Microsoft Alerts

Issues for two Windows kernel patches - Feb 2015

FYI...

Lingering issues for two Windows kernel patches - Feb 2015
- http://windowssecrets.com/patch-watch/lingering-issues-for-two-windows-kernel-patches/
Feb 25, 2015 - "We see fewer and fewer updates appearing on the unofficial, fourth-week Patch Tuesday. But we need that time to clean-up-patch-issues from the -official- Patch Tuesday. As has become typical, February saw -several- troublesome patches. But Microsoft seems to be jumping on them more quickly.

> Changing Lithuania’s currency symbol: KB 3006137 is the only official Microsoft update released this week. Its sole function is to change Lithuania’s currency symbol in Windows from litai (Lt) to euros (€). (The country adopted the euro on Jan. 1.) The update is for all current versions of Windows except Vista. (Win7 users must be on Service Pack 1, and Win8 users must be on Version 2.1 Update [KB 2919355].) You should see KB 3006137 as an -unchecked- optional patch in Windows Update, but Microsoft also offers it as a hotfix. Plus, the patch’s support page includes instructions for manually changing currency symbols and other language settings. Those of you who follow European news know that there’s an ongoing debate on whether to keep the euro. England never adopted it, and there’s recently been speculation that Greece will drop it.
But as a tourist traveling through several European nations last year, I found that using just one currency was efficient and extremely convenient.
- What to do: KB 3006137 is completely optional. If you have no need to work with Lithuanian currency, you -can- skip it — or install it just to keep your system fully up to date.

MS15-009 (3023607, 3038778): IE 11 security feature catches VPN apps: February’s critical Internet Explorer update (MS15-009) fixed -41- vulnerabilities; for IE 11, it also included two companion updates. KB 3038778 is a security enhancement that, by default, prevents SSL 3.0 fallbacks with Protected Mode sites (more info*). This was primarily a defense against POODLE attacks. KB 3023607 was designed to prevent use of the less secure Transport Layer Security protocol."
* http://blogs.msdn.com/b/ie/archive/...y-updates-amp-disabling-ssl-3-0-fallback.aspx
___

- http://www.infoworld.com/article/28...-microsoft-windows-auto-update-meltdowns.html
Feb 26, 2015

:fear::fear:
 
Last edited:
Ms15-009 v1.1 - 3.4.2015

FYI...

MS15-009: Description of the security update for JScript9.dll in Internet Explorer...
** https://support.microsoft.com/kb/3034196
Last Review: Feb 10, 2015 - Rev: 1.0

MS15-009: Description of the security update for Internet Explorer
* https://support.microsoft.com/kb/3021952
Last Review: Feb 19, 2015 - Rev: 5.0
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
Microsoft Internet Explorer 6.0

- https://technet.microsoft.com/en-us/library/security/MS15-009
V1.1 (March 4, 2015): Revised bulletin to clarify what additional updates will be installed, and how they will be installed, when security update 3021952* is installed on systems running Internet Explorer 9, Internet Explorer 10, or Internet Explorer 11.
See the Update FAQ for more information. This is an informational change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
___

- http://www.infoworld.com/article/28...uary-rollup-kb-3034682-will-reboot-twice.html
Mar 5, 2015 - "... if you're updating Windows through Windows Update - manually, without automatic updates - you should check Windows Update a second time, after you've gone through the initial update, and reboot. There may be another patch waiting for you. If you've already applied the February patches using Windows Update, take a minute to go back and make sure there isn't a lingering KB 3034196** ..."

:fear:
 
Last edited:
FREAK security bypass vuln - MS Security Advisory 3046015

FYI...

Microsoft Security Advisory 3046015
Vulnerability in Schannel Could Allow Security Feature Bypass
- https://technet.microsoft.com/en-us/library/security/3046015.aspx
March 5, 2015 - "Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Mitigating Factors: A server needs to support RSA key exchange export ciphers for an attack to be successful.
Recommendation: Please see the Suggested Actions section of this advisory for workarounds* to disable the RSA export ciphers. Microsoft recommends that customers use these workarounds to mitigate this vulnerability...
* https://technet.microsoft.com/en-us/library/security/3046015.aspx#_Apply_Workarounds
Workarounds refer to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available.
• Disable RSA key exchange ciphers using the Group Policy Object Editor (Windows Vista and later systems only).
You can disable the RSA key exchange ciphers in Windows Vista and later systems by modifying the SSL Cipher Suite order in the Group Policy Object Editor..."
(More detail at the MS URL above.)

>> Browser check: https://freakattack.com/ || https://www.ssllabs.com/ssltest/viewMyClient.html
"...If you run a server …
You should immediately disable support for TLS export cipher suites. While you’re at it, you should also disable other cipher suites that are known to be insecure and enable forward secrecy. For instructions on how to secure popular HTTPS server software, we recommend Mozilla’s security configuration guide and their SSL configuration generator. We also recommend testing your configuration with the Qualys SSL Labs SSL Server Test tool**.
If you use a browser …
Make sure you have the most recent version of your browser installed, and check for updates frequently. Updates that fix the FREAK attack should be available for all major browsers soon.
** https://www.ssllabs.com/ssltest/

> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1637
Last revised: 03/06/2015

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204 - 5.0
Last revised: 03/05/2015
___

- http://blog.trendmicro.com/trendlab...freak-vulnerability-forces-weaker-encryption/
"... Microsoft[1] has confirmed all version of Windows are vulnerable. Red Hat confirmed that versions 6 and 7 of Red Hat Enterprise Linux (RHEL)[2] are vulnerable as well. Browsers that are vulnerable to the FREAK vulnerability include Internet Explorer[3], Opera (Mac OS X / Linux)[3], and Safari[3]..."
1] https://technet.microsoft.com/library/security/3046015

2] https://access.redhat.com/articles/1369543

3] http://thehackernews.com/2015/03/freak-openssl-vulnerability_5.html
___

- https://www.us-cert.gov/ncas/current-activity/2015/03/06/FREAK-SSLTLS-Vulnerability
Mar 6, 2015 - "FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204) is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers. Google has released an updated version of its Android OS and Chrome browser for OS X to mitigate the vulnerability. Microsoft has released a Security Advisory that includes a workaround for supported Windows systems. Users and administrators are encouraged to review Vulnerability Note VU#243585* for more information and apply all necessary mitigations as vendors make them available. Users may visit freakattack.com** to help determine whether their browsers are vulnerable..."
* http://www.kb.cert.org/vuls/id/243585

** https://freakattack.com/
___

Microsoft Security Advisory 3046015
Vulnerability in Schannel Could Allow Security Feature Bypass
- https://technet.microsoft.com/en-us/library/security/3046015.aspx
Updated: March 10, 2015 - "... We have issued Microsoft Security Bulletin MS15-031* to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin. The vulnerability addressed is the Schannel Security Feature Bypass Vulnerability - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1637 "

* https://technet.microsoft.com/library/security/MS15-031
March 10, 2015 - "This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection. Any Windows system using Schannel to connect to a remote TLS server with an insecure cipher suite is affected... This security update also addresses the vulnerability first described in Microsoft Security Advisory 3046015[1]. For more information about this update, see Microsoft Knowledge Base Article 3046049[2]."

1] https://technet.microsoft.com/security/advisory/3046015

2] https://support.microsoft.com/kb/3046049

:fear: :fear:
 
Last edited:
MS Security Bulletin Summary - March 2015

FYI...

- https://technet.microsoft.com/library/security/ms15-MAR
March 10, 2015 - "This bulletin summary lists security bulletins released for March 2015...
(Total of -14-)

Microsoft Security Bulletin MS15-018 - Critical
Cumulative Security Update for Internet Explorer (3032359)
- https://technet.microsoft.com/library/security/MS15-018
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-019 - Critical
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3040297)
- https://technet.microsoft.com/library/security/MS15-019
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-020 - Critical
Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836)
- https://technet.microsoft.com/library/security/MS15-020
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-022 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999)
- https://technet.microsoft.com/library/security/MS15-022
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software

Microsoft Security Bulletin MS15-023 - Important
Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege (3034344)
- https://technet.microsoft.com/library/security/MS15-023
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-024 - Important
Vulnerability in PNG Processing Could Allow Information Disclosure (3035132)
- https://technet.microsoft.com/library/security/MS15-024
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-025 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680)
- https://technet.microsoft.com/library/security/MS15-025
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-026 - Important
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3040856)
- https://technet.microsoft.com/library/security/MS15-026
Important - Elevation of Privilege - Does not require restart - Microsoft Exchange

Microsoft Security Bulletin MS15-027 - Important
Vulnerability in NETLOGON Could Allow Spoofing (3002657)
- https://technet.microsoft.com/library/security/MS15-027
Important - Spoofing - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-028 - Important
Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377)
- https://technet.microsoft.com/library/security/MS15-028
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-029 - Important
Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure (3035126)
- https://technet.microsoft.com/library/security/MS15-029
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-030 - Important
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (3039976)
- https://technet.microsoft.com/library/security/MS15-030
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-031 - Important
Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)
- https://technet.microsoft.com/library/security/MS15-031
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/archive/2015/03/10/march-2015-updates.aspx
10 Mar 2015 - "... we released 14 security bulletins to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Exchange, and Internet Explorer... We released one new Security Advisory:
• Availability of SHA-2 code signing support for Windows 7 and Windows Server 2008 R2 (3033929)
Two Security Advisories were revised:
• Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)
• Vulnerability in Schannel Could Allow Security Feature Bypass (3046015)..."

Microsoft Security Advisory 3046015
Vulnerability in Schannel Could Allow Security Feature Bypass
- https://technet.microsoft.com/en-us/library/security/3046015
Published: March 5, 2015 | Updated: March 10, 2015
Version: 2.0 - "Microsoft has completed the investigation into a public report of a vulnerability. We have issued Microsoft Security Bulletin MS15-031[1] to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin. The vulnerability addressed is the Schannel Security Feature Bypass Vulnerability
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1637 "

1] https://technet.microsoft.com/library/security/MS15-031

Microsoft Security Advisory 3033929
Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2
- https://technet.microsoft.com/en-us/library/security/3033929
March 10, 2015 - "Microsoft is announcing the reissuance of an update for all supported editions of Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and verification functionality. This update supersedes the 2949927 update that was rescinded on October 17, 2014 to address issues that some customers experienced after installation. As with the original release, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, and Windows RT 8.1 do not require this update because SHA-2 signing and verification functionality is already included in these operating systems. This update is not available for Windows Server 2003, Windows Vista, or Windows Server 2008.
[1]The 3033929 update has affected binaries in common with the 3035131 update being released simultaneously via MS15-025. Customers who download and install updates manually and who are planning to install -both- updates should install the 3035131* update before installing the 3033929** update. See the Advisory FAQ for more information."
* https://support.microsoft.com/kb/3035131

** https://support.microsoft.com/kb/3033929

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: March 10, 2015 - Version: 38.0
___

March 2015 Office Update Release
- http://blogs.technet.com/b/office_s...5/03/10/march-2015-office-update-release.aspx
10 Mar 2015 - "... There are 35 security updates (1 bulletin) and 39 non-security updates..."
> http://technet.microsoft.com/en-us/security/ms15-022
__

- http://www.securitytracker.com/id/1031888 - MS15-018
- http://www.securitytracker.com/id/1031887 - MS15-019
- http://www.securitytracker.com/id/1031890 - MS15-020
- http://www.securitytracker.com/id/1031889 - MS15-021
- http://www.securitytracker.com/id/1031895 - MS15-022
- http://www.securitytracker.com/id/1031896 - MS15-022
- http://www.securitytracker.com/id/1031897 - MS15-023
- http://www.securitytracker.com/id/1031898 - MS15-024
- http://www.securitytracker.com/id/1031899 - MS15-025
- http://www.securitytracker.com/id/1031900 - MS15-026
- http://www.securitytracker.com/id/1031891 - MS15-027
- http://www.securitytracker.com/id/1031893 - MS15-028
- http://www.securitytracker.com/id/1031894 - MS15-029
- http://www.securitytracker.com/id/1031892 - MS15-030
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=19445
2015-03-10

.
 
Last edited:
MS Update 3033929 causing Reboot loop, MS15-027/KB3002657, MS15-025/KB303339 - more

FYI...

MS Update 3033929 causing Reboot loop
- http://krebsonsecurity.com/2015/03/ms-update-3033929-causing-reboot-loop/
12 Mar 2015 - "One of the operating system updates Microsoft released on Tuesday of this week — KB3033929 — is causing a reboot loop for a fair number of Windows 7 users, according to postings on multiple help forums. The update in question does not appear to address a pressing security vulnerability, so users who have not yet installed it should probably delay doing so until Microsoft straightens things out. Various tech help forums ares starting to fill up with requests from Windows 7 users who are experiencing a reboot loop after applying the glitchy patch*, which is a “code signing” update that improves the ability of Windows 7 and Windows Server 2008 R2 systems to validate the integrity and authenticity of programs running on top of the operating system. At this time, none of the tech help forums seem to have a solution for the problem..."
* https://support.microsoft.com/kb/3033929
Last Review: Mar 10, 2015 - Rev: 1.0
___

Netlogon patch KB 3002657, SHA-2 signing patch KB 3033929 - Woes mount ...
- http://www.infoworld.com/article/28...b-3032359-cisco-anyconnect-fix-confirmed.html
Mar 12, 2015 - "... Complaints are mounting among admins that the Netlogon spoofing patch, MS15-027/KB 3002657* is causing more problems... In addition to log-on failures with EMC Isilon clusters, there are also problems with Outlook, SharePoint, and NAS drives... Spiceworks also has a lengthy thread on this topic. No idea when/if Microsoft will pull the patch, but clearly it's causing lots of problems... Posters on the Patchmanagement List are complaining about a detection problem with the kernel patch MS15-025/KB 3033395** installing on Windows 2003 R2 servers. Apparently the update mechanism fails to identify the patch once it's installed, and offers it up repeatedly... confirmation on yesterday's report that the RDP patch MS15-030/KB 3036493*** requires multiple reboots - at least in some situations. It has been added to the official list of multiple-reboot renegades maintained in KB 2894518****. Admins take note: Your patching sequences may get clobbered... seeing a lot of complaints about the size of this month's bundle of patches. Those of you with Office, for example, may see as many as 50 or 60 individual patches in a swollen download package of 400MB or more..."
* https://support.microsoft.com/kb/3002657
Last Review: Mar 10, 2015 - Rev: 1.0
** https://support.microsoft.com/kb/3033395
Last Review: Mar 10, 2015 - Rev: 1.0
*** https://support.microsoft.com/kb/3036493
Last Review: Mar 10, 2015 - Rev: 1.0
**** https://support.microsoft.com/kb/2894518
Last Review: Mar 12, 2015 - Rev: 15.0
___

KB 3033929 install fails, with multiple errors
- http://www.infoworld.com/article/28...rors-80004005-800b0100-80070002-80070005.html
Mar 12, 2015
____

- http://windowssecrets.com/patch-watch/marchs-patch-tuesday-comes-in-like-a-lion/
Mar 11, 2015 - "... Along with a slug of Windows security fixes, Office gets an astounding 35 security updates — plus the usual load of nonsecurity fixes.
MS15-018 (3032359), MS15-019 (3030403, 3030398)
Patching the usual browser suspects: ... browser security starts with keeping Internet Explorer fully patched — even if you rarely use it. IE is deeply tied into Windows.
KB 3032359 (MS15-018) is rated -critical- for client versions of Windows. It fixes -eight- privately reported vulnerabilities and one publicly disclosed vulnerability, and it applies to all supported versions of the browser, including IE in Windows 10 Technical Preview. There are no reports of active exploits at this time. Among other things, the update makes changes to the VBScript engine and ensures proper enforcement of cross-domain policies. This should help prevent attackers from taking control of a PC when a user clicks-a-malicious-webpage.
Those of you still running IE 7 or an earlier version of the browser (or systems lacking IE, such as Windows 2008 Server Core editions) also need KB 3030398 or KB 3030403 (MS15-019), a related fix for the Windows VBScript engine. These updates should show up on Vista, Server 2003, Server 2008, and some Server Core machines. PCs running Windows 8 or higher will see an Adobe Flash Player update a bit sooner than those running Win7. As noted in MS Security Advisory 2755801, Microsoft released KB 3044132 for embedded Flash on March 10. Adobe’s Flash update will be released two days later... "

:fear::fear:
 
Last edited:
MS KB revision updates ...

FYI... MS KB revision updates:

MS15-018: Cumulative security update for Internet Explorer...
- http://support.microsoft.com/en-us/kb/3032359
Last Review: Mar 16, 2015 - Rev: 3.0
Applies to:
•Internet Explorer 10
•Internet Explorer 11
•Microsoft Internet Explorer 6.0
•Windows Internet Explorer 7
•Windows Internet Explorer 8
•Windows Internet Explorer 9
___

MS15-020 - Critical
Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836)
- https://technet.microsoft.com/library/security/MS15-020
V1.1 (March 10, 2015): Bulletin revised to better explain the attack vector for the DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096).
Updated: March 10, 2015 - "... For more information about this update, see Microsoft Knowledge Base Article 3041836*..."

MS15-020 ... remote code execution
* - https://support.microsoft.com/en-us/kb/3041836
"Known issues and additional information about this security update:
The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link...":
Last Review: Mar 12, 2015 - Rev: 2.0

Related:

MS15-020 ... Windows text svcs
- https://support.microsoft.com/en-us/kb/3033889
Last Review: Mar 14, 2015 - Rev: 2.0

MS15-020 ... Windows shell
- https://support.microsoft.com/en-us/kb/3039066
Last Review: Mar 14, 2015 - Rev: 3.0

:fear:
 
Last edited:
Netlogon patch KB 3002657 re-issued

FYI...

Netlogon patch KB 3002657 re-issued
If you're running Win Svr 2003, Microsoft advises you install KB 3002657-v2 on top of the first patch
- http://www.infoworld.com/article/28...issues-botched-netlogon-patch-kb-3002657.html
Mar 17, 2015 - "... Microsoft finally acknowledged the problem and posted a fix - for Windows Server 2003 -only- although I've seen unverified reports of similar problems on other versions of Windows Server... The KB article references problems with EMC Isilon OneFS in the "Known Issues" section...
Updated Security Bulletin MS15-027:
- https://technet.microsoft.com/library/security/MS15-027 "
Updated: March 16, 2015 - Ver: 2.0
V2.0 (March 16, 2015): To address a connectivity issue with update 3002657 when installed on supported editions of Windows Server 2003, Microsoft released update 3002657-v2 for all supported editions of Windows Server 2003. Customers who have not already installed the 3002657 update should install update 3002657-v2 to be fully protected from this vulnerability. To avoid the possibility of future detection logic problems, Microsoft recommends that customers running Windows Server 2003 who have already successfully installed the 3002657 update -also- apply update 3002657-v2 even though they are already protected from this vulnerability. Customers running other Microsoft operating systems are not affected by this re-release and do not need to take any action. See Microsoft Knowledge Base Article 3002657* for more information."
* https://support.microsoft.com/en-us/kb/3002657
Last Review: Mar 17, 2015 - Rev: 2.0

:fear::fear:
 
MS Security Advisory 3046310 ...

FYI...

MS Security Advisory 3046310
Improperly Issued Digital Certificates Could Allow Spoofing
- https://isc.sans.edu/diary.html?storyid=19475
Mar 16, 2015 - "Microsoft is aware of an improperly issued SSL certificate for the domain “live.fi” that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. To help protect customers from potentially fraudulent use of this digital certificate, it has been revoked by the issuing CA and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of certificates that are causing this issue... For customers running Windows Server 2003, or for customers who choose not to install the automatic updater of revoked certificates, Microsoft recommends that the 3046310 update* be applied immediately using update management software, by checking for updates using the Microsoft Update service, or by downloading and applying the update manually..."
* https://support.microsoft.com/en-us/kb/3046310
Last Review: Mar 16, 2015 - Rev: 1.0
(See 'Applies to...')
___

Support for urgent Trusted Root updates for Windows Root Certificate Program in Windows
- https://support2.microsoft.com/default.aspx?scid=kb;en-us;3004394
Last Review: Mar 16, 2015 - Rev: 4.0
(See 'Applies to...')
___

Update Rollup 16 for Exchange Server 2007 SP3
- https://support.microsoft.com/en-us/kb/3030086
Last Review: Mar 17, 2015 - Rev: 1.0
Applies to:
Microsoft Exchange Server 2007 Service Pack 3, when used with:
Microsoft Exchange Server 2007 Enterprise Edition
Microsoft Exchange Server 2007 Standard Edition

:fear:
 
MS Security Advisory 3046310 - V2 Rev3

FYI...

Microsoft Security Advisory 3046310
Improperly Issued Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/en-us/library/security/3046310.aspx
Published: March 16, 2015 | Updated: March 19, 2015
V2.0 (March 19, 2015): Advisory re-released to announce that the update for supported editions of Windows Server 2003 is now available. See Knowledge Base Article 3046310* for more information and download links.
* https://support.microsoft.com/en-us/kb/3046310
Last Review: Mar 19, 2015 - Rev: 3.0
(See "Applies to...")

:fear:
 
MS15-018, MS15-020, MS15-027 revisions ...

FYI...

MS15-018: Cumulative security update for Internet Explorer...
- https://support.microsoft.com/en-us/kb/3032359
Last Review: Mar 16, 2015 - Rev: 3.0
"... Known issues with this security update:
After you install this security update, applications may crash when they render table-based content in Internet Explorer 11, Internet Explorer 10, Internet Explorer 9, and Internet Explorer 8.
Status: Microsoft is working on a fix for this issue..."
___

MS15-020: Description of the security update for Windows text services ...
- https://support2.microsoft.com/default.aspx?scid=kb;en-us;3033889
Last Review: Mar 18, 2015 - Rev: 3.0

- https://support.microsoft.com/en-us/kb/3048778
Last Review: Mar 20, 2015 - Rev: 4.0
(See "Applies to...")
___

MS15-027: Vulnerability in NETLOGON could allow spoofing...
- https://support.microsoft.com/en-us/kb/3002657
Last Review: Mar 20, 2015 - Rev: 5.0
(See "Applies to...")
___

Enterprise Site Discovery on IE8, IE9, IE10, and IE11
- http://blogs.msdn.com/b/ie/archive/...e8-ie9-ie10-and-new-privacy-enhancements.aspx
March 20, 2015 - "... The March 2015 update expands Enterprise Site Discovery beyond Internet Explorer 11 to include Internet Explorer 8, 9, & 10. By default, data collection is turned off. When collection is enabled, data will be collected from all sites visited by users with Internet Explorer unless otherwise configured. Data is collected during each browsing event and is associated to the browsed URL..."
(More detail at the URL above.)

:fear::fear:
 
MS Security Advisory - Digital Certificates / Compat updts - Win7, Win8, 8.1

FYI...

Microsoft Security Advisory 3050995
Improperly Issued Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/library/security/3050995?f=255&MSPPError=-2147217396
March 24, 2015 - "Microsoft is aware of digital certificates that were improperly issued from the subordinate CA, MCS Holdings, which could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The improperly issued certificates cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. To help protect customers from the potentially fraudulent use of these improperly issued certificates, Microsoft is updating the Certificate Trust list (CTL) to remove the trust of the subordinate CA certificate. The trusted root Certificate Authority, the China Internet Network Information Center (CNNIC), has also revoked the certificate of the subordinate CA. Microsoft is working on an update for Windows Server 2003 customers and will release it once fully tested..."
- https://support.microsoft.com/en-us/kb/3050995
Last Review: Mar 24, 2015 - Rev: 1.0
(See "Applies to...")
___

Microsoft Security Bulletin MS15-031 - Important
Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)
- https://technet.microsoft.com/en-us/library/security/MS15-031
V1.1 (March 24, 2015): Revised bulletin to add an FAQ directing customers to Microsoft Knowledge Base Article 3050509* for instructions on how to disable EXPORT ciphers after installing the update on Windows Server 2003 systems.
* https://support.microsoft.com/en-us/kb/3050509
Last Review: Mar 24, 2015 - Rev: 1.0
Applies to:
Microsoft Windows Server 2003 SP2
___

Compatibility update for upgrading Windows 7
- https://support.microsoft.com/en-us/kb/2952664
Last Review: Mar 24, 2015 - Rev: 6.0
Applies to:
Windows 7 SP1, when used with:
Windows 7 Enterprise
Windows 7 Home Basic
Windows 7 Home Premium
Windows 7 Professional
Windows 7 Starter
Windows 7 Ultimate
___

Compatibility update for Windows 7 RTM
- https://support.microsoft.com/en-us/kb/2977759
Last Review: Mar 24, 2015 - Rev: 6.0
Applies to:
Windows 7 Enterprise
Windows 7 Home Premium
Windows 7 Home Basic
Windows 7 Professional
Windows 7 Starter
Windows 7 Ultimate
___

Compatibility update for Windows 8.1 and Windows 8
- https://support.microsoft.com/en-us/kb/2976978
Last Review: Mar 24, 2015 - Rev: 7.0
Applies to:
Windows 8.1 Enterprise
Windows 8.1
Windows 8.1 Pro
Windows 8 Enterprise
Windows 8
Windows 8 Pro
___

An update to enable an automatic update from Windows 8 to Windows 8.1
- https://support.microsoft.com/en-us/kb/3008273
Last Review: Mar 24, 2015 - Rev: 5.0
Applies to:
Windows 8 Pro
Windows 8 Pro N
Windows 8
Windows RT

:fear::fear:
 
Last edited:
KB 2876229 can hijack your browser

FYI...

KB 2876229 can hijack your browser
Microsoft's patch installs Skype, which by default makes MSN your home page and Bing your search engine
- http://www.infoworld.com/article/29...patch-kb-2876229-can-hijack-your-browser.html
March 25, 2015 - "If you were somehow possessed to install the "optional" KB 2876229 patch, make sure you -uncheck- the correct installer boxes, or your Internet Explorer home page will be hijacked and the default search engine changed. That's the default behavior of this boorish Microsoft KB-numbered installer, pushed through the Windows Update chute.
Yesterday's fourth-Tuesday patch round included a rather special patch. Identified as "Skype for Windows desktop 7.0 (KB2876229)," it's an -unchecked- patch offered up for systems that don't already have Skype installed:
> http://core0.staticworld.net/images...ype-optional-update-100575390-medium.idge.jpg
While you might expect Windows Update to include, uh, Windows updates, this is a patch of a different color. If you check the box and install KB 2876229, Microsoft runs the Windows-based Skype installer. It's the plain vanilla Skype installer, not an update or a patch. Which might not be too bad, but the Skype installer asks if you want to make MSN your home page and if you want to make Bing your default search engine. Unless you uncheck the requisite boxes in the installer, your browser gets taken over.
Welcome to the kind of garbage you would expect to see from Oracle, which still rigs the Java installer to add the Ask toolbar and reset your search engine to Ask."

:fear::fear:
 
MS Updates released for Win 8.1, Win7SP1, Outlook 2010

FYI...

Update enables additional capabilities for Windows Update notifications in Windows 8.1 and Windows 7 SP1
- https://support.microsoft.com/en-us/kb/3035583
Last Review: Mar 27, 2015 - Rev: 1.0 - "This update enables additional capabilities for Windows Update notifications when new updates are available to the user. It applies to a computer that is running Windows 8.1 or Windows 7 Service Pack 1 (SP1)...
Prerequisites: To install this update, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) installed in Windows 8.1. Or, install Windows 7 SP1...
Applies to:
Windows 8.1 Pro
Windows 8.1
Windows 7 Service Pack 1, when used with:
Windows 7 Ultimate
Windows 7 Professional
Windows 7 Home Premium
Windows 7 Home Basic
Windows 7 Starter

Mystery patch ...
- http://www.infoworld.com/article/29...w-about-mystery-windows-patch-kb-3035583.html
Mar 30, 2015
___

March 26, 2015 update for Outlook 2010
- https://support.microsoft.com/en-us/kb/2965290
Last Review: Mar 26, 2015 - Rev: 1.0 - "This update fixes the following issues:
After you migrate from Microsoft Exchange Server 2010 or Microsoft Exchange Server 2007 to Microsoft Exchange Server 2013, a user's Offline Address Book does not download.
When a user opens an .eml file in cached mode, a Reply, Reply All, or Forward operation results in an empty header block in the body instead of correctly propagating the To and Cc fields.
Mail Tips cannot be retrieved when an item is opened by using an add-in before a connection to the server that is running Exchange Server is established.
Accessibility in the Recover Deleted Items dialog box is poor.
In configurations in which many people use shared folders, members are removed from a large, shared personal distribution when you modify the contents of the distribution...
Applies to:
Microsoft Office 2010 Service Pack 2, when used with:
Microsoft Outlook 2010

:fear::fear:
 
Last edited:
KB3035583 is a Win10 prompter ...

FYI...

KB3035583 is a Win10 prompter/downloader that nags users about upgrading to Win 10 ...
- http://www.infoworld.com/article/29...ed-it-s-a-windows-10-prompter-downloader.html
Apr 6, 2015 - "... KB 3035583 is a shill for Windows 10. As poster rugk on the eset Security Forum says, it's "an adware/PUA/PUS/PUP for Windows 10 upgrade." Aldershoff goes into detail:
'Once the update is downloaded it adds a folder to System32 called "GWX" which contains 9 files and a folder called "Download". One of the four .EXE files reveals what the update really is, the description of GWXUXWorker.EXE states, "Download Windows 10?. This explains the X in the name, the X is the Romanian [sic] number 10.'
The folder also contains "config.xml" which contains some URLs that at the moment of writing didn't work. The config file mentions "OnlineAdURL" that points to https://go.microsoft.com/fwlink/?LinkID=526874 and Telemetry BaseURL pointing to http://g.bing.com/GWX/ .
Dudau adds:
'In the same system folder, users can find a config XML file that goes through the program's behavior depending on what "phase" Windows 10 is in. For example, currently the program doesn't display any notifications or act in any way because we're currently in the "None" phase. But as we get to the "RTM" phase of Windows 10, users will likely see a new Live Tile show up on their Start Screen, pointing to the upcoming OS. Similarly, taskbar notifications will also be displayed when Windows 10 launches, prompting users to update.'
Is the patch an -unwanted- intrusion or just a convenient way to let Windows 7, 8, and 8.1 users upgrade to the (free) Windows 10?"

- http://www.infoworld.com/article/29...83-now-marked-important-on-some-win7-pcs.html
Apr 8, 2015

:fear::fear:
 
Last edited:
MS Security Bulletin Summary - April 2015

FYI...

- https://technet.microsoft.com/library/security/ms15-apr
April 14, 2015 - "This bulletin summary lists security bulletins released for April 2015...
(Total of -11-)

Microsoft Security Bulletin MS15-032 - Critical
Cumulative Security Update for Internet Explorer (3038314)
- https://technet.microsoft.com/library/security/MS15-032
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-033 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)
- https://technet.microsoft.com/library/security/MS15-033
Critical - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-034 - Critical
Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
- https://technet.microsoft.com/library/security/MS15-034
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-035 - Critical
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306)
- https://technet.microsoft.com/library/security/MS15-035
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-036 - Important
Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044)
- https://technet.microsoft.com/library/security/MS15-036
Important - Elevation of Privilege - May require restart - Microsoft Server Software, Productivity Software

Microsoft Security Bulletin MS15-037 - Important
Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269)
- https://technet.microsoft.com/library/security/MS15-037
Important - Elevation of Privilege - Does not require restart - Microsoft Windows

Microsoft Security Bulletin MS15-038 - Important
Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576)
- https://technet.microsoft.com/library/security/MS15-038
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-039 - Important
Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482)
- https://technet.microsoft.com/library/security/MS15-039
Important - Security Feature Bypass - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-040 - Important
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711)
- https://technet.microsoft.com/library/security/MS15-040
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-041 - Important
Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)
- https://technet.microsoft.com/library/security/MS15-041
Important - Information Disclosure - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS15-042 - Important
Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234)
- https://technet.microsoft.com/library/security/MS15-042
Important - Denial of Service - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/archive/2015/04/14/april-2015-updates.aspx
14 Apr 2015 - "... we released 11 security bulletins... We released one new Security Advisory:
Update to Improve PKU2U Authentication (3045755)
- https://technet.microsoft.com/en-us/library/security/3045755.aspx
One Security Advisory was revised:
SSL 3.0 Update (3009008): https://technet.microsoft.com/en-us/library/security/3009008.aspx

- https://technet.microsoft.com/library/security/2755801
V39.0 (April 15, 2015): Added the 3049508 update* to the Current Update section.
Update for vulnerabilities in Adobe Flash
* https://support.microsoft.com/en-us/kb/3049508
Last Review: April 15, 2015 - Rev: 3.0
___

Exploitability Index:
- https://technet.microsoft.com/en-us/library/security/ms15-apr.aspx#ID0EPEAC
___

April 2015 Office Update Release
- http://blogs.technet.com/b/office_s...5/04/14/april-2015-office-update-release.aspx
14 Apr 2015 - "... There are 13 security updates (2 bulletins) and 42 non-security updates...
Security Bulletin MS15-033: https://technet.microsoft.com/en-us/security/ms15-033
Security Bulletin MS15-036: https://technet.microsoft.com/en-us/security/ms15-036 ..."
___

- http://www.securitytracker.com/id/1032108 - MS15-032
- http://www.securitytracker.com/id/1032104 - MS15-033
- http://www.securitytracker.com/id/1032109 - MS15-034
- http://www.securitytracker.com/id/1032110 - MS15-035
- http://www.securitytracker.com/id/1032111 - MS15-036
- http://www.securitytracker.com/id/1032112 - MS15-037
- http://www.securitytracker.com/id/1032113 - MS15-038
- http://www.securitytracker.com/id/1032114 - MS15-039
- http://www.securitytracker.com/id/1032115 - MS15-040
- http://www.securitytracker.com/id/1032116 - MS15-041
- http://www.securitytracker.com/id/1032117 - MS15-042
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=19577
2015-04-14

.
 
Last edited:
MS April patches show signs of trouble...

FYI...

Microsoft woes: Re-issued patch KB 3013769 crashes, Skype for Business rolls, Windows 10 nagware resurfaces
Several of this month's Black Tuesday patches are already showing signs of trouble
- http://www.infoworld.com/article/29...olls-win10-nagware-kb-2990214-resurfaces.html
Apr 15, 2015 - "Microsoft usually releases a list of non-security patches several days before the Black Tuesday rollout, but this month there was no information until several hours after the patches hit. That's a problem for users, particularly because Microsoft's track record with patches is so bad -- and this month is no exception. Yesterday Microsoft released dozens of patches for Windows in 11 bulletins covering 26 individually identified CVEs (common vulnerabilities and exposures), including 10 in Internet Explorer, four re-released security changes, and nine changes to non-security patch installers. The .Net security bulletin alone gives rise to 10 different downloadable patches... Not to be outdone, the Office team released a bewildering array of updates for Office 2013, including 13 security patches, two bulletins, and 42 non-security patches. Note that you must have Office 2013 SP1 before you can install any of these patches. There's also a Security Advisory about Public Key Cryptography User-to-User (PKU2U), called KB 3045755. It's still early in the game, but here are the problems I saw that cropped up overnight. KB 3013769, the December 2014 update rollup for Windows 8.1 and Server 2012 R2, has been re-released as an optional update. Many people using Kaspersky Antivirus report that installing the patch triggers a blue screen..."
(More detail at the infoworld URL above.)

:fear::fear:
 
MS15-034: HTTP.sys (IIS) ... PATCH NOW

FYI...

MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution - PATCH NOW
- https://isc.sans.edu/diary.html?storyid=19583
Last Updated: 2015-04-16 18:05:38 UTC - "Denial of Service (DoS) exploits are widely available to exploit CVE-2015-1635, a vulnerability in HTTP.sys, affecting Internet Information Server(IIS). The patch was released on Tuesday (April 14th) as part of Microsoft's Patch Tuesday. Due to the ease with which this vulnerability can be exploited, we recommend that you expedite patching this vulnerability.
Update: We are seeing active exploits hitting our honeypots from 78.186.123.180. We will be going to Infocon Yellow as these scans use the DoS version, not the "detection" version of the exploit. The scans appear to be "Internet wide"... Based on posts on Twitter, 171.13.14.0/24 is also sending the exploit code in 'somewhat targeted' scans..."

Microsoft Security Bulletin MS15-034 - Critical
Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
* https://technet.microsoft.com/library/security/MS15-034
April 14, 2015
> https://support.microsoft.com/en-us/kb/3042553
Last Review: April 14, 2015 - Rev: 1.0
(SEE: 'Applies to...")

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1635 - 10.0 (HIGH)
"... HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability..."

- http://news.netcraft.com/archives/2...ity-affects-at-least-70-million-websites.html
16 April, 2015

- http://blog.trendmicro.com/trendlab...t-risk-the-http-protocol-stack-vulnerability/
Apr 22, 2015
___

KB 2965295, KB 2965270 freeze Calendar and syncing, cause lockouts
- http://www.infoworld.com/article/29...eeze-calendar-and-syncing-cause-lockouts.html
Apr 16, 2015 - "... more and more reports of problems with two new patches: KB 2965295, the 'April 14, 2015 update for Outlook 2010' and KB 2965270, descriptively entitled 'April 14, 2015 update for Outlook 2013'. I'm also hearing new rumblings about our old friends KB 2956128 - the February Outlook 2010 update rollup (with problems that Microsoft promised to fix 'by the 3rd week of April') - and its successor of sorts, KB 2956203, the 'March 10, 2015 update for Outlook 2010'..."
(More detail at the infoworld URL above.)

:fear::fear:
 
Last edited:
MS Windows 0-day - in-the-wild ...

FYI...

MS Windows 0-day - in-the-wild ...
- http://www.securitytracker.com/id/1032155
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1701 - 7.2 (HIGH)
Apr 20 2015
Impact: Root access via local system
Vendor Confirmed: Yes
Description: A vulnerability was reported in Microsoft Windows. A local user can obtain system privileges on the target system. A local user can run a specially crafted program to execute a callback to use data from the system token and execute code with System privileges.
Microsoft Windows 8 and later are reportedly not affected.
This vulnerability is being actively exploited.
The original advisory is available at:
- https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
Apr 18, 2015
"FireEye reported this vulnerability..."

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1701 - 7.2 (HIGH)
Last revised: 04/21/2015 - "... as exploited in the wild in April 2015..."
___

- http://www.theinquirer.net/inquirer...s-exploiting-flaws-in-adobe-flash-and-windows
Apr 20 2015 - "... Microsoft is aware of the outstanding local privilege escalation vulnerability in Windows, named CVE-2015-1701, but has -not- yet issued a patch... updating Adobe Flash to the latest version will render the exploit -harmless- because it has seen CVE-2015-1701 in use -only- in conjunction with the Adobe Flash exploit for CVE-2015-3043. The Flash exploit is served from unobfuscated HTML/JS. The launcher page picks one of two Flash files to deliver depending on the target's platform... The APT28 attackers relied heavily on the CVE-2014-0515 Metasploit module to conduct these new exploits..."
___

MS15-051...
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)
- https://technet.microsoft.com/library/security/ms15-051
May 12, 2015
- https://support.microsoft.com/en-us/kb/3057191
Last Review: May 13, 2015 - Rev: 2.0

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1701
Last revised: 05/13/2015
7.2 (HIGH)

:fear::fear:
 
Last edited:
More MS patch isssues - 4.20.2015 ...

FYI...

'Optional' Windows 8.1 update KB 3022345 fails to install with error 800F0922
- http://www.infoworld.com/article/29...345-fails-to-install-with-error-800f0922.html
Apr 22, 2015 - "At least one of the optional Windows updates Microsoft released yesterday is running into problems. Messages are popping up in every corner of the Web that patch KB 3022345 -- an "Update to enable the Diagnostics Tracking Service in Windows 8.1 and Windows Server 2012 R2" -- triggers an installation failure 800F0922..."
* https://support.microsoft.com/en-us/kb/3022345
Last Review: Apr 21, 2015 - Rev: 2.0
___

Microsoft to release massive set of 34 non-security patches Tuesday
- http://www.infoworld.com/article/29...non-security-patches-coming-this-tuesday.html
Apr 20, 2015 - "The official list of Windows Update patches was updated over the weekend to show that 34 patches rated "optional" are headed for the Automatic Update chute this Tuesday, April 21...
For those Windows users with Automatic Update turned on, who automatically install optional updates, this could prove to be a rocky Tuesday."
(More detail at the infoworld URL above.)
___

IE11 patch KB 3038314 blocks search engines and may fail with error 80092004
The latest IE11 patch prevents some Windows users from adding Google as a search provider - if it finishes installing at all
- http://www.infoworld.com/article/29...ers-install-may-fail-with-error-80092004.html
Apr 20, 2015 - "We don't know the full extent of the problem yet, but it appears the latest Internet Explorer patch prevents Internet Explorer 11 - and possibly other versions of IE - from installing Google and other search engines. And the problem may go beyond Windows 7 SP1 and Windows 8.1 Update 1 PCs. Many IE11 customers are reporting on the Microsoft Answers Forum* (and elsewhere**) that the latest IE11 patch rollup, MS15-032 KB 3038314***, reports that it failed to install with error 80092004. Others say the download on that patch -stalls- at 11 percent and doesn't budge, or that the download kicks out at 11 percent with the same failed-to-install error message, code 80092004... No response yet from Microsoft, of course."
(More detail at the infoworld URL above.)
* http://answers.microsoft.com/en-us/...80092004/f2348f9a-fc62-4800-879e-3bca16e3f3cc

** http://www.techspot.com/community/topics/kb3038314-fails-today-2014-4-17.212083/

*** https://support.microsoft.com/en-us/kb/3038314
___

KB 2952664 triggers daily telemetry run in Windows 7 - and may be snooping on users
Microsoft bills the 'compatibility update' as way to ease the upgrade process to Windows 10 - but it's collecting data daily
- http://www.infoworld.com/article/29...cted-daily-telemetry-run-may-be-snooping.html
Apr 20, 2015 - "If you think that KB 2952664* just tweaks your system a bit to improve the upgrade process, you may be in for a surprise. It could also be triggering a daily telemetry run and maybe even snooping on you. KB 2952664 is billed as a "compatibility update for upgrading Windows 7… [that] helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows." So I was surprised when reader Carl Anderson sent me an email, pointing out a Microsoft Answers forum thread** that accuses the February 2015 Black Tuesday patches of installing a process that red-lines one core of the CPU every time Windows 7 is started..."
(More detail at the infoworld URL above.)
* https://support.microsoft.com/en-us/kb/2952664

** http://answers.microsoft.com/en-us/...l/b29bdffd-56e2-418f-b0c5-a7f3dfbab2b5?page=1

:fear::fear::fear:
 
Last edited:
April Patch Watch... notes

FYI...

April Patch Watch... notes
- http://windowssecrets.com/patch-watch/an-april-patch-watch-special-edition-report/
Apr 22, 2015 - "As if the list of April’s Patch Tuesday nonsecurity fixes weren’t long enough, Microsoft has just released another downpour of patches. These are, for the most part, operating-system updates, primarily for Windows 8.1. None is critical... a second release of nonsecurity updates in the same month is -not- what I had in mind...
Two security-update notes: There are a few reports of problems with Internet Explorer cumulative update KB 3038314. After installing the patch, some users are unable to add another search provider...
Another update, KB 3045999 (MS15-038), is being flagged by software vendor Romax. The company states that the update is incompatible with the company’s software and recommends that its customers remove it. This problem is probably not widespread, but it’s a reminder to keep updates in mind anytime an application starts misbehaving..."

MS15-032: Cumulative security update for Internet Explorer...
> https://support.microsoft.com/en-us/kb/3038314/
Last Review: 04/24/2015 - Rev: 4.0

MS15-038: Description of the security update for Windows...
> https://support.microsoft.com/en-us/kb/3045999/
Last Review: 04/14/2015 - Rev: 1.0

Windows Update KB3045999 Incompatability With All Romax Software...
- http://support.romaxtech.com/entrie...45999-Incompatability-With-All-Romax-Software
Apr 17, 2015

:fear::fear:
 
Last edited:
You must log in or register to reply here.
Back
Top