Microsoft Alerts

IE FixIt released - disable SSL3.0

FYI...

Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/library/security/3009008
V2.0 (October 29, 2014): Revised advisory to announce the deprecation of SSL 3.0, to clarify the workaround instructions for disabling SSL 3.0 on Windows servers and on Windows clients, and to announce the availability of a Microsoft Fix it solution for Internet Explorer. For more information see Knowledge Base Article 3009008*.
* https://support.microsoft.com/kb/3009008#FixItForMe
Last Review: Oct 29, 2014 - Rev: 2.3
Disable SSL 3.0 in Internet Explorer - Microsoft Fix it 51024

:fear::fear:
 
MS Security Bulletin Summary - Nov 2014

FYI...

- https://technet.microsoft.com/library/security/ms14-nov
Nov 11, 2014 - "This bulletin summary lists security bulletins released for November 2014...
(Total of -14-)

Microsoft Security Bulletin MS14-064 - Critical
Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
- https://technet.microsoft.com/library/security/MS14-064
Critical - Remote Code Execution - May requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-065 - Critical
Cumulative Security Update for Internet Explorer (3003057)
- https://technet.microsoft.com/library/security/MS14-065
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS14-066 - Critical
Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
- https://technet.microsoft.com/library/security/MS14-066
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-067 - Critical
Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958)
- https://technet.microsoft.com/library/security/MS14-067
Critical - Remote Code Execution - May require restart - Microsoft Windows

MS14-068: Release date to be determined.

Microsoft Security Bulletin MS14-069 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710)
- https://technet.microsoft.com/library/security/MS14-069
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS14-070 - Important
Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)
- https://technet.microsoft.com/library/security/MS14-070
Important - Elevation of Privilege - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-071 - Important
Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)
- https://technet.microsoft.com/library/security/MS14-071
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-072 - Important
Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)
- https://technet.microsoft.com/library/security/MS14-072
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS14-073 - Important
Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431)
- https://technet.microsoft.com/library/security/MS14-073
Elevation of Privilege - May require restart - Microsoft Server Software

Microsoft Security Bulletin MS14-074 - Important
Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)
- https://technet.microsoft.com/library/security/MS14-074
Important - Security Feature Bypass - Requires restart - Microsoft Windows

MS14-075: Release date to be determined.

Microsoft Security Bulletin MS14-076 - Important
Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998)
- https://technet.microsoft.com/library/security/MS14-076
Important - Security Feature Bypass - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-077 - Important
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381)
- https://technet.microsoft.com/library/security/MS14-077
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-078 - Moderate
Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (2992719)
- https://technet.microsoft.com/library/security/MS14-078
Moderate - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft Office

Microsoft Security Bulletin MS14-079 - Moderate
Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (3002885)
- https://technet.microsoft.com/library/security/MS14-079
Moderate - Denial of Service - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/archive/2014/11/11/november-2014-updates.aspx

Assessing Risk
- http://blogs.technet.com/b/srd/arch...k-for-the-november-2014-security-updates.aspx
11 Nov 2014

Exploitability Index
- http://technet.microsoft.com/en-us/security/cc998259.aspx
___

- http://www.securitytracker.com/id/1031184 - MS14-064
- http://www.securitytracker.com/id/1031185 - MS14-065
- http://www.securitytracker.com/id/1031186 - MS14-066
- http://www.securitytracker.com/id/1031187 - MS14-067
-
- http://www.securitytracker.com/id/1031189 - MS14-069
- http://www.securitytracker.com/id/1031190 - MS14-070
- http://www.securitytracker.com/id/1031191 - MS14-071
- http://www.securitytracker.com/id/1031188 - MS14-072
- http://www.securitytracker.com/id/1031192 - MS14-073
- http://www.securitytracker.com/id/1031193 - MS14-074
-
- http://www.securitytracker.com/id/1031194 - MS14-076
- http://www.securitytracker.com/id/1031195 - MS14-077
- http://www.securitytracker.com/id/1031196 - MS14-078
- http://www.securitytracker.com/id/1031197 - MS14-078
- http://www.securitytracker.com/id/1031198 - MS14-079
___

November 2014 Office Update Release
- http://blogs.technet.com/b/office_s...ve/2014/11/11/october-2014-office-update.aspx
11 Nov 2014 - "... There are 5 security updates (3 bulletins) and 33 non-security updates...

NOTICE: Support for Microsoft Office 2010 SP1 ended on 10/14/14. All subsequent Office 2010 updates, beginning with this set, will only apply provided Office 2010 SP2 is installed. See KB2687455* for more information about acquiring Office 2010 SP2 ...
* https://support.microsoft.com/kb/2687455
___

ISC Analysis:
- https://isc.sans.edu/diary.html?storyid=18941
2014-11-11
___

MS Advisories - Nov 2014:

MS Security Advisory 2755801
Update for vulns in Flash Player in IE
- https://technet.microsoft.com/en-us/library/security/2755801
Nov 11, 2014 V31.0 - "... update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."

MS Security Advisory 3010060
Vulnerability in Microsoft OLE Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/library/security/3010060
Nov 11, 2014 V2.0 - "... We have issued Microsoft Security Bulletin MS14-064* to address this issue..."
* https://technet.microsoft.com/library/security/MS14-064

.
 
Last edited:
Kb 3003743, IE11 ...

FYI...

KB 3003743, IE11 ...
- http://www.infoworld.com/article/28...-tuesday-kb-3003743-ie11-emet-5-security.html
Nov 13, 2014 - "... sporadic reports of KB 3003743* - part of MS14-074 - breaking concurrent RDP sessions. Poster turducken on the My Digital Life forums pins it down:
Today's updates includes KB3003743 and with it comes termsrv.dll version 6.1.7601.18637
Jason Hart has also tweeted that KB 3003743 kills NComputing's virtualization software..."
* https://support.microsoft.com/kb/3003743
Last Review: Nov 11, 2014 - Rev: 1.2

:fear:
 
MS14-066: Known issues ...

FYI...

MS14-066: Known issues ...
- https://support.microsoft.com/kb/2992611
Last Review: Nov 14, 2014 - Rev: 3.0
See: Known issues with this security update:
" We are aware of an issue in certain configurations in which TLS 1.2 is enabled by default, and TLS negotiations may fail. When this problem occurs, TLS 1.2 connections are dropped, processes hang (stop responding), or services become intermittently unresponsive..."

Security Update MS14-066 causes major performance problems in Microsoft Access / SQL Server applications
- http://darrenmyher.wordpress.com/20...-in-microsoft-access-sql-server-applications/
Nov 13, 2014
___

Hold off installing MS14-066 / KB 2992611
- http://blogs.msmvps.com/spywaresucks/2014/11/16/hold-off-installing-ms14-066-kb-2992611/
Nov 16, 2014 - "Word is it is breaking stuff, including the ability to access using secure sites using Chrome.
Possible fixes if you’re already affected:
- Open gpedit.msc
- Go to computer configuration > administrative templates > Network > SSL Configuration Settings > - SSL Cipher Suite Order: Set it to enabled
- Reboot
The policy populates the Windows registry with the legacy cipher suites less the 4 new cipher suites added by MS14-066 /2992611. The list of ciphers used can be viewed by enabling the policy then reviewing the list of ciphers in the dialog box
Or: Remove MS14-066 / KB 2992611 and reboot.
Amazon Advisory: https://aws.amazon.com/security/security-bulletins/ms14-066-advisory/ "

- http://www.infoworld.com/article/28...-code-40-slow-sql-server-block-iis-sites.html
Nov 17, 2014 - "... we're sitting here with a bad patch, almost a week after Black Tuesday, and the patch is -still- being offered through Automatic Update. Microsoft hasn't pulled it, in spite of one acknowledged major problem, another that's the talk of the SQL Server community, and a few hangers-on that may clobber your machines. Amazon raised a red flag on Wednesday..."

MS14-066 Advisory
- https://aws.amazon.com/security/security-bulletins/ms14-066-advisory/
2014/11/14 5:30PM PST - "We are continuing to investigate the reported issues with the patch that was supplied for MS14-066. This updated status is being provided for the service below. We will continue to update this Security Bulletin for the other services previously identified as more information becomes available.
Amazon Relational Database Service (RDS):
Amazon RDS will build and deploy any required updates to affected RDS SQL Server instances. Any needed updates will require a restart of the RDS database instance. Communication of the specific timing of the update for each instance will be communicated via email or AWS Support directly to customers prior to any instance restart...

We will continue provide updates to this security bulletin.
___

WinShock (KB2992611) Patch breaks IIS
- https://social.technet.microsoft.co...2611-patch-breaks-iis?forum=winserversecurity
Last entry (as of date/time of this post): Nov 16, 2014 12:01 AM
___

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321 - 10.0 (HIGH)
Last revised: 11/12/2014
> http://technet.microsoft.com/security/bulletin/MS14-066

:fear:
 
Last edited:
MS14-068 released, MS14-066 re-released ...

FYI...

MS Security Bulletin MS14-068 - Critical
Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)
- https://technet.microsoft.com/library/security/MS14-068
Critical - Elevation of Privilege - Requires restart - Microsoft Windows
Nov 18, 2014 - Ver: 1.0
- https://support.microsoft.com/kb/3011780

- http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx
18 Nov 2014

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6324 - 9.0 (HIGH)
Last revised: 11/19/2014 - "... as exploited in the wild in November 2014..."
___

MS14-066/KB 2992611/WinShock - more problems reported
- http://www.infoworld.com/article/28...th-the-ms14-066-kb-2992611-winshock-mess.html
Nov 18, 2014 - "... an entire collection of real, bona fide problems that accompany many installations of KB 2992611.
- On Nov. 12, Amazon issued an advisory about the botched Microsoft patch:
[ http://aws.amazon.com/security/security-bulletins/ms14-066-advisory/ ]
'We have received reports that the patch that Microsoft supplied for MS14-066 has been causing issues, specifically that TLS 1.2 sessions are disconnecting during key exchange.
While we investigate this issue with the patch provided, we suggest that our customers review their security groups and ensure that external access to Windows instances have been appropriately restricted to the extent possible.'
Now IBM has chimed in with its own advisory:
[ http://www-01.ibm.com/support/docview.wss?uid=swg21690217 ]
After applying the OS patch, B2B Integrator and FileGateway are unable to start up with the following error:
The driver could not establish a secure connection to SQL Server by using Secure Sockets
Layer (SSL) encryption. Error: "SQL Server returned an incomplete response. The connection has been closed.".
[2014-04-22 06:21:32.25] ERRORDTL [1398162092250]com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server returned an incomplete response. The connection has been closed."
IBM further advises, as of early Tuesday morning, "There is currently no workaround for this issue with the OS patch."
Even BlackBerry - has officially diagnosed a conflict between KB 2992611 and its Print To Go product..."
[ https://supportforums.blackberry.com/t5/BlackBerry-PlayBook/Print-to-Go/td-p/2866644/page/3 ]

> http://www.infoworld.com/article/28...1-schannel-ms14-068kb-3011780-kb-3000850.html
Nov 18, 2014
___

- https://technet.microsoft.com/library/security/ms14-066
V2.0 (November 18, 2014): Bulletin revised to announce the reoffering of the 2992611 update to systems running Windows Server 2008 R2 and Windows Server 2012. The reoffering addresses known issues that a small number of customers experienced with the new TLS cipher suites that were included in the original release. Customers running Windows Server 2008 R2 or Windows Server 2012 who installed the 2992611 update prior to the November 18 reoffering should reapply the update. See Microsoft Knowledge Base Article 2992611 for more information.
> https://support.microsoft.com/kb/2992611
Last Review: Nov 18, 2014 - Rev: 4.1
... Note: If you downloaded and then installed this security update from the Microsoft Download Center for Windows Server 2008 R2 or Windows Server 2012, we recommend that you reinstall the security update from the Download Center. When you click the Download button, you will be prompted to select the check boxes for updates 2992611 and 3018238. Click to select both updates, and then click Next to continue with the updates. These packages -will- require -two- restarts in sequence during installation.
> http://support2.microsoft.com/kb/3011780
Last Review: Nov 18, 2014 - Rev: 1.0
___

November 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
> https://support2.microsoft.com/kb/3000850
Last Review: Nov 18, 2014 - Rev: 1.0

:fear:
 
Last edited:
Update for Flash Player in IE10, 11

FYI...

Update for vulns in Adobe Flash Player in IE10, 11
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: Nov 25, 2014 V32.0 - "... update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... described in Adobe Security bulletin APSB14-26*..."
* https://helpx.adobe.com/security/products/flash-player/apsb14-26.html
Nov 25, 2014 - "... update to Adobe Flash Player 15.0.0.239..."

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8439 - 7.5 (HIGH)

:fear:
 
MS Security Bulletin Advance Notification - December 2014

FYI...

- https://technet.microsoft.com/library/security/ms14-dec
Dec 4, 2014 - "This is an advance notification of security bulletins that Microsoft is intending to release on December 9, 2014...
(Total of -7-)

Bulletin 1 - Important - Elevation of Privilege - May require restart- Microsoft Exchange
Bulletin 2 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 3 - Critical - Remote Code Execution - May require restart - Microsoft Office
Bulletin 4 - Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 5 - Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 6 - Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 7 - Important - Information Disclosure - May require restart - Microsoft Windows

.
 
IE 0-day ...

FYI...

IE9 0-day ...
- https://secunia.com/advisories/60610/
Release Date: 2014-12-08
Criticality: Highly Critical
Where: From remote
Impact: System access
Solution Status: Unpatched
Software: Microsoft Internet Explorer 9.x
CVE Reference(s): https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8967 - 6.8
Description: ... vulnerability is caused due to a use-after-free error when handling CElement objects and can be exploited to cause memory corruption via a specially crafted HTML element with "display:run-in" style applied. Successful exploitation of this vulnerability may allow execution of arbitrary code...
- http://www.zerodayinitiative.com/advisories/ZDI-14-403/
2014-12-04

:fear::fear:
 
Last edited:
MS Security Bulletin Summary - December 2014

FYI...

- https://technet.microsoft.com/library/security/ms14-dec
Dec 9, 2014 - "This bulletin summary lists security bulletins released for December 2014...
(Total of -7-).

Microsoft Security Bulletin MS14-075 - Important
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)
- https://technet.microsoft.com/library/security/MS14-075
Important - Elevation of Privilege - May require restart - Microsoft Exchange

Microsoft Security Bulletin MS14-080 - Critical
Cumulative Security Update for Internet Explorer (3008923)
- https://technet.microsoft.com/library/security/ms14-080
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS14-081 - Critical
Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301)
- https://technet.microsoft.com/library/security/ms14-081
Critical - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS14-082 - Important
Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)
- https://technet.microsoft.com/library/security/ms14-082
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS14-083 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
- https://technet.microsoft.com/library/security/ms14-083

Microsoft Security Bulletin MS14-084 - Critical
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)
- https://technet.microsoft.com/library/security/ms14-084
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-085 - Important
Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)
- https://technet.microsoft.com/library/security/ms14-085
Important - Information Disclosure - May require restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/archive/2014/12/09/december-2014-updates.aspx
Dec 9, 2014 - "... we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange...
We re-released two Security Bulletins:
MS14-065 Cumulative Security Update for Internet Explorer
- http://support.microsoft.com/kb/3003057
MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution
- https://technet.microsoft.com/library/security/MS14-066
One Security Advisory was revised:
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)..."
- https://technet.microsoft.com/en-us/library/security/2755801
___

MS Advisories for Dec 2014:

Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/library/security/3009008
Oct 14, 2014 | Updated: Dec 9, 2014
V2.1

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: Dec 9, 2014
V33.0
___

- http://www.securitytracker.com/id/1031318 - MS14-075
- http://www.securitytracker.com/id/1031315 - MS14-080
- http://www.securitytracker.com/id/1031314 - MS14-081
- http://www.securitytracker.com/id/1031319 - MS14-082
- http://www.securitytracker.com/id/1031320 - MS14-083
- http://www.securitytracker.com/id/1031313 - MS14-084
- http://www.securitytracker.com/id/1031324 - MS14-085
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=19043
2014-12-09

.
 
Last edited:
"Crash Wednesday" ...

FYI...

"Crash Wednesday"...
- http://www.infoworld.com/article/28...00706f7-amd-catalyst-driver-fail-defende.html
Dec 10, 2014 - "If yesterday was Black Tuesday, today must be Crash Wednesday. I'm seeing lots of reports of problems with KB 3004394, which modifies the Windows Root Certificate checker so that it looks for bad root certificates daily. As usual, there's no confirmation from Microsoft about the problem, no documentation that I can find, and no advice on how to proceed. Users with problems find they go away if they uninstall the patch.
Lead3 started a thread on the Microsoft Answers Forum on Tuesday that described two problems with KB 3004394: 'All MMC functions (Event Viewer, etc.) now require Administrator action, although in an Administrator account. Windows Defender service will not start. The Windows Defender Service Terminated with the following error %%-2147023113'
In the same thread, Thinger123 reported: 'After I install it, I can't install any other Windows Updates. I get an error message on Windows Update. I have already did some advanced troubleshooting and narrowed the problem down to KB3004394. The update itself installs fine, but after a reboot, no other Windows Updates will install. As soon as I clicked Install Updates on other updates, it goes right to a red X and error message. Removing the update and rebooting allows all other updates to complete as usual.'
And q454 posted: 'I'm also having problems with update KB3004394. everytime I try running taskmngr it kept asking that an unknown program wanted to make changes. I try going to msconfig and got the same thing, then went to UAC settings and got the same alert. basically everything that had to do with Microsoft UAC gave me an alert that an unknown program wanted to make changes to my pc'
Tim Birming said: 'MSE installation also aborts with error 8004ff91 after this patch. Error code reveals nothing.'
And KellyPratt noted: 'VirtualBox went back to working after I uninstalled this update. The AMD forum is alight with problems installing the AMD Catalyst Omega driver.'
Poster necrophyte said: 'with kb3004394 not installed (but all other patches from yesterdays patch tuesday installed), ran ddu, rebooted, installed 14.12 with no issues, rebooted, and now finally after 11h of hair tearing i have a functioning display driver again, even better, the omega one.. blame microsoft for this kb3004394 root certificate update, which almost made me do an OS repair install.. hope theyll read my technet thread where i first mentioned kb3004394 being the culprit'
The KB 3002339 problem, by contrast, is relatively innocuous. SnydrRydr posted on the Answers forum:
' have been installing the Update for Visual Studio 2012 (KB3002339) for over an hour now and it's still not done. I took a look at the support article and it looks like it's a small bug fix update. So why is it taking so long to install?'
W Jezewski offered a solution: 'I ran into the same issue with three machines. Manual download and install did the trick.'
You can download KB 3002339 directly from the Microsoft Download Center*."
* https://www.microsoft.com/en-us/download/details.aspx?id=44907
___

- https://support.microsoft.com/kb/3004394/en-us
Dec 9, 2014 - Rev: 1.0

Windows update KB3004394 issues
- https://answers.microsoft.com/en-us...s/ace25277-7f65-4486-bc44-c1b106907a18?page=1

- http://www.bleepingcomputer.com/for...date-kb3004394-triggers-error-messages/page-2
Posted Today, 05:42 AM

:fear::fear:
 
Last edited:
MS on KB 3004394 patch: Uninstall it ...

FYI...

MS on KB 3004394 patch: Uninstall it ...
- http://www.infoworld.com/article/28...t-you-uninstall-botched-patch-kb-3004394.html
Dec 11, 2014 - "... Microsoft has pulled the botched patch KB 3004394. That's the Windows Root Cert patch causing endless problems - Windows Defender wouldn't start, installing KB 3004394 blocked installing other Windows Updates, UAC prompts appeared in the weirdest places, MSE wouldn't install, VirtualBox stopped working, and on and on... Microsoft acknowledged the problem and told us what to do about it. Microsoft engineer and forum moderator Pinaki Mohanty*, writing on the Microsoft Answers forum, announced that you should uninstall KB 3004394, if you were unfortunate enough to get it. Here's the official advice:
'We encourage Windows 7 and Windows Server 2008 R2 customers who are impacted, to uninstall the updates/KB3004394. Once ready, we will re-release the updates.'* "
* https://answers.microsoft.com/en-us...e/2bb0fbdd-c8ca-427a-aefb-e3bd5db57c1a?page=2
Pinaki Mohanty - Microsoft Forum Moderator Dec 11, 2014

- https://support.microsoft.com/kb/3004394
Last Review: Dec 11, 2014 - Rev: 2.0
___

- http://www.infoworld.com/article/28...3011970-silverlight-kb-3004394-root-cert.html
Dec 11, 2014 - "Overnight, Microsoft pulled two high-profile screwed-up patches: KB 3011970 and KB 3004394. Another patch, KB 2553154, is killing some Excel 2010 and 2013 macros, saying the ActiveX control "has stopped working in Excel." Admins are reporting that KB 3008923 has broken modal dialogs in IE. And the hang on installing KB 3002339 described yesterday* is still kicking...
I'm seeing reports of this problem with both Excel 2010 and Excel 2013. It isn't clear at this point if the same problem applies to other Office 2010 or 2013 programs, such as Word. It's also not clear if the same problem affects Office 2007, which is included in the security bulletin...
KB 2986475, the Exchange Server 2010 SP3 update rollup 8, was pulled yesterday, as reported. If you started rolling out the update, you need to roll it back (at least, if you want to connect to Outlook). I've seen no further official word as to the cause or the cure. KB 3002339 -- a patch of a .Net Framework 4.5.3 patch -- is still hanging on installation for some people. If the patch takes more than, oh, 30 minutes to install, kill the installer, then manually download it...
KB 3008923, the MS14-080 Internet Explorer rollup, is crashing Internet Explorer, although which versions of IE is unclear... At this point, I've seen reports of the problem with IE9 and IE11, but one report says it affects IE11 only, and not IE9 or IE10. As usual, there's no acknowledgment of the problem in the KB article (although the KB article does say there may be an installation error 8024001d with Windows 10 Technical Preview). No clue as to a workaround.
Finally, KB 3011970 -- the Silverlight patch -- crashed so spectacularly that Time Warner Cable issued an alert...
* http://www.infoworld.com/article/28...00706f7-amd-catalyst-driver-fail-defende.html
Dec 10, 2014

:fear::fear:
 
Last edited:
MS Security Bulletins for Dec 2014 - Status

FYI...

MS releases 'Silver Bullet' patch KB 3024777 to eliminate KB 3004394
More information unfolds about the Windows Root Certification patch and its foibles
- http://www.infoworld.com/article/28...77-to-eliminate-botched-patch-kb-3004394.html
Dec 12, 2014 - "Another episode of the KB 3004394 saga is unfolding, as Microsoft releases a new patch, KB 3024777, specifically designed to take out this week's Black Tuesday fiasco, KB 3004394, on Windows 7 SP1 and Windows Server 2008 R2 SP1 machines. The story's a little more complicated... You'll recall this week's bête noire, KB 3004394. Issued on Tuesday, by Wednesday there were dozens of reports of problems with odd UAC prompts, Windows Diagnostic Tool error 8000706f7, failure on attempting to install the AMD Catalyst driver, Windows Defender error 2147023113, and several more. It's as if Microsoft didn't test the patch before releasing it. On Thursday, Microsoft yanked the patch and later advised in an Answers forum post that you should uninstall KB 3004394. Today's a new day, and we have a new explanation -- and marching orders.
Microsoft has updated its KB 3004394* article to say that the problems only occur on Windows 7 SP1 and Windows Server 2008 R2 SP1:
* http://support2.microsoft.com/kb/3004394/en-us
'... We have found that this update is causing additional problem on computers that are running Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This includes the inability to install future updates. The KB 3004394 update does not cause any known problems on the -other- systems for which it is released. We recommend that you install the update on the other systems.
If you have not yet deployed KB 3004394 on Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers, we recommend that you -delay- installation until a new version of this update becomes available.
If you have already installed KB 3004394 on Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers that were not restarted after the update was installed, we recommend that you -delay- the restart if it is possible until more information is added to this article about a method to remove the update.
If the installation of KB 3004394 is causing problems on these computers, -remove- the update, and then restart the computers. >> The ability to remove Windows Updates through Control Panel may no longer function on some Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers after KB 3004394 is installed...' ...

Reading between the lines - several of them, actually - it looks like this is what you should do:
On Windows 7 SP1/Server 2008 R2 SP1 machines: Crank up Windows Update. If KB 3024777 is listed, run it. If the installation fails, manually download the Silver Bullet and fire. Er, run it.
On Windows 8/8.1/Server 2012 machines: I wouldn't manually uninstall KB 3004394, if you have it, until Microsoft tells us more about potential conflicts..."

(More detail at the the infoworld URL at the top of this post.)
___

- http://support2.microsoft.com/kb/3024777
Last Review: Dec 12, 2014 - Rev: 6.0
___

:fear: :sad: :surrender:
 
Last edited:
Win7 -bogus- 'not genuine' reports, Office "fixes" to botched patches

FYI...

Win7 hit by rash of -bogus- 'not genuine' reports, validation code 0x8004FE21
- http://www.infoworld.com/article/28...nuine-reports-validation-code-0x8004fe21.html
Dec 15, 2014 - "... I see at least a hundred posts from people who are being told their copy of Windows 7 is disingenuous when, in fact, they know it's genuine. If you guessed that all of those problems were caused by a bad Black Tuesday patch, you win the small prize. If you guessed that the aberrant patch is KB 3004394, you get the big prize... Windows users started screaming about KB 3004394 within hours of it being rolled out of the Automatic Update chute last Tuesday: Bogus UAC prompts, MMC plug-ins refused to start, Windows Defender wouldn't start, Microsoft Security Essentials wouldn't install, VirtualBox wouldn't work, the AMD Catalyst Omega driver wouldn't install, and other Windows Updates wouldn't install after KB 3004394 infected those machines. On Thursday morning, Microsoft -pulled- the patch. On Thursday afternoon, Microsoft started advising in the Answers Forum that people infected with KB 3004394 should manually remove the patch, although the KB 3004394 article admonished, "The ability to remove Windows Updates through Control Panel may no longer function on some Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers after KB 3004394 is installed." Then we started hearing rumors that manually uninstalling KB 3004394 would, in fact, cause -more- problems... a whole lot of bad advice flowing around this problem. Even at this late date -- working all the way through the weekend, until late Sunday night -- I'm not sure that this fix will work in all cases..."

- https://support.microsoft.com/kb/3004394
Last Review: Dec 11, 2014 - Rev: 2.0

> https://support.microsoft.com/kb/3024777
Last Review: Dec 12, 2014 - Rev: 6.0
___

MS sends out KB 2920807, KB 2920738 for Office
- http://www.infoworld.com/article/28...nds-out-kb-2920807-kb-2920738-for-office.html
Dec 12, 2014 - "... short version:
If you're using Office 2010 or Office 2013 and you installed the October Office update (MS14-061/KB 3000434), you've been living with a bug for the past couple of months. A new TechNet post explains:
Shortly after the release of the October Public Update, we received notification of a potential issue affecting Office 2010 and Office 2013 users. In some cases, users running Office 2013 or Office 2010 may not be able update Microsoft Word fields in a few scenarios after the October Public updates are installed. We have since corrected the issue in Office 2013 Click-to-Run build 15.0.4675.1002.
If you have Office Click-to-Run (one component of Office 365), you're already fixed. But if you use an installed version of Office 2010 or Office 2013, this bug has been lurking for a couple of months: When you print or print preview a document in Word that has the Print Markup option enabled, the page numbers of the document may be displayed incorrectly. No idea why it's taken months to articulate the bug or squash it. The patch for Office 2013 is listed as KB 2920738. The patch for Office 2010 SP2 is KB 2920807..."

- https://support.microsoft.com/kb/3000434 - MS14-061

- https://support.microsoft.com/kb/2920738 - Office 2013
Last Review: Dec 15, 2014 - Rev: 4.0

- https://support.microsoft.com/kb/2920807 - Office 2010 SP2
Last Review: Dec 15, 2014 - Rev: 4.0
___

- http://www.theinquirer.net/inquirer...s-forced-to-uninstall-office-on-patch-tuesday
Dec 15 2014

:fear::fear: :sad:
 
Last edited:
MS14-080: Revised update for I/E, MS14-082: Revised update for Office 2013 ...

FYI...

MS14-080: Cumulative security update for I/E ...
- https://support.microsoft.com/kb/3008923
Last Review: Dec 13, 2014 - Rev: 5.1
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
Microsoft Internet Explorer 6.0

> patchmanagement.org - Message 39536
16 Dec 2014 - "The KB article lists known issues of IE9 crashing and IE11 dialog box errors..."
___

MS14-082: Office 2013 ...
- https://support.microsoft.com/kb/2726958
Last Review: Dec 16, 2014 - Rev: 4.0

:fear::fear: :blink:
 
MS14-080/KB3008923 patch fails ...

FYI...

MS ships KB 3025390 to fix IE11 screwups in KB 3008923
As of noon Wednesday, MS still hasn't pulled -or- updated the botched patch MS 14-080 / KB 3008923
- http://www.infoworld.com/article/28...-11-modal-dialog-screw-ups-in-kb-3008923.html
Dec 17, 2014 - "... the link in the Windows Update description doesn't work, but you can find detailed information at support2.microsoft.com (note the "support2" in the link). Here's what that KB article says:
'You install MS14-080: Cumulative security update for Internet Explorer: December 9, 2014 ( https://support.microsoft.com/kb/3008923 ) on a computer that's running Internet Explorer 11 or the Internet Explorer 11 Web Browser control. However, after you do this, you may experience unexpected behavior when you interact with sites that use one or more web application modal dialog boxes. Any data or information that's provided in the modal dialog box may not be returned to the application window or to the dialog box that created the data or information. Therefore, the application that created the dialog box may exhibit errors or lack specific functionality that was dependent on that dialog box data...'
German sites report that the patch appears in the English language, though their patches normally appear in German. I talked about the original problem with KB 3008923 last week, and Microsoft has since updated the KB 3008923 article (now at version 5.1) with this explanation:
'We are aware of some reports of functional issues on sites that use nested modal dialog boxes on Internet Explorer 11 that occur after you install this security update…
We are aware of some limited reports of Internet Explorer 9 crashing after you apply this security update.
Microsoft is researching this issue and will post more information in this article when the information becomes available.'
Many people haven't been able to -find- the KB article, and they're cautious about installing a patch simply because it magically appeared in Windows Update, with -no- explanation..."
(More detail and links at the infoworld URL at the top of this post.)

- https://support.microsoft.com/kb/3008923
Last Review: Dec 17, 2014 - Rev: 6.0

- https://support.microsoft.com/kb/3025390
Last Review: Dec 17, 2014 - Rev: 1.0
___

- http://www.forbes.com/sites/jasonev...graphics-driver-updates-and-windows-defender/
12/13/2014 - "... If you have Windows 7 set to automatically update every Tuesday, it may be time to permanently -disable- that feature. Microsoft has just confirmed that a recent update — specifically KB 3004394 — is causing a range of serious problems and recommends removing it... Unfortunately this newest update isn’t limited to graphics driver problems. Redmond hasn’t directly divulged each and every issue, but Microsoft’s Answer Forum is littered with tech-savvy users reporting that USB 3.0 drivers are broken and User Account Control (UAC) prompts have gone haywire. Microsoft has acknowledged that it even prevents the installation of future Windows Updates..."

Install KB3024777 to fix an issue with KB3004394...
- http://support.microsoft.com/kb/3024777/en-us
Last Review: Dec 12, 2014 - Rev: 6.0

:fear::fear: :sad:
 
Last edited:
MS14-080: I/E - Revised, again...

FYI...

MS14-080: I/E...
- https://support.microsoft.com/kb/3008923
Last Review: Dec 18, 2014 - Rev: 7.0
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
Microsoft Internet Explorer 6.0
___

For IE 11: Some web application modal dialog boxes don't work correctly in Internet Explorer 11 after you install update 3008923
- https://support.microsoft.com/kb/3025390
Last Review: Dec 17, 2014 - Rev: 1.0

:fear::fear::fear:
 
Last edited:
Install KB3024777 to fix an issue with KB3004394 on Windows 7 and Windows Server 2008

FYI...

Install KB3024777 to fix an issue with KB3004394 on Windows 7 and Windows Server 2008 R2
- https://support.microsoft.com/kb/3024777/en-us
Last Review: Dec 22, 2014 - Rev: 7.0
The KB 3004394 update that was dated December 10, 2014 can cause additional problems on computers that are running Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This includes the inability to install future updates. This new update is available to remove KB 3004394 from your computer.
For more information about the KB 3004394 update, see the following Microsoft Knowledge Base article:

Dec 2014 update for Windows Root Certificate Program in Windows
- https://support.microsoft.com/kb/3004394
Last Review: Dec 11, 2014 - Rev: 2.0

:fear::fear: :sad:
 
You must log in or register to reply here.
Back
Top