Page 42 of 47 FirstFirst ... 32383940414243444546 ... LastLast
Results 411 to 420 of 467

Thread: Microsoft Alerts

  1. #411
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory 4022344

    FYI...

    MS Security Advisory 4022344
    Security Update for Microsoft Malware Protection Engine
    - https://technet.microsoft.com/en-us/...y/4022344.aspx
    May 8, 2017 - "Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system... Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration..."
    ___

    - http://www.infoworld.com/article/319...virus-bug.html
    May 9, 2017 - "... critical security vulnerability in the Microsoft Malware Protection Engine affects a number of Microsoft products, including Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Forefront Security for SharePoint, Microsoft Endpoint Protection, and Microsoft Forefront Endpoint Protection. These tools are enabled by default in Windows 8, 8.1, 10, and Windows Server 2012..."

    - http://www.securitytracker.com/id/1038419
    CVE Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-0290
    May 9 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
    Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13704.0), available via automatic update.
    The vendor has also provided information on how to manually update the Microsoft Malware Protection Engine, available at:
    - https://support.microsoft.com/kb/2510781
    ___

    - http://www.securitytracker.com/id/1038420
    CVE Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-0290
    May 9 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
    Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13704.0), available via automatic update.
    The vendor has also provided information on how to manually update the Microsoft Malware Protection Engine, available at:
    - https://support.microsoft.com/kb/2510781
    ___

    - https://www.us-cert.gov/ncas/current...ecurity-Update
    May 08, 2017

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #412
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Updates - May 2017

    FYI...

    MS Security Updates - May 2017
    - https://portal.msrc.microsoft.com/en...urity-guidance
    May 9, 2017
    > https://portal.msrc.microsoft.com/en...idance/summary

    - https://portal.msrc.microsoft.com/en...a-000d3a32fc99
    May 09, 2017 - "The May security release consists of security updates for the following software:
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    NET Framework
    Adobe Flash Player ..."

    - https://blogs.technet.microsoft.com/...pdate-release/
    May 9, 2017

    Coming together to address Encapsulated PostScript (EPS) attacks
    - https://blogs.technet.microsoft.com/...t-eps-attacks/
    May 9, 2017
    "... Related links:
    CVE-2017-0261: https://portal.msrc.microsoft.com/en.../CVE-2017-0261
    CVE-2017-0262: https://portal.msrc.microsoft.com/en.../CVE-2017-0262
    CVE-2017-0263: https://portal.msrc.microsoft.com/en.../CVE-2017-0263
    Enterprise customers can check here* to see if they have the latest Office 365 updates."
    * https://technet.microsoft.com/en-us/office/mt465751

    MS Malware Protection Engine Remote Code Execution Vuln
    > https://portal.msrc.microsoft.com/en.../CVE-2017-0290
    Internet Explorer Memory Corruption Vuln
    > https://portal.msrc.microsoft.com/en.../CVE-2017-0222
    Scripting Engine Memory Corruption Vuln
    > https://portal.msrc.microsoft.com/en.../CVE-2017-0229
    Windows SMB Remote Code Execution Vuln
    > https://portal.msrc.microsoft.com/en.../CVE-2017-0277
    Windows SMB Remote Code Execution Vuln
    > https://portal.msrc.microsoft.com/en.../CVE-2017-0278
    Windows SMB Remote Code Execution Vuln
    > https://portal.msrc.microsoft.com/en.../CVE-2017-0279
    Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11
    > https://technet.microsoft.com/library/security/4010323
    May 9, 2017
    ___

    May 2017 Office Update Release
    - https://blogs.technet.microsoft.com/...pdate-release/
    May 9, 2017 - "... This month, there are -36- security updates and 28 non-security updates. All of the security and non-security updates are listed in KB article 4020152*.
    * https://support.microsoft.com/en-us/...crosoft-office
    Last Review: May 9, 2017 - Rev: 10

    A new version of Office 2013 Click-To-Run is available: 15.0.4927.1002

    A new version of Office 2010 Click-To-Run is available: 14.0.7181.5002"
    ___

    Microsoft Security Bulletin MS17-013 - Critical
    Security Update for Microsoft Graphics Component (4013075)
    - https://technet.microsoft.com/en-us/...urity/MS17-013
    V3.0 (May 9, 2017): "Microsoft has re-released security update 4017018 for affected editions of Windows Server 2008. The re-release has been re-classified as a security update. Microsoft recommends that customers should install update 4017018 to be fully protected from CVE-2017-0038. Customers who have already installed the update do not need to take any further action.
    In addition, this security update correction also applies to Windows Server 2008 for Itanium-based Systems."
    ___

    CVE-2017-0290: http://www.securitytracker.com/id/1038419
    - http://www.securitytracker.com/id/1038420

    CVE-2017-0064: http://www.securitytracker.com/id/1038447

    CVE-2017-0077: http://www.securitytracker.com/id/1038454

    CVE-2017-0175: http://www.securitytracker.com/id/1038452

    CVE-2017-0190: http://www.securitytracker.com/id/1038451

    CVE-2017-0213: http://www.securitytracker.com/id/1038457

    CVE-2017-0220: http://www.securitytracker.com/id/1038445

    CVE-2017-0222: http://www.securitytracker.com/id/1038423

    CVE-2017-0227, CVE-2017-0240: http://www.securitytracker.com/id/1038424

    CVE-2017-0228: http://www.securitytracker.com/id/1038425
    CVE-2017-0228: http://www.securitytracker.com/id/1038426

    CVE-2017-0231: http://www.securitytracker.com/id/1038455
    - http://www.securitytracker.com/id/1038456

    CVE-2017-0234, CVE-2017-0236: http://www.securitytracker.com/id/1038431

    CVE-2017-0244: http://www.securitytracker.com/id/1038453

    CVE-2017-0246, CVE-2017-0263: http://www.securitytracker.com/id/1038449

    CVE-2017-0248: http://www.securitytracker.com/id/1038458

    CVE-2017-0254: http://www.securitytracker.com/id/1038443

    CVE-2017-0258: http://www.securitytracker.com/id/1038446

    CVE-2017-0261: http://www.securitytracker.com/id/1038444

    CVE-2017-0265: http://www.securitytracker.com/id/1038448

    CVE-2017-0267, CVE-2017-0271, CVE-2017-0275: http://www.securitytracker.com/id/1038432

    CVE-2017-0269, CVE-2017-0273: http://www.securitytracker.com/id/1038433
    ___

    MS Security Advisory 4021279
    Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege
    - https://technet.microsoft.com/en-us/...curity/4021279
    Updated: May 10, 2017
    V1.1 (May 10, 2017): "Advisory revised to include a table of issue CVEs and their descriptions. This is an informational change only."
    ___

    Description of Software Update Services and Windows Server Update Services changes in content for 2017
    - https://support.microsoft.com/en-us/...ntent-for-2017
    Last Review: May 9, 2017 - Rev: 64
    ___

    Qualys Analysis:
    - https://blog.qualys.com/laws-of-vuln...ulnerabilities
    May 9, 2017 - "... In today’s patch Tuesday update Microsoft released a total of -57- vulnerability fixes. Highest priority should go to patching 0-day issues which are actively exploited. On top of our list is the Office patch for CVE-2017-0261 which is triggered when a victim opens an office file containing malformed graphics image. The file could be delivered via email or any other means. As this is actively exploited in the wild and attackers can take complete control of the victim system this should be treated with priority...
    In Summary today’s release fixed 3 actively exploited and 4 publicly disclosed issues including the malware protection engine, Office, IE, Edge and SMB vulnerabilities."

    ISC Analysis:
    - https://isc.sans.edu/diary.html?storyid=22396
    2017-05-09

    ghacks Analysis:
    - https://www.ghacks.net/2017/05/09/mi...-2017-release/
    May 9, 2017 [See 'Executive Summary']

    - https://www.thezdi.com/blog/2017/5/5...-update-review
    May 09, 2017 - "... table of all CVEs released by Microsoft for May, 2017..."

    - https://www.askwoody.com/2017/patch-...s-rolling-out/
    May 09, 2017
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    May 09, 2017 - "Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.
    US-CERT encourages users and administrators to review Microsoft's May 2017 Security Update Summary* and Deployment Information** and apply the necessary updates."
    * https://portal.msrc.microsoft.com/en...idance/summary

    ** https://support.microsoft.com/en-us/...ion-may-9-2017
    Last Review: May 9, 2017 - Rev: 22

    .
    Last edited by AplusWebMaster; 2017-05-12 at 18:55.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #413
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory 4022345 - Windows Update client

    FYI...

    MS Security Advisory 4022345
    Identifying and correcting failure of Windows Update client to receive updates
    - https://technet.microsoft.com/en-us/...curity/4022345
    May 9, 2017 - "Microsoft is releasing this security advisory to provide information related to an uncommon deployment scenario in which the Windows Update Client may not properly scan for, or download, updates. This scenario may affect customers who installed a Windows 10 or Windows Server 2016 operating system, and who have never interactively logged in to the system or connected to it through remote desktop services. These systems may not receive Windows updates until a user has completed initial setup by interactively logging in or by logging in through remote desktop services..."
    V1.0 (May 9, 2017): Advisory published.
    V1.1 (May 10, 2017): Advisory updated to include Logon Type 2 Security Event Log entries. This is an informational change only.
    V1.2 (May11, 2017): Advisory updated to clarify the WSUS environment. This is an informational change only.
    V1.3 (May 17, 2017): Updated FAQ to clarify the update that needs to be installed: “the current cumulative update”...

    Last edited by AplusWebMaster; 2017-05-18 at 15:17.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #414
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Updating MS antimalware and antispyware software - Win10

    FYI...

    Updating MS antimalware and antispyware software...
    > https://www.microsoft.com/en-us/secu...dl.aspx#manual
    May 16, 2017 - "... Force a daily update:
    If you want Windows to update your software, go to Windows Update or:
    Open your Microsoft security software.
    Click the Update tab.
    Click the Update button.
    >> https://www.microsoft.com/en-us/CMSI...2-0011b7504d55
    ... Manually download the latest updates:
    If you need to get the latest updates available, you can download and install them from here.
    For all Microsoft security software, you will need to download the antimalware and antispyware updates.
    Antimalware and antispyware updates:
    For antimalware and antispyware, the latest definitions are 1.243.529.0, dated May 16, 2017 6:2 PM UTC.
    To download these updates:
    1. Check whether your version of Windows is 32-bit or 64-bit.
    2. In the table below, right-click on the link that will work for your version of Windows and choose Save target as... or Save link as...
    3. Save the file to your Desktop.
    4. When the file has finished downloading, go to your Desktop and double-click the file (it will be called mpam-fe.exe, mpas-fe.exe, or mpam-feX64.exe).
    5. Follow the prompts to install the update..."
    ___

    > https://www.microsoft.com/en-us/secu...s/default.aspx
    "Windows Defender in Windows 10 and Windows 8.1, and Microsoft Security Essentials in Windows 7 and Windows Vista help protect your PC from malware and other threats in exactly the same way. You -can't- use Microsoft-Security-Essentials with Windows-10 or Windows 8.1. Windows Defender in Windows 10 and Windows 8.1 is built into Windows and ready to work as soon as you turn your PC on..."
    > https://www.microsoft.com/en-us/safe...-defender.aspx
    ___

    Do You Need [an Intel] Firmware Update?
    - http://windowssecrets.com/windows-se...rmware-update/
    May 11, 2017 - "For those of you with Intel processors, it’s time to see if you are vulnerable. Meanwhile we’re business as usual for Windows updates and Flash updates. And if you use Microsoft’s native antivirus protection, be sure that you’ve received the latest engine update to fix a critical flaw... Intel’s processors are vulnerable to a flaw in Intel’s Active management technology, Small Business Technology or Intel Standard Manageability software, and although I read that this “did not impact consumer PCs” I honestly ignored the warnings: 'I follow security best practices. This can’t impact my workstations'. And then I used the Intel Detection Tool* and determined that many of my workstations – especially in my office -did- have the vulnerable code in my systems. So much for best security practices! Fortunately, while I may have the vulnerable code, the 'Active management technology' is and was not ever -enabled- and I don’t have it set to be accessible from outside of my office. Thus I am not vulnerable to attack even though I may have the vulnerable code on my system. Nevertheless, I recommend that you scan your own system and see if it can detect what chipset you have and if you too may have the vulnerable software. Then contact or view the forums of your OEM vendors and see when they plan to release a bios update to fix this issue. Some like Dell** have posted a listing of impacted systems. HP*** also has a page where you can follow up with more information."
    * https://downloadcenter.intel.com/download/26755

    ** http://en.community.dell.com/techcen...apers/20443914

    *** http://www8.hp.com/us/en/intelmanageabilityissue.html

    Last edited by AplusWebMaster; 2017-05-16 at 23:32.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #415
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Win7 SP1 KB4019264 Monthly Rollup / Win10 Creators Update

    FYI...

    Win7 SP1 and WinSvr2008 R2 SP1 - KB4019264 (Monthly Rollup)
    > https://support.microsoft.com/en-us/...date-kb4019264
    Last Review: May 23, 2017 - Rev: 33
    ___

    Where’s My Win10 Creators Update?
    - http://windowssecrets.com/windows-se...eators-update/
    May 23, 2017 - "... 'already been tracking a few known issues such as Network printers* failing due to machines having less than 4 GBs of memory:
    * https://answers.microsoft.com/en-us/...0-6827f813fa21
    There’s also a known issue when certain antivirus is installed while the creator’s update is installed as noted in the Answers forum**. To work around this issue, make sure you update the antivirus or remove it and reinstall it.
    ** https://answers.microsoft.com/en-us/...d-43ecbcf526e9
    Because the Creators Update is heavily reliant on 3D and video enhancements, I’m seeing that video drivers are the key item that may need to be updated. In fact a -known- issue with Nvidia video drivers, as noted in the forum***, showcases that you need to update your video drivers..."
    *** https://answers.microsoft.com/en-us/...0-9dcb7e45cd9e

    Win10’s recovery options:
    - https://support.microsoft.com/en-us/...covery-options
    Last Review: May 23, 2017 - Rev: 74

    Last edited by AplusWebMaster; 2017-05-24 at 20:32.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #416
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation When to Disable SMB1

    FYI...

    When You should Disable Server Message Block v1
    - http://windowssecrets.com/windows-se...sage-block-v1/
    May 25, 2017 - "The recent ransomware attacks have had a inadvertent side effect at my home and office: It has pointed out to me how much I’m still dependent on Server Message Block v1 (SMB v1). Microsoft’s -workaround- for the recent ransomware attacks have recommended the following workaround as noted in KB2696547*: disabling SMB v1, and leaving SMB v2 and SMB v3 -alone- unless you need to troubleshoot your security settings...
    * https://support.microsoft.com/en-us/...windows-server
    Last Review: May 22, 2017 - Rev: 35
    ... SMB v1 is a -30-year-old protocol that has seen better days. The recent ransomware attacks using this protocol to amplify their mayhem have some security researchers still unsure of exactly how the initial attack vector took place. It’s unclear at this time if this ransomware came through targeted email attacks (like many other ransomware attacks), or, if this was a unique attack that possibly infected a workstation, which then brought the attack into the impacted networks through some network access point previously used to bring in other worm like attacks. While it’s unclear how the initial infection started out, it’s -clear- that once the infection got into the network, it relied on vulnerabilities in SMB v1 to basically run rampant through the network. This is why so many security sites recommended disabling SMB v1 as an old and out of date protocol. As pointed out on the Vinransomware blog site**, the best way for a consumer or home user to disable SMBv1 is through the graphical user interface."
    ** http://www.vinransomware.com/blog/ho...cry-ransomware
    15 May 2017 - "... Please note: -Before- proceeding further it is strongly advised to take a backup of the machine because you will in some case might require to change the Windows Registry. If the steps are not carefully followed it might even crash the machine..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #417
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Malware Protection Engine - updated

    FYI...

    Security Update for MS Malware Protection Engine - Critical
    - https://technet.microsoft.com/en-us/...curity/4022344
    V1.0 (May 8, 2017): Advisory published.
    V1.1 (May 11, 2017): Added link to the same information in the Security Update Guide. This is an informational change only.
    V1.2 (May 12, 2017): Added entries into the affected software table. This is an informational change only.
    "... For more information on how to manually update the Microsoft Malware Protection Engine and malware definitions, refer to Microsoft Knowledge Base Article 2510781* ..."

    > https://nvd.nist.gov/vuln/detail/CVE-2017-0290
    Last revised: 05/25/2017

    Microsoft Malware Protection Engine deployment info
    * https://support.microsoft.com/en-us/...nt-information

    > https://www.microsoft.com/en-us/secu.../whatsnew.aspx

    > https://www.helpnetsecurity.com/2017...-engine-flaws/
    May 30, 2017 - "... security issues have been fixed in version 1.1.13804.0 of the Microsoft Malware Protection Engine. The newest version of the engine is usually automatically downloaded and implemented by the security software that uses it... to verify whether the latest version of the MMPE and definition updates are being actively downloaded and installed for their Microsoft antimalware products can do so by clicking on the software’s Help tab, then choosing the 'About [that specific software]' option..."

    - http://www.securitytracker.com/id/1038571
    CVE Reference: CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, CVE-2017-8538, CVE-2017-8539, CVE-2017-8540, CVE-2017-8541, CVE-2017-8542
    May 26 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 1.1.13704.0 and prior ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code with LocalSystem privileges on the target system.
    A local user can prevent the target Microsoft Malware Protection Engine from monitoring the target system. A service restart is required to return the system to normal operations.
    Solution: The vendor has issued a fix (1.1.13804.0)...

    - http://www.securitytracker.com/id/1038572

    - http://www.securitytracker.com/id/1038573

    - http://www.securitytracker.com/id/1038574

    Last edited by AplusWebMaster; 2017-05-30 at 23:51.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #418
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Updates - June 2017

    FYI...

    MS Security Updates - June 2017
    - https://portal.msrc.microsoft.com/en...urity-guidance
    June 13, 2017
    > https://portal.msrc.microsoft.com/en...idance/summary
    Total items: 85 [June 14, 2017] / Total items: 88 [June 22, 2017] / Total items: 89 [June 23, 2017]

    - https://portal.msrc.microsoft.com/en...b-000d3a32fc99
    June 13, 2017 - "The June security release consists of security updates for the following software:
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    Silverlight
    Skype for Business and Lync
    Adobe Flash Player ..."

    June 2017 security update release
    - https://blogs.technet.microsoft.com/...pdate-release/
    June 13, 2017

    MS Security Advisory 4025685
    Guidance related to June 2017 security update release
    - https://technet.microsoft.com/librar...y/4025685.aspx
    June 13, 2017

    - http://www.securitytracker.com/id/1038667
    CVE Reference: CVE-2017-8543
    Jun 13 2017
    Impact: Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 7 SP1, 2008 R2 SP1, 2008 SP2, 2012, 8.1, 2012 R2, RT 8.1, 10, 10 Version 1511, 2016, 10 Version 1607, 10 Version 1703
    Description: A vulnerability was reported in Windows Search. A remote user can execute arbitrary code on the target system.
    A remote user can send specially crafted SMB data to trigger an object memory handling error in Windows Search and execute arbitrary code on the target system.
    Impact: A remote user can execute arbitrary code on the target system.
    Solution: The vendor has issued a fix.
    - https://portal.msrc.microsoft.com/en.../CVE-2017-8543
    ___

    June 2017 Office Update Release
    - https://blogs.technet.microsoft.com/...pdate-release/
    June 9, 2017 - "... This month, there are 51 security updates and 27 non-security updates. All of the security and non-security updates are listed in KB article 4023935*.
    A new version of Office 2013 Click-To-Run is available: 15.0.4937.1000
    A new version of Office 2010 Click-To-Run is available: 14.0.7182.5000"

    * https://support.microsoft.com/en-us/...crosoft-office
    Last Review: Jun 13, 2017 - Rev: 9
    ___

    Additional references:
    - http://www.securitytracker.com/id/1038659
    - http://www.securitytracker.com/id/1038661
    - http://www.securitytracker.com/id/1038662
    - http://www.securitytracker.com/id/1038663
    - http://www.securitytracker.com/id/1038664
    - http://www.securitytracker.com/id/1038666
    - http://www.securitytracker.com/id/1038667
    - http://www.securitytracker.com/id/1038668
    - http://www.securitytracker.com/id/1038669
    - http://www.securitytracker.com/id/1038670
    - http://www.securitytracker.com/id/1038671
    - http://www.securitytracker.com/id/1038673
    - http://www.securitytracker.com/id/1038674
    - http://www.securitytracker.com/id/1038675
    - http://www.securitytracker.com/id/1038676
    - http://www.securitytracker.com/id/1038678
    - http://www.securitytracker.com/id/1038680

    - http://www.securitytracker.com/id/1038701
    - http://www.securitytracker.com/id/1038702
    Jun 15 2017
    ___

    ghacks Analysis:
    - https://www.ghacks.net/2017/06/13/mi...-2017-release/
    June 13, 2017 - Microsoft Security Patches for June 2017 - [See 'Executive Summary']

    - https://www.thezdi.com/blog/2017/6/1...-update-review
    June 13, 2017 - [Scroll down to: 'Microsoft Patches for June 2017']

    Qualys Analysis:
    - https://blog.qualys.com/laws-of-vuln...ve-june-update
    June 13, 2017 - "Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months... Overall its a large security update which is almost double as compared to last two months in the number of patched vulnerabilities. Actively exploited SMB issue CVE-2017-8543* and other Font, Outlook, Office, Edge and IE issues are sure to keep system administrators and security teams busy."
    * https://portal.msrc.microsoft.com/en.../CVE-2017-8543
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    June 13, 2017

    Last edited by AplusWebMaster; 2017-06-23 at 19:53.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #419
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisories 4025685, 4021558

    FYI...

    MS Security Advisory 4025685: Guidance for older platforms
    - https://support.microsoft.com/en-in/...lder-platforms
    Last Review: 19-Jun-2017 - Rev: 26
    ___

    Cumulative security update for Internet Explorer
    - https://support.microsoft.com/en-us/...r-june-13-2017
    Last Review: Jun 23, 2017 - Rev: 5
    "... Known issues in this security update:
    When you print a specific iframe or frame in a web page, the print output may be blank, or text is printed that resembles the following:
    404 – Not Found
    (A frame is a part of a web page or browser window that displays content independent of its container. A frame can load content independently.)
    This problem has also been observed in both Internet Explorer 11, and in applications that host the IE Web Browser Control.
    There is currently no workaround for this issue. However, if you print the entire web page, it will print correctly.
    Microsoft is researching this problem and will post more information in this article when the information becomes available."
    ___

    Description of the security update for Outlook 2010
    - https://support.microsoft.com/en-us/...010june13,2017
    Last Review: Jun 20, 2017 - Rev: 19
    "... Known issues in this security update: ..."

    Last edited by AplusWebMaster; 2017-06-23 at 12:58.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #420
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation June 2017 Security Updates - 'Known Issues'

    FYI...

    June 2017 Security Updates
    > https://portal.msrc.microsoft.com/en...b-000d3a32fc99
    See: "... Known Issues..." ref. KB numbers listed
    Jun 23, 2017
    ___

    CVE-2017-8558 | MS Malware Protection Engine Remote Code Execution Vuln
    - https://portal.msrc.microsoft.com/en.../CVE-2017-8558
    6/23/2017
    - http://www.securitytracker.com/id/1038783
    CVE Reference: CVE-2017-8558
    Jun 23 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): Microsoft Malware Protection Engine 1.1.13804.0 and prior ...
    The following product versions are affected:
    Microsoft Endpoint Protection
    Microsoft Forefront Endpoint Protection
    Microsoft Forefront Endpoint Protection 2010
    Windows Intune Endpoint Protection ...
    Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
    Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13903.0)...

    - http://www.securitytracker.com/id/1038784
    CVE Reference: CVE-2017-8558
    Jun 23 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): Microsoft Malware Protection Engine 1.1.13804.0 and prior ...
    Microsoft Security Essentials is also affected...
    Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
    Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13903.0)...

    CVE-2017-8529 | MS Browser Information Disclosure Vuln
    - https://portal.msrc.microsoft.com/en.../CVE-2017-8529
    Last Updated: 06/22/2017
    v3.0 - 06/22/2017: Microsoft is announcing the release of update 4032782 for Internet Explorer 11 on Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows Server 2012 R2 to address a known issue customers may experience when printing from Internet Explorer. Only customers who are experiencing print issues after installing Internet Explorer Cumulative update 4021558 should install update 4032782 because update 4032782 addresses the known issue by removing the protection from CVE-2017-8529. The update is available via the Microsoft Update Catalog only.
    ___

    - http://windowssecrets.com/windows-se...rom-last-week/
    June 22, 2017 - "... known issues have been documented... Office known issues... there will be an update expected on June 27th fixing the issue..."

    Last edited by AplusWebMaster; 2017-06-24 at 16:08.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •