Microsoft Alerts

AplusWebMaster · Jul 26, 2014

MS Silverlight 5 - July 2014 update

FYI...

MS Silverlight 5 - July 2014 update
- http://support.microsoft.com/kb/2977218
Last Review: July 23, 2014 - Rev: 1.0 - "... This update offers a new build (version 5.1.30514.0) that is an upgrade to earlier versions of Silverlight. This update is included in current Silverlight installers... fixed by this update:
A Silverlight application that uses tab-switched controls exhibits a memory leak when you switch between tabs or pages in the application..."
Applies to:
Microsoft Silverlight 5
Microsoft Silverlight for Macintosh
Microsoft Silverlight for Windows
___

Glitches - July Windows/Office updates
- http://windowssecrets.com/patch-watch/a-few-glitches-with-july-windowsoffice-updates/
July 24, 2014
> MS14-037 (2962872)
> MS14-039 (2975685)

:fear:

AplusWebMaster · Jul 31, 2014

MS Security Advisory 2915720 - V1.4

FYI...

Microsoft Security Advisory 2915720
Changes in Windows Authenticode Signature Verification
- https://technet.microsoft.com/en-us/library/security/2915720
December 10, 2013 | Updated: July 29, 2014 - "... This advisory was revised on July 29, 2014 to announce that the stricter Windows Authenticode signature verification behavior described here will be enabled on an opt-in basis and not made a default behavior in supported releases of Microsoft Windows...
V1.4 (July 29, 2014): Revised advisory to announce that Microsoft no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. It remains available as an opt-in feature. See the Advisory FAQ section for more information.

:fear:

AplusWebMaster · Aug 12, 2014

MS Security Bulletin Summary - August 2014

FYI...

- https://technet.microsoft.com/library/security/ms14-aug
August 12, 2014 - "This bulletin summary lists security bulletins released for August 2014...
(Total of -9-)

Microsoft Security Bulletin MS14-051 - Critical
Cumulative Security Update for Internet Explorer (2976627*)
- https://technet.microsoft.com/library/security/MS14-051
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
> https://support.microsoft.com/kb/2976627
Aug 12, 2014 - Rev: 2.0 - "This security update 2976627 resolves one -publicly- disclosed and -25- privately reported vulnerabilities in Internet Explorer..."
* https://support.microsoft.com/kb/2976627
Last Review: Aug 15, 2014 - Rev: 4.0

Microsoft Security Bulletin MS14-043 - Critical
Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742)
- https://technet.microsoft.com/library/security/ms14-043
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-048 - Important
Vulnerability in OneNote Could Allow Remote Code Execution (2977201)
- https://technet.microsoft.com/library/security/MS14-048
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS14-044 - Important
Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340)
- https://technet.microsoft.com/library/security/MS14-044
Important - Elevation of Privilege - May require restart - Microsoft SQL Server

Microsoft Security Bulletin MS14-045 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
- https://technet.microsoft.com/library/security/MS14-045
Important - Elevation of Privilege - Requires restart - Microsoft Windows
V2.0 (August 15, 2014): Bulletin revised to -remove- Download Center links for Microsoft security update 2982791. Microsoft recommends that customers -uninstall- this update. See the Update FAQ for details.
V3.0 (August 27, 2014): Bulletin rereleased to announce the replacement of the 2982791 update with the 2993651 update* for all supported releases of Microsoft Windows. See the Update FAQ for details.

Microsoft Security Bulletin MS14-049 - Important
Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490)
- https://technet.microsoft.com/library/security/MS14-049
Important - Elevation of Privilege - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-050 - Important
Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202)
- https://technet.microsoft.com/library/security/MS14-050
Important - Elevation of Privilege - May require restart - Microsoft Server Software

Microsoft Security Bulletin MS14-046 - Important
Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)
- https://technet.microsoft.com/library/security/MS14-046
Important - Security Feature Bypass - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS14-047 - Important
Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)
- https://technet.microsoft.com/library/security/MS14-047
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/archive/2014/08/12/august-2014-security-updates.aspx
12 Aug 2014

Deployment Priority, Severity, and Exploit Index
- http://blogs.technet.com/cfs-file.a...les/00-00-00-45-71/3108.DeploymentAug2014.jpg
___

August 2014 Office Update Release
- http://blogs.technet.com/b/office_s.../08/12/august-2014-office-update-release.aspx
12 Aug 2014 - "... There are 3 security updates (3 bulletins) and 25 non-security updates..."
Aug 13, 2014 - "UPDATE: An issue has been discovered in the non-security Outlook 2013 update (KB 2881011) that prevents some users from opening archive folders. We have removed this update from availability and released a new update, KB2889859 that fixes the issue. Additionally, KB2992644, has more information on the specific issue. We apologize for any inconvenience."
___

- http://www.securitytracker.com/id/1030714 - MS14-043
- http://www.securitytracker.com/id/1030716 - MS14-044
- http://www.securitytracker.com/id/1030718 - MS14-045
- http://www.securitytracker.com/id/1030721 - MS14-046
- http://www.securitytracker.com/id/1030722 - MS14-047
- http://www.securitytracker.com/id/1030717 - MS14-048
- http://www.securitytracker.com/id/1030719 - MS14-049
- http://www.securitytracker.com/id/1030720 - MS14-050
- http://www.securitytracker.com/id/1030715 - MS14-051
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18521
2014-08-12

.

AplusWebMaster · Aug 13, 2014

MS Security Advisory 2755801

FYI...

Microsoft Security Advisory 2755801
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: August 12, 2014 - Version: 27.0 - "... Microsoft released an update (2982794*) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-18**. For more information about this update, including download links, see Microsoft Knowledge Base Article 2982794*.
Note: Updates for Windows RT and Windows RT 8.1 are available via Windows Update***..."
* https://support.microsoft.com/kb/2982794

** http://helpx.adobe.com/security/products/flash-player/APSB14-18.html

*** https://www.update.microsoft.com/windowsupdate/

:fear:

AplusWebMaster · Aug 14, 2014

BSOD - Stop 0x050 error ...

FYI...

BSOD - Blue Screen Stop 0x050 error reported for systems installing KB2976897, KB2982791, and KB2970228
Two of Microsoft's kernel-mode driver updates - which often cause problems -- are triggering a BSOD error message on some Windows systems
- http://www.infoworld.com/t/microsof...ling-kb2976897-kb2982791-and-kb2970228-248363
Aug 14, 2014 - "Details at this point are sparse, but it looks like three different patches from this week's Black Tuesday crop are causing Blue Screens with a Stop 0x50 error on some systems. If you're hitting a BSOD, you can help diagnose the problem (and perhaps prod Microsoft to find a solution) by adding your voice to the Microsoft Answers Forum thread* on the subject. Problematic kernel-mode driver updates aren't unusual at all. Now that Microsoft is releasing more of them, problems seem to be cropping up more frequently.
In this case, two MS14-045/KB 2984615 kernel-mode driver patches, KB2976897 and KB2982791, have been implicated in triggering Blue Screen Stop 0x50 messages. Oddly, that Windows 8.1 "Update 2" fix that adds the ruble character as an official currency marker in Win 8.x and Win7, KB 2970228, seems to be causing the problem, too. At this point there's no word on possible causes, although several people have identified their operating systems as 64-bit Windows 7..."
* http://answers.microsoft.com/en-us/...g-update/6da4d264-02d8-458e-89e2-a78fe68766fd

> https://technet.microsoft.com/library/security/MS14-045

:fear::fear: :sad:

AplusWebMaster · Aug 16, 2014

MS14-045 Known issues - download links removed

FYI...

MS14-045 - See "Known issues" ...
- https://support.microsoft.com/kb/2982791
Last Review: August 19, 2014 - Revision: 4.2 - "... Status:
Microsoft has -removed- the download links to these updates while these issues are being investigated...
Mitigations: Open the Programs and Features item in Control Panel, and then click View installed updates. Find and then -uninstall- any of the following update that are currently installed:
KB2982791
KB2970228
KB2975719
KB2975331 ..."
(More detail at the URL above.)

- https://technet.microsoft.com/library/security/ms14-045
V2.0 (August 15, 2014): Bulletin revised to -remove- Download Center links for Microsoft security update 2982791. Microsoft recommends that customers -uninstall- this update. See the Update FAQ for details.
V3.0 (August 27, 2014): Bulletin rereleased to announce the replacement of the 2982791 update with the 2993651 update* for all supported releases of Microsoft Windows. See the Update FAQ for details.

:fear::fear:

AplusWebMaster · Aug 19, 2014

Aug 2014 Security Bulletin Webcast Q&A

FYI...

August 2014 Security Bulletin Webcast Q&A
- http://blogs.technet.com/b/msrc/arc...14-security-bulletin-webcast-and-q-amp-a.aspx
18 Aug 2014 - "Today, we published the August 2014 Security Bulletin webcast questions and answers page*... We answered ten questions on air, with the majority focusing on the update for Internet Explorer... We are aware of some issues related to the recent updates and are working on a fix. For more information please read KB 2982791**..."

* http://blogs.technet.com/b/msrc/p/aug-2014-security-bulletin-q-a.aspx
Aug 13, 2014

** https://support.microsoft.com/kb/2982791
Last Review: Aug 19, 2014 - Rev: 4.2

:fear::fear:

AplusWebMaster · Aug 26, 2014

IE hotfix KB 2991509

FYI...

Internet Explorer may become slow or unresponsive when web applications implement consecutive modal dialog boxes
- https://support.microsoft.com/kb/2991509
Last Review: Aug 21, 2014 - Rev: 2.0 - "After you apply the MS14-037 or MS14-051 cumulative security update for Internet Explorer, web applications that implement consecutive modal dialog boxes may cause Internet Explorer to become slow and unresponsive over time. This issue occurs in Internet Explorer versions 7 through 11..."

- https://support.microsoft.com/kb/2991509#prerequisites
"Prerequisites: You -must- have MS14-051* Cumulative security update for Internet Explorer installed to apply this hotfix... You -must- restart the computer after you apply this update..."

* https://support.microsoft.com/kb/2976627

MS14-051 Issue fix KB2991509 not available for Windows 8 x64
- http://social.technet.microsoft.com...ble-for-windows-8-x64?forum=ieitprocurrentver
___

- http://blogs.msmvps.com/bradley/2014/08/25/were-heading-into-the-4th-tuesday/
August 25th, 2014 - "With no hint of a re-release of the kernel updates that caused the bsod’s. On the one hand it’s good to only release it when it’s ready, on the other hand, it’s a bit concerning that it’s talking this long to come out with a rereleased version."

:fear::fear:

AplusWebMaster · Aug 27, 2014

MS14-045 rereleased

FYI...

MS14-045 rereleased
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
- https://technet.microsoft.com/en-us/library/security/ms14-045.aspx
V3.0 (August 27, 2014): Bulletin rereleased to announce the replacement of the 2982791 update with the 2993651 update* for all supported releases of Microsoft Windows. See the Update FAQ for details.

* https://support.microsoft.com/kb/2993651
Last Review: Aug 28, 2014 - Rev: 3.0

- http://blogs.technet.com/b/msrc/archive/2014/08/27/security-bulletin-ms14-045-rereleased.aspx
27 Aug 2014
___

- http://www.infoworld.com/t/microsof...cement-patch-kb-2993651-two-known-bugs-249342
Aug 28, 2014 - "... As of early this morning, one Windows 8 user was reporting black screens* with the -new- patch, KB 2993651. Answers Forum posters pacman10, JohnBurgessUK, and chadlan can't get Windows Update to check for new updates after installing KB 2993651 (although rseiler reports all's well). It's too early to tell for sure, but there may be more problems with the -new- patch..."
* http://answers.microsoft.com/en-us/.../6da4d264-02d8-458e-89e2-a78fe68766fd?page=56
___

- http://www.computerworld.com/articl...oblems-with-test-process-after-crippling.html
Aug 22, 2014 - "... end users and IT administrators alike, who have all tried to explain what they see as a -decline- in the quality of Microsoft's software updates. Some of that speculation has revolved around the July job cuts \ Microsoft made in the U.S., where according to many accounts a large number of software test engineers were let go..."

'Maybe just made it -worse- re: the "Dear Mr. Ballmer" open letter:

- http://blogs.msmvps.com/bradley/2013/09/12/dear-mr-ballmer-my-email-today/
>> Sep 12th, 2013

:fear::fear:

AplusWebMaster · Sep 9, 2014

MS Security Bulletin Summary - September 2014

FYI...

- https://technet.microsoft.com/library/security/ms14-sep
Sep 9, 2014 - "This bulletin summary lists security bulletins released for September 2014...
(Total of -4-)

Microsoft Security Bulletin MS14-052 - Critical
Cumulative Security Update for Internet Explorer (2977629)
- https://technet.microsoft.com/library/security/MS14-052
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- http://support.microsoft.com/kb/2977629
Last Review: Sep 16, 2014 - Rev: 2.0
"... This security update resolves 1 publicly disclosed and 36 privately reported vulnerabilities..."

Microsoft Security Bulletin MS14-053 - Important
Vulnerability in .NET Framework Could Allow Denial of Service (2990931)
- https://technet.microsoft.com/library/security/MS14-053
Important - Denial of Service - May require restart - Microsoft Windows, Microsoft .NET Framework
V1.1 (Sep 17, 2014): Bulletin revised to clarify language in the Executive Summary, Mitigating Factors, and Vulnerability FAQ sections that describes the attack vector for CVE-2014-4072. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4072 - 5.0

Microsoft Security Bulletin MS14-054 - Important
Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948)
- https://technet.microsoft.com/library/security/MS14-054
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-055 - Important
Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)
- https://technet.microsoft.com/library/security/MS14-055
Important - Denial of Service - Does not require restart - Microsoft Lync Server
V2.0 (Sep 15, 2014): Bulletin revised to -remove- Download Center links for Microsoft security update 2982385 for Microsoft Lync Server 2010...
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4068 - 5.0
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4070 - 5.0
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4071 - 5.0
___

- http://blogs.technet.com/b/msrc/archive/2014/09/09/the-september-2014-security-updates.aspx

Deployment Priority, Severity, Exploit Index
- http://blogs.technet.com/cfs-file.a...eblogfiles/00-00-00-45-71/4064.deployment.jpg
___

September 2014 Office Update Release
- http://blogs.technet.com/b/office_s.../09/september-2014-office-update-release.aspx
9 Sep 2014 - "... There are no security updates. There are 18 non-security updates..."
___

- http://www.securitytracker.com/id/1030818 - MS14-052
- http://www.securitytracker.com/id/1030819 - MS14-053
- http://www.securitytracker.com/id/1030820 - MS14-054
- http://www.securitytracker.com/id/1030821 - MS14-055
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18627
2014-09-09
___

MS Security Advisories - Sep 2014

Update to Improve Credentials Protection and Management
- https://technet.microsoft.com/en-us/library/security/2871997
V3.0 (September 9, 2014): Rereleased advisory to announce the release of update 2982378 to provide additional protection for users’ credentials when logging into a Windows 7 or Windows Server 2008 R2 system...

Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/library/security/2905247
V2.0 (September 9, 2013): Advisory rereleased to announce the offering of the security update via Microsoft Update, in addition to the Download-Center-only option that was provided when this advisory was originally released. Additionally, some of the updates were reissued to improve their quality...

Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
V28.0 (September 9, 2014): Added the 2987114 update to the Current Update section.

.

AplusWebMaster · Sep 12, 2014

Update for OneDrive for Business KB2889866

FYI...

Update for OneDrive for Business (KB2889866)
- https://support.microsoft.com/kb/2889866
Last Review: Sep 10, 2014 - Rev: 2.0
"Notice: We are investigating an issue that is affecting the September 2014 update for Microsoft OneDrive for Business. Therefore, we have removed the update from availability for now..."

- http://blogs.technet.com/b/office_s.../10/september-2014-office-update-release.aspx
10 Sep 2014 - "UPDATE - We have discovered an issue with update KB 2889866. We have removed the update from availability while we investigate."
___

- http://www.infoworld.com/t/microsof...-looks-whole-lot-the-old-black-tuesday-250304
Sep 11, 2014
___

September 2014 Security Bulletin Webcast Q&A
- http://blogs.technet.com/b/msrc/arc..._2d00_release_2d00_webcast_2d00_q_2d00_a.aspx
12 Sep 2014 - "Today we’re publishing the September 2014 Security Bulletin Webcast Questions & Answers page*..."
* http://blogs.technet.com/b/msrc/p/september-2014-security-bulletin-release-webcast-q-a.aspx

:fear:

AplusWebMaster · Sep 16, 2014

MS14-055 revised ...

FYI...

MS14-055 revised - Vulnerabilities in Lync could allow denial of service ...
- https://technet.microsoft.com/library/security/MS14-055
V2.0 (September 15, 2014): Bulletin revised to remove* Download Center links for Microsoft security update 2982385 for Microsoft Lync Server 2010...
* Update FAQ
Why was this bulletin revised on September 15, 2014?
Microsoft revised this bulletin to address a known issue that prevented users from successfully installing security update 2982385 for Microsoft Lync Server 2010. Microsoft is investigating behavior associated with the installation of this update, and will update this bulletin when more information becomes available. As an added precaution, Microsoft has removed the download links to the 2982385 security update...

Related: https://support.microsoft.com/kb/2990928
Last Review: Sep 16, 2014 - Rev: 2.0

:fear:

AplusWebMaster · Sep 20, 2014

MS14-046: revised ...

FYI...

MS14-046: Description of the security update for the .NET Framework 3.5
on Windows 8 and Windows Server 2012: Aug 12, 2014
* https://support.microsoft.com/kb/2966827
Last Review: Sep 19, 2014 - Rev: 3.0

Bulletin Information:
MS14-046 - Important
- https://technet.microsoft.com/library/security/ms14-046
- Reason for Revision: V1.2 (Sep 19, 2014): Bulletin
revised with a change to the 'Known Issues' entry in the Knowledge
Base Article section from "None" to "Yes".
- Originally posted: August 12, 2014
- Updated: September 19, 2014
- Bulletin Severity Rating: Important
- Version: 1.2
___

Enabling the Microsoft .NET Framework 3.5 optional Windows feature on Windows 8
and Windows Server 2012 may -fail- after you install security update 2966827
- https://support.microsoft.com/kb/3002547
Last Review: Sep 19, 2014 - Rev: 2.0

:fear::fear:

AplusWebMaster · Sep 23, 2014

Ms14-055 - v3 ...

FYI...

Microsoft Security Bulletin MS14-055 - Important
Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)
- https://technet.microsoft.com/en-us/library/security/MS14-055
V3.0 (September 23, 2014): Bulletin rereleased to announce the re-offering of the 2982385 security update file (server.msp) for Microsoft Lync Server 2010...
Why was this bulletin revised on September 23, 2014?
Microsoft re-released this bulletin to announce the re-offering of the 2982385 security update file (server.msp) for Microsoft Lync Server 2010. The re-released update addresses an issue in the original offering that prevented users from successfully installing the server.msp file. Customers who attempted to install the original update will be re-offered the 2982385* update and are encouraged to apply it at the earliest opportunity...

* https://support.microsoft.com/kb/2982385
Sep 23, 2014 - Rev: 2.0

:fear:

AplusWebMaster · Sep 24, 2014

IE10/IE11 in Win8/8.1 - Flash Player update

FYI...

IE10/IE11 in Win8/8.1 - Flash Player update
- https://technet.microsoft.com/en-us/library/security/2755801
Sep 23, 2014
V29.0 (Sep 23, 2014): Added the 2999249* update to the Current Update section.

Update for Adobe Flash Player in Internet Explorer
* https://support.microsoft.com/kb/2999249
Sep 23, 2014 - Rev: 1.0 - "An issue was found in which some videos may not play, or you may receive an error message, when you try to watch video from certain websites. Microsoft has released an update for this issue for IT professionals. This release contains a fix that will significantly reduce the prevalence of video playback failures on sites where this problem previously occurred.
Known issues with this update: Windows Update will not offer this update to Windows RT-based computers until update 2808380 is installed. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 2808380** Windows RT-based device cannot download software updates or Windows Store apps."
** https://support.microsoft.com/kb/2808380
Mar 7, 2013 - Rev: 3.0

[ Hat tip to dvk01: http://myonlinesecurity.co.uk/microsoft-updates-adobe-flash-player-ie10-ie11in-windows-8-8-1/ ]

:fear::fear:

AplusWebMaster · Oct 14, 2014

MS Security Bulletin Summary - October 2014

FYI...

- https://technet.microsoft.com/library/security/ms14-oct
Oct 14, 2014 - "This bulletin summary lists security bulletins released for October 2014...
(Total of -

Microsoft Security Bulletin MS14-056 - Critical
Cumulative Security Update for Internet Explorer (2987107)
- https://technet.microsoft.com/library/security/ms14-056
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- https://support.microsoft.com/kb/2987107
"... resolves -14- privately reported vulnerabilities in Internet Explorer. This security update helps protect Internet Explorer from being attacked when you view a specially crafted webpage..."
- https://support.microsoft.com/kb/2987107
Last Review: Oct 20, 2014 - Rev: 3.0

Microsoft Security Bulletin MS14-057 - Critical
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)
- https://technet.microsoft.com/library/security/ms14-057
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS14-058 - Critical
Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)
- https://technet.microsoft.com/library/security/ms14-058
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-059 - Important
Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)
- https://technet.microsoft.com/library/security/ms14-059
Important - Security Feature Bypass - May require restart - Microsoft Developer Tools
- https://support2.microsoft.com/kb/2990942
Last Review: Oct 16, 2014 - Rev: 2.0

Microsoft Security Bulletin MS14-060 - Important
Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)
- https://technet.microsoft.com/library/security/ms14-060
Important - Remote Code Execution - May require restart - Microsoft Windows
- http://www.isightpartners.com/2014/10/cve-2014-4114/
Oct 14, 2014
- https://support.microsoft.com/kb/3000869
Last Review: Oct 14, 2014 - Rev: 1.1

Microsoft Security Bulletin MS14-061 - Important
Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)
- https://technet.microsoft.com/library/security/ms14-061
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps
- https://support.microsoft.com/kb/3000434
Last Review: Oct 14, 2014 - Revision: 1.1

Microsoft Security Bulletin MS14-062 - Important
Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)
- https://technet.microsoft.com/library/security/ms14-062
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-063 - Important
Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)
- https://technet.microsoft.com/library/security/ms14-063
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/archive/2014/10/14/october-2014-updates.aspx

Deployment Priority, Severity, and Exploit Index
- http://blogs.technet.com/cfs-file.a.../October-2014-Security-Bulletins-overview.png
___

- http://www.securitytracker.com/id/1031018 - MS14-056
CVE Reference: CVE-2014-4123, CVE-2014-4124, CVE-2014-4126, CVE-2014-4127, CVE-2014-4128, CVE-2014-4129, CVE-2014-4130, CVE-2014-4132, CVE-2014-4133, CVE-2014-4134, CVE-2014-4137, CVE-2014-4138, CVE-2014-4140, CVE-2014-4141
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6, 7, 8, 9, 10, 11 ...
- http://www.securitytracker.com/id/1031021 - MS14-057
- http://www.securitytracker.com/id/1031022 - MS14-058
- http://www.securitytracker.com/id/1031023 - MS14-059
- http://www.securitytracker.com/id/1031017 - MS14-060
CVE Reference: CVE-2014-4114
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs ...
This vulnerability is being actively exploited via PowerPoint files.
The original advisory is available at: http://www.isightpartners.com/2014/10/cve-2014-4114/
iSIGHT Partners reported this vulnerability...
- http://www.securitytracker.com/id/1031024 - MS14-061
- http://www.securitytracker.com/id/1031025 - MS14-062
- http://www.securitytracker.com/id/1031027 - MS14-063
___

October 2014 Office Update Release
- http://blogs.technet.com/b/office_s...10/14/october-2014-office-update-release.aspx
14 Oct 2014 - "... There are 6 security updates (1 bulletin) and 21 non-security updates..."
___

MSRT October 2014 – Hikiti
- http://blogs.technet.com/b/mmpc/archive/2014/10/14/msrt-october-2014-hikiti.aspx
Oct 14, 2014 - "The October release of the Malicious Software Removal Tool (MSRT) is directly related to a Coordinated Malware Eradication (CME) initiative led by Novetta and with the help of many other security partners: F-Secure, ThreatConnect, ThreatTrack Security, Volexity, Symantec, Tenable, Cisco, and iSIGHT. Collaboration across private industry is crucial to addressing advanced persistent threats. The target in this campaign is an advanced persistent threat that served as the infrastructure of actors that launched targeted attacks against multiple organizations around the world. This month, the MSRT along with all of the partners in our Virus Information Alliance program are releasing new coverage for this infrastructure: Win32/Hikiti and some of the related malware families, Win32/Mdmbot, Win32/Moudoor, Win32/Plugx, Win32/Sensode, and Win32/Derusbi. Novetta has released an executive summary* on this threat..."
* http://www.novetta.com/operationsmn
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18819
2014-10-14 - "... only -8- instead of the promised 9 bulletins. Also, of particular interest is MS14-060 which was pre-announced by iSight Partners. iSight has seen this vulnerability exploited in some "APT" style attacks against NATO/US military interests and attributes these attacks to Russia..."
___

MS Advisories for October 2014

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: Oct 14, 2014 - v30.0

Microsoft Security Advisory 2949927
Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2
- https://technet.microsoft.com/en-us/library/security/2949927
Oct 14, 2014
V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. Microsoft recommends that customers experiencing issues -uninstall- this update. Microsoft is investigating behavior associated with this update, and will update the advisory when more information becomes available.
- https://support.microsoft.com/kb/2949927
Last Review: Oct 21, 2014 - Rev: 6.1

Microsoft Security Advisory 2977292
Update for Microsoft EAP Implementation that Enables the Use of TLS
- https://technet.microsoft.com/en-us/library/security/2977292
Oct 14, 2014

Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/library/security/3009008.aspx
V1.1 Oct 15, 2014: Advisory revised to include a workaround for disabling the SSL 3.0 protocol in Windows.

.

AplusWebMaster · Oct 15, 2014

KB2952664 problems ...

FYI...

KB2952664 problems ...
- http://myonlinesecurity.co.uk/microsoft-update-kb2952664-problems/
15 Oct 2014 - "Once again the October 2014 windows updates are causing problems on many computers. The biggest problem this month appears to be KB2952664 update for Windows 7. Do -not- install KB 2952664 update for Windows 7 unless you intend to update the windows 7 computer to either Windows 8 or the windows 10 preview. Various forums, including Microsoft help forums* are full of posts complaining about it failing. There is absolutely no need for the majority of users to install this update on their computer. If you have installed it, it will appear in the update history as -failed-. Go to programs & features, all updates and select KB2952664, press uninstall, reboot the computer and all will be OK. Then go to windows update, press check for updates, when the KB2952664 appears in the window, right click the entry and select -hide- update. You might then get a prompt asking for your admin account password if you are running as a standard user or a normal UAC prompt to continue with hiding the update. This KB 2952664 update for Windows 7 has been continually pushed out by Microsoft almost every month since April 2014 with various tweaks and revisions. Most have had some degree of install problems or have caused some degree of system instabilities. The October 2014 version appears to be the most problematic. It isn’t needed so don’t install it..."
* http://answers.microsoft.com/en-us/...g-update/30c7c7d4-d15b-49ed-a08f-edcf9ac1347b

Compatibility update for upgrading Windows 7
- https://support.microsoft.com/kb/2952664

> http://www.infoworld.com/article/28...tch-kb-2952664-fails-with-error-80242016.html
Oct 15, 2014

:fear::fear: :sad:

AplusWebMaster · Oct 16, 2014

More botched MS patches ...

FYI...

Four more botched MS patches: KB 3000061, KB 2984972, KB 2949927, KB 2995388
Windows users are reporting significant problems with four more October Black Tuesday patches
- http://www.infoworld.com/article/28...061-kb-2984972-kb-2949927-and-kb-2995388.html
Oct 16, 2014 - "... Black Tuesday problems continue to pile up. Yesterday brought to light problems with KB 2952664*, the seventh patch with that name, which fails to install on a large number of Windows 7 machines. Now there are reports of four more botched patches. It's too early to tell exactly what's causing the problems, but if you're having headaches, you aren't alone - and there are solutions.
* http://www.infoworld.com/article/28...tch-kb-2952664-fails-with-error-80242016.html
KB 3000061**... is a kernel mode driver update, MS 14-058. It's one of Microsoft's zero-day patches this month - there are very limited but identified attacks in the wild that use this security hole.
** https://support.microsoft.com/kb/3000061
TechNet has a thread*** about failure to install on Server 2012 machines. Poster jcs916 describes a problem with installing KB 3000061 on a Windows 8.1 machine...
*** https://social.technet.microsoft.co...to-install-on-server-2012?forum=winserver8gen
Microsoft released seven separately identified security patches that weren't associated with Security Bulletins. One of them, KB 2984972, isn't faring well... AndrewKelly, posting on the TechNet forum[4], says he has had problems with Autodesk packages after applying the patch:
4] https://social.technet.microsoft.co...todeskrelated-46-appv-packages?forum=mdopappv
... Finally, a nonsecurity update rollup, KB 2995388[5] - also distributed Tuesday - is causing problems with VMware. After installing the patch, every time you try to boot a virtual machine, you get a message: "Not enough physical memory is available to power on this virtual machine with its configured settings." The VMware folks[6] recommend you -not- install KB 2995388; if you have, they recommend that you -uninstall- it."
5] http://support.microsoft.com/kb/2995388

6] http://blogs.vmware.com/workstation...ssue-recent-microsoft-windows-8-1-update.html
___

- http://blogs.msmvps.com/bradley/2014/10/15/patches-to-keep-an-eye-on/
Oct 15, 2014

:fear::fear: :sad:

AplusWebMaster · Oct 17, 2014

M$ yanks botched patch KB 2949927, re-issues KB 2952664

FYI...

M$ yanks botched patch KB 2949927, re-issues KB 2952664
Windows 7 upgrade compatibility patch gets a tweaked installer, while the SHA-2 hashing patch is summarily removed without explanation
- http://www.infoworld.com/article/28...ed-patch-kb-2949927-re-issues-kb-2952664.html
Oct 17, 2014 - "Tell me if you've heard this one before: Microsoft has pulled a patch - KB 2949927*, a patch so important it rated its own Security Advisory - and there's no official notification that the patch was yanked, no explanation as to why it's been pulled, and no instructions for removing (or keeping) the patch if it did somehow get installed... Take-away lesson: Ignore Windows error messages. Aunt Martha can handle that. The more disconcerting patch, KB 2949927, was one of the -four- botched patches I mentioned yesterday. It adds SHA-2 hash signing and verification capability to Windows 7. Trying to install it on some machines led to multiple reboots failing with error 80004005 - a nice way to spend your Tuesday afternoon. And Wednesday. And Thursday morning... What should you do if the patch was installed? I have no idea, and Microsoft isn't saying a thing. Still -no- word on the other bad patches..."
* https://support.microsoft.com/kb/2949927
Last Review: Oct 21, 2014 - Rev: 6.1

:fear::fear::fear: :sad:

AplusWebMaster · Oct 22, 2014

MS Security Advisory 3010060 released

FYI...

Security Advisory 3010060 released
- http://blogs.technet.com/b/msrc/archive/2014/10/21/security-advisory-3010060-released.aspx
21 Oct 2014 - "Today, we released Security Advisory 3010060* to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file. As part of this Security Advisory, we have included an easy, one-click Fix it** solution to address the known cyberattack. Please review the "Suggested Actions" section of the Security Advisory for additional guidance. Applying the Fix it does not require a reboot. We suggest customers apply this Fix it to help protect their systems..."

Microsoft Security Advisory 3010060
Vulnerability in Microsoft OLE Could Allow Remote Code Execution
* http://technet.microsoft.com/en-us/security/advisory/3010060
21 Oct 2014 - "... we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint..."

** https://support.microsoft.com/kb/3010060#FixItForMe
Last Review: Oct 22, 2014 - Rev: 2.0
Enable this fix it - Microsoft Fix it 51026

- http://www.securitytracker.com/id/1031097
CVE Reference:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6352 - 9.3 (HIGH)
Last revised: 10/23/2014 "... as exploited in the wild in October 2014 with a crafted PowerPoint document."
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs...
> https://support.microsoft.com/kb/3010060#FixItForMe
___

- http://www.symantec.com/connect/blogs/attackers-circumvent-patch-windows-sandworm-vulnerability
22 Oct 2014 - "At least two groups of attackers are continuing to take advantage of the recently discovered Sandworm vulnerability in Windows by using an exploit that bypasses the patch... Microsoft is aware of the vulnerability and has issued a -new- security advisory warning users of possible attacks. The company has yet to release a patch for this latest issue, which is being tracked as the Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2014-6352*)... The -new- vulnerability affects all supported releases of Microsoft Windows, excluding Windows Server 2003. Microsoft has produced a Fix it** solution to address -known- exploits. Windows users are advised to exercise caution when opening Microsoft PowerPoint files or other files from -untrusted- sources. It is also recommended that the User Account Control (UAC) be enabled, if it is not already..."
* https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6352 - 9.3 (HIGH)

** https://support.microsoft.com/kb/3010060#FixItForMe

- http://atlas.arbor.net/briefs/index#973033948
Elevated Severity
23 Oct 2014

:fear:

Microsoft Alerts

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member