Page 4 of 47 FirstFirst 1234567814 ... LastLast
Results 31 to 40 of 467

Thread: Microsoft Alerts

  1. #31
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS KB 2732059 - .oxps files ...

    FYI...

    MS KB 2732059 - .oxps files ...
    You cannot open an .oxps file in Windows 7 or in Windows Server 2008 R2
    - http://support.microsoft.com/kb/2732059
    Last Review: September 26, 2012 - Revision: 2.0
    "This issue occurs because Windows 7 and Windows Server 2008 R2 do not support the .oxps format. The supported XPS document format in Windows 7 and in Windows Server 2008 R2 is .xps... This update is available from the following Microsoft Update website:
    https://update.microsoft.com
    Applies to: Win7, Windows Server 2008 ..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #32
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - October 2012

    FYI...

    - http://technet.microsoft.com/en-us/s...letin/ms12-oct
    October 09, 2012 - "This bulletin summary lists security bulletins released for October 2012...
    (Total of 7-)

    Microsoft Security Bulletin MS12-064 - Critical
    Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)
    - http://technet.microsoft.com/en-us/s...letin/ms12-064
    Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software

    Microsoft Security Bulletin MS12-065 - Important
    Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670)
    - http://technet.microsoft.com/en-us/s...letin/ms12-065
    Important - Remote Code Execution - May require restart - Microsoft Office

    Microsoft Security Bulletin MS12-066 - Important
    Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)
    - http://technet.microsoft.com/en-us/s...letin/ms12-066
    Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software, Microsoft Lync

    Microsoft Security Bulletin MS12-067 - Important
    Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)
    - http://technet.microsoft.com/en-us/s...letin/ms12-067
    Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software

    Microsoft Security Bulletin MS12-068 - Important
    Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197)
    - http://technet.microsoft.com/en-us/s...letin/ms12-068
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-069 - Important
    Vulnerability in Kerberos Could Allow Denial of Service (2743555)
    - http://technet.microsoft.com/en-us/s...letin/ms12-069
    Important - Denial of Service - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-070 - Important
    Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)
    - http://technet.microsoft.com/en-us/s...letin/ms12-070
    Important - Elevation of Privilege - May require restart - Microsoft SQL Server
    ___

    Assessing risk for the October 2012 security updates
    - https://blogs.technet.com/b/srd/arch...edirected=true
    9 Oct 2012

    Bulletin Deployment Priority
    - https://blogs.technet.com/cfs-filesy...Deployment.png

    Severity and Exploitability Index
    - https://blogs.technet.com/cfs-filesy...2-Severity.png

    MSRC > Welcome to the 1024-bit world and the October security updates
    - http://blogs.technet.com/b/msrc/arch...edirected=true
    9 Oct 2012
    ___

    MSRT
    - http://support.microsoft.com/?kbid=890830
    October 9, 2012 - Revision: 111.0
    - http://www.microsoft.com/security/pc...-families.aspx
    "... added in this release...
    • Nitol
    • OneScan..."

    - https://blogs.technet.com/b/mmpc/arc...edirected=true
    9 Oct 2012

    Download:
    - http://www.microsoft.com/download/en...ylang=en&id=16
    File Name: Windows-KB890830-V4.13.exe - 16.2 MB
    - https://www.microsoft.com/download/e...s.aspx?id=9905
    x64 version of MSRT:
    File Name: Windows-KB890830-x64-V4.13.exe - 16.8 MB
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=14272
    Last Updated: 2012-10-09 17:12:12 UTC

    .
    Last edited by AplusWebMaster; 2012-10-10 at 09:01.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #33
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisories - 10.09.2012 recent issues-updates

    FYI...

    Microsoft Security Advisory (2749655)
    Compatibility Issues Affecting Signed Microsoft Binaries
    - http://technet.microsoft.com/en-us/s...visory/2749655
    October 09, 2012 - "... For more information about the update, please see Microsoft Knowledge Base Article 2749655*..."
    * http://support.microsoft.com/kb/2749655

    Security Advisory 2749655 and timestamping
    - https://blogs.technet.com/b/srd/arch...edirected=true
    9 Oct 2012 - "... due to a clerical error, a subset of binaries processed by the PRSS lab between June 12, 2012 and August 14, 2012 were digitally signed in an incorrect manner... we are re-releasing an initial batch of four security updates -- MS12-053, MS12-054, MS12-055, and MS12-058 -- with new digital signatures, each of which has been timestamped with a proper timestamping certificate. We are continuing our investigation and expect to re-release additional bulletins as needed in months to come..."
    ___

    Microsoft Security Advisory (2737111)
    Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
    - http://technet.microsoft.com/en-us/s...visory/2737111
    • V3.0 (October 9, 2012): Advisory updated to reflect publication of security bulletin* for Microsoft FAST Search Server 2010 for SharePoint.
    * http://technet.microsoft.com/en-us/s...letin/ms12-067

    Microsoft Security Advisory (2661254)
    Update For Minimum Certificate Key Length
    - http://technet.microsoft.com/en-us/s...visory/2661254
    • V2.0 (October 9, 2012): Revised advisory to re-release the KB2661254 update for Windows XP and to announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating. Customers who previously applied the KB2661254 update do not need to take any action. See advisory FAQ for details.

    Microsoft Security Advisory (2755801)
    Update for Vulnerabilities in Adobe -Flash- Player in IE 10
    * https://technet.microsoft.com/en-us/...visory/2755801
    Updated: Oct 08, 2012 - "... Microsoft recommends that customers apply the current update -immediately- using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered..."
    • V2.0 (October 8, 2012): Added KB2758994** to the Current update section.
    ** http://support.microsoft.com/kb/2758994

    Last edited by AplusWebMaster; 2012-10-10 at 00:33.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #34
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Re-released MS Security Bulletins ...

    FYI...

    RE-RELEASED:

    Microsoft Security Bulletin MS12-043 - Critical
    - http://technet.microsoft.com/en-us/s...letin/ms12-043
    • V3.0 (October 9, 2012): Added Microsoft XML Core Services 4.0 when installed on supported editions of Windows 8 and Windows Server 2012 to affected software and announced a corresponding detection change for the KB2721691 update package. Customers who have installed Microsoft XML Core Services 4.0 on systems running Windows 8 or Windows Server 2012 need to install the KB2721691 update to be protected from the vulnerability described in this bulletin. See the update FAQ for details.

    Microsoft Security Bulletin MS12-053 - Critical
    - http://technet.microsoft.com/en-us/s...letin/ms12-053
    • V2.0 (October 9, 2012): Revised bulletin to rerelease the KB723135 update for Windows XP. Customers do not need to apply the rereleased update packages to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655.

    Microsoft Security Bulletin MS12-054 - Critical
    - http://technet.microsoft.com/en-us/s...letin/ms12-054
    • V2.0 (October 9, 2012): Revised bulletin to rerelease the KB2731847 update for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Customers using Windows XP and Windows Server 2003 do not need to apply the rereleased update packages to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655. Customers using Windows Vista, Windows 7, and Windows Server 2008 need to apply the rereleased update packages to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655.

    Microsoft Security Bulletin MS12-055 - Important
    - http://technet.microsoft.com/en-us/s...letin/ms12-055
    • V2.0 (October 9, 2012): Revised bulletin to rerelease the KB2731847 update for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Customers using Windows XP and Windows Server 2003 do not need to apply the rereleased update packages to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655. Customers using Windows Vista, Windows 7, and Windows Server 2008 need to apply the rereleased update packages to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655.

    Microsoft Security Bulletin MS12-058 - Critical
    - http://technet.microsoft.com/en-us/s...letin/ms12-058
    • V2.0 (October 9, 2012): Revised bulletin to offer the rerelease of updates for Microsoft Exchange Server 2007 Service Pack 3 (KB2756497), Microsoft Exchange Server 2010 Service Pack 1 (KB2756496), and Microsoft Exchange Server 2010 Service Pack 2 (KB2756485). Customers need to apply the rereleased updates to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655.

    >> Per: Security Advisory 2749655 and timestamping
    - https://blogs.technet.com/b/srd/arch...edirected=true
    9 Oct 2012 - "... due to a clerical error, a subset of binaries processed by the PRSS lab between June 12, 2012 and August 14, 2012 were digitally signed in an incorrect manner... we are re-releasing an initial batch of four security updates -- MS12-053, MS12-054, MS12-055, and MS12-058 -- with new digital signatures, each of which has been timestamped with a proper timestamping certificate. We are continuing our investigation and expect to re-release additional bulletins as needed in months to come..."

    Last edited by AplusWebMaster; 2012-10-10 at 21:37.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #35
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Windows Update software has to be updated ...

    FYI...

