Microsoft Alerts

MS Oct 2017 patch status

FYI...

- https://askwoody.com/2017/ms-defcon-4-watch-out-for-net-and-office-patches-but-get-caught-up/
Oct 27, 2017 - "There are isolated problems with current patches, but they are well-known and documented on this site..."

- https://www.computerworld.com/artic...atched-but-watch-out-for-creepy-crawlies.html
Oct 27, 2017

Fixes or workarounds for recent Office issues
Applies To: Excel 2016 Word 2016 Outlook 2016 PowerPoint 2016 More...
- https://support.office.com/en-us/ar...359-812d-264c6907ea75?ui=en-US&rs=en-US&ad=US

- https://www.computerworld.com/artic...all-creators-updates-rapid-rocky-rollout.html

- https://social.technet.microsoft.co...0-1709-fall-creators-rtm?forum=win10itprovirt

:fear::fear::fear:
 
MS 'Patