Microsoft Alerts

AplusWebMaster · Dec 26, 2014

MS14-080: IE cumulative update - Known issues...

FYI...

KB3008923 Compromises MS Baseline Security Analyzer's Results Report
- https://social.technet.microsoft.co...alyzers-results-report?forum=w8itproappcompat
Saturday, December 13, 2014 1:11 AM
... confirmed KB3008923 compromises MS Baseline Security Analyzer's Results Reports by uninstalling the KB. MS BSA now works as before. I don't use IE so I can't help you there but I presume BSA uses some IE modules. I know that there are many problems with KB3008923 across many platforms...

... the IE cumulative update + Repair fixed the issues with BSA...
> Marked as answer by Phantom of the Mobile 15 hours 11 minutes ago
Wednesday, December 24, 2014 3:41 PM
___

MS14-080: Cumulative security update for Internet Explorer: December 9, 2014
> https://support.microsoft.com/KB/3008923
Last Review: Dec 18, 2014 - Rev: 7.0
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
Microsoft Internet Explorer 6.0

> Known issues with this security update
>Issue 1:
We are aware of some reports of functional issues on sites that use nested modal dialog boxes on Internet Explorer -11- that occur after you install this security update.
To resolve this issue, install update 3025390. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
3025390 Some web application modal dialog boxes don't work correctly in Internet Explorer 11 after you install update 3008923
>Issue 2:
We are aware of some limited reports of Internet Explorer -9- crashing after you apply this security update.
Microsoft is researching this problem and will post more information in this article when the information becomes available.
___

> http://www.microsoft.com/en-us/search/result.aspx?q=kb 3008923

- https://support.microsoft.com/kb/3025390/
Last Review: Dec 17, 2014 - Rev: 1.0
> http://www.microsoft.com/en-us/search/result.aspx?q=kb 3025390

:fear::fear: :sad:

AplusWebMaster · Dec 30, 2014

Office 2010 ActiveX Disabled - KB2553154

FYI...

UPDATE: Office 2010 ActiveX Disabled - December Update KB2553154
- http://blogs.technet.com/b/office_s...tivex-disabled-december-update-kb2553154.aspx
12 Dec 2014 - "An issue has been discovered in Security Update for Microsoft Office 2010 (KB2553154*) that disables ActiveX controls. A workaround for this issue can be found at KB3025036**."

MS14-082: Description of the security update for Microsoft Office 2010: Dec 9, 2014
* https://support.microsoft.com/KB/2553154
Last Review: Dec 16, 2014 - Rev: 4.0

"Cannot insert object" error in an ActiveX custom Office solution after you install the
MS14-082 security update
** https://support.microsoft.com/kb/3025036
Dec 30, 2014 - Rev: 7.0

Office Updates
- http://blogs.technet.com/b/office_sustained_engineering/
______

Best / Last / End-of-the-year 2014 MS support “guesses” found:

- http://windowssecrets.com/patch-watch/wrapping-up-a-year-of-windows-and-office-updates/
Dec 22, 2014 - "It’s been a long year of security fixes, broken patches, and enhancements for Windows, Office, and other applications. As we close the book on 2014 updating, we’re still missing a bit of holiday cheer — there are a couple of remaining fixes for IE and Excel updates.

MS14-080 (3008923)
Problems with IE 11 and IE 9 rollup updates: December’s cumulative update for Internet Explorer 11 reportedly patched 14 vulnerabilities, but it also came with a few issues of its own. Soon after KB 3008923 was released, there were reports of problems with a few websites and line-of-business platforms. To patch the patch, Microsoft released KB 3025390.
As briefly noted in MS article KB 3008923, a few IE 9 users are reporting browser crashes after installing the December update. So far, there’s no fix or workaround — Microsoft is still “researching this problem.” -All- IE users should keep in mind that Microsoft wants you running IE 11 as soon as possible. As noted in an IEBlog post, beginning Jan. 12, 2016, Microsoft will support IE 11 -only- on Win7 and Win8 workstation systems. (It will continue to support IE 9 on Vista. Support for Vista ends on April 11, 2017.)

- What to do: IE 9 users who run into issues with KB 3008923 (MS14-080) will have to -uninstall- the update and wait for another update. IE 11 users should install KB 3025390 to fix problems with the December cumulative update.

MS14-082: Office patch results in an Excel macro bug... MS14-082 included three updates designed to quash a vulnerability in MS Office that could lead to a remote takeover of your system. But an unintended consequent of the patch is ActiveX controls failures in Office documents. In some cases, the update breaks Excel macros. For example, if you apply the update on one PC and then save an Excel document containing ActiveX controls, macros might -fail- when the document is opened on a system that has -not- been updated with MS14-082."

:fear:

AplusWebMaster · Jan 7, 2015

MS patch hangover from patch-batch of Dec 2014 ...

FYI...

MS patch hangover: KB 3008923, 2553154, 2726958, 3004394, 3011970
... a slew of December Black Tuesday patches -didn't- get fixed over the holidays.
- http://www.infoworld.com/article/28...gover-kb-3008923-2553154-2726958-3004394.html
Jan 6, 2015 - "December 2014 will likely go down in the annals of Windows pain as the worst patching month ever. Depending on how you count, roughly a quarter of all the patches that rolled out the Automatic Update chute on Dec. 9 have encountered problems - some quite spectacular. Microsoft's more advanced customers (the ones who figured out why their machines weren't working right) have complained bitterly. You might think that while the rest of us were downing copious quantities of eggnog and designer microbrew, the Microsoft elves would have been busy fixing what went wrong. While there's been progress, many of the problems have been abandoned. Others were given a quick band-aid and declared fixed. With one week to go before a new year of Black Tuesdays starts, we're looking at lots of dead and wounded..."
(Much -more- detail at the infoworld URL above.)

:fear::fear: :sad:

AplusWebMaster · Jan 9, 2015

Microsoft advanced notification service changes

FYI...

Microsoft advanced notification service changes <<<
- https://isc.sans.edu/diary.html?storyid=19167
2015-01-09 - "... Microsoft is changing the way in which they provide information... You can read the full blog here:
>> http://blogs.technet.com/b/msrc/arc...advance-notification-service-ans-in-2015.aspx
In a nutshell if you want to be advised in advance you now need to register, select the products used and you will then be provided with information relating to the patches that will be released. If you are a premier customer your technical contact can provide information. The main point for me is this one:
'Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs, and will no longer make this information broadly available through a blog post and web page.'

Now a lot of us do look at that information to plan their next patching cycle. So you will need to look at that process and see what needs changing. You'll have to rely on the information in your patching solution, or register. You can register here:
> http://mybulletins.technet.microsoft.com/
The dashboard that is created in the end looks nice, but for me too early to tell how useful it is at this stage, although it was slightly painful to review each bulletin. It will take a few patch cycles to sort it all out I'd say.
Screenshot: https://isc.sans.edu/diaryimages/images/Screen Shot 2015-01-09 at 18_34_43.png

So going forward you will need to adjust how you identify the patches to be applied within your environment. If you do not want to register you can just visit the main bulletins page here:
--> https://technet.microsoft.com/en-us/library/security/dn631937.aspx
This page has a list of all released bulletins."
___

myBulletins Q&A: http://technet.microsoft.com/en-us/security/dn722424
___

- https://technet.microsoft.com/en-us/security/bulletin
Next release: January 13, 2015

> http://www.microsoft.com/en-us/download/details.aspx?id=36982
Note: There are multiple files available for this download. Once you click on the "Download" button, you will be prompted to select the files you need.
Version: 1.0
File Name: BulletinSearch.xlsx - File Size: 1.9 MB
MSRC-CVRF.zip - 881 KB
Date Published: 1/5/2015

This download offers the following items:
1. Excel file that contains affected software, bulletin replacement, reboot requirements, and CVE information from the Microsoft security bulletins (since June 1998)
2. Zip file that contains security bulletins in the Common Vulnerability Reporting Framework (CVRF) format (since June 2012)

> http://www.microsoft.com/en-us/download/confirmation.aspx?id=36982
___

- http://www.theinquirer.net/inquirer...ce-notifications-with-no-advance-notification
Jan 9 2015 - "... This is the -second- time that Microsoft has attempted to kill off the ANS. In July 2014, the company was forced to backpedal after announcing the end of ANS by email with almost no advance notification before giving the following advance notification a few days later: "We have reviewed our processes and will resume these security notifications with our monthly Advanced Notification Service on July 3 2014." Whether or not the ANS will be brought back from the boneyard a second time remains to be seen, but it may come down to feedback, especially given the -lack- of advance notification that it was to close. The previous move was due to regulations on email distribution being tightened, but this time it appears that the death knell of the ANS is more extensive. We know that many of our readers have taken a -keen- interest in the Advance Notification articles that we have written every month, and so we are as surprised as you are that there will no longer be any advance notification. But take this as advance notification that our coverage and analysis of Patch Tuesday will continue in 2015. Albeit -without- advance notification."

- http://www.infoworld.com/article/28...icrosoft-advanced-security-notifications.html
Jan 9 2015 - "For those of us who watch every month for advance warning of Microsoft security patches - they appear on the Thursday preceding Black Tuesday, every month - yesterday came as a slap in the face. Without any warning, Microsoft abruptly stopped its free Advance Notification Service on the day we were all expecting the usual advanced warnings for the January 2015 Black Tuesday patches... Translation: If you want advanced notice of upcoming security bulletins, you have to become a 'Premier customer'... In the past year, Microsoft patching has reached breathtaking new lows, both in quantity -and- quality of patches delivered. The situation's deteriorated so much that many graybeards are beginning to wonder if Windows is so unwieldy that it's become unusable. Somehow, I don't think the powers-that-be understand the way decisions like this affect the Windows support community. I can't fathom why Microsoft would so aggressively piss-off the people who are trying to keep Windows working, over such a tiny concession."

:fear:

AplusWebMaster · Jan 13, 2015

MS Security Bulletin Summary - January 2015

FYI...

- https://technet.microsoft.com/library/security/ms15-jan
Jan 13, 2015 - "This bulletin summary lists security bulletins released for January 2015...
(Total of -

Microsoft Security Bulletin MS15-001 - Important
Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (3023266)
- https://technet.microsoft.com/library/security/MS15-001
Important - Elevation of Privilege - Requires restart- Microsoft Windows

Microsoft Security Bulletin MS15-002 - Critical
Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393)
- https://technet.microsoft.com/library/security/MS15-002
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-003 - Important
Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674)
- https://technet.microsoft.com/library/security/MS15-003
Important - Elevation of Privilege - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-004 - Important
Vulnerability in Windows Components Could Allow Elevation of Privilege (3025421)
- https://technet.microsoft.com/library/security/MS15-004
Important - Elevation of Privilege - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-005 - Important
Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass (3022777)
- https://technet.microsoft.com/library/security/MS15-005
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-006 - Important
Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (3004365)
- https://technet.microsoft.com/library/security/MS15-006
Important - Security Feature Bypass - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-007 - Important
Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029)
- https://technet.microsoft.com/library/security/MS15-007
Important - Denial of Service - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-008 - Important
Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3019215)
- https://technet.microsoft.com/library/security/MS15-008
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/archive/2015/01/13/january-2015-updates.aspx
Jan 13, 2015 - "... We re-released one Security Bulletin:
- MS14-080 Cumulative Security Update for Internet Explorer
> https://technet.microsoft.com/library/security/MS14-080 *
One Security Advisory was revised:
- Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)
> https://technet.microsoft.com/en-us/library/security/2755801.aspx ..."

* V1.0 (December 9, 2014): Bulletin published.
V2.0 (January 13, 2015): To address issues with Security Update 3008923, Microsoft re-released MS14-080 to comprehensively address CVE-2014-6363. In addition to installing update 3008923, customers running Explorer 10 on Windows 8, Windows Server 2012, or Window RT should also install update 3029449, which has been added with this rerelease. Customers who have already successfully installed the 3008923 update, which has not changed since its original release, do -not- need to reinstall it. See Microsoft Knowledge Base Article 3008923** for more information.
** https://support.microsoft.com/kb/3008923
Last Review: Jan 13, 2015 - Rev: 8.0
Last Review: Jan 14, 2015 - Rev: 9.0

Office Updates
- http://blogs.technet.com/b/office_sustained_engineering/
___

- http://www.securitytracker.com/id/1031527 - MS15-001
- http://www.securitytracker.com/id/1031523 - MS15-002
- http://www.securitytracker.com/id/1031528 - MS15-003
- http://www.securitytracker.com/id/1031524 - MS15-004
- http://www.securitytracker.com/id/1031529 - MS15-005
- http://www.securitytracker.com/id/1031530 - MS15-006
- http://www.securitytracker.com/id/1031532 - MS15-007
- http://www.securitytracker.com/id/1031531 - MS15-008
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=19179
2015-01-13 - 18:26:14 UTC

.

AplusWebMaster · Jan 15, 2015

Relief for botched Excel patch/fixes for KB 2553154, 2726958 -missing- ...

FYI...

Relief for botched Excel patch/fixes for KB 2553154, 2726958 -missing- from January patch-Tuesday
... included a patch-of-a-patch-of-a-patch, but -lacked- several crucial fixes
- http://www.infoworld.com/article/28...-for-last-months-kb-2553154-2726958-botc.html
Jan 14, 2015 - "... On Tuesday Microsoft released its crop of patches for January, including the following:
A -new- MS14-080 / KB 3029449, which is an Internet Explorer cumulative rollup re-release of the old MS14-080 / KB 3008923, which was one of the botched-hangover-patches from December. Note the change in KB number. In certain circumstances (which I describe below) you may need to install -both- patches.
A "critical" patch, MS15-002 / KB 3020393, for Telnet, which is a communication protocol that's 45 years old - and rarely used on modern Windows desktops. That's the -only- critical patch this month; all the others are "Important."
A fix, MS15-003 / KB 3021674, for the zero-day User Profile Services escalation that was publicly (and controversially) reported by Google on Sunday, Jan. 11. This isn't a critical flaw in Windows because it entails escalation of privilege - elevating your session to Admin mode. In order to exploit the flaw, the miscreant has to be in the computer already.
A fix for the other zero-day bug, ahcache.sys/NtApphelpCacheControl, which Google publicly disclosed on Dec. 29. That's MS15-001 / KB 3023266.
Here's what we -didn't- get on Tuesday:
A fix for the badly botched MS14-082 / KB 3017349 Office patch, which clobbers Excel ActiveX in Office 2007, 2010, and 2013, as reported on Dec. 11. There's even a newly reported problem, where default naming of controls gets all screwed up. The three component patches - KB 2726958 for Office 2013, KB 2553154 for Office 2010, and KB 2596927 for Office 2007 - are -still- being offered via Automatic Update. If you create or distribute Office macros, Microsoft continues to screw up your programs, rolling the poison pill out the Automatic Update chute. It's still way too early to tell if there are additional problems with this month's patches. I fully expect the Windows Kernel Mode driver patch, MS15-008 / KB 3019215 will figure prominently in due course, simply because Kernel Mode driver patches always seem to cause trouble.
Here's what's happening with the re-released (but differently numbered) MS14-080 patch... This gets messy. The original MS14-080 / KB 3008923 IE rollup had all sorts of bugs. Microsoft issued a patch, KB 3025390, to fix the problems but it, in turn, caused even more problems (see the comments to my InfoWorld article). In addition, Microsoft discovered that the original KB 3008923 didn't fix a VBScript security hole, known as CVE-2014-6363. So this month, Microsoft issued an update to MS14-080 called KB 3029449 that specifically addresses the VBScript hole. As the KB 302449 article puts it:
This package contains the VBScript 5.8 updates that are intended for Internet Explorer 10 in a Windows 8 or Windows Server 2012 environment. Install this update and the December cumulative security update for Internet Explorer.
MS14-080 now includes these bafflegab instructions:
To address issues with Security Update 3008923, Microsoft re-released MS14-080 to comprehensively address CVE-2014-6363. In addition to installing update 3008923, customers running Internet Explorer 10 on Windows 8, Windows Server 2012, or Window RT should also install update 3029449, which has been added with this rerelease. Customers who have already successfully installed the 3008923 update, which has not changed since its original release, do not need to reinstall it. See Microsoft Knowledge Base Article 3008923 for more information.
It isn't at all clear if the new version of MS14-080 includes -fixes- for the problems introduced by the old MS14-080, and/or the problems introduced by KB 3025390, which was -supposed- to solve those original MS14-080 problems..."
* http://www.infoworld.com/article/28...-11-modal-dialog-screw-ups-in-kb-3008923.html

:fear::fear:

AplusWebMaster · Jan 21, 2015

MS finally solves big problems with Surface Pro 3

FYI...

MS finally solves big problems with Surface Pro 3
- http://www.infoworld.com/article/28...lved-the-big-problems-with-surface-pro-3.html
Jan 21, 2015 - "Judging by many comments on the Microsoft Answers forum and elsewhere, Microsoft's Jan. 15 firmware update* for the Surface Pro 3 has solved almost all outstanding issues with Wi-Fi connections, hibernating, Bluetooth connectivity, battery drain on standby, Hyper-V interference with Wi-Fi, and more... It now appears that the Surface Pro 3 is relatively glitch-free and ready for the big time. That's a big step up from the problems we've seen with the last -nine- firmware patches."
(More detail at the infoworld URL above.)
* http://blogs.technet.com/b/surface/...es-to-get-more-from-your-surface-devices.aspx

:fear: :blink:

AplusWebMaster · Jan 22, 2015

Microsoft Security Advisory 2755801 - Flash updt ...

FYI...

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
V35.0 (Jan 22, 2015): Added the 3033408 update to the Current Update section...
"... Affected Software: This advisory discusses the following software.
Windows 8 for 32-bit Systems / Adobe Flash Player in Internet Explorer 10
Windows 8 for 64-bit Systems / Adobe Flash Player in Internet Explorer 10
Windows Server 2012 / Adobe Flash Player in Internet Explorer 10
Windows RT / Adobe Flash Player in Internet Explorer 10
Windows 8.1 for 32-bit Systems / Adobe Flash Player in Internet Explorer 11
Windows 8.1 for 64-bit Systems / Adobe Flash Player in Internet Explorer 11
Windows Server 2012 R2 / Adobe Flash Player in Internet Explorer 11
Windows RT 8.1 / Adobe Flash Player in Internet Explorer 11
... The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."

[Link: https://support.microsoft.com/kb/3033408 ]

:fear:

AplusWebMaster · Jan 28, 2015

MS Update for vulnerabilities in Adobe Flash Player in IE 10/11

FYI...

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in IE 10/11
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: Jan 27, 2015
V36.0 - "... The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."
> https://support.microsoft.com/kb/3035034
___

- https://helpx.adobe.com/security/products/flash-player/apsb15-03.html
Jan 27, 2015
CVE-2015-0312: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0312
"... Adobe is aware of reports that CVE-2015-0311 is actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.296.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.264.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.440.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.296.
> Affected software versions:
Adobe Flash Player 16.0.0.287 and earlier versions
Adobe Flash Player 13.0.0.262 and earlier 13.x versions
Adobe Flash Player 11.2.202.438 and earlier versions for Linux..."
___

- http://www.securitytracker.com/id/1031635
CVE Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0312
Jan 27 2015

:fear:

AplusWebMaster · Feb 5, 2015

MS I/E 10, 11 updated Flash Player

FYI...

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: Feb 5, 2015 - V37.0
"Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11...
- https://support.microsoft.com/kb/3021953
Last Review: Feb 5, 2015 - Rev 1.0

:fear::fear:

AplusWebMaster · Feb 10, 2015

MS Security Bulletin Summary - February 2015

FYI...

- https://technet.microsoft.com/library/security/ms15-feb
Feb 10, 2015 - "This bulletin summary lists security bulletins released for February 2015...
(Total of -9-)

Microsoft Security Bulletin MS15-009 - Critical
Security Update for Internet Explorer (3034682)
- https://technet.microsoft.com/library/security/MS15-009
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-010 - Critical
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
- https://technet.microsoft.com/library/security/MS15-010
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-011 - Critical
Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
- https://technet.microsoft.com/library/security/MS15-011
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-012 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)
- https://technet.microsoft.com/library/security/MS15-012
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-013 - Important
Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
- https://technet.microsoft.com/library/security/MS15-013
Important - Security Feature Bypass - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-014 - Important
Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)
- https://technet.microsoft.com/library/security/MS15-014
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-015 - Important
Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
- https://technet.microsoft.com/library/security/MS15-015
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-016 - Important
Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)
- https://technet.microsoft.com/library/security/MS15-016
Important - Information Disclosure - May require restart- Microsoft Windows

Microsoft Security Bulletin MS15-017 - Important
Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)
- https://technet.microsoft.com/library/security/MS15-017
Important - Elevation of Privilege - Requires restart - Microsoft Server Software
___

- http://blogs.technet.com/b/msrc/archive/2015/02/10/february-2015-updates.aspx
10 Feb 2015 - "... we released nine security bulletins – three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software...
We re-released one Security Bulletin:
MS14-083 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
- https://technet.microsoft.com/library/security/ms14-083
One new Security Advisory was released:
Update for Windows Command Line Auditing (3004375).
- https://technet.microsoft.com/en-us/library/security/3004375.aspx
One Security Advisory was revised:
Vulnerability in SSL 3.0 Could Allow Information Disclosure (3009008).
- https://technet.microsoft.com/en-us/library/security/3009008.aspx
We also announced changes related to SSL 3.0 and you can read more about these on the IE blog:
- http://blogs.msdn.com/b/ie/
___

Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/library/security/3009008
Published: October 14, 2014 | Updated: February 10, 2015
Version: 2.2

Update for Windows Command Line Auditing
- https://technet.microsoft.com/en-us/library/security/3004375
Published: February 10, 2015
Version: 1.0
___

Feb 2015 Office Update Release
- http://blogs.technet.com/b/office_s...2/10/february-2015-office-update-release.aspx
10 Feb 2015 - "... There are 16 security updates (2 bulletins) and 53 non-security updates..."

- http://technet.microsoft.com/en-us/security/ms15-012

- http://technet.microsoft.com/en-us/security/ms15-013
___

- http://www.securitytracker.com/id/1031723 - MS15-009
- http://www.securitytracker.com/id/1031718 - MS15-010
- http://www.securitytracker.com/id/1031719 - MS15-011
- http://www.securitytracker.com/id/1031720 - MS15-012
- http://www.securitytracker.com/id/1031721 - MS15-013
- http://www.securitytracker.com/id/1031722 - MS15-014
- http://www.securitytracker.com/id/1031724 - MS15-015
- http://www.securitytracker.com/id/1031725 - MS15-016
- http://www.securitytracker.com/id/1031726 - MS15-017
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=19315
2015-02-10 18:36:06 UTC

.

AplusWebMaster · Feb 11, 2015

NEW 2.10.2015 MS Patches appear to be causing problems

FYI...

MS Patches appear to be causing problems ...
- https://isc.sans.edu/diary.html?storyid=19317
Last Updated: 2015-02-10 21:05:12 UTC - "... We have received multiple reports of Microsoft patches causing machines to hang. There is also a report that Microsoft has pulled one of the patches. Specifically, we have had issues reported with the Visual Studio Patch. We will continue to monitor the situation and keep you posted..."
Comments:
1] http://forums.overclockers.co.uk/showthread.php?p=27612025
KB3001652 is not a security update but is the one causing freezing of computers while installing. Reports are it's been pulled and when we do a WSUS sync we're not seeing it.
2] Also see:
- http://windowsitpro.com/security/fi...2-hangs-computers-never-finishes-installation and:
- http://www.infoworld.com/article/28...1652-causes-widespread-freezing-problems.html
On one system I got a installation window and I had to accept the Eula and continue and finish the installation. On two other system I terminated the 'vstor_redist.exe *32' process! The Windows Update installation continued with the other updates after this.
3] "... none of today's Microsoft bulletins/advisories even mentions Visual Studio, and KB3001652 was released in Sept. 2014. The KB article hasn't been updated, either (which would normally be done if the patch was re-released).
4] I think what is happening is one of the patches from this month is breaking detection of the VS patch from Oct '14, which triggers it to reinstall but it cannot complete successfully for whatever reason..."
___

Visual Studio patch rollup KB 3001652 causes widespread freezing problems
The Black Tuesday patches have been out for just a few hours, and there are multiple reports about KB 3001652 freezing and/or failing with error 0x80070659
- http://www.infoworld.com/article/28...1652-causes-widespread-freezing-problems.html
Feb 10, 2015 - "I’m seeing reports all over the Web that the just-released KB 3001652*, Visual Studio 2010 Tools for Office Runtime cumulative update, is causing all sorts of problems. As of this moment, the patch is still offered through Windows Update and corporate WSUS servers... Even more mystifying:
KB 3001652 was released last October. There's no indication why it's coming down the Windows Update chute -this- month. Indeed, the master list of WU/WSUS patches for this year doesn't even mention KB 3001652..."
* http://support.microsoft.com/kb/3001652 - [ ... using I/E ]
Last Review: October 14, 2014 - Revision: 1.0
???

:fear::fear:

AplusWebMaster · Feb 12, 2015

Botched Windows patch KB 3001652 re-issued ...

FYI...

Botched Windows patch KB 3001652 re-issued and appears to be working
Yesterday's bad Visual Studio 2010 patch has just been re-released sans the original's flaws
- http://www.infoworld.com/article/28...1652-re-issued-and-appears-to-be-working.html
Feb 11, 2015 - "Much to its credit, Microsoft yanked the bad Visual Studio 2010 patch, KB 3001652*, within hours of its release yesterday. Reports of the patch's hangs and errors rapidly piled in from all over the internet. Today we have another version of the patch appearing in Windows Update, and on Windows Server Update Services. Based on a very small sample, it looks like the new version installs just fine. KB 3001652 has a convoluted history. Originally released last October, it was somehow re-released in this month's Black Tuesday drop, on Feb 10. The KB article doesn't mention anything about either Tuesday's or today's (Wednesday's) modifications to the patch - the article hasn’t been updated since last October. Microsoft's official Windows Update/WSUS patch list, KB 894199**, doesn't list the Tuesday botched update, nor does it list today's apparently good update. I have no idea why the patch was re-issued this month, what was wrong with the October version, why it had to be re-issued or updated, and why the botched patch triggered so many problems. Perhaps Microsoft will tell us."
* https://support.microsoft.com/kb/3001652
Last Review: Oct 14, 2014 - Rev: 1.0

** https://support2.microsoft.com/kb/894199/en-us
Last Review: Feb 10, 2015 - Rev: 126.0
___

- http://windowssecrets.com/patch-watch/february-brings-a-shower-of-nonsecurity-updates/
Feb 11, 2015 - "... Staying true to current form, Microsoft had to recall one of its patches almost immediately - but not soon enough for some Windows users... Starting off with another flawed patch:
A Visual Studio update is further proof that enabling automatic updates in Windows Update can be hazardous. KB 3001652 was a rollup patch for Visual Studio 2010 Tools for Office Runtime. According to the update’s info page, it’s “required to run Microsoft Office–based solutions that are built by using Microsoft Visual Studio 2010, Visual Studio 2012, and Visual Studio 2013.” In my opinion, this patch should never have been released pre-checked for automatic updating.
Soon after KB 3001652 was released, there were widespread reports — including posts in the Windows Secrets Lounge — that it was causing system hangs during installation. To regain access to their machines, the affected users had to do a hard reboot or manually stop the Windows Update service.
Not surprisingly, Microsoft quickly -recalled- the patch but then re-issued it the next day.
- What to do: If you have Windows Update set to automatic, I hope you were able to regain control of your computer quickly. But given Microsoft’s recent spate of bad patches, I suggest you set Windows Update to “Download updates but let me choose whether to install them.” If KB 3001652 shows up in Windows Update, I suggest putting it on-hold for a couple of weeks..."
___

Microsoft Excel Support Team Blog
[ 'NOT seeing a fix for December's Excel issue other than the fixit... ]
- http://blogs.technet.com/b/the_micr...top-working-after-december-2014-updates-.aspx
18 Dec 2014

:fear:

AplusWebMaster · Feb 13, 2015

MS yanks KB 2920732 patch for killing PowerPoint ...

FYI...

Microsoft yanks KB 2920732 patch for killing PowerPoint 2013 on Windows RT
If you were unlucky enough to install KB 2920732, there’s no way to uninstall it
- http://www.infoworld.com/article/28...2013-on-windows-rt-with-error-0xc0000428.html
Feb 12, 2015 - "In a situation that may foreshadow Windows 10 patching problems, the Black Tuesday patch KB 2920732 has brought PowerPoint 2013 on Windows RT systems to its knees. Worse, because of the way Windows RT works, there's no way to back out the update. Your only solution, until Microsoft releases a fixed patch, is to "refresh" your system to reinstall Windows and clobber your installed programs..."
> https://support.microsoft.com/KB/2920732
Last Review: Feb 11, 2015 - Rev: 2.0 - "Notice:
This update is currently unavailable. It is being revised to address an issue that is under investigation. The update will be restored when the issue is resolved."
Applies to:
- Microsoft PowerPoint 2013
- Microsoft Office Home and Student 2013 RT
___

- https://atlas.arbor.net/briefs/index#-1022314154
High Severity
Feb 12, 2015

:fear::fear:

AplusWebMaster · Feb 13, 2015

MORE bad patches ...

FYI...

Microsoft's SSL 3.0 Poodle-busting patch KB 3023607 breaks popular Cisco VPN client
Cisco verifies that installing KB 3023607 may lead to 'Failed to initialize connection subsystem' errors with AnyConnect VPN
- http://www.infoworld.com/article/28...ks-cisco-s-popular-vpn-client-anyconnect.html
Feb 13, 2015 - MS15-009 - KB3023607
> https://supportforums.cisco.com/dis...icrosoft-feb-2015-patch-breaks-anyconnect-smc

- https://support.microsoft.com/KB/3023607

- https://isc.sans.edu/diary.html?storyid=19331
Last Updated: 2015-02-13 17:32:03 UTC
___

Users report that KB 2956128 is causing Outlook failures
Microsoft is asking for help in narrowing down a problem facing admins with Outlook 2010 and Exchange 2013
- http://www.infoworld.com/article/28...t-kb-2956128-is-causing-outlook-failures.html
Feb 13, 2015 - OL2010 - KB2956128
- https://social.technet.microsoft.co...roblems-after-install-kb2956128?forum=outlook

- https://support.microsoft.com/KB/2956128
___

MS15-010 ...
- https://support.microsoft.com/kb/3036220
Last Review: Feb 12, 2015 - Rev: 3.0
"... Known issues in security update 3013455:
After you install security update 3013455, you may notice some text quality degradation in certain scenarios. The problem occurs on computers that are running the following operating systems:
Windows Server 2008 SP2
Windows Server 2003 SP2
Windows Vista SP2 ..."
___

MS15-009 - I/E
- http://atlas.arbor.net/briefs/index#-1022314154
High Severity
Feb 12, 2015

- https://support.microsoft.com/kb/3021952
Last Review: Feb 16, 2015 - Rev: 4.0

:fear::fear:

AplusWebMaster · Feb 16, 2015

Patch Mayhem: Feb Patch Failures ...

FYI...

Patch Mayhem: Feb Patch Failures...
- https://isc.sans.edu/diary.html?storyid=19337
Last Updated: 2015-02-16 15:03:48 UTC - "February ~~was~~ -is- another rough month for anybody having to apply Microsoft patches. We had a couple of posts already covering the Microsoft patch issues, but due to the number of problems... quick overview of what has failed so far..."
(See the isc URL above.)
___

Bulletins on revision other than 1.0:

(Total of -9- released)

MS15-009
- https://support.microsoft.com/kb/3021952 - Rev: 5.0

MS15-010
- https://support.microsoft.com/kb/3036220 - Rev: 3.0

MS15-011
- https://support.microsoft.com/kb/3000483 - Rev: 3.0

MS15-015
- https://support.microsoft.com/kb/3031432 - Rev: 2.0
___

MS14-083 re-released:
- https://support.microsoft.com/kb/3017347 - Rev: 2.0

SSL 3.0 Could Allow Information Disclosure:
- https://support.microsoft.com/kb/3009008 - Rev: 2.3

:fear::fear:

AplusWebMaster · Feb 17, 2015

Microsoft Fix it 51033 - Cisco AnyConnect Secure Mobility Client

FYI...

Secure Channel cumulative update changes TLS protocol renegotiation and fallback behavior
"... This update was first included the February cumulative security update for Internet Explorer (MS15-009).
Note: This update is only offered as a companion package to some Internet Explorer updates to complement changes in Internet Explorer 11 that obsoletes SSL 3.0..."

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

"...Known issue:
After you apply this update, when you use a Cisco AnyConnect Secure Mobility Client application to establish virtual private network (VPN) connections in Windows 8.1 or Windows Server 2012 R2, you receive the following error message:
Failed to Initialize connection subsystem.
Fix it for me...
To install or remove this Fix it solution, click the Fix it button or link under the Enable this fix it heading or the Disable this fix it heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it Wizard.
Install AppCompat shim
Microsoft Fix it 51033"
- http://support.microsoft.com/kb/3023607
Last Review: Feb 17, 2015 - Rev: 3.0
Applies to:
Windows Server 2012 R2 Datacenter
Windows Server 2012 R2 Essentials
Windows Server 2012 R2 Foundation
Windows Server 2012 R2 Standard
Windows 8.1 Enterprise
Windows 8.1 Pro
Windows 8.1
Windows RT 8.1
Windows Server 2008 R2 Service Pack 1, when used with:
Windows Server 2008 R2 Datacenter
Windows Server 2008 R2 Enterprise
Windows Server 2008 R2 Standard
Windows Server 2008 R2 for Itanium-Based Systems
Windows Server 2008 R2 Foundation
Windows 7 Service Pack 1, when used with:
Windows 7 Ultimate
Windows 7 Enterprise
Windows 7 Professional
Windows 7 Home Premium
Windows 7 Home Basic
Windows 7 Starter

- http://www.infoworld.com/article/28...tch-that-clobbers-cicso-s-anyconnect-vpn.html
Feb 17, 2015
___

Update for PowerPoint 2013 (KB2956149)
- https://support2.microsoft.com/kb/2956149
Last Review: Feb 17, 2015 - Rev: 2.0
Applies to:
Microsoft PowerPoint 2013

- http://www.infoworld.com/article/28...56149-to-get-powerpoint-rt-running-again.html
Feb 17, 2015

:fear:

AplusWebMaster · Feb 18, 2015

Vulnerabilities in Group Policy could allow security policy bypassing...

FYI...

Vulnerabilities in Group Policy could allow security policy bypassing (MS15-011, MS15-014, CVE-2015-0008, CVE-2015-0009)
- https://dirteam.com/sander/2015/02/...s15-011-ms15-014-cve-2015-0008-cve-2015-0009/
Feb 11, 2015 ...

MS15-011: Vulnerability in Group Policy ...
- http://support2.microsoft.com/kb/3000483
Last Review: Feb 11, 2015 - Rev: 3.0

MS15-014: Vulnerability in Group Policy ...
- http://support2.microsoft.com/kb/3004361
Last Review: Feb 10, 2015 - Rev: 1.0

Overview of Server Message Block signing
- http://support2.microsoft.com/kb/887429
Last Review: Sep 11, 2011 - Rev: 3.0

MS15-011 & MS15-014: Hardening Group Policy
- http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx
10 Feb 2015

- https://technet.microsoft.com/en-us/library/cc730910(v=ws.10).aspx

- https://technet.microsoft.com/en-us/library/security/MS15-011

- https://technet.microsoft.com/en-us/library/security/MS15-014

:fear::fear:

AplusWebMaster · Feb 19, 2015

MS15-010: MS Security Bulletin MS15-010 V1.1

FYI...

MS15-010: MS Security Bulletin MS15-010 V1.1
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
- https://technet.microsoft.com/en-us/library/security/MS15-010
Updated: Feb 18, 2015
V1.1 (February 18, 2015): "Bulletin revised to add an Update FAQ that explains why there are two packages on the Microsoft Download Center pages for affected editions of Windows Server 2003, Windows Server 2008, and Windows Vista. The additional package (3037639*) is not needed to be protected from the vulnerabilities addressed by the 3013455 update; it simply corrects a text quality problem that some customers experienced after installing the 3013455** update on the indicated systems."

Fix for text quality degradation after security update 3013455 (MS15-010) is installed
* https://support.microsoft.com/kb/3037639
Last Review: Feb 20, 2015 - Rev: 3.0
Applies to:
Windows Server 2008 ...
Windows Server 2003 ...
Windows Vista SP2 ...

** https://support.microsoft.com/kb/3013455
Last Review: Feb 19, 2015 - Rev: 3.0

- http://www.infoworld.com/article/28...kb-3013455-for-vista-windows-server-2003.html
Feb 18, 2015

:fear:

AplusWebMaster · Feb 23, 2015

I/E 32-bit errors / Symantec bad def update

FYI...

Symantec - Corrupt IPS def file update impacted 32-bit versions of I/E
- http://www.symantec.com/connect/blo...ge-impacted-32-bit-versions-internet-explorer
21 Feb 2015 - "On February 20, 2015, Symantec received reports stating that 32-bit versions of Internet Explorer had been crashing after the application of the Intrusion Prevention System (IPS) 20150220.001 definition package. We can confirm that this definition package impacted 32-bit versions of Internet Explorer on computers with the following Symantec and Norton products installed:
Symantec Endpoint Protection 12.1
Norton Security
Norton Security with Backup
Norton 360
Norton Internet Security
Only Symantec Endpoint Protection clients that receive content from a pre-RU2 SEPM, or pre-RU2 clients that run LiveUpdate directly to Symantec may be affected.
Solution: Based on our analysis, the issue was caused by a corrupt file in the virus definition set. Symantec recreated a snapshot of the same definition package as 20150221.001 and released it through our LiveUpdate servers. Definition package updates are automatically deployed by Norton and Symantec Endpoint Protection every four hours, unless users manually download them for unmanaged computers or administrators manually deploy them to their managed clients from the SEP Management Server. Users can also manually deploy the update before it is deployed automatically."

:fear::fear:

Microsoft Alerts

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member