    Windows Update Web site indicates that your Windows Update software has to be updated
    - http://support.microsoft.com/kb/836974/en-us
    Last Review: October 18, 2012 - Revision: 3.0
    Resolution: To resolve this issue, manually update the Windows Update software, and then return to the Windows Update Web site to update your computer. To do this, follow the appropriate steps for your Microsoft Windows operating system...
    Windows Server 2003, Windows XP, and Windows 2000
    1. Download the Iuctl.cab file and save it on your desktop. To download the Iuctl.cab file, visit the following Windows Update Web site:
    http://v4.update.microsoft.com/cab/x...code/iuctl.cab
    2. After the file is saved on your desktop, right-click the Iuctl.cab file, and then click Open
    3. Select all the files that are listed. To do this, point to the file list, and then press CTRL+A.
    4. Right-click the files that you selected, and then click Extract.
    5. Select a known location, and then click OK. For example, select the desktop.
    6. Locate the file where you extracted it. For example, locate the file on the desktop.
    7. Right-click the Iuctl.inf file, and then click Install.
    8. Try again to update your computer by using the Windows Update Web site.
    After you have resolved this issue, you can safely delete the files and folders that you downloaded and extracted in steps 1 through 4 of this procedure.

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #36
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MSRT results - Oct 2012...

    FYI...

    MSRT results - Oct 2012...
    - https://blogs.technet.com/b/mmpc/arc...edirected=true
    22 Oct 2012 - "... Top 10 countries with Win32/Nitol detections (January 2012 to October 2012):
    > https://www.microsoft.com/security/p...tol/Nitol1.png
    ... Monthly report volume for Win32/Nitol (January 2011 to October 2012):
    > https://www.microsoft.com/security/p...tol/Nitol3.png
    ... This month’s MSRT included two prevalent families - Win32/Onescan, which is a Korean rogue software, and Win32/Nitol. Within the first two days of MSRT release, Win32/Onescan was our top family detected and cleaned by the MSRT tool, while Win32/Nitol took the 9th spot. After one week of report monitoring, while Win32/Onescan was still on top and had been cleaned from almost 1,000,000 machines, Win32/Nitol had slipped to the 11th spot, having been removed from over 36,000 machines. Win32/Nitol’s numbers are something within our expectation. The recent takedown which disrupted a large percentage of Win32/Nitol’s C&C (command and control) infrastructure is a big factor in explaning why Win32/Nitol’s prevalence has been dropping considerably.
    MSRT top 15 families after one week:
    > https://www.microsoft.com/security/p...tol/Nitol4.png ..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #37
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MS12-034 v1.5 ...

    FYI...

    Microsoft Security Bulletin MS12-034 - Critical
    Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight
    - http://technet.microsoft.com/en-us/s...letin/ms12-034
    V1.0 (May 8, 2012): Bulletin published.
    V1.1 (May 16, 2012): Added a link to Microsoft Knowledge Base Article 2681578 under Known Issues in the Executive Summary. Also added Microsoft .NET Framework 1.1 Service Pack 1 to the Non-Affected Software table and corrected the update replacement information for Microsoft Office. These were informational changes only. There were no changes to the security update files or detection logic.
    V1.2 (May 22, 2012): Added an entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to explain this revision.
    V1.3 (June 6, 2012): Added an entry to the update FAQ to explain why systems with non-affected versions of Microsoft Visio Viewer 2010 will be offered security update KB2589337.
    V1.4 (July 31, 2012): Bulletin revised to announce a detection change in the Windows Vista packages for KB2676562 to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
    V1.5 (October 31, 2012): Corrected update replacement information for the KB2676562* update.
    * http://support.microsoft.com/kb/2676562

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #38
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - November 2012

    FYI...

    - http://technet.microsoft.com/en-us/s...letin/ms12-nov
    November 13, 2012 - "This bulletin summary lists security bulletins released for November 2012...
    (Total of -6-)

    Microsoft Security Bulletin MS12-071 - Critical
    Cumulative Security Update for Internet Explorer (2761451)
    - http://technet.microsoft.com/en-us/s...letin/ms12-071
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

    Microsoft Security Bulletin MS12-072 - Critical
    Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528)
    - https://technet.microsoft.com/en-us/...letin/ms12-072
    Critical - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-074 - Critical
    Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030)
    - http://technet.microsoft.com/en-us/s...letin/ms12-074
    Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework

    Microsoft Security Bulletin MS12-075 - Critical
    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226)
    - https://technet.microsoft.com/en-us/...letin/ms12-075
    Critical - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-076 - Important
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184)
    - http://technet.microsoft.com/en-us/s...letin/ms12-076
    Important - Remote Code Execution - May require restart - Microsoft Office

    Microsoft Security Bulletin MS12-073 - Moderate
    Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information
    - https://technet.microsoft.com/en-us/...letin/ms12-073
    Moderate - Information Disclosure - May require restart - Microsoft Windows
    ___

    Bulletin Deployment Priority
    - https://blogs.technet.com/cfs-filesy...Deployment.png

    Severity and Exploitabilty Index
    - https://blogs.technet.com/cfs-filesy...2-Severity.png

    - http://blogs.technet.com/b/msrc/arch...edirected=true
    13 Nov 2012 - "... six security bulletins... four Critical, one Important, and one Moderate – addressing 19 vulnerabilities in Microsoft Windows Shell, Windows Kernel, Internet Explorer, Internet Information Services (IIS), .NET Framework, and Excel..."
    ___

    - https://secunia.com/advisories/51202/ - MS12-071
    - https://secunia.com/advisories/51221/ - MS12-072
    - https://secunia.com/advisories/51235/ - MS12-073
    - https://secunia.com/advisories/51236/ - MS12-074
    - https://secunia.com/advisories/51239/ - MS12-075
    - https://secunia.com/advisories/51242/ - MS12-076
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=14503
    Last Updated: 2012-11-13 18:43:04 UTC
    ___

    MSRT
    - http://support.microsoft.com/?kbid=890830
    November 13, 2012 - Revision: 116.0
    - http://www.microsoft.com/security/pc...-families.aspx
    "... added in this release...
    • Folstart
    • Phorpiex
    • Weelsof ..."

    - https://blogs.technet.com/b/mmpc/arc...edirected=true
    13 Nov 2012 - "... good practice to show hidden files and system files file extensions..."
    - https://www.microsoft.com/security/p...Folstart/3.png
    ... How to display hidden files and folders, and show file extensions

    Download:
    - http://www.microsoft.com/download/en...ylang=en&id=16
    File Name: Windows-KB890830-V4.14.exe - 16.5 MB
    - https://www.microsoft.com/download/e...s.aspx?id=9905
    x64 version of MSRT:
    File Name: Windows-KB890830-x64-V4.14.exe - 17.1 MB

    .
    Last edited by AplusWebMaster; 2012-11-14 at 00:35.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #39
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory updates - 2012.11.13 ...

    FYI...

    Microsoft Security Advisory (2269637)
    Insecure Library Loading Could Allow Remote Code Execution
    - http://technet.microsoft.com/en-us/s...visory/2269637
    V18.0 (November 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-074*, "Vulnerabilities in .NET Framework Could Allow Remote Code Execution."
    * http://technet.microsoft.com/en-us/s...letin/ms12-074

    Microsoft Security Advisory (2749655)
    Compatibility Issues Affecting Signed Microsoft Binaries
    - http://technet.microsoft.com/en-us/s...visory/2749655
    V1.2 (November 13, 2012): Added the KB2687626 update, described in MS12-046*, to the list of available re-releases (List of available re-releases at the URL above).
    * http://technet.microsoft.com/en-us/s...letin/ms12-046
    V2.0 (November 13, 2012): Re-released bulletin to replace the KB2598361 update with the KB2687626** update for Microsoft Office 2003 Service Pack 3 to address an issue with digital certificates described in Microsoft Security Advisory 2749655. See the update FAQ for details.
    ** http://support.microsoft.com/KB/2687626
    November 13, 2012 - Revision: 2.0

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #40
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post KB 2750841 problems ...

    FYI... Per comments/info below, you may choose -not- to install this item:

    "An IPv6 readiness update is available for Windows 7 and for Windows Server 2008 R2"
    - http://support.microsoft.com/kb/2750841
    November 13, 2012 - Revision: 1.0
    ___

    From: Susan Bradley
    Subject: Do not install KB2750841

    http://support.microsoft.com/kb/2750841
    Do -not- install that

    Threads here:
    http://forums.opendns.com/comments.p...ussionID=16465
    here
    http://answers.microsoft.com/en-us/w...e-03d8cb305a57
    and
    https://isc.sans.edu/diary.html?storyid=14503#comment
    "After applying the updates, in the Network Notification Area, I get 'Additional log on info may be required'..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •