Page 39 of 47 FirstFirst ... 29353637383940414243 ... LastLast
Results 381 to 390 of 467

Thread: Microsoft Alerts

  1. #381
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down 'Get Windows 10' patch reappears

    FYI...

    'Get Windows 10' snooping patch KB 2952664 reappears
    - http://www.infoworld.com/article/312...reappears.html
    Oct 5, 2016 - "For whatever reason, our old nemesis KB 2952664 reappeared suddenly yesterday afternoon, and Windows users are livid... For those of you who don't recall, KB 2952664 (and its Windows 8.1 companion KB 2976978)... Bottom line: If you want to upgrade your Windows 7 or 8.1 PC to Windows 10, and haven't already done so, you're being set up to pay-full-price for the privilege. If you want to keep Windows 10 off your machine, don't install KB 2952664 (Win7) or KB 2976978 (Win 8.1)...
    Update: A Microsoft spokesperson sent this comment:
    'There is no Get Windows 10 or upgrade functionality contained in this update. This KB article is related to the Windows Update and the appraiser systems that enables us to continue to deliver servicing updates to Windows 7 and Windows 8.1 devices, as well as ensure device and application compatibility.'"

    - https://support.microsoft.com/en-us/kb/2952664
    Last Review: 10/04/2016 17:25:00 - Rev: 25.0
    Applies to: Windows 7 Service Pack 1

    - https://support.microsoft.com/en-us/kb/2976978
    Last Review: 10/04/2016 17:29:00 - Rev: 29.0
    Applies to: Windows 8.1 Enterprise, Windows 8.1, Windows 8.1 Pro, Windows 8 Enterprise, Windows 8, Windows 8 Pro

    Last edited by AplusWebMaster; 2016-10-07 at 16:43.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #382
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - October 2016

    FYI...

    - https://technet.microsoft.com/library/security/ms16-oct
    Oct 11, 2016 - "This bulletin summary lists security bulletins released for October 2016...

    Microsoft Security Bulletin MS16-118 - Critical
    Cumulative Security Update for Internet Explorer (3192887)
    - https://technet.microsoft.com/library/security/MS16-118
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

    Microsoft Security Bulletin MS16-119 - Critical
    Cumulative Security Update for Microsoft Edge (3192890)
    - https://technet.microsoft.com/library/security/MS16-119
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

    Microsoft Security Bulletin MS16-120 - Critical
    Security Update for Microsoft Graphics Component (3192884)
    - https://technet.microsoft.com/library/security/MS16-120
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync.

    Microsoft Security Bulletin MS16-121 - Important
    Security Update for Microsoft Office (3194063)
    - https://technet.microsoft.com/library/security/MS16-121
    Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

    Microsoft Security Bulletin MS16-122 - Critical
    Security Update for Microsoft Video Control (3195360)
    - https://technet.microsoft.com/library/security/MS16-122
    Critical - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS16-123 - Important
    Security Update for Windows Kernel-Mode Drivers (3192892)
    - https://technet.microsoft.com/library/security/MS16-123
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS16-124 - Important
    Security Update for Windows Registry (3193227)
    - https://technet.microsoft.com/library/security/MS16-124
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS16-125 - Important
    Security Update for Diagnostics Hub (3193229)
    - https://technet.microsoft.com/library/security/MS16-125
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS16-126 - Moderate
    Security Update for Microsoft Internet Messaging API (3196067)
    - https://technet.microsoft.com/library/security/MS16-126
    Moderate - Information Disclosure - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS16-127 - Critical
    Security Update for Adobe Flash Player (3194343)
    - https://technet.microsoft.com/library/security/MS16-127
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player
    ___

    Re-released:

    Compatibility update for keeping Windows up-to-date in Windows 7
    - https://support.microsoft.com/en-us/kb/2952664
    "This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate compatibility on the Windows ecosystem and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update..."
    Last Review: 10/11/2016 16:06:00 - Rev. 27.0
    Applies to: Windows 7 Service Pack 1
    ___

    MS16-118: http://www.securitytracker.com/id/1036992
    MS16-119: http://www.securitytracker.com/id/1036993
    MS16-120: http://www.securitytracker.com/id/1036988
    MS16-121: http://www.securitytracker.com/id/1036984
    MS16-122: http://www.securitytracker.com/id/1036983
    MS16-123: http://www.securitytracker.com/id/1036996
    MS16-124:
    MS16-125: http://www.securitytracker.com/id/1036997
    MS16-126:
    MS16-127: http://www.securitytracker.com/id/1036985
    ___

    - https://blogs.technet.microsoft.com/...pdate-release/
    Oct 11, 2016

    Oct 2016 Office Update Release
    - https://blogs.technet.microsoft.com/...pdate-release/
    Oct 11, 2016 - "... This month, there are -16- security updates (2 bulletins) and 32 non-security updates.
    Security bulletins:
    MS16-120: https://technet.microsoft.com/en-us/.../ms16-120.aspx
    MS16-121: https://technet.microsoft.com/en-us/.../ms16-121.aspx
    All of the security and non-security updates for October are listed in KB article 3194160:
    - https://support.microsoft.com/en-us/kb/3194160
    A new version of Office 2013 Click-To-Run is available: 15.0.4867.1003
    A new version of Office 2010 Click-To-Run is available: 14.0.7174.5001
    For information on Office 365 Click-To-Run updates, see Office 365 client update branch releases*."
    * https://technet.microsoft.com/en-us/mt465751

    .NET Framework Monthly Rollups Explained
    - https://blogs.msdn.microsoft.com/dot...ups-explained/
    Oct 11, 2016
    ___

    ISC Analysis: https://isc.sans.edu/diary.html?storyid=21581
    2016-10-11 - "Microsoft published -nine- bulletins plus one bulletin affecting Adobe Flash. These bulletins fix 43 vulnerabilities in Microsoft software, and 11 in Flash. Several of the bulletins address vulnerabilities that are already exploited in the wild. Most of these vulnerabilities are information disclosure vulnerabilities. One of them, CVE 2016-3393 is a remote code execution vulnerability which is why I labeled it as "Patch Now"... summary here:
    - https://isc.sans.edu/mspatchdays.htm...day=2016-10-11 "

    Qualys Analysis: https://blog.qualys.com/laws-of-vuln...ve-0-day-fixes
    Oct 11, 2016 - "Today Microsoft started rolling out a new way to patch systems, and I explain the different components which are included and their timeline:
    > Patch Tuesday (second Tuesday of every month or B week): Two main components will be released on Patch Tuesday:
    - A security-only update: This is a single update containing all new security fixes for that month. It will be released on Windows Server Update Services (WSUS) where it can be consumed by other tools like ConfigMgr, and the Windows Update Catalog. This package will NOT be available for consumer PCs which get updated via Windows Update.
    - A security monthly rollup: A single update containing all new security fixes for that month (same as the security-only update) as well as fixes from all previous monthly rollups. This will be available for consumer PCs which get updated via Windows Update.
    > Third Tuesday of every month (C Week): This is a monthly rollup containing a preview of new non-security fixes that will be included in the next monthly rollup, as well as fixes from all previous monthly rollup. This is included for users to test their systems before next month. This will be available on WSUS, Windows update and Windows Update Catalog.
    Internet Explorer updates are included in the security-only -and- monthly security rollup. .NET will follow a similar formula as monthly rollup and security-only updates.
    Since today is Patch Tuesday i.e. B week or second Tuesday week, here is a list of security fixes that administrators should focus on:
    A total of ten security updates were released affecting Browsers, Office, GDI, Kernel Drivers, Registry, Messaging and also update for Adobe Flash. Five updates are critical, four are important while one is moderate. What’s interesting is that five updated have at least one vulnerability each which a fixes a 0-day. These are the vulnerabilities that are already actively exploited in the wild..."

    .
    Last edited by AplusWebMaster; 2016-10-12 at 12:57.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #383
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation October 2016 security 'only/monthly' quality 'rollup' - Win7

    FYI...

    October 2016 'security monthly' quality rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
    "Summary: This security updates includes improvements and fixes from an update that was shipped earlier by update 3185278. To learn more about the non-security improvements and fixes in this update, see the September 20, 2016 — 3185278 section in Windows 7 SP1 and Windows Server 2008 R2 SP1 update history.
    This security update also resolves the following vulnerabilities in Windows:
    MS16-101 Security update for Windows authentication methods
    MS16-118 Cumulative security update for Internet Explorer
    MS16-120 Security update for Microsoft graphics component
    MS16-122 Security update for Microsoft video control
    MS16-123 Security update for kernel-mode drivers
    MS16-124 Security update for Windows registry
    MS16-126 Security update for Microsoft Internet Messaging API
    More information:
    Important:
    The security fixes listed above that are included in this security update 3185330 are also included in this October 2016 month’s Security Only Quality Update 3192391*, which only includes those fixes. Installing either update will include the security fixes listed above, and the Security Monthly Quality Rollup also includes improvements and fixes from previous Monthly Rollups.
    If you use update management processes other than Windows Update and automatically approve all Security updates classifications for deployment, note that both the Security Only Quality Update 3192391* and the Security Monthly Quality Rollup for the month 3185330 will be deployed. We recommend that you review your update deployment rules to ensure the desired updates are deployed.
    If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows."
    - https://support.microsoft.com/en-us/kb/3185330
    Last Review: 10/11/2016 18:51:00 - Rev: 1.0
    Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1
    ___

    October 2016 'security only' quality update for Windows 7 SP1 and Windows Server 2008 R2 SP1
    "Summary: This security update resolves the following vulnerabilities in Windows 7 and Windows Server 2008 R2:
    MS16-101 Security update for Windows authentication methods
    MS16-118 Cumulative security update for Internet Explorer
    MS16-120 Security update for Microsoft graphics component
    MS16-122 Security update for Microsoft video control
    MS16-123 Security update for kernel-mode drivers
    MS16-124 Security update for Windows registry
    MS16-126 Security update for Microsoft Internet Messaging API
    More information..."
    * https://support.microsoft.com/en-us/kb/3192391
    Last Review: 10/11/2016 17:49:00 - Rev: 1.0
    Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1
    ___

    September 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
    "The September 2016 update rollup includes some new improvements and fixes for the Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1 platform. We recommend that you apply this update rollup as part of your regular maintenance routines.
    Improvements and fixes: To learn more about the non-security improvements and fixes in this update, see the "September 20, 2016 – KB3185278" section in Windows 7 SP1 and Windows Server 2008 R2 SP1 update history[1].
    Known issues in this update:
    Symptoms: Assume that you are running Enhanced Mitigation Experience Toolkit (EMET) on Windows 7 Service Pack 1 (SP1) on a computer on which update 3175024 is installed. When you try to start an application, the application freezes very early in the process and does not completely start.
    Cause: This issue occurs because the Export Address table Filtering (EAF) mitigation is active on the application..." (More...)
    - https://support.microsoft.com/en-us/kb/3185278
    Last Review: 09/20/2016 16:20:00 - Rev: 1.0

    1] http://go.microsoft.com/fwlink/p/?LinkId=821934
    Last Review: Oct 10, 2016 - Rev: 41
    Applies to: Windows 7
    ___

    - https://krebsonsecurity.com/2016/10/...oose-patching/
    Oct 11, 2016 - "... Consumers on Win7 SP1 and Win8.1 will henceforth receive what Redmond is calling a “Monthly Rollup,” which addresses both security issues and reliability issues in a single update. The “Security-only updates” option — intended for enterprises and -not- available via Windows Update — will only include new security patches that are released for that month. What this means is that if any part of the patch bundle breaks, the only option is to remove the entire bundle (instead of the offending patch, as was previously possible)..."

    Last edited by AplusWebMaster; 2016-10-12 at 16:45.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #384
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation New rules for updating Win7

    FYI...

    New rules for updating Win7
    - http://windowssecrets.com/patch-watc...ing-windows-7/
    Oct 12, 2016 - "Only Microsoft could make Windows updating both easier and harder at the same time. This month we move from individual Win7 security updates to the new roll-up model. But Microsoft also released some individual updates alongside the rollups. To get through this transition, here are some steps to make the updating process less painful. Working with the big change in Win7 updating:
    Microsoft’s new roll-up model for Windows 7 has a significant impact... I can no longer give you patch-by-patch recommendations on what to install now and what to put off — or never install. October’s patch release seemed especially confusing because some fixes are being addressed by both roll-up updates and separate patches. (Most of those separate updates are for corporate environments.) Whether this is a temporary expediency by Microsoft is something we’ll have to wait to see. For Patch Watch followers who stuck with Win7, I’m taking a slightly different tack in this column. I’d like you to review your system and determine how “crusty” it is — and how much you depend on it. If you have several Win7 computers, I recommend taking a cue from IT administrators: At least for this first use of the roll-up update system, install the updates on one system and carefully test that machine. Check, for example, that printer connections continue to work and there are no issues with your key applications."
    ___

    > https://technet.microsoft.com/library/security/ms16-oct
    Revisions:
    •V1.1 (October 12, 2016): Bulletin Summary revised to change the severity of MS16-121 to Critical. This is an informational change only.

    Last edited by AplusWebMaster; 2016-10-14 at 18:24.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #385
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Bugs in latest Windows/Office patch bundles ..

    FYI...

    Bugs in latest Windows/Office patch bundles ...
    - http://www.infoworld.com/article/313...confusion.html
    Oct 21, 2016
    ___

    Oct 2016 security monthly quality rollup for Win7 SP1 and Windows Server 2008 R2 SP1
    - https://support.microsoft.com/en-us/kb/3185330
    Last Review: 10/21/2016 15:17:00 - Rev 2.0

    Last edited by AplusWebMaster; 2016-10-24 at 13:50.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #386
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Ms16-128 - 10.27.2016

    FYI...

    MS Security Bulletin MS16-128 - Critical
    Security Update for Adobe Flash Player (3201860)
    - https://technet.microsoft.com/en-us/.../ms16-128.aspx
    Oct 27, 2016 - "This security update resolves a vulnerability in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
    This security update is rated Critical. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #387
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Oct 2016 security monthly 'quality' rollup - Rev 3.0

    FYI...

    Oct 2016 security monthly quality rollup for Win7SP1 and Windows Server 2008 R2 SP1
    - https://support.microsoft.com/en-us/kb/3185330
    Last Review: 10/26/2016 20:28:00 - Rev: 3.0
    Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #388
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - Nov 2016

    FYI...

    - https://technet.microsoft.com/en-us/...urity/ms16-nov
    Nov 8, 2016 - "This bulletin summary lists security bulletins released for November 2016...
    (Total of -14-)

    Microsoft Security Bulletin MS16-129 - Critical
    Cumulative Security Update for Microsoft Edge (3199057)
    - https://technet.microsoft.com/library/security/MS16-129
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

    Microsoft Security Bulletin MS16-130 - Critical
    Security Update for Microsoft Windows (3199172)
    - https://technet.microsoft.com/library/security/MS16-130
    Critical - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS16-131 - Critical
    Security Update for Microsoft Video Control (3199151)
    - https://technet.microsoft.com/library/security/MS16-131
    Critical - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS16-132 - Critical
    Security Update for Microsoft Graphics Component (3199120)
    - https://technet.microsoft.com/library/security/MS16-132
    Critical - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS16-133 - Important
    Security Update for Microsoft Office (3199168)
    - https://technet.microsoft.com/library/security/MS16-133
    Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

    Microsoft Security Bulletin MS16-134 - Important
    Security Update for Common Log File System Driver (3193706)
    - https://technet.microsoft.com/library/security/MS16-134
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS16-135 - Important
    Security Update for Windows Kernel-Mode Drivers (3199135)
    - https://technet.microsoft.com/library/security/MS16-135
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS16-136 - Important
    Security Update for SQL Server (3199641)
    - https://technet.microsoft.com/library/security/MS16-136
    Important - Elevation of Privilege - May require restart - Microsoft SQL Server

    Microsoft Security Bulletin MS16-137 - Important
    Security Update for Windows Authentication Methods (3199173)
    - https://technet.microsoft.com/library/security/MS16-137
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS16-138 - Important
    Security Update for Microsoft Virtual Hard Disk Driver (3199647)
    - https://technet.microsoft.com/library/security/MS16-138
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS16-139 - Important
    Security Update for Windows Kernel (3199720)
    - https://technet.microsoft.com/library/security/MS16-139
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS16-140 - Important
    Security Update for Boot Manager (3193479)
    - https://technet.microsoft.com/library/security/MS16-140
    Important - Security Feature Bypass - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS16-141 - Critical
    Security Update for Adobe Flash Player (3202790)
    - https://technet.microsoft.com/library/security/MS16-141
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

    Microsoft Security Bulletin MS16-142 - Critical
    Cumulative Security Update for Internet Explorer (3198467)
    - https://technet.microsoft.com/library/security/MS16-142
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
    ___

    MS16-129: http://www.securitytracker.com/id/1037245
    MS16-130: http://www.securitytracker.com/id/1037241
    MS16-131: http://www.securitytracker.com/id/1037242
    MS16-132: http://www.securitytracker.com/id/1037243
    MS16-133: http://www.securitytracker.com/id/1037246
    MS16-134: http://www.securitytracker.com/id/1037252
    MS16-135: http://www.securitytracker.com/id/1037251
    MS16-136: http://www.securitytracker.com/id/1037250
    MS16-137: http://www.securitytracker.com/id/1037249
    MS16-138: http://www.securitytracker.com/id/1037248
    MS16-139: http://www.securitytracker.com/id/1037253
    MS16-140: http://www.securitytracker.com/id/1037255
    MS16-141: http://www.securitytracker.com/id/1037240
    MS16-142: http://www.securitytracker.com/id/1037247
    ___

    - https://blogs.technet.microsoft.com/...pdate-release/
    Nov 8, 2016

    Nov 2016 Office Update Release
    - https://blogs.technet.microsoft.com/...pdate-release/
    Nov 8, 2016 - "... there are -25- security updates (1 bulletin) and 39 non-security updates.
    Security bulletins: MS16-133:
    > https://technet.microsoft.com/en-us/.../ms16-133.aspx
    All of the security and non-security updates for November are listed in KB article 3200802:
    > https://support.microsoft.com/en-us/kb/3200802
    A new version of Office 2013 Click-To-Run is available: 15.0.4875.1001
    A new version of Office 2010 Click-To-Run is available: 14.0.7176.5000
    For information on Office 365 Click-To-Run updates, see Office 365 client update branch releases:
    > https://technet.microsoft.com/en-us/mt465751

    November 2016 security monthly quality rollup
    - https://support.microsoft.com/en-us/...ality%20rollup
    ___

    ISC Analysis
    - https://isc.sans.edu/forums/diary/No...tch+Day/21689/
    2016-11-08 - "Microsoft today released 13 bulletins (plus one bulletin from Adobe for Flash). 5 of the Microsoft bulletins, and the Adobe Flash bulletin are rated critical. There are a number of vulnerabilities that have either already been known, or have already been exploited:
    - https://isc.sans.edu/mspatchdays.htm...day=2016-11-08
    2016-11-08

    Qualys Analysis
    - https://blog.qualys.com/laws-of-vuln...and-sql-server
    Nov 8, 2016 - "Today Microsoft released 14 security bulletins with six critical and eight important security fixes. It patched 0-day vulnerability CVE-2016-7255 in the MS16-135 which was actively attacked and disclosed by Google in their disclosure blog a few days ago. Since it is publicly disclosed and actively exploited it should be the top priority for organizations. Three more vulnerabilities that were previously disclosed before availability of patches were fixed. These three issues are in IE and Edge browser and were fixed in MS16-142 and MS16-129 respectively (CVE-2016-7227 for IE, CVE-2016-7199 and CVE-2016-7209 for Edge). Microsoft office bulletin MS16-133 contains fixes for 10 vulnerabilities that could allow attackers to take complete control of the system. In addition to these 10 fixes there is an information disclosure as well as a denial-of-service i.e crash which was fixed. Since office documents are prevalent in typical corporate environment I think this bulletin should be treated as critical even if it is rated as ‘Important’..."

    .
    Last edited by AplusWebMaster; 2016-11-09 at 17:00.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #389
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS to revamp documentation for security patches

    FYI...

    MS to revamp its documentation for security patches
    Microsoft has eliminated individual patches from every Windows version, and Security Bulletins will go away soon, replaced by a spreadsheet with tools
    > http://www.infoworld.com/article/313...y-patches.html
    Nov 10, 2016 - "... Starting in January, per the Microsoft Security Response Center*, the Security Bulletins are going away..."
    * https://blogs.technet.microsoft.com/...urity-updates/
    "... After the January 2017 Update Tuesday release, we will only publish update information to the Security Updates Guide**."

    Software Update Summary
    ** https://portal.msrc.microsoft.com/en...idance/summary

    > https://portal.msrc.microsoft.com/en...urity-guidance

    > https://portal.msrc.microsoft.com/en-us/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #390
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS pulls KB 3197868 Win7 Security Rollup

    FYI...

    Microsoft pulls MS 3197868 Win7 Security Rollup
    - https://www.askwoody.com/2016/micros...-malwarebytes/
    Nov 23, 2016

    > https://www.catalog.update.microsoft...aspx?q=3197868

    - https://support.malwarebytes.com/cus...ive-?b_id=6442
    11.11.2016 - "... false positive was caused by Microsoft not digitally signing over 500 files included in "November, 2016 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB3197868)". Malwarebytes triggered on these unsigned files despite efforts in the 1.80 and 2.x releases to enhance safeguards and prevent false positives on legitimate files. We are working on correcting what actions took place to better protect from this in the future..."
    ___

    ‘Appears to have been restored:
    > https://www.catalog.update.microsoft...aspx?q=3197868
    Last Updated: 11/23/2016

    Last edited by AplusWebMaster; 2016-11-24 at 15:24.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •