Microsoft Alerts

No wireless networks are available after you upgrade from Windows 8.1 to Windows 10

FYI...

No wireless networks are available after you upgrade from Windows 8.1 to Windows 10
- https://support.microsoft.com/en-us/kb/3084164
Last Review: 08/05/2015 - Rev: 12.0
"Note: Multiple issues may cause this problem. This article lists the known issues and the appropriate resolutions..."
___

Specifications: an overview of requirements, editions, and languages available for Windows 10.
- https://www.microsoft.com/en-us/windows/windows-10-specifications#upgrade
___

MS rolls out first official Windows 10 patches: KB 3081424, KB 3081427
The first post-July 29 updates include little documentation, but know that one of them clocks in at more than 300MB
- http://www.infoworld.com/article/29...windows-10-patches-kb-3081424-kb-3081427.html
Aug 5, 2015 - "Microsoft is rolling out a cumulative update for Windows 10, identified as KB 3081424*, which replaces the earlier cumulative update KB 3074683**, which, in turn, fixed a Windows Explorer crash caused by KB 3074681. To install KB 3081424, you must already have KB 3074683 on your machine. This should be a given, since updates are forced onto Win10 Home and Win10 Pro machines that aren’t attached to an update server. As best I can tell, this is the first post-July 29 cumulative update for Windows 10. It’s huge, with many hundreds of changed files in the manifest..."

* https://support.microsoft.com/en-us/kb/3081424
Last Review: 08/05/2015 - Rev: 3.1
Applies to:
Windows 10

** https://support.microsoft.com/en-us/kb/3074683
Last Review: 08/04/2015 - Rev: 5.0
Applies to:
Windows 10 Home, released in July 2015
Windows 10 Enterprise, released in July 2015
Windows 10 Education, released in July 2015
Windows 10 Pro, released in July 2015

- https://support.microsoft.com/en-us/kb/3074681
Last Review: 07/31/2015 - Rev: 3.0
Applies to:
Windows 10

:fear::fear:
 
Last edited:
Error opening Office docs after upgrading to Win10

FYI...

Error opening Office docs after upgrading to Win10
- https://support.microsoft.com/en-us/kb/3086786
Last Review: 08/04/2015 - Rev: 1.0 - "Symptoms: After upgrading from Windows 7 to Windows 10, you may find that some of your Office -2013- documents do not open and you receive one of the following errors:
- Word: “Word experienced an error trying to open the file”
- Excel: “This file is corrupt and cannot be opened”
- PowerPoint: one of the following -
“The application was unable to start correctly"
“PowerPoint found a problem with <filename>"
“Sorry, PowerPoint can’t read <filename>" ...
Resolution: There are two workarounds for this issue. Try the first workaround, and if that doesn’t resolve the issue, try the second...:

:fear:
 
MS Security Bulletin Summary - August 2015

FYI...

- https://technet.microsoft.com/en-us/library/security/ms15-aug
Aug 11, 2015 - "This bulletin summary lists security bulletins released for August 2015...
(Total of -14-)

Microsoft Security Bulletin MS15-079 - Critical
Cumulative Security Update for Internet Explorer (3082442)
- https://technet.microsoft.com/library/security/MS15-079
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-080 - Critical
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
- https://technet.microsoft.com/library/security/MS15-080
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, Microsoft Silverlight

Microsoft Security Bulletin MS15-081 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)
- https://technet.microsoft.com/library/security/MS15-081
Critical - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-082 - Important
Vulnerabilities in RDP Could Allow Remote Code Execution (3080348)
- https://technet.microsoft.com/library/security/ms15-082
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-083 - Important
Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921)
- https://technet.microsoft.com/library/security/ms15-083
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-084 - Important
Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129)
- https://technet.microsoft.com/library/security/ms15-084
Important - Information Disclosure - May require restart - Microsoft Windows, Microsoft Office

Microsoft Security Bulletin MS15-085 - Important
Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487)
- https://technet.microsoft.com/library/security/MS15-085
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-086 - Important
Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158)
- https://technet.microsoft.com/en-us/library/security/MS15-086
Important - Elevation of Privilege - Does not require restart - Microsoft Server Software

Microsoft Security Bulletin MS15-087 - Important
Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459)
- https://technet.microsoft.com/library/security/MS15-087
Important - Elevation of Privilege - Does not require restart - Microsoft Windows, Microsoft Server Software

Microsoft Security Bulletin MS15-088 - Important
Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)
- https://technet.microsoft.com/library/security/MS15-088
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-089 - Important
Vulnerability in WebDAV Could Allow Information Disclosure (3076949)
- https://technet.microsoft.com/library/security/MS15-089
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-090 - Important
Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716)
- https://technet.microsoft.com/library/security/MS15-090
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-091 - Critical
Cumulative Security Update for Microsoft Edge (3084525)
- https://technet.microsoft.com/library/security/MS15-091
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS15-092 - Important
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251)
- https://technet.microsoft.com/library/security/MS15-092
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework
___

- http://blogs.technet.com/b/msrc/archive/2015/08/11/august-2015-security-update-release-summary.aspx
11 Aug 2015 - "Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released..."

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- https://technet.microsoft.com/library/security/2755801.aspx
V46.0 (August 11, 2015): Added the 3087916 update...
> https://support.microsoft.com/en-us/kb/3087916
Last Review: 08/13/2015 21:39:00 - Rev: 2.0 - "Known issues with this security update: After you install this security update on a computer that is running Windows 8.1 or Windows Server 2012 R2, you may receive an error message that resembles any of the following:
Adobe Flash Player - An ActionScript error has occurred.
Microsoft is researching this problem and will post more information in this article when the information becomes available..."

> http://blogs.cisco.com/security/talos/ms-tuesday-aug-2015
Aug 11, 2015 - "Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of -14- bulletins released which address -58- CVEs..."
___

MS SRD note: MS15-085 / CVE-2015-1769
- http://blogs.technet.com/b/srd/arch...ssue-exploited-via-a-malicious-usb-stick.aspx
11 Aug 2015
___

August 2015 Office Update Release
- http://blogs.technet.com/b/office_s.../08/11/august-2015-office-update-release.aspx
11 Aug 2015 - "... There are -34- security updates (3 bulletins) and -32- non-security updates..."
MS15-080 - http://technet.microsoft.com/security/ms15-080
MS15-081 - http://technet.microsoft.com/security/ms15-081
MS15-084 - http://technet.microsoft.com/security/ms15-084 ..."
___

MS15-079 - http://www.securitytracker.com/id/1033237
MS15-080 - http://www.securitytracker.com/id/1033238
MS15-081 - http://www.securitytracker.com/id/1033239
MS15-082 - http://www.securitytracker.com/id/1033242
MS15-083 - http://www.securitytracker.com/id/1033243
MS15-084 - http://www.securitytracker.com/id/1033241
MS15-085 - http://www.securitytracker.com/id/1033244
MS15-086 - http://www.securitytracker.com/id/1033245
MS15-087 - http://www.securitytracker.com/id/1033246
MS15-088 - http://www.securitytracker.com/id/1033248
MS15-089 - http://www.securitytracker.com/id/1033249
MS15-090 - http://www.securitytracker.com/id/1033251
MS15-091 - http://www.securitytracker.com/id/1033240
MS15-092 - http://www.securitytracker.com/id/1033253
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=20023
2015-08-11

.
 
Last edited:
Patch Watch - Windows/Office patching

FYI...

Windows/Office patching ...
- http://windowssecrets.com/patch-watch/no-summer-break-from-windowsoffice-patching/
Aug 12, 2015 - "Although it’s the first Patch Tuesday of the Windows 10 era, little has changed — we’re still getting lots of updates, many of which require reboots.
For Win10, most of the separate updates are for Office; the OS updates now come in one big bundle. Win10 imposes a new limitation: updates can be delayed only if you’re using Windows Server Update Services (more info*) on a network.
* https://technet.microsoft.com/en-us/windowsserver/bb332157.aspx
For Windows 7 and 8 users, it’s patching business-as-usual. Fortunately, relatively few of the following updates are critical.
MS15-091(3081436): Windows 10 gets its first Patch Tuesday: Windows 10 has -changed- the updating rules — not for vulnerabilities but for how you receive updates. For example, KB 3081436 is listed as a -critical- security update for the new Microsoft Edge browser.
But the update’s fine print notes that it’s cumulative — i.e., it also includes -all- the August security and nonsecurity fixes for Windows 10. (Win7 and Win8 users will see many of these fixes as -separate- patches.) Along with the -Edge- patch, this update also contains the following patches...
MS15-079 – Internet Explorer
MS15-080 – Microsoft Graphics Component
MS15-085 – Windows Mount Manager
MS15-088 – Command-line parameter passing
MS15-092 – .NET
KB 3081436 is, in fact, -not- Win10’s first cumulative update. Microsoft released KB 3081424 on Aug. 5. Unfortunately, some systems -choked- on KB 3081424**. A WindowsIT Pro article*** described a workaround, but it -required- a Registry hack. If you ran into problems with the Aug. 5 update, the better solution now is to -block- it via the “Show or hide updates” tool offered in KB 3073930[4].
- What to do: For Windows 10, your only option is to choose -when- you’ll allow a reboot."
** https://support.microsoft.com/en-us/kb/3081424

*** http://windowsitpro.com/windows-10/fix-looping-windows-10-cumulative-update

4] https://support.microsoft.com/en-us/kb/3073930

:fear::fear:
 
Cumulative update for Win 10 - Aug 14

FYI...

Cumulative update for Win 10: Aug 14, 2015
- https://support.microsoft.com/en-us/kb/3081438
Last Review: 08/14/2015 - Rev: 1.0
___

Win10's third cumulative update, KB 3081436, still prompts reboots and throws error 0x80070bc9
... It's the same bug all over again - and it looks like Windows 10 feature improvements will wait for October
- http://www.infoworld.com/article/29...voking-endless-reboots-throws-error-0x80.html
Aug 17, 2015 "... KB 3081424* on Aug. 5, KB 3081436** on Aug. 12, and KB 3081438 on Aug. 14. All of the KB articles say: 'This update includes improvements to enhance the functionality of Windows 10'..."
(More detail at the infoworld URL above.)

* https://support.microsoft.com/en-us/kb/3081424
Last Review: 08/05/2015 - Rev: 3.1
Applies to: Windows 10

** https://support.microsoft.com/en-us/kb/3081436
Last Review: 08/11/2015 - Rev: 2.0
Applies to: Windows 10

:fear:
 
Last edited:
MS Security Bulletin MS15-093 - Critical

FYI...

Microsoft Security Bulletin MS15-093 - Critical
Security Update for Internet Explorer (3088903)
- https://technet.microsoft.com/library/security/MS15-093
Aug 18, 2015 - "This security update resolves a vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. This security update is rated Critical for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers...
... prerequisites for update 3087985?
Yes. Customers running Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, or Internet Explorer 11 on Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows RT 8.1 must -first- install the 3078071 update released on August 11, 2015 before installing the 3087985 update."

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2502
Last revised: 08/19/2015 - "... as exploited in the wild in August 2015."
9.3 (HIGH)

- http://arstechnica.com/security/201...tch-for-critical-ie-bug-under-active-exploit/
Aug 18, 2015 - "... CVE-2015-2502, as the remote code-execution flaw is indexed, can be exploited when vulnerable computers visit booby-trapped websites or possibly when they open malicious HTML-based e-mails. The bug involves the way IE stores objects in memory and results in an error that corrupts memory contents..."

- https://support.microsoft.com/en-gb/kb/3087985
Last Review: 08/18/2015 - Rev: 1.0

- https://support.microsoft.com/en-us/kb/3088903
Last Review: 08/18/2015 - Rev: 1.0
___

Cumulative update for Windows 10: August 18, 2015
- https://support.microsoft.com/en-us/kb/3081444
Last Review: 08/18/2015 - Rev: 1.0
___

- http://www.securitytracker.com/id/1033317
CVE Reference: CVE-2015-2502
Aug 18 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 7, 8, 9, 10, 11...
Solution: The vendor has issued a fix.
A patch matrix is available in the vendor advisory.
- https://technet.microsoft.com/library/security/ms15-093
___

- http://blogs.cisco.com/security/talos/ms15-093-oob
Aug 18, 2015 - "... As with most out of band releases, it has been reported that this attack is being exploited in the wild. Users should patch immediately..."

:fear::fear:
 
Last edited:
MS Security Bulletin MS15-080 - V2.0

FYI...

Microsoft Security Bulletin MS15-080 - Critical
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
- https://technet.microsoft.com/library/security/ms15-080
Published: August 11, 2015 | Updated: August 21, 2015
V2.0 (August 21, 2015): "Updated bulletin to inform customers running Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 2, and Windows 7 Service Pack 1 that the 3078601 update on the Microsoft Download Center was -updated- on August 18, 2015. Microsoft recommends that customers who installed the 3078601 update via the Microsoft Download Center prior to August 18 -reinstall- the update to be fully protected from the vulnerabilities discussed in this bulletin. If you installed update 3078601 via Windows Update, Windows Update Catalog, or WSUS, no action is required."

:fear::sad:
 
MS Updates - Aug 27-28, 2015

FYI...

Cumulative Update for Win10: Aug 27, 2015
- https://support.microsoft.com/en-us/kb/3081448
Last Review: 08/27/2015 21:39:00 - Rev: 2.0
___

OOBE Update for Win10: Aug 27, 2015
- https://support.microsoft.com/en-us/kb/3081449
Last Review: 08/27/2015 21:35:00 - Rev: 2.0
___

Compatibility update for upgrading to Win10
- https://support.microsoft.com/en-us/kb/3081452
Last Review: 08/27/2015 21:33:00 - Rev: 2.0
Summary: This update makes improvements to ease the upgrade experience to Windows 10.
This update replaces KB3081441 ...
___

Windows freezes or applications freeze after you install security update 3076895* (MS15-084)
Hotfix Download Available
- https://support.microsoft.com/en-us/kb/3090303
Last Review: 08/28/2015 23:30:00 - Rev: 1.0
Applies to:
Windows 10
Windows Server 2012 R2 Datacenter
Windows Server 2012 R2 Standard
Windows Server 2012 R2 Essentials
Windows Server 2012 R2 Foundation
Windows 8.1 Enterprise
Windows 8.1 Pro
Windows 8.1
Windows RT 8.1
Windows Server 2012 Datacenter
Windows Server 2012 Standard
Windows Server 2012 Essentials
Windows Server 2012 Foundation
Windows 8 Enterprise
Windows 8 Pro
Windows 8
Windows RT
Windows Server 2008 R2 Service Pack 1
Windows 7 Service Pack 1
Windows Server 2008 Service Pack 2
Windows Vista Service Pack 2

* https://support.microsoft.com/en-us/kb/3076895
Last Review: 08/28/2015 23:45:00 - Rev: 2.0

- http://www.infoworld.com/article/29...atch-ms15-084-kb-3076895-breaks-programs.html
Aug 31, 2015

:fear::fear:
 
Last edited:
Win 7, 8, and 10 - user data collection

FYI...

Win 7, 8, and 10 - all collecting user data for MS
Uncomfortable with Windows 10 slurping personal data? Too bad - MS rolls out similar snooping capabilities to Windows 7, Windows 8
- http://www.infoworld.com/article/29...w-all-collecting-user-data-for-microsoft.html
Sep 1, 2015 - "... Some users have opted to not upgrade to Windows 10 over privacy concerns. But three updates have -added- similar data collection capabilities to machines running Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1, and Windows Server 2008 R2 SP1... This monitoring is part of Microsoft’s Customer Experience Improvement Program (CEIP) and is designed to 'improve the products and features customers use most often and to help solve problems' Microsoft said..."

Update for customer experience and diagnostic telemetry
- https://support.microsoft.com/en-us/kb/3068708
Last Review: 06/18/2015 - Rev: 4.0

Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
- https://support.microsoft.com/en-us/kb/3075249
Last Review: 08/18/2015 - Rev: 1.0

Update for customer experience and diagnostic telemetry
- https://support.microsoft.com/en-us/kb/3080149
Last Review: 08/20/2015 - Rev: 3.0

"... If the updates have already been installed, they can be uninstalled via Control Panel by looking up the KB identifier for updates... Windows users who don’t want to be part of the collection program should have a clear and straightforward way to opt out, which doesn’t appear to exist at the moment. Attempts to contact Microsoft about this issue have not yet elicited a response."

:fear::fear:
 
Highs and lows of Win10 patching

FYI...

Highs and lows of Win10 patching
- http://windowssecrets.com/newsletter/sorting-through-the-changes-in-windows-licensing/#story6
Sep 2, 2015 - "Windows 10 has been out a bit over a month, and I’ve developed a love/hate relationship with its patching process. From -forced- driver updates to branch releases, the patching system feels as if it still needs tweaking and fixing. That love/hate feeling starts with Microsoft’s use of cumulative updates for the new OS. Currently, if you buy a new Win7 PC or install the operating system from scratch, you could spend -hours- adding dozens of updates. And the updates aren’t all added at once — you’ll have to work through a series of reboots and update downloads. On the other hand, each Win10 update — at least for now — includes both new and previous fixes. In other words, all released Win10 security and nonsecurity updates are rolled up into each new release. In theory, if you purchase or set up a new Win10 system six months from now, you’ll need only the most recent update to be fully patched. This new process should help give Win10 systems better protection from malware and cyber attackers. What’s annoying about Win10 patching is the thin documentation of what’s included in these releases. A Microsoft spokesperson confirmed this change in a statement to the Register*
* http://www.theregister.co.uk/2015/08/21/microsoft_will_explain_only_significant_windows_10_updates/
... the company will give details only when there are notable (by Microsoft’s measure) changes. More annoying is the loss of control over update installation on consumer systems — unless the machine is attached to a network/domain and the company is using Windows Server Update Services (more info**). I currently have several Win10 test machines up and running. One of the systems is at the office and attached to a domain. Another is at home and connected to a common peer-to-peer network. The office machine lets me install updates when I’m ready; the home system only lets me choose -when- to reboot."
** https://technet.microsoft.com/en-us/windowsserver/bb332157.aspx

:fear::fear:
 
MS Security Bulletin Summary - September 2015

FYI...

- https://technet.microsoft.com/en-us/library/security/ms15-sep
Sep 8, 2015 - "This bulletin summary lists security bulletins released for September 2015...
(Total of -12-)

Microsoft Security Bulletin MS15-094 - Critical
Cumulative Security Update for Internet Explorer (3089548)
- https://technet.microsoft.com/library/security/ms15-094
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-095 - Critical
Cumulative Security Update for Microsoft Edge (3089665)
- https://technet.microsoft.com/library/security/ms15-095
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS15-096 - Important
Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)
- https://technet.microsoft.com/library/security/ms15-096
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-097 - Critical
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656)
- https://technet.microsoft.com/library/security/ms15-097
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office, Microsoft Lync

Microsoft Security Bulletin MS15-098 - Critical
Vulnerabilities in Windows Journal Could Allow Remote Code Execution (3089669)
- https://technet.microsoft.com/library/security/ms15-098
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-099 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664)
- https://technet.microsoft.com/library/security/ms15-099
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft SharePoint Foundation

Microsoft Security Bulletin MS15-100 - Important
Vulnerability in Windows Media Center Could Allow Remote Code Execution (3087918)
- https://technet.microsoft.com/library/security/ms15-100
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-101 - Important
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)
- https://technet.microsoft.com/library/security/ms15-101
Important - Elevation of Privilege - Does not require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS15-102 - Important
Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (3089657)
- https://technet.microsoft.com/library/security/ms15-102
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-103 - Important
Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250)
- https://technet.microsoft.com/library/security/ms15-103
Important - Information Disclosure - May require restart - Microsoft Exchange Server

Microsoft Security Bulletin MS15-104 - Important
Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952)
- https://technet.microsoft.com/library/security/ms15-104
Important - Elevation of Privilege - Does not require restart - Skype for Business Server, Microsoft Lync Server

Microsoft Security Bulletin MS15-105 - Important
Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass (3091287)
- https://technet.microsoft.com/library/security/ms15-105
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/arc...ber-2015-security-update-release-summary.aspx
8 Sep 2015

Microsoft Security Advisory 3083992
Update to Improve AppLocker Publisher Rule Enforcement
- https://technet.microsoft.com/library/security/3083992.aspx
Sep 8, 2015 - "... a defense-in-depth update that improves the enforcement of publisher rules by Windows AppLocker in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The improvement is part of ongoing efforts to bolster the effectiveness of AppLocker controls in Windows..."
___

September 2015 Office Update Release
- http://blogs.technet.com/b/office_s.../08/september-2015-office-update-release.aspx
8 Sep 2015 - "... There are 15 security updates (2 bulletins) and 41 non-security updates..."

> http://technet.microsoft.com/security/ms15-097

> http://technet.microsoft.com/security/ms15-099
___

MS15-094: http://www.securitytracker.com/id/1033487
MS15-095: http://www.securitytracker.com/id/1033491
MS15-096: http://www.securitytracker.com/id/1033492
MS15-097: http://www.securitytracker.com/id/1033485
- http://www.securitytracker.com/id/1033500
- http://www.securitytracker.com/id/1033501
MS15-098: http://www.securitytracker.com/id/1033484
MS15-099: http://www.securitytracker.com/id/1033488
-http://www.securitytracker.com/id/1033489
MS15-100: http://www.securitytracker.com/id/1033499
MS15-101: http://www.securitytracker.com/id/1033493
MS15-102: http://www.securitytracker.com/id/1033494
MS15-103: http://www.securitytracker.com/id/1033495
MS15-104: http://www.securitytracker.com/id/1033497
MS15-105: http://www.securitytracker.com/id/1033496
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=20129
Last Updated: 2015-09-08

.
 
Last edited:
MS15-097: Known issues ...

FYI...

MS15-097: Description of the security update for the graphics component in Windows
- https://support.microsoft.com/en-us/kb/3086255
Last Review: 09/08/2015 17:38:00 - Rev: 2.0
"... Known issues in this security update:
After you install this security update, some programs may not run. (For example, some video games may not run.) To work around this issue, you can temporarily turn on the service for the secdrv.sys driver by running certain commands, or by editing the registry.
Note: When you no longer require the service to be running, we recommend that you turn off the service again.
Warning: This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk..."

:confused:
 
WSUS changes in content / Cumulative update for Windows 10 ...

FYI...

Software Update Services and Windows Server Update Services changes in content for 2015
- https://support.microsoft.com/en-us/kb/894199
Last Review: 09/15/2015 22:18:00 - Revision: 195.0
___

September 2015 Quarterly Exchange Updates
- http://blogs.technet.com/b/exchange...eptember-2015-quarterly-exchange-updates.aspx
15 Sep 2015
___

Cumulative update for Windows 10
- https://support.microsoft.com/en-us/kb/3095020
Last Review: 09/15/2015 20:34:00 - Rev: 1.0

:fear::fear:
 
Last edited:
IE 10, 11, Edge Flash updates

FYI...

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: Sep 21, 2015 - "... Microsoft released an update (3087040) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT; Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10; and Microsoft Edge on Windows 10. The update addresses the vulnerabilities described in Adobe Security bulletin APSB15-23. For more information about this update, including download links, see Microsoft Knowledge Base Article 3087040*."
* https://support.microsoft.com/en-us/kb/3087040
Last Review: 09/21/2015 17:08:00 - Rev: 1.0

:fear:
 
MS servicing stack update - fix MS15-098 install failures...

FYI...

September 2015 servicing stack update for Windows 8 and Windows Server 2012
- https://support.microsoft.com/en-us/kb/3096053
Last Review: 09/23/2015 04:37:00 - Rev: 3.0
"Issues that are fixed in this update:
- This update fixes an issue in which you may not be able to install Security update 3069114 because of corruption that occurs during the installation. After you install update 3096053, update 3069114 can be installed successfully.
- Note: When you install update 3096053, there is a brief delay before the installation is finished. You should wait several minutes to make sure that update 3096053 is fully installed before you try to install update 3069114."

MS15-098: Description of the security update for Windows Journal: September 8, 2015
- https://support.microsoft.com/en-us/kb/3069114
Last Review: 09/08/2015 17:32:00 - Rev: 1.0
(See "Applies to...")

:fear:
 
MS Security Advisory 3097966

FYI...

Microsoft Security Advisory 3097966
Inadvertently Disclosed Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/library/security/3097966
Sep 24, 2015 - "Microsoft is aware of four digital certificates that were inadvertently disclosed by D-Link Corporation that could be used in attempts to spoof content. The disclosed end-entity certificates cannot be used to issue other certificates or impersonate other domains, but could be used to sign code. This issue affects all supported releases of Microsoft Windows. To help protect customers from potentially fraudulent use of the certificates, Microsoft has modified the Certificate Trust List (CTL) to remove trust for the four certificates. Furthermore, the respective issuing certificate authorities have revoked the certificates...
Recommendation: Please see the Suggested Actions section of this advisory for instructions on applying an update for specific releases of Microsoft Windows...
Suggested Actions: Apply the update for supported releases of Microsoft Windows.
An automatic updater of revoked certificates is included in supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, and Windows 10 and for devices running Windows Phone 8 and Windows Phone 8.1. For these operating systems or devices, customers do not need to take any action, because the CTL will be updated automatically. For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 that are using the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070* for details), customers do not need to take any action, because these systems will be automatically protected..."
* https://support.microsoft.com/en-us/kb/2677070
Last Review: 02/17/2014 Rev: 6.0

:fear:
 
Mistakenly-deployed test patch leads to suspicious Windows update

FYI...

Mistakenly-deployed test patch leads to suspicious Windows update
- https://isc.sans.edu/diary.html?storyid=20201
2015-09-30 - "Earlier today, various sources reported a highly-suspicious Windows update. According to Ars Technica, a Microsoft spokesperson stated the company had incorrectly published a test update and is in the process of removing it [1]. The update is no longer available, and ZDNet has confirmed this was a test update "gone errant" [2]:
> https://isc.sans.edu/diaryimages/images/2015-09-30-ISC-diary-image-01.jpg
Shown above: A screenshot someone posted on a Microsoft community forum [3]
Thanks to everyone who notified us at the ISC. See the references below for further information."
1] http://arstechnica.com/security/201...uspicious-windows-update-delivered-worldwide/

2] http://www.zdnet.com/article/microsoft-accidentally-issued-a-test-windows-update-patch/

3] https://answers.microsoft.com/en-us...d/e96a0834-a9e9-4f03-a187-bef8ee62725e?auth=1

:fear::fear:
 
MS KB's that may involve Win8.1 and Win7 Privacy issues

FYI...

MS KB's that may involve Win8.1 and Win7 Privacy issues:

MS snooping?
- http://windowssecrets.com/top-story/attempting-to-answer-whether-ms-is-snooping/
Oct 1, 2015 - See "Windows telemetry service" and "Diagnostic Tracking Service".
___

Update that adds telemetry points to consent.exe in Win8.1 and Win7
- https://support.microsoft.com/en-us/kb/3075249
3075249 - Last Review: 08/18/2015 - Rev: 1.0
See "Applies to: ..."
___

Update for customer experience and diagnostic telemetry
- https://support.microsoft.com/en-us/kb/3080149
Last Review: 09/11/2015 - Rev: 5.0
See "Applies to: ..."
___

Update for customer experience and diagnostic telemetry
- https://support.microsoft.com/en-us/kb/3068708
Last Review: 09/11/2015 - Rev: 6.0
See "Applies to: ..."
___

Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
- https://support.microsoft.com/en-us/kb/3035583
Last Review: 10/05/2015 16:45:00 - Rev: 6.0

Compatibility update for upgrading Windows 7
- https://support.microsoft.com/en-us/kb/2952664
Last Review: 10/06/2015 16:38:00 - Rev: 15.0
Applies to: Windows 7 SP1

- http://www.infoworld.com/article/29...ing-patches-return-kb-3035583-kb-2952664.html
Oct 6, 2015
___

Other update examples could include ...
- https://technet.microsoft.com/en-us/library/security/3083992
- https://technet.microsoft.com/en-us/library/security/3042058
- https://technet.microsoft.com/en-us/library/security/3033929
- https://technet.microsoft.com/en-us/library/security/3004375
- https://support.microsoft.com/kb/3080079
- https://support.microsoft.com/kb/2574819
___

GWX Control Panel (formerly GWX Stopper) to Permanently Remove the 'Get Windows 10' Icon:
- http://blog.ultimateoutsider.com/2015/08/using-gwx-stopper-to-permanently-remove.html

:fear::fear:
 
Last edited:
MS Security Bulletin Summary - October 2015

FYI...

- https://technet.microsoft.com/en-us/library/security/ms15-oct
Oct 12, 2015 - "This bulletin summary lists security bulletins released for October 2015..."
(Total of -6-)

Microsoft Security Bulletin MS15-106 - Critical
Cumulative Security Update for Internet Explorer (3096441)
- https://technet.microsoft.com/library/security/MS15-106
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-107 - Important
Cumulative Security Update for Microsoft Edge (3096448)
- https://technet.microsoft.com/library/security/MS15-107
Important - Information Disclosure - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS15-108 - Critical
Security Update for JScript and VBScript to Address Remote Code Execution (3089659)
- https://technet.microsoft.com/en-us/library/security/MS15-108
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-109 - Critical
Security Update for Windows Shell to Address Remote Code Execution (3096443)
- https://technet.microsoft.com/library/security/MS15-109
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-110 - Important
Security Updates for Microsoft Office to Address Remote Code Execution (3096440)
- https://technet.microsoft.com/library/security/MS15-110
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Server Software

Microsoft Security Bulletin MS15-111 - Important
Security Update for Windows Kernel to Address Elevation of Privilege (3096447)
- https://technet.microsoft.com/library/security/MS15-111
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/archive/2015/10/13/october-2015-security-update-release-summary.aspx
13 Oct 2015 - "Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released..."

Security Advisories:

Microsoft Security Advisory 3097966
Inadvertently Disclosed Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/library/security/3097966.aspx
Published: September 24, 2015 | Updated: October 13, 2015 / Ver: 2.0
> See: "Known Issues": https://support.microsoft.com/en-us/kb/3097966
[Dlink network adapter]

Microsoft Security Advisory 3042058
Update to Default Cipher Suite Priority Order
- https://technet.microsoft.com/library/security/3042058.aspx
Published: May 12, 2015 | Updated: October 13, 2015 / Ver: 1.1

Microsoft Security Advisory 2960358
Update for Disabling RC4 in .NET TLS
- https://technet.microsoft.com/library/security/2960358
Published: May 13, 2014 | Updated: October 13, 2015 / Ver: 2.0

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe -Flash- Player in Internet Explorer and Microsoft Edge
- https://technet.microsoft.com/library/security/2755801.aspx
Updated: October 13, 2015 / Ver: 48.0
___

October 2015 Office Update Release
- http://blogs.technet.com/b/office_s...10/13/october-2015-office-update-release.aspx
13 Oct 2015 - "... There are 22 security updates (4 bulletins) and 55 non-security updates..."
___

MS15-106: http://www.securitytracker.com/id/1033800
MS15-107: http://www.securitytracker.com/id/1033802
MS15-108: http://www.securitytracker.com/id/1033801
MS15-109: http://www.securitytracker.com/id/1033799
MS15-110: http://www.securitytracker.com/id/1033803
- http://www.securitytracker.com/id/1033804
MS15-111: http://www.securitytracker.com/id/1033805
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=20245
Last Updated: 2015-10-13

.
 
Last edited:
You must log in or register to reply here.
Back
Top