Page 41 of 47 FirstFirst ... 31373839404142434445 ... LastLast
Results 401 to 410 of 467

Thread: Microsoft Alerts

  1. #401
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Microsoft SMBv1 Vulnerability

    FYI...

    Microsoft SMBv1 Vulnerability
    - https://www.us-cert.gov/ncas/current...-Vulnerability
    March 16, 2017 - "Microsoft has released a security update to address a vulnerability in implementations of Server Message Block 1.0 (SMBv1). Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Microsoft Security Bulletin MS17-010* and apply the update. For more information, see the Information Assurance Advisory** and US-CERT's SMB Security Best Practices guidance***."
    * https://technet.microsoft.com/library/security/MS17-010
    March 14, 2017
    ** https://www.iad.gov/iad/library/ia-a...-block-1-0.cfm
    16 March 2017
    *** https://www.us-cert.gov/ncas/current...Best-Practices
    Last revised: March 16, 2017
    ___

    - https://www.us-cert.gov/ncas/current...Best-Practices
    Last revised: March 16, 2017 - "In response to public reporting of a potential Server Message Block (SMB) vulnerability, US-CERT is providing known best practices related to SMB. This service is universally available for Windows systems, and legacy versions of SMB protocols could allow a remote attacker to obtain sensitive information from affected systems. US-CERT recommends that users and administrators consider:
    disabling SMBv1 and
    blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.
    US-CERT cautions users and administrators that disabling or blocking SMB may create problems by obstructing access to shared files, data, or devices. The benefits of mitigation should be weighed against potential disruptions to users. For more information on SMB, please review Microsoft Security Advisories 2696547* and 204279**."
    * https://support.microsoft.com/en-us/kb/2696547
    Feb 28, 2017 - Rev: 23
    ** https://support.microsoft.com/en-us/kb/204279
    Jan 7, 2008 - Rev: 1

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #402
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation March Patching ...

    FYI...

    March Patching Comes In Like a Lion
    - http://windowssecrets.com/windows-se...n-like-a-lion/
    March 16, 2017 - "The lack of patches in February means that March’s updates are numerous. Not helping the situation: While Windows 10 updates are cumulative, Office updates may not be depending on your install. Thus we are getting an extra set. It’s a lot to sort through.
    Microsoft finally got back to a bit of normal with this month’s release. Windows 10, 8 and 7 all received their normal large cumulative updates, most with a security bent. For Windows 10, the cumulative update also included many fixes for other issues on that platform. And in a bit of trivia only patch-a-holics like me love to keep track of, we have now jumped to Knowledge Base articles that begin with 4. For example, the Windows 10 1607 update is KB4013198.
    In addition we received double the amount of Office updates, but remember, if you are running any of the Office 365 versions that support click-to-run, you won’t see the masses of Office updates, you’ll merely get the click to run update dribbled to you over time.
    March also meant changes to Microsoft’s communication regarding security bulletins, with the all new Security Portal* as the new location for security guidance and information. However, they are still posting the traditional security bulletin information in the original format, just to ease in the transition."
    * https://portal.msrc.microsoft.com/en...urity-guidance

    - https://arstechnica.com/security/201...t-smell-right/
    3/16/2017

    Last edited by AplusWebMaster; 2017-03-17 at 12:57.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #403
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS17-014 update - Excel 2010

    FYI...

    MS17-014: Description of the security update for Excel 2010
    - https://support.microsoft.com/en-us/...2010-kb3191855
    "... Note: To apply this security update, you must have the release version of Service Pack 2 for Office 2010 installed on the computer...
    Improvements and fixes:
    Fixes an issue that causes Excel 2010 to crash when spreadsheets are recalculated. This issue occurs after you install MS17-014: Description of the security update for Excel 2010: March 14, 2017 (KB3178690*)..."
    Last Review: Mar 28, 2017 - Rev: 9

    * https://support.microsoft.com/en-us/help/3178690
    ___

    - https://blogs.technet.microsoft.com/...or-excel-2010/
    Mar 28, 2017
    ___

    KB3178690 causing excel 2010 to crash
    - https://answers.microsoft.com/en-us/...4-884b2d7d057b

    - https://support.microsoft.com/en-us/...2010-kb3191855
    ___

    > http://windowssecrets.com/patch-watc...t-like-a-lamb/
    March 28, 2017

    Last edited by AplusWebMaster; 2017-03-29 at 19:20.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #404
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Post MS17-006 IE11 install - failure

    FYI...

    Forms in Dynamics CRM 2011 are broken after KB 4013073 for IE11 is installed
    - https://support.microsoft.com/en-us/...fter-kb-401307
    "Forms in Microsoft Dynamics CRM 2011 are not displayed correctly after KB 4013073 is installed on a Windows system that is running Internet Explorer 11... To get the stand-alone package for this update, go to the Microsoft Update Catalog website*..."
    Last Review: Mar 22, 2017 - Rev: 29

    * http://www.catalog.update.microsoft....px?q=kb4016446

    MS17-006: Cumulative security update for Internet Explorer: March 14, 2017
    - https://support.microsoft.com/en-us/...r-march-14-201
    Last Review: Mar 14, 2017 - Rev: 31
    ___


    MS17-006: Security update for IE: Mar 14, 2017
    - https://support.microsoft.com/en-us/...-march-14-2017
    Last Review: Mar 29, 2017 - Rev: 52

    > https://technet.microsoft.com/library/security/MS17-006

    Last edited by AplusWebMaster; 2017-04-08 at 22:47.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #405
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - April 2017

    FYI...

    MS Security Update Guide
    > https://portal.msrc.microsoft.com/en...urity-guidance

    Release Notes
    April 2017 Security Updates
    > https://portal.msrc.microsoft.com/en...9-000d3a32fc99
    April 11, 2017 - "The April security release consists of security updates for the following software:
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    Visual Studio for Mac
    .NET Framework
    Silverlight
    Adobe Flash Player ..."
    > https://portal.msrc.microsoft.com/en...idance/summary

    Cumulative security update for Internet Explorer: April 11, 2017
    > https://support.microsoft.com/en-us/...-april-11-2017
    Last Review: Apr 13, 2017 - Rev: 46
    "... Additionally, see Windows 10* and Windows Server 2016 update history for more information on cumulative updates for Windows 10 and Windows Server 2016..."
    * https://support.microsoft.com/en-us/...update-history
    Last Review: Apr 13, 2017 - Rev: 46
    ___

    April 11, 2017, update for Microsoft Office
    - https://support.microsoft.com/en-us/...crosoft-office
    Last Review: Apr 13, 2017 - Rev: 10
    ___

    Qualys analysis:
    - https://blog.qualys.com/laws-of-vuln...curity-updates
    April 11, 2017 - "Today is the first month since 1998 in which Microsoft stopped releasing security bulletins with the familiar MSxx-xxx format and replaced it with the new security update guide:
    - https://portal.msrc.microsoft.com/en...urity-guidance
    In today’s release Microsoft fixed a total of 45 vulnerabilities that could lead to remote code execution, denial-of-service, elevation of privileges, security feature bypass and spoofing. Top priority goes to the Office and WordPad CVE-2017-0199 which fixed a 0-day vulnerability that is being actively exploited in the wild. Exploitation of this vulnerability requires that a user open or preview a specially crafted file with an affected version of Office or WordPad. Attacker could accomplish this by sending a specially crafted file to the user and then convincing the user to open the file. We recommend administrators patch this as soon as possible..."
    (More detail at the qualys URL above.)

    ISC analysis:
    - https://isc.sans.edu/diary.html?storyid=22286
    Apr 11 2017 - "Today on Tuesday 2017-04-11, Microsoft announced its monthly security release (also known as "Patch Tuesday). Reviewing Microsoft's Security Update Guide, it looks like there's 644 updates with 210 of them listed as "Critical" severity..."
    (More detail at the ISC URL above.)

    'ghacks' analysis:
    - https://www.ghacks.net/2017/04/11/mi...-2017-release/
    April 11, 2017 - "... marks the end of Windows Vista's extended support phase. Microsoft won't release security updates for Windows Vista officially anymore*...
    * https://www.ghacks.net/2017/03/11/re...ds-next-month/
    ... Executive Summary: Security Bulletins are no longer provided. Microsoft switched the information system to the Security Update Guide fully. The April security update patches issues in all supported versions and editions of Microsoft Windows. Other Microsoft products with patches are Microsoft Edge and Internet Explorer, the .NET Framework, Silverlight, and Microsoft Office.
    Operating System Distribution:
    Windows Vista: 9 vulnerabilities, 1 critical, 8 important
    Windows 7: 9 vulnerabilities, 1 critical, 8 important.
    Windows 8.1: 23 vulnerabilities, 4 critical, 19 important.
    Windows RT 8.1: 11 vulnerabilities, 1 critical, 10 important.
    Windows 10 version 1703: 21 vulnerabilities, 5 critical, 16 important..."

