Microsoft Alerts

[AplusWebMaster]

FYI...

MS botches six Windows patches in latest Automatic Update
Microsoft acknowledges it has problems with KB 2876063, KB 2859537, KB 2873872, KB 2843638, KB 2843639, and KB 2868846 -- all released earlier this week
- http://www.infoworld.com/t/microsoft...-update-224988
August 15, 2013 (Details at the URL above)
___

KB 2876063
- http://support.microsoft.com/kb/2876063 - MS13-061
Last Review: August 27, 2013 - Revision: 3.0
KB 2859537
- http://support.microsoft.com/kb/2859537 - MS13-063
Last Review: August 16, 2013 - Revision: 3.0 <<
KB 2873872
- http://support.microsoft.com/kb/2873872 - MS13-066
Last Review: August 19, 2013 - Revision: 4.0 <<
KB 2843638
- http://support.microsoft.com/kb/2843638 - MS13-066
Last Review: August 23, 2013 - Revision: 8.0
KB 2843639
- http://support.microsoft.com/kb/2843639 - MS13-066
Last Review: August 19, 2013 - Revision: 9.0 <<
KB 2868846
- http://support.microsoft.com/kb/2868846 - MS13-066
Last Review: August 19, 2013 - Revision: 8.0 <<
___

- https://technet.microsoft.com/en-us/...letin/ms13-061
V2.0 (August 14, 2013): Rereleased bulletin to remove the 2874216 updates for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2 to address an issue with the updates. See the Update FAQ for details.

- https://technet.microsoft.com/en-us/...letin/ms13-063
V1.1 (August 14, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".

- https://technet.microsoft.com/en-us/...letin/ms13-066
V3.0 (August 19, 2013): Rereleased bulletin to announce the reoffering of the 2843638 update for Active Directory Federation Services 2.0 on Windows Server 2008 and Windows Server 2008 R2. See the Update FAQ for details.

Important Announcement: AD FS 2.0 and MS13-066
- https://blogs.technet.com/b/askds/ar...edirected=true
Update (8/19/13): We have republished MS13-066 with a corrected version of the hotfixes that contributed to this problem. If you had held off on installing the update, it should be safe to install on all of your ADFS servers now.
The updated security bulletin is here:
- http://technet.microsoft.com/en-us/s...letin/MS13-066

- http://support.microsoft.com/kb/2843638
Last Review: August 23, 2013 - Revision: 8.0

- http://support.microsoft.com/kb/2843639
Last Review: August 19, 2013 - Revision: 9.0 <<

[AplusWebMaster]

FYI...

MS13-066 re-released
- https://technet.microsoft.com/en-us/...letin/ms13-066
Updated: August 19, 2013 - "... Update FAQ: Why was this bulletin rereleased on August 19, 2013?
Microsoft rereleased this bulletin to announce the reoffering of the 2843638 update for Active Directory Federation Services 2.0 on Windows Server 2008 and Windows Server 2008 R2. The rereleased update addresses an issue in the original offerings that caused AD FS to stop working if the previously released RU3 rollup QFE (update 2790338) had not been installed; the rerelease removes this requirement. Furthermore, in creating this rerelease, Microsoft has consolidated the fixes contained in the two original updates (2843638 and 2843639) into a single 2843638 update. Customers who already installed the original updates will be reoffered the 2843638 update and are encouraged to apply it at the earliest opportunity. Note that when the installation is complete, customers will see only the 2843638 update in the list of installed updates."
V3.0 (August 19, 2013): Rereleased bulletin to announce the reoffering of the 2843638 update for Active Directory Federation Services 2.0 on Windows Server 2008 and Windows Server 2008 R2. See the Update FAQ for details.

- https://support.microsoft.com/kb/2873872
Last Review: August 19, 2013 - Revision: 4.0

- https://support.microsoft.com/kb/2843638
Last Review: August 23, 2013 - Revision: 8.0

- https://support.microsoft.com/kb/2843639
Last Review: August 19, 2013 - Revision: 9.0

[AplusWebMaster]

FYI...

MS13-063 KB2859537 ...
- http://www.infoworld.com/t/microsoft...2859537-225314
Aug 21, 2013 - "... Microsoft published a "Known issues" paragraph in the KB 2859537* Knowledge Base article, but it hadn't pulled the patch. As of this morning, the patch is no longer being offered (it's -unchecked- in the Automatic Update list), and the Known issues paragraph has been modified a bit... Since MS13-063 is a Windows Kernel update - always problematic, reaching into the inner sanctum - a lot of people have reported problems... Microsoft is interested in 0xc0000005 crashes, even if (especially if) you thought you had a genuine copy of Windows 7 or Vista..."

- https://technet.microsoft.com/en-us/...letin/ms13-063
Updated: August 14, 2013

* https://support.microsoft.com/kb/2859537
Last Review: August 16, 2013 - Revision: 3.0

[AplusWebMaster]

FYI...

MS releases revisions to existing Updates
- https://isc.sans.edu/diary.html?storyid=16448
Last Updated: 2013-08-27 20:49:12 - "... patches have undergone signficant revision according to Microsoft. The following patches were updated today by Microsoft, and are set to roll in the automatic updates:

* MS13 - July 2013 / MS13-057 - Critical
- https://technet.microsoft.com/securi...letin/ms13-jul
Updated: Tuesday, August 27, 2013
V3.0 (August 27, 2013): For MS13-057, bulletin revised to rerelease security update 2803821 for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; security update 2834902 for Windows XP and Windows Server 2003; security update 2834903 for Windows XP; security update 2834904 for Windows XP and Windows Server 2003; and security update 2834905 for Windows XP. Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 customers should install the rereleased updates that apply to their systems. See the bulletin for details.
- https://technet.microsoft.com/en-us/...letin/ms13-057
V3.0 (August 27, 2013): Bulletin revised to rerelease security update 2803821 for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; security update 2834902 for Windows XP and Windows Server 2003; security update 2834903 for Windows XP; security update 2834904 for Windows XP and Windows Server 2003; and security update 2834905 for Windows XP. Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 customers should install the rereleased updates. See the Update FAQ for more information.

* MS13 - August 2013 / MS13-061 - Critical
- https://technet.microsoft.com/securi...letin/ms13-aug
Updated: Tuesday, August 27, 2013
V3.0 (August 27, 2013): For MS13-061, bulletin revised to announce the reoffering of the 2874216 update for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2. See the bulletin for details.
- https://technet.microsoft.com/en-us/...letin/ms13-061
V3.0 (August 27, 2013): Rereleased bulletin to announce the reoffering of the 2874216 update for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2. See the Update FAQ for details.
___

Office 2010 update
- https://support.microsoft.com/kb/2825640/en-us
Last Review: August 27, 2013 - Revision: 1.0 - "... This update fixes some issues that occur when you install Service Pack 2 (SP2) for Office 2010. Additionally, this update contains stability and performance improvements..."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- https://technet.microsoft.com/en-us/...visory/2862973
V1.1 (August 27, 2013): Revised advisory to announce that the 2862973 update is available from the Microsoft Update Catalog.

Microsoft Security Advisory (2854544)
Updates to Improve Cryptography and Digital Certificate Handling in Windows
- https://technet.microsoft.com/en-us/...visory/2854544
V1.1 (August 13, 2013): Added the 2862966 and 2862973 updates to the Available Updates and Release Notes section.
V1.2 (August 27, 2013): Revised advisory to announce that the 2862973 update is available from the Microsoft Update Catalog.

[AplusWebMaster]

FYI...

- https://technet.microsoft.com/en-us/...letin/ms13-sep
Sep 10, 2013 - "This bulletin summary lists security bulletins released for September 2013...
(Total of 13*)

* http://blogs.technet.com/b/msrc/arch...edirected=true
10 Sep 2013 - "... This month we released 13 bulletins – four Critical and nine Important – which addressed 47 unique CVEs in Microsoft Windows, Office, Internet Explorer and SharePoint..."

Microsoft Security Bulletin MS13-067 - Critical
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
- http://technet.microsoft.com/en-us/s...letin/ms13-067
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
V1.2 (September 13, 2013): Revised bulletin to announce a detection change for the Excel Services on Microsoft SharePoint Server 2007 update (2760589). This is a detection change only. There were no changes to the update files. Customers who have successfully installed the update do not need to take any action.

Microsoft Security Bulletin MS13-068 - Critical
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)
- http://technet.microsoft.com/en-us/s...letin/ms13-068
Critical - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS13-069 - Critical
Cumulative Security Update for Internet Explorer (2870699)
- https://technet.microsoft.com/en-us/...letin/ms13-069
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS13-070 - Critical
Vulnerability in OLE Could Allow Remote Code Execution (2876217)
- https://technet.microsoft.com/en-us/...letin/ms13-070
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS13-071 - Important
Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)
- https://technet.microsoft.com/en-us/...letin/ms13-071
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS13-072 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
- https://technet.microsoft.com/en-us/...letin/ms13-072
Important - Remote Code Execution - May require restart - Microsoft Office
V1.1 (September 13, 2013): Revised bulletin to announce detection changes for the Microsoft Office 2007 update (2760411) and the Microsoft Word 2010 update (2767913). These are detection changes only. There were no changes to the update files. Customers who have successfully installed the updates do not need to take any action. Also updated the Known Issues entry in the Knowledge Base Article section from "Yes" to "None".

