urity/MS15-124
V1.1 (December 16, 2015): Bulletin revised to further clarify the steps users must take to be protected from the vulnerability described in CVE-2015-6161*. This bulletin, MS15-124, provides protections for this issue, but user action is required to enable them; the cumulative update for Internet Explorer does not enable the protections by default**. Before applying the protections, Microsoft recommends that customers perform testing appropriate to their environment and system configurations.
* https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-6161

** https://technet.microsoft.com/en-us/...5-124#Fix_6161

MS15-124: Vulnerability in Internet Explorer could lead to ASLR bypass: December 16, 2015
> https://support.microsoft.com/en-us/kb/3125869
Last Review: 12/16/2015 22:23:00 - Rev: 1.0
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
___

MS Security Bulletin MS15-125 - Critical
Cumulative Security Update for Microsoft Edge (3116184)
- https://technet.microsoft.com/en-us/...urity/MS15-125
V1.1 (December 16, 2015): Revised the vulnerability description for CVE-2015-6161 to more accurately describe the ASLR Bypass. This is an informational change only. Customers who have already successfully installed security update 3116869 or 3116900 do not need to take any action.
___

MS pushes Windows -nagware- patch KB 3035583 for sixth time
If you don’t want to install Windows 10 just yet, hide the patch - but run GWX Control Panel to be sure
- http://www.infoworld.com/article/301...ixth-time.html
Dec 16, 2015 - "Last night Microsoft sent KB 3035583* down the Automatic Update chute. Again. The patch is listed as recommended, but -not- a security patch, for Windows 7 and 8.1 systems. Depending on your Windows Update settings... the patch will probably appear among your "Important" patches, and probably won't have its box checked. If that's what you see on your PC, KB 3035583 won't install unless you check the box and run Windows Update. As we've seen in the past, though, sometimes those unchecked patches suddenly get checked and Windows Update proceeds with the dirty deed. All the more reason to set Windows Update to "Notify but don't download." Your best bet right now, if you have Windows 7 or 8.1 and don't want to upgrade to Windows 10 just yet - remember, you have until July 28, 2016 to upgrade for free - is to cut KB 3035583 off at the knees. The easiest way to do that is by running GWX Control Panel**. Microsoft has provided no changelog, of course, and no indication what this version of Get Windows 10 does that's any different from the five previous versions..."
* https://support.microsoft.com/en-us/kb/3035583
Last Review: 12/15/2015 17:19:00 - Rev: 7.0
Applies to:
Windows 8.1 Pro
Windows 8.1
Windows 7 Service Pack 1

** http://ultimateoutsider.com/downloads/