Microsoft Alerts

Skype v6.3.0.105 released

FYI...

Skype v6.3.0.105 released
- https://secunia.com/advisories/52867/
Release Date: 2013-04-02
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
... vulnerabilities are reported in versions prior to 6.3.0.105.
Solution: Update to version 6.3.0.105.
Original Advisory: http://blogs.skype.com/2013/03/14/skype-6-3-for-windows/
___

Skypemageddon by bitcoining
- https://www.securelist.com/en/blog/208194210/Skypemageddon_by_bitcoining
April 04 2013 - "... malware connects to its C2 server located in Germany... 213.165.68.138
- https://www.virustotal.com/en/file/...756ddba52c1bc780eaac4bba2b3872bc037/analysis/
File name: skype-img-04_04-2013-exe.exe
Detection ratio: 32/46
Analysis date: 2013-04-08

:fear::fear:
 
Last edited:
MS Security Bulletin Advance Notification - April 2013

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms13-apr
April 04, 2013 - "This is an advance notification of security bulletins that Microsoft is intending to release on April 9, 2013...
(Total of -9-)

Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 2 - Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 3 - Important - Information Disclosure - May require restart - Microsoft Office, Microsoft Server Software
Bulletin 4 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 5 - Important - Denial of Service - Requires restart - Microsoft Windows
Bulletin 6 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 7 - Important - Elevation of Privilege - Requires restart - Microsoft Security Software
Bulletin 8 - Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
Bulletin 9 - Important - Elevation of Privilege - Requires restart - Microsoft Windows

.
 
MS - End of Support dates ...

FYI...

MS - End of Support ...
- https://blogs.technet.com/b/rmilne/...-the-date-8th-april-2014.aspx?Redirected=true
8 Apr 2013 - "...
Outlook 2003 will transition out of extended support on 8th of April 2014
Exchange Server 2003 will transition out of extended support on 8th of April 2014
Windows XP will transition out of extended support on 8th of April 2014
Exchange 2010 SP2 will transition out of support on 8th April 2014
And as non Exchange specific item, please also note Windows 2003:
Windows Server 2003 will transition out of extended support on 14th of July 2015 ..."

:fear:
 
MS Security Bulletin Summary - April 2013

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms13-apr
April 09, 2013 - "This bulletin summary lists security bulletins released for April 2013...
(Total of -9-)

Microsoft Security Bulletin MS13-028 - Critical
Cumulative Security Update for Internet Explorer (2817183)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-028
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS13-029 - Critical
Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-029
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS13-030 - Important
Vulnerability in SharePoint Could Allow Information Disclosure (2827663)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-030
Important - Information Disclosure - May require restart - Microsoft Office, Microsoft Server Software

Microsoft Security Bulletin MS13-031 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-031
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-032 - Important
Vulnerability in Active Directory Could Lead to Denial of Service (2830914)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-032
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-033 - Important
Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-033
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-034 - Important
Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-034
Important - Elevation of Privilege - Requires restart - Microsoft Security Software

Microsoft Security Bulletin MS13-035 - Important
Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-035
Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software

Microsoft Security Bulletin MS13-036 - Important
Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-036
Important - Elevation of Privilege - Requires restart - Microsoft Windows
V2.0 (April 11, 2013): Added links to Microsoft Knowledge Base Article 2823324 and Microsoft Knowledge Base Article 2839011 under Known Issues. Removed Download Center links for Microsoft security update 2823324. Microsoft recommends that customers uninstall this update. See the Update FAQ for details.

MS13-036: Description of the security update for the Windows file system kernel-mode driver (ntfs.sys):
* http://support.microsoft.com/kb/2823324/en-us
Last Review: April 11, 2013 - Revision: 2.1 - See: "Known issues with this security update... Microsoft recommends that customers -uninstall- this update..."

MS13-036: Description of the security update for the Windows kernel-mode driver (win32k.sys)
- http://support.microsoft.com/default.aspx?scid=kb;en-us;2808735
Last Review: April 9, 2013 - Revision: 1.0 - "Known issues with this security update: After you install this security update, certain Multiple Master fonts cannot be installed..."
___

Bulletin Deployment Priority
- https://blogs.technet.com/cfs-files.../00-00-00-45-71/6354.20130409_2D00_Slide2.PNG

Severity and Exploitability Index
- https://blogs.technet.com/cfs-files.../00-00-00-45-71/8637.20130409_2D00_Slide1.PNG

- http://blogs.technet.com/b/msrc/arc...il-2013-security-updates.aspx?Redirected=true

- http://blogs.technet.com/b/srd/arch...il-2013-security-updates.aspx?Redirected=true
9 Apr 2013 - "... nine security bulletins addressing 13 CVE’s..."
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15577
Last Updated: 2013-04-09 17:59:33 UTC
___

- https://secunia.com/advisories/52874/ - MS13-028
- https://secunia.com/advisories/52911/ - MS13-029
- https://secunia.com/advisories/52914/ - MS13-030
- https://secunia.com/advisories/52916/ - MS13-031
- https://secunia.com/advisories/52917/ - MS13-032
- https://secunia.com/advisories/52919/ - MS13-033
- https://secunia.com/advisories/52921/ - MS13-034
- https://secunia.com/advisories/52928/ - MS13-035
- https://secunia.com/advisories/52930/ - MS13-036
___

MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: April 9, 2013 - Revision: 121.0

- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Babonock
• Redyms
• Vesenlosow..."

- https://blogs.technet.com/b/mmpc/archive/2013/04/09/msrt-april-2013-vesenlosow.aspx?Redirected=true

Download:
- https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.19.exe - 18.7 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.19.exe - 19.4 MB

.
 
Last edited:
MS13-036 problems...

FYI...

MS13-036 problems - KB2823324 / KB2829996
- https://isc.sans.edu/diary.html?storyid=15593
Last Updated: 2013-04-11 02:13:03 UTC

- https://isc.sans.edu/diary/KB282332...n+Brazil+and+some+other+locales/15593#comment
Date: Wed, 10 Apr 2013 14:53:23 -0700
From: Susan Bradley - patchmanagement.org
Subject: MS13-036 / KB2829996
Getting early unconfirmed reports in Brazil that MS13-036 / KB2829996 MS13-036 is causing system hangs that require replacing ntfs.sys to get the machines up and running again so they can perform a system restore...
___

Stop 0xc000000e startup error in Windows 7 after you install security update 2823324*
- https://support.microsoft.com/kb/2839011
Last Review: April 12, 2013 - Revision: 2.0
"Microsoft is investigating behavior wherein systems may not recover from a restart or applications cannot load after security update 2823324 is applied. We recommend that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the 2823324 update while we investigate..."

MS13-036: Description of the security update for the Windows file system kernel-mode driver (ntfs.sys):
* http://support.microsoft.com/kb/2823324/en-us
Last Review: April 12, 2013 - Revision: 2.2 - See: "Known issues with this security update..."

- https://blogs.technet.com/b/msrc/ar...ty-bulletin-update-issue.aspx?Redirected=true
MSRCTeam | 11 Apr 2013 7:10 PM

:sad: :fear:
 
Last edited:
MS13-036 rereleased

FYI...

Microsoft Security Bulletin MS13-036 - Important
Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-036
V3.0 (April 23, 2013): Rereleased bulletin to replace the 2823324 update with the 2840149 update for NTFS.sys when installed on supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. See the Update FAQ* for details.
* "To address known issues with security update 2823324, Microsoft rereleased bulletin MS13-036 to replace the 2823324 update with the 2840149 update for NTFS.sys when installed on all affected versions of Microsoft Windows. Security update 2823324 was expired on April 11, 2013. Microsoft strongly recommends that customers with the 2823324 update still installed should -uninstall- the update prior to applying the 2840149 update*. All customers should apply the 2840149 update, which replaces the expired 2823324 update."
** http://support.microsoft.com/kb/2840149

- https://blogs.technet.com/b/msrc/ar...e-available-for-ms13-036.aspx?Redirected=true
23 Apr 2013
___

- http://technet.microsoft.com/en-us/security/bulletin/ms13-036
Updated: Wednesday, April 24, 2013
Revisions:
• V1.0 (April 9, 2013): Bulletin published.
• V2.0 (April 11, 2013): Added links to Microsoft Knowledge Base Article 2823324 and Microsoft Knowledge Base Article 2839011 under Known Issues. Removed Download Center links for Microsoft security update 2823324. Microsoft recommends that customers uninstall this update. See the Update FAQ for details.
• V2.1 (April 17, 2013): Added FAQs to provide additional guidance for customers who are having difficulties restarting their systems after installing security update 2823324. See the Update FAQ for details.
• V3.0 (April 23, 2013): Rereleased bulletin to replace the 2823324 update with the 2840149 update for NTFS.sys when installed on supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. See the Update FAQ for details.
• V3.1 (April 24, 2013): Corrected KB article hyperlink and incorrect KB numbers for Windows 7 for x64-based Systems and Windows Server 2008 R2 for Itanium-based Systems in the Affected Software table. These are informational changes only.

- https://windowssecrets.com/newsletter/going-google-apps-part-2-move-your-docs/#story6
April 24, 2013
MS13-036 (2808735, 2823324, 2840149)
> A Windows kernel update causes havoc for some
... recommend keeping KB 2808735, also included in MS13-036, on hold, too ..."

:fear:
 
Last edited:
IEv8 vuln attacks in-the-wild

FYI...

Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2847140
May 03, 2013 - "Microsoft is investigating public reports of a vulnerability in IEv8. Microsoft is aware of attacks that attempt to exploit this vulnerability. Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.
This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."

- https://blogs.technet.com/b/msrc/ar...ecurity-advisory-2847140.aspx?Redirected=true
3 May 2013 - "... impacts Internet Explorer 8... This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message..."
___

- http://arstechnica.com/security/201...-exploit-targets-nuclear-weapons-researchers/
May 4, 2013

- http://www.invincea.com/2013/05/par...ing-hole-pushing-poison-ivy-via-ie8-zero-day/
May 3, 2013 - "... driveby download exploit of IE8... to install the Poison Ivy backdoor Trojan..."

- https://www.virustotal.com/en/file/...ddb6ef2c10a4bc6b27e4b29ca2b30c777fb/analysis/
File name: stub.EXE
Detection ratio: 26/46
Analysis date: 2013-05-02

- http://www.securitytracker.com/id/1028514
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1347
May 4 2013
Vendor Confirmed: Yes
Version(s): 8
Versions 6, 7, 9, and 10 are not affected.
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: No solution was available at the time of this entry.
The vendor's advisory is available at:
http://technet.microsoft.com/en-us/security/advisory/2847140

:mad:
 
Last edited:
IE8 0-Day update...

FYI...

IE8 0-Day update ...
- https://isc.sans.edu/diary.html?storyid=15734
Last Updated: 2013-05-06 14:33:57 UTC - "... a Metasploit module was released to exploit the recent Internet Explorer 8 vulnerability. The vulnerability has also been assigned CVE-2013-1347..."
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1347 - 10.0 (HIGH)
Last revised: 05/06/2013 - "... as exploited in the wild in May 2013."

- http://technet.microsoft.com/security/advisory/2847140
May 03, 2013

:fear::fear:
 
IEv8 FixIt available for CVE-2013-1347

FYI...

Fix it for IEv8 available
- http://support.microsoft.com/kb/2847140#FixItForMe
Last Review: May 9, 2013 - Revision: 2.0 - "... CVE-2013-1347 MSHTML Shim Workaround... To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard..." Microsoft Fix it 50992

- https://blogs.technet.com/b/msrc/ar...ory-2847140-is-available.aspx?Redirected=true
8 May 2013 - "... applying the Fix it does not require a reboot. We encourage all customers using Internet Explorer 8 to apply this Fix it to help protect their systems..."

- http://technet.microsoft.com/en-us/security/advisory/2847140
• V1.1 (May 8, 2013): Added link to Microsoft Fix it solution, "CVE-2013-1347 MSHTML Shim Workaround," that prevents exploitation of this issue.

- http://www.securitytracker.com/id/1028514
"... This is currently being actively exploited in targeted attacks. Solution: ... As a workaround apply the Microsoft Fix it solution "CVE-2013-1347 MSHTML Shim Workaround" to mitigate the vulnerability..."

:fear:
 
Last edited:
MS Security Bulletin Summary - May 2013

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms13-may
May 14, 2013 - "This bulletin summary lists security bulletins released for May 2013...
(Total of -10-)

Microsoft Security Bulletin MS13-037 - Critical
Cumulative Security Update for Internet Explorer (2829530)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-037
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS13-038 - Critical
Security Update for Internet Explorer (2847204)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-038
Critical - Remote Code Execution - May require restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS13-039 - Important
Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-039
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-040 - Important
Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-040
Important - Spoofing - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS13-041 - Important
Vulnerability in Lync Could Allow Remote Code Execution (2834695)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-041
Important - Remote Code Execution - May require restart - Microsoft Lync

Microsoft Security Bulletin MS13-042 - Important
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-042
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS13-043 - Important
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-043
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS13-044 - Important
Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)
- https://technet.microsoft.com/en-ca/security/bulletin/ms13-044
Important - Information Disclosure - May require restart - Microsoft Office

Microsoft Security Bulletin MS13-045 - Important
Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-045
Important - Information Disclosure - May require restart - Microsoft Windows Essentials

Microsoft Security Bulletin MS13-046 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-046
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/arc...protections-for-may-2013.aspx?Redirected=true
"... 10 bulletins, addressing 33 vulnerabilities in Microsoft products..."

Bulletin Deployment Priority
> https://blogs.technet.com/cfs-files...s/00-00-00-45-71/8787.Deployment-Priority.png

Severity and Exploitability Index
> https://blogs.technet.com/cfs-files...71/6685.Severity-and-Exploitability-Index.png

MS13-037 addressing Pwn2own vulnerabilities
- https://blogs.technet.com/b/srd/arc...-pwn2own-vulnerabilities.aspx?Redirected=true
14 May 2013
___

May 2013 Security Bulletin Webcast Q&A
- https://blogs.technet.com/b/msrc/p/may-2013-security-bulletin-q-a.aspx?Redirected=true
May 15, 2013
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15791
Last Updated: 2013-05-14 17:52:27 UTC
___

- https://secunia.com/advisories/53327/ - MS13-037
- https://secunia.com/advisories/53314/ - MS13-038 - IE 8
- https://secunia.com/advisories/53340/ - MS13-039
- https://secunia.com/advisories/53350/ - MS13-040
- https://secunia.com/advisories/53363/ - MS13-041
- https://secunia.com/advisories/53370/ - MS13-042
- https://secunia.com/advisories/53379/ - MS13-043
- https://secunia.com/advisories/53380/ - MS13-044
- https://secunia.com/advisories/53383/ - MS13-045
- https://secunia.com/advisories/53385/ - MS13-046
___

MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: May 14, 2013 - Revision: 122.0

- https://blogs.technet.com/b/mmpc/ar...the-rogue-scan-with-msrt.aspx?Redirected=true
14 May 2013 - "... added three new families to this month’s Malicious Software Removal Tool (MSRT): Win32/FakeDef, Win32/Vicenor, and Win32/Kexqoud..."
(More detail and Screenshots at the URL above.)

Download:
- https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
File Name: Windows-KB890830-V4.20.exe - 19.3 MB
Windows Malicious Software Removal Tool x64:
File Name: Windows-KB890830-x64-V4.20.exe - 20.0 MB
___

- https://krebsonsecurity.com/2013/05/microsoft-adobe-push-critical-security-updates-2/
"<soapbox>On a side note..Dear Microsoft: Please stop asking people to install Silverlight every time they visit a Microsoft.com property. I realize that Silverlight is a Microsoft product, but it really is not needed to view information about security updates. In keeping with the principle of reducing the attack surface of an operating system, you should not be foisting additional software on visitors who are coming to you for information on how to fix bugs and vulnerabilities in Microsoft products that they already have installed. </soapbox>"
> https://krebsonsecurity.com/wp-content/uploads/2013/05/MSsilverlight.png

.
 
Last edited:
Microsoft Security Advisories 2013.05.14 ...

FYI...

Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2847140
Updated: Tuesday, May 14, 2013 Version: 2.0 - "... We have issued MS13-038* to address this issue..."
* https://technet.microsoft.com/en-us/security/bulletin/ms13-038

Microsoft Security Advisory (2820197)
Update Rollup for ActiveX Kill Bits
- http://technet.microsoft.com/en-us/security/advisory/2820197
May 14, 2013 - "... This update includes kill bits to prevent the following ActiveX controls from being run in Internet Explorer:
• Honeywell Enterprise Buildings Integrator. The following Class Identifier relates to a request by Honeywell to set a kill bit for an ActiveX control that is vulnerable. The class identifier (CLSIDs) for this ActiveX control is:
{0d080d7d-28d2-4f86-bfa1-d582e5ce4867}
• SymmetrE and ComfortPoint Open Manager. The following Class Identifier relates to a request by Honeywell to set a kill bit for an ActiveX control that is vulnerable. The class identifier (CLSIDs) for this ActiveX control is:
{29e9b436-dfac-42f9-b209-bd37bafe9317} ..."

Microsoft Security Advisory (2846338)
Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2846338
May 14, 2013 - "... Only x64-based versions of the Malware Protection Engine are affected... The Microsoft Malware Protection Engine is a part of several Microsoft antimalware products. See the Affected Software section for a list of affected products..."

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
- http://technet.microsoft.com/en-us/security/advisory/2755801
Updated: Tuesday, May 14, 2013 - "... update addresses the vulnerabilities described in Adobe Security bulletin APSB13-14*..."
* https://www.adobe.com/support/security/bulletins/apsb13-14.html
"... Flash Player 11.7.700.202 for Windows 8..."

:fear::fear::fear::fear:
 
Last edited:
MS Security Bulletin Summary - June 2013

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms13-jun
June 11, 2013 - "This bulletin summary lists security bulletins released for June 2013...
(Total of -5-)

Microsoft Security Bulletin MS13-047 - Critical
Cumulative Security Update for Internet Explorer (2838727)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-047
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS13-048 - Important
Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-048
Important - Information Disclosure - Requires restart - Microsoft Windows
- https://support.microsoft.com/kb/2839229
Last Review: June 15, 2013 - Revision: 4.1 - "... MS13-048... Known issues with this security update:
Customers who use non-updated versions of certain Kingsoft software products may experience issues installing this security update. In some cases, systems may not successfully restart after security update 2839229 is applied, and customers may encounter a blue or blank screen. We are aware that Kingsoft antivirus and browser product components (kisknl.sys, knbdrv.sys, and dgsafe.sys) may be affected. We recommend that customers update their Kingsoft software to the latest versions -before- security update 2839229 is applied..."

Microsoft Security Bulletin MS13-049 - Important
Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-049
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-050 - Important
Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/security/bulletin/ms13-050
Important - Elevation of privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-051 - Important
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-051
Important - Remote Code Execution - May require restart - Microsoft Office
___

- http://blogs.technet.com/b/srd/archive/2013/06/11/ms13-051-get-out-of-my-office.aspx?Redirected=true
11 Jun 2013 - "MS13-051... We have seen this vulnerability exploited in targeted 0day attacks in the wild..."

- https://krebsonsecurity.com/2013/06/adobe-microsoft-patch-flash-windows/
11 Jun 2013 - "... five updates address 23 vulnerabilities in Windows, Internet Explorer, and Office..."

- http://blogs.technet.com/b/msrc/arc...-the-june-2013-bulletins.aspx?Redirected=true

Bulletin Deployment Priority
- https://blogs.technet.com/cfs-files...es/00-00-00-45-71/8080.June-2013-DP-Slide.PNG

Severity and Exploitability Index
- https://blogs.technet.com/cfs-files...0-00-45-71/1512.June-2013-XI-and-Severity.PNG
___

- https://secunia.com/advisories/53728/ - MS13-047
- https://secunia.com/advisories/53739/ - MS13-048
- https://secunia.com/advisories/53741/ - MS13-049
- https://secunia.com/advisories/53742/ - MS13-050
- https://secunia.com/advisories/53747/ - MS13-051
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15977
Last Updated: 2013-06-11 17:10:35 UTC
___

MSRT
- https://support.microsoft.com/?kbid=890830
June 11, 2013 - Revision: 123.0

- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Tupym..."

Download:
- https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
Windows-KB890830-V5.1.exe - 19.1 MB
... Change systems:
Windows Malicious Software Removal Tool x64:
Windows-KB890830-x64-V5.1.exe - 19.9 MB

.
 
Last edited:
MS Security Advisories - 2013.06.11

FYI...

Microsoft Security Advisory (2854544)
Update to Improve Cryptography and Digital Certificate Handling in Windows
- http://technet.microsoft.com/en-us/security/advisory/2854544
June 11, 2013 - "... Microsoft released an update (2813430) for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT..."
* http://support.microsoft.com/kb/2813430

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
- http://technet.microsoft.com/en-us/security/advisory/2755801
June 11, 2013 - Version: 13.0

:fear::fear:
 
MS13-029 re-released for XPSP3 ...

FYI...

MS13-029 re-released for XPSP3 ...
Microsoft Security Bulletin MS13-029 - Critical
- https://technet.microsoft.com/en-us/security/bulletin/ms13-029
... Update FAQ: Why was this bulletin revised on June 25, 2013?
Microsoft revised this bulletin to rerelease the 2813347 update for Remote Desktop Connection 7.0 Client on Windows XP Service Pack 3. The rereleased update addresses an issue with the original update that caused the update to be incorrectly reoffered to systems running in specific configurations. Microsoft recommends that customers running the affected software apply the rereleased security update immediately...

V2.0 (June 25, 2013): Revised bulletin to rerelease the 2813347 update for Remote Desktop Connection 7.0 Client on Windows XP Service Pack 3. Microsoft recommends that customers running the affected software apply the rereleased security update immediately...

- https://support.microsoft.com/kb/2828223
Last Review: June 25, 2013 - Revision: 2.0

:fear::fear:
 
MS Security Bulletin Summary - July 2013

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms13-jul
July 09, 2013 - "This bulletin summary lists security bulletins released for July 2013...
(Total of -7-)

Microsoft Security Bulletin MS13-052 - Critical
Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-052
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Silverlight

Microsoft Security Bulletin MS13-053 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-053
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-054 - Critical
Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-054
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office, Microsoft Visual Studio, Microsoft Lync

Microsoft Security Bulletin MS13-055 - Critical
Cumulative Security Update for Internet Explorer (2846071)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-055
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
V1.1 (July 9, 2013): Bulletin revised to announce that Microsoft is aware of targeted attacks attempting to exploit the vulnerability described in CVE-2013-3163 through Internet Explorer 8. Applying this security update protects customers from exploitation of this vulnerability.
- https://atlas.arbor.net/briefs/index#31300424
High Severity
July 11, 2013
A 0day Internet Explorer exploit has been used in one or more targeted attack campaigns. Microsoft is aware of the issue but patching has yet to take place, leaving a window of vulnerability now that the issue is more well known.
Analysis: It is impossible to avoid all 0day attacks because by their very nature, few will know of the vulnerability. It's not secret that nation-states, security contractors and intelligence agencies have access to many vulnerabilities that are developed in-house or are part of covert markets. Despite this persistent problem with an unknown attack surface, reduction of attack surface is key, along with robust monitoring of resources of value for indicators of compromise. On the host side, Microsofts EMET technology stymies this particular exploit, although in general EMET can be evaded. Despite it's weaknesses, EMET is an extra layer of defense and it's low deployment likely means that some attackers will be less likely to attempt to bypass it's defenses. In the meanwhile, indicators from this particular attack can be useful to help determine if your organization has been targeted.
Source: http://blogs.technet.com/b/srd/archive/2013/07/10/running-in-the-wild-not-for-so-long.aspx
10 Jul 2013 - "... addressed by yesterday’s Microsoft Security Bulletin MS13-055. If you have not yet updated, please do so at the earliest possible..."

Microsoft Security Bulletin MS13-056 - Critical
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-056
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS13-057 - Critical
Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-057
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS13-058 - Important
Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-058
Important - Elevation of Privilege - Does not require restart - Microsoft Security Software
___

- http://blogs.technet.com/b/msrc/arc...ly-2013-security-updates.aspx?Redirected=true
9 Jul 2013

Bulletin Deployment Priority
- https://blogs.technet.com/cfs-files...logfiles/00-00-00-45-71/2746.July-2013-DP.png

Severity and Exploitability Index
- https://blogs.technet.com/cfs-files...es/00-00-00-45-71/5670.July-2013-Severity.png
___

- https://secunia.com/advisories/54025/ - MS13-052
- https://secunia.com/advisories/53435/ - MS13-053
- https://secunia.com/advisories/54057/ - MS13-054
- https://secunia.com/advisories/54060/ - MS13-055
- https://secunia.com/advisories/54061/ - MS13-056
- https://secunia.com/advisories/54062/ - MS13-057
- https://secunia.com/advisories/54063/ - MS13-058
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=16126
Last Updated: 2013-07-09 18:22:06 UTC... (Version: 2)

- https://atlas.arbor.net/briefs/index#-271320476
Extreme Severity
July 11, 2013 21:27
Microsoft and Adobe release critical updates. There are apparently two in-the-wild exploits for Microsoft vulnerabilities that are patched herein, so quick deployment is important.
Analysis: One of the Microsoft security holes was disclosed to the public via sharing of exploit code. This has unsurprisingly resulted in the vulnerability being exploited in the wild. There is additional evidence to suggest another one of the vulnerabilities is also being exploited, and details are emergent. No known attacks are taking advantage of the security holes patched by Adobe, however it is always likely that resourceful attackers have known of at least some of these vulnerabilities and have used them in targeted attacks.
Source: https://krebsonsecurity.com/2013/07/adobe-microsoft-release-critical-updates/
___

July 2013 Office Update Release
- https://blogs.technet.com/b/office_...13-office-update-release.aspx?Redirected=true
9 Jul 2013
___

- https://www.computerworld.com/s/art..._handles_malicious_fonts_in_Microsoft_Windows
July 9, 2013 - "... 17 of the 34 vulnerabilities covered in the bulletins address IE..."
- http://www.securitytracker.com/id/1028745
CVE Reference: CVE-2013-3115, CVE-2013-3143, CVE-2013-3144, CVE-2013-3145, CVE-2013-3146, CVE-2013-3147, CVE-2013-3148, CVE-2013-3149, CVE-2013-3150, CVE-2013-3151, CVE-2013-3152, CVE-2013-3153, CVE-2013-3161, CVE-2013-3162, CVE-2013-3163, CVE-2013-3164, CVE-2013-3166
Jul 9 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6, 7, 8, 9, 10 ...

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/security/advisory/2755801
V14.0 (July 9, 2013): Added the 2857645 update to the Current Update section.
Current Update: On July 9, 2013, Microsoft released an update (2857645) for all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-17*. For more information about this update, including download links, see Microsoft Knowledge Base Article 2857645**. Note: The update for Windows RT is available via Windows Update only. The 2857645 update is also available for Internet Explorer 11 Preview in Windows 8.1 Preview and Windows 8.1 RT Preview releases. The update is available via Windows Update.
* http://www.adobe.com/support/security/bulletins/apsb13-17.html
CVE-2013-3344, CVE-2013-3345, CVE-2013-3347
Flash Player in Internet Explorer 10
** http://support.microsoft.com/kb/2857645
July 9, 2013
___

MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: July 9, 2013 - Revision: 124.0

- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... list includes every major virus and worm family the tool provides detection and cleaning capabilities for since its initial release on January 11, 2005..."

Download:
- https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
Windows-KB890830-V5.2.exe
Windows Malicious Software Removal Tool x64:
Windows-KB890830-x64-V5.2.exe

.
 
Last edited:
Problems with MS13-057 ...

FYI...

Problems with MS13-057...
Half your video missing in Windows Movie Maker?[1] MS13-057 to blame.
- http://blog.dynamoo.com/2013/07/half-your-video-missing-in-windows.html
16 July 2013 - "... I am not alone.. an InfoWorld post* also indicates that there are problems with Adobe Premiere Pro, Techsmith Camtasia Studio, Serif MoviePlus X6 plus some games due to the MS13-057 update pushed out a week ago. If you are experiencing critical problems with missing video, then the only thing to do seems to be to uninstall the Windows Media Player patch listed as KB2803821 or KB2834904. If this isn't causing a problem then you may as well keep the patch in place to protect your system. I would expect another patch to be re-issued soon."
* https://www.infoworld.com/t/microso...ows-patch-ms13-057kb-2803821kb-2834904-222636
July 12, 2013

1) https://lh3.ggpht.com/-k5l-sYmfu54/UeTv5jiI8fI/AAAAAAAABfc/klA1eobwtxQ/s400/wmm.jpg
___

- https://isc.sans.edu/diary.html?storyid=16168
Last Updated: 2013-07-15 21:34:45 UTC
___

MS13-057: Description of the security update for Windows Media Format Runtime 9 and 9.5 (wmvdmod.dll), and for Windows Media Player 11 and 12
- http://support.microsoft.com/default.aspx?scid=kb;en-us;2803821
Last Review: August 13, 2013 - Revision: 8.0 - "... If you use Adobe Premier Pro CS6, Camtasia Studio 8.1, or Serif MoviePlus X6, you may experience issues after installing 2803821. In some cases, WMV video files may fail to successfully encode or decode. Upon completion of the investigation, Microsoft will take appropriate action to help protect our customers. This may include providing mitigations and workarounds or re-releasing this security update."
___

3 more botched Windows patches: KB 2803821, KB 2840628, and KB 2821895
Two Black Tuesday patches -- MS 13-052 and MS 13-057 -- and last month's nonsecurity patch KB 2821895 cause a variety of problems
- https://www.infoworld.com/t/microso...s-kb-2803821-kb-2840628-and-kb-2821895-222807
July 16, 2013

MS13-052: https://support.microsoft.com/kb/2861561
Last Review: July 11, 2013 - Revision: 2.0

MS13-057: https://support.microsoft.com/kb/2847883
Last Review: July 17, 2013 - Revision: 4.0

KB 2821895: https://support.microsoft.com/kb/2821895
Last Review: June 20, 2013 - Revision: 5.0

:fear: :sad:
 
Last edited:
MS Security Bulletin Summary - August 2013

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms13-aug
August 13, 2013 - "This bulletin summary lists security bulletins released for August 2013...
(Total of -8-)

Microsoft Security Bulletin MS13-059 - Critical
Cumulative Security Update for Internet Explorer (2862772)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-059
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS13-060 - Critical
Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2850869)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-060
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS13-061 - Critical
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-061
Critical - Remote Code Execution - May require restart - Microsoft Server Software

Microsoft Security Bulletin MS13-062 - Important
Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege (2849470)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-062
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-063 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2859537)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-063
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-064 - Important
Vulnerability in Windows NAT Driver Could Allow Denial of Service (2849568)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-064
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-065 - Important
Vulnerability in ICMPv6 could allow Denial of Service (2868623)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-065
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-066 - Important
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/security/bulletin/ms13-066
Important - Information Disclosure - May require restart - Microsoft Windows
___

MS13-052: Vulnerabilities in .NET Framework and Silverlight could allow remote code execution
- https://support.microsoft.com/kb/2861561
August 13, 2013 This security update has been re-released and contains some updated articles. We recommend that you apply this updated security update.
Last Review: August 13, 2013 - Revision: 5.0
- https://technet.microsoft.com/en-us/security/bulletin/MS13-052
Updated: August 13, 2013

MS13-057: Description of the security update for Windows Media Format Runtime 9 and 9.5 (wmvdmod.dll), and for Windows Media Player 11 and 12
- http://support.microsoft.com/default.aspx?scid=kb;en-us;2803821
"... issue resolved for Win7 and Win Svr 2008R2...
re-released version of security update 2803821 - August 13, 2013..."
Last Review: August 13, 2013 - Revision: 8.0
- https://technet.microsoft.com/en-us/security/bulletin/MS13-057
Updated: August 13, 2013
___

- http://blogs.technet.com/b/msrc/arc...st-2013-security-updates.aspx?Redirected=true

Bulletin Deployment Priority
- https://blogs.technet.com/cfs-files...les/00-00-00-45-71/3010.Aug-2013-DP-Slide.PNG

Severity and Exploitability Index
- https://blogs.technet.com/cfs-files...0-00-45-71/8461.Aug-2013-Sev-and-XI-Slide.PNG
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=16358
Last Updated: 2013-08-13 17:28:40

- http://www.theinquirer.net/inquirer...itical-bugs-in-internet-explorer-and-exchange
Aug 14 2013 - "... MS13-059 fixes 11 vulnerabilities in all versions of IE from IE6 to IE10... two patches for address space layout randomisation (ALSR) bypasses this month in MS13-059 for IE and MS13-063 in the Windows kernel..."
___

- https://secunia.com/advisories/53998/ - MS13-059
- https://secunia.com/advisories/54364/ - MS13-060
- https://secunia.com/advisories/54392/ - MS13-061
- https://secunia.com/advisories/54394/ - MS13-062
- https://secunia.com/advisories/54406/ - MS13-063
- https://secunia.com/advisories/54420/ - MS13-064
- https://secunia.com/advisories/54440/ - MS13-065
- https://secunia.com/advisories/54459/ - MS13-066
___

MSRT
- https://support.microsoft.com/?kbid=890830
August 13, 2013 - Revision: 125.0

- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... list includes every major virus and worm family the tool provides detection and cleaning capabilities for since its initial release on January 11, 2005..."

Download:
- https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
Windows-KB890830-V5.3.exe
Windows Malicious Software Removal Tool x64:
Windows-KB890830-x64-V5.3.exe

.
 
Last edited:
MS Security Advisories - 8.13.2013 ...

FYI...

Microsoft Security Advisory (2861855)
Updates to Improve Remote Desktop Protocol Network-level Authentication
- http://technet.microsoft.com/en-us/security/advisory/2861855
August 13, 2013

Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.microsoft.com/en-us/security/advisory/2862973
August 13, 2013

Microsoft Security Advisory (2854544)
Updates to Improve Cryptography and Digital Certificate Handling in Windows
- http://technet.microsoft.com/en-us/security/advisory/2854544
Published: June 11, 2013 | Updated: August 13, 2013

Microsoft security advisories: RDP and MD5 deprecation in Microsoft root certificates
- https://isc.sans.edu/diary.html?storyid=16361
Last Updated: 2013-08-13 18:12:43

:fear::fear::fear:
 
MS13-061 rescinded ...

FYI...

MS13-061 rescinded ...
- https://blogs.technet.com/b/exchang...e-ms13-061-status-update.aspx?Redirected=true
14 Aug 2013 - "Late last night we became aware of an issue with MS13-061 security update for Exchange Server 2013. Specifically, after the installation of the security update, the Content Index for mailbox databases shows as Failed and the Microsoft Exchange Search Host Controller service is renamed. For those that have already installed the MS13-061 security update for Exchange Server 2013, we already have KB 2879739* that provides the steps on how to resolve this issue. However, due to this issue and that it affects all Mailbox server installations, we have decided to pull the MS13-061 security update temporarily.
Note: This issue does not occur in Exchange 2010 or Exchange 2007. You can proceed with testing and deploying Exchange 2007 SP3 RU11, Exchange 2010 SP2 RU7, and Exchange 2010 SP3 RU2.
Recommendation: If you have already installed MS13-061 security update on your Exchange 2013 servers, we recommend following the steps in KB 2879739 to resolve the issue. If you have not installed MS13-061 security update on your Exchange 2013 servers, we recommend not proceeding with the update at this time..."

Update 2874216 breaks the content index in Exchange Server 2013
* https://support.microsoft.com/kb/2879739 - MS13-061
Last Review: August 20, 2013 - Revision: 5.0 <<
Applies to:
- Microsoft Exchange Server 2013 Enterprise
- Microsoft Exchange Server 2013 Standard

:fear:
 
Last edited:
You must log in or register to reply here.
Back
Top