Microsoft Security Bulletin MS13-073 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)
- http://technet.microsoft.com/en-us/s...letin/ms13-073
Important - Remote Code Execution - May require restart - Microsoft Office
V1.1 (September 13, 2013): Revised bulletin to announce detection changes for the Microsoft Excel 2003 update (2810048), Microsoft Excel 2007 update (2760583), Microsoft Excel Viewer update (2760590), and Microsoft Office Compatibility Pack update (2760588). These are detection changes only. There were no changes to the update files. Customers who have successfully installed the updates do not need to take any action. Also updated the Known Issues entry in the Knowledge Base Article section from "Yes" to "None".

Microsoft Security Bulletin MS13-074 - Important
Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)
- http://technet.microsoft.com/en-us/s...letin/ms13-074
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS13-075 - Important
Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)
- http://technet.microsoft.com/en-us/s...letin/ms13-075
Important - Elevation of Privilege - May require restart - Microsoft Office

Microsoft Security Bulletin MS13-076 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)
- http://technet.microsoft.com/en-us/s...letin/ms13-076
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-077 - Important
Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)
- http://technet.microsoft.com/en-us/s...letin/ms13-077
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-078 - Important
Vulnerability in FrontPage Could Allow Information Disclosure (2825621)
- http://technet.microsoft.com/en-us/s...letin/ms13-078
Important - Information Disclosure - May require restart - Microsoft Office

Microsoft Security Bulletin MS13-079 - Important
Vulnerability in Active Directory Could Allow Denial of Service (2853587)
- http://technet.microsoft.com/en-us/s...letin/ms13-079
Important - Denial of Service - May require restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/arch...edirected=true
10 Sep 2013

Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesy...3.DP-Slide.PNG

Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesy...rity-Slide.PNG
___

- https://secunia.com/advisories/54741/ - MS13-067
- https://secunia.com/advisories/54729/ - MS13-068
- https://secunia.com/advisories/54725/ - MS13-069
- https://secunia.com/advisories/54735/ - MS13-070
- https://secunia.com/advisories/54736/ - MS13-071
- https://secunia.com/advisories/54737/ - MS13-072
- https://secunia.com/advisories/54739/ - MS13-073
- https://secunia.com/advisories/51856/ - MS13-074
- https://secunia.com/advisories/54742/ - MS13-075
- https://secunia.com/advisories/54743/ - MS13-076
- https://secunia.com/advisories/54745/ - MS13-077
- https://secunia.com/advisories/54747/ - MS13-078
- https://secunia.com/advisories/54750/ - MS13-079
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=16538
Last Updated: 2013-09-10 18:24:55 UTC ...(Version: 1)

.

[AplusWebMaster]

FYI...

MS botches still more patches in latest Automatic Update
... the day after Black Tuesday. Watch out for automatic patches KB 2817630, KB 2810009, KB 2760411, KB 2760588, and KB 2760583
- http://www.infoworld.com/t/microsoft...-update-226594
Sep 11, 2013 - "No sooner did Microsoft release the latest round of Black Tuesday patches, than screams of agony began sounding all over the Internet. At this point, I've seen -verified- problems with KB 2817630, KB 2810009, KB 2760411, KB 2760588, and KB 2760583... No guidance for handling the problem is on offer in the usual forums, because the people moderating the forums haven't a clue what went wrong and Microsoft isn't saying a thing..."

[AplusWebMaster]

FYI...

Outlook 2013 Folder Pane Disappears After Installing September 2013 Public Update
- https://blogs.technet.com/b/office_s...edirected=true
11 Sep 2013 - "Shortly after publishing the September Public Update, we received notifications of a potential issue with Outlook 2013 after installing the non-security update KB2817630. Based on those reports we immediately removed the patch from Microsoft Update. If you haven’t already downloaded or installed the patch, you will not have these problems or be offered the problematic patch. In contrast to what has been reported, MS13-068 is not the cause nor is it affected by this issue...
Due to a version incompatibility between outlook.exe and mso.dll, a mismatched reference to a data structure causes the “Minimize” button in the navigation pane to render incorrectly, typically extremely large to the point that the navigation pane is "invisible" to the user. The issue only manifests when incompatible versions of outlook.exe and mso.dll exist on the system...
Two updates can get a user into this state. Installing the September Public Update delivers an updated version of mso.dll without updating outlook.exe, resulting in the incorrect user interface.
•If you have Automatic Updates enabled, visit the Add Remove Programs feature of your Windows Installation, and uninstall KB2817630. Close Outlook and restart.
•If you have installed the August Cumulative update (which you must do manually), removing KB2817347 will correct the issue. From the Add Remove Programs feature, select KB2817347 from the list and select “Uninstall.” Close Outlook and restart.
•If you have BOTH Updates installed, the problem is not evident. The issue only manifests when one of the updates has been installed. If you have updated to the September Public Update and you want to roll forward, install the August Cumulative update, KB2817347.
We are also working on re-publishing the September Public Update with the correct versions of both mso.dll and outlook.exe to ensure users with automatic updates enabled will receive the correct fix..."
___

Superceded by:
- http://blogs.technet.com/b/office_su...-and-sccm.aspx
Dated 12 Sep 2013, which in reality did not get the revisions released until 13 Sep 2013...

[AplusWebMaster]

FYI...

Reboot Wednesday: Yesterday's Patch Tuesday Aftermath
- https://isc.sans.edu/forums/diary/Re...ftermath/16556
Comments: 15 hours ago ... [Susan Bradley]

"KB2810009 users are reporting error 80242009 upon install see:
http://social.technet.microsoft.com/...b2810009-issue

Next: Office 2007 updates:
1.Security Fixes MS13-072 and MS13-073 MS13-074
KB2760411
KB2760588
KB2760583
http://answers.microsoft.com/en-us/w...=1378836774249

Two security updates released yesterday MS13-072, MS13-073 and MS13-074, These are installing fine but if you scan the machine again for updates, show up again and again and again. Currently there is -no- fix available for these other than to say that the update is applied but it is not getting properly detected. The product group is aware of the issues and are working on it.

Outlook 2013 - see http://blogs.technet.com/b/office_su...ic-update.aspx "
___

- https://windowssecrets.com/patch-wat...ptember-fixes/
Sep 11, 2013
___

MS13-073: Description of the security update for Microsoft Office Excel 2007 ...
- http://support.microsoft.com/kb/2760583/en-us
Last Review: September 13, 2013 - Revision: 4.0
"... Known issues with this update: Customers may have been repeatedly offered this update even though it was already installed. Note: This issue is resolved by a detection change released September 13, 2013. This change did not affect the updated files. This change only affects the way that we offer the updates to customers..."

//

[AplusWebMaster]

FYI...

MS pulls botched KB 2871630 - many Office patch problems remain
- http://www.infoworld.com/t/microsoft...-remain-226690
Sep 12, 2013 - "... KB 2871630, the one that caused the folder list in Outlook 2013 to disappear - was pulled early Wednesday morning...
While KB 2876130 is reined in for the moment, a whole slew of this month's patches are still causing problems on some machines:
• Two Office 2007 security updates - MS13-072 / KB2760411 and KB2760588 - and one Excel 2007 security update - MS13-073 / KB2760583 - are installing over and over again... The KB articles now say, "You may be repeatedly offered this update even though it is already installed. Microsoft is researching this problem and will post more information in this article when the information becomes available." At this point there's no additional information.
• The MS13-073 / KB 2810048 security patch for Excel 2003 installs over and over again. Two Answers forum threads in English - as well as several in other languages - have more than a hundred entries...
• The installer for the MS13-074 / KB 2810009 security patch for Access 2013 is failing with an error code 80242009... As of 11:00 p.m. Thursday, the TechNet MS13-074 article says "Known issues: None"
• The MS13-068 / KB 2794707 Outlook 2010 security patch is throwing off an error that looks just like the problem Microsoft encountered with Outlook in the Office 2010 SP 2 update, where the Calendar Folder property is empty. I've been told that Microsoft considers the problem to be "cosmetic" and it's relegated to "won't fix" status..."
___

MS13-072
- http://support.microsoft.com/kb/2760411
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Office Basic 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007 Home Use Program
Microsoft Office Home and Student 2007
Microsoft Office Professional 2007
Microsoft Office Professional Plus 2007
Microsoft Office Small Business 2007
Microsoft Office Standard 2007

MS13-073
- http://support.microsoft.com/kb/2760583
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Office Excel 2007
Microsoft Office Excel 2007 (Home and Student version)

MS13-073
- http://support.microsoft.com/kb/2760588
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Office Excel 2007
Microsoft Office Excel 2007 (Home and Student version)

MS13-073
- http://support.microsoft.com/kb/2810048
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 3.0
Applies to:
Microsoft Office 2003 Service Pack 3, when used with:
Microsoft Office Excel 2003

MS13-074
- http://support.microsoft.com/kb/2810009
"Known issues with this update: Note The following issue is resolved by a detection change released September 13, 2013... Customers may have been repeatedly offered this update even though it was already installed."
Last Review: September 13, 2013 - Revision: 4.0
Applies to:
Microsoft Access 2013