    Last edited by AplusWebMaster; 2017-05-08 at 21:04.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #406
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary for March 2017 - revised

    FYI...

    Microsoft Security Bulletin Summary for March 2017
    Published: March 14, 2017 | Updated: April 11, 2017
    > https://technet.microsoft.com/en-us/.../ms17-mar.aspx
    V2.0 (April 11, 2017): Bulletin Summary revised to announce the following updates:
    For MS17-013, the release of update 4017018 for Windows Vista and Windows Server 2008. The update replaces update 4012583 for CVE-2017-0038 only, to comprehensively address the vulnerability. Microsoft recommends that customers running the affected software install the security update to be fully protected from the vulnerability described in this bulletin. See Microsoft Knowledge Base Article 4017018 for more information.
    For MS17-014, to comprehensively address CVE-2017-0027 for Office for Mac 2011 only, Microsoft is releasing security update 3212218. Microsoft recommends that customers running Office for Mac 2011 install update 3212218 to be fully protected from this vulnerability. See Microsoft Knowledge Base Article 3212218 for more information.
    For MS17-021, security updates that apply to CVE-2017-0042 for Windows Server 2012 are now available. Customers running Windows Server 2012 should install update 4015548 (Security Only) or 4015551 (Monthly Rollup) to be fully protected from this vulnerability. Customers running other versions of Microsoft Windows do not need to take any further action.
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    April 12, 2017 - "Microsoft has released -61- updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of a system. This Security Update addresses a Microsoft Office vulnerability that is actively being exploited to spread malicious code:
    > https://nvd.nist.gov/vuln/detail/CVE-2017-0199
    US-CERT encourages users and administrators to review Vulnerability Note #VU921560* and Microsoft's April 2017 Security Update** and apply the necessary updates."

    * https://www.kb.cert.org/vuls/id/921560

    ** https://portal.msrc.microsoft.com/en...9-000d3a32fc99
    ___

    April 2017 Office Update Release
    - https://blogs.technet.microsoft.com/...pdate-release/
    April 11, 2017 - "The April 2017 Public Update releases for Office are now available! This month, there are -19- security updates and 33 non-security updates. All of the security and non-security updates are listed in KB article 4016803:
    - https://support.microsoft.com/en-us/...crosoft-office
    A new version of Office 2013 Click-To-Run is available: 15.0.4919.1002
    A new version of Office 2010 Click-To-Run is available: 14.0.7180.5002 "

    > https://portal.msrc.microsoft.com/en.../CVE-2017-0199
    April 11, 2017

    - http://www.securitytracker.com/id/1038224
    CVE Reference: CVE-2017-0199
    Updated: Apr 12 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 2007 SP3, 2010 SP2, 2013 SP1, 2016 ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix, available at:
    - https://catalog.update.microsoft.com...px?q=KB4014793
    - https://catalog.update.microsoft.com...px?q=KB4015549
    - https://catalog.update.microsoft.com...px?q=KB4015551

    - http://www.securitytracker.com/id/1038227
    CVE Reference: CVE-2017-0106, CVE-2017-0204
    Apr 11 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 2007 SP3, 2010 SP2, 2013 SP1, 2016; Outlook for Mac 2011
    Impact: A remote user can create an email message that, when loaded or previewed by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix.
    The vendor advisories are available at:
    - https://support.microsoft.com/en-us/...-april-11-2017
    - https://support.microsoft.com/en-us/...-april-11-2017
    - https://support.microsoft.com/en-us/...-april-11-2017
    - https://support.microsoft.com/en-us/...11-14-7-3-apri
    - https://support.microsoft.com/en-us/...-april-11-2017

    Last edited by AplusWebMaster; 2017-04-12 at 19:05.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #407
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation M$ - buggy patches

    FYI...

    Microsoft's critical Windows and Office patches - problems
    - http://www.infoworld.com/article/318...-problems.html
    Apr 13, 2017 - "Windows and Office patching have had a horrible three months... just what we've seen in the first 48 hours... The SANS Internet Storm Center*, my go-to source for patch insight, has thrown up its hands, listing all -210- "critical" updates in one massive blob. In addition to the 210 "critical" there's another -434- that aren't so critical, coming to a grand total of -644- patches this month... tip of the -buggy- iceberg..."
    (More detail at the infoworld URL above.)

    * https://isc.sans.edu/forums/diary/Ap...Tuesday/22288/
    ___

    Also see:

    Microsoft Addresses Shadow Brokers Exploits
    > https://www.us-cert.gov/ncas/current...ers-Exploits-0
    Last revised: April 16, 2017

    - https://blogs.technet.microsoft.com/...aluating-risk/
    April 14, 2017

    - https://arstechnica.com/security/201...terious-patch/
    4/15/2017

    Last edited by AplusWebMaster; 2017-04-17 at 16:47.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #408
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation KB4015549 - Win7/Win Svr 2008

    FYI...

    April 11, 2017 — KB4015549 (Monthly Rollup)
    Windows 7 SP1 and Windows Server 2008 R2 SP1
    - https://support.microsoft.com/en-us/...date-kb4015549
    Last Review: Apr 12, 2017 - Rev: 21
    "... Known issues in this update:
    If the PC uses an AMD Carrizo DDR4 processor, installing this update will -block- downloading and installing future Windows updates. Microsoft is working on a resolution and will provide an update in an upcoming release..."
    ___

    - http://www.infoworld.com/article/318...backfires.html
    Apr 13, 2017 - "Microsoft is working on a fix after Tuesday’s Windows 7 and 8.1 security updates misfired on some users, forcibly locking them -out- of future Windows updates.
    Microsoft has acknowledged that the updates’ detection mechanism, intended to force users with newer 7th generation processor chips to move to Windows 10, also caught people with 6th generation AMD Carrizo DDR 4 PCs, which -were- explicitly -allowed- under terms of Microsoft’s Lifecycle Policy FAQ. Microsoft admitted erroneously -blocking- Windows Update on -four- different Tuesday patches:
    KB 4015549 (the Win7 Monthly Rollup), KB 4015546 (the Win7 Security-Only patch), KB 4015550 (the Win8.1 Monthly Rollup), and KB 4015547 (the Win8.1 Security-Only patch)..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #409
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS - Feedback on the Security Update Guide

    FYI...

    MS - Feedback on the Security Update Guide
    - https://blogs.technet.microsoft.com/...-update-guide/
    April 21, 2017 - "The Security Update Guide* has been in public preview since November 2016. This month marked our first release when security update information was published entirely in the new format. Over the last few months, customers and partners have provided a lot of feedback on the direction and implementation of the Security Update Guide. As we completed Preview this month, we want to let you know that we are continuing to listen to your feedback, and are working to enhance your experience... If you have questions about the change, or how to accomplish certain tasks, we have a FAQ**, as well as a TechNet support forum*** for the Security Update Guide. If you have questions about how to use the Security Update Guide or a suggestion to improve it, please post to the forum or (even better) upvote someone else’s suggestion if you also like it. We are listening."
    * https://portal.msrc.microsoft.com/en...urity-guidance

    FAQ: ** https://technet.microsoft.com/en-us/security/mt791750

    Forum: *** https://social.technet.microsoft.com...ityupdateguide
    ___

    Why is Intel allowing this?
    - https://software.intel.com/en-us/for...s/topic/731318
    4/14/2017

    Last edited by AplusWebMaster; 2017-04-28 at 18:58.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #410
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Ending Security Updates for Win10 v1507

    FYI...

    MS Ending Security Updates for Windows 10 version 1507
    - https://www.us-cert.gov/ncas/current...0-version-1507
    May 04, 2017 - "After May 9, 2017, devices running Windows 10 version 1507 will no longer receive security updates. US-CERT encourages users and administrators to review Microsoft's Windows 10 version 1507 post* for more information and to apply necessary updates."

    * https://support.microsoft.com/en-us/...curity-updates
    Last Review: Apr 12, 2017 - Rev: 17
    "... Microsoft recommends visiting the Software Download site** and selecting 'Update now' to manually update your device..."
    ** https://www.microsoft.com/software-download/windows10
    ___

    Outlook 2010 (KB3191906)
    - https://support.microsoft.com/en-us/...2010-kb3191906
    Article ID: 3191906 - Last Review: May 2, 2017 - Rev: 11
    "... Fixes the following issue: When you add attachments to a saved email message and then send the email message in Outlook 2010, the attachments are missing, corrupted or duplicated..."
    > https://www.catalog.update.microsoft...aspx?q=3191906

    Office 2010 (KB3128031)
    - https://support.microsoft.com/en-us/...2010-kb3128031
    Article ID: 3128031 - Last Review: May 2, 2017 - Rev: 9
    "... Improvements and fixes: Improves the robustness to make sure that the stability of Office 2010 applications in certain scenarios..."
    > https://www.catalog.update.microsoft...aspx?q=3128031

    Last edited by AplusWebMaster; 2017-05-04 at 18:50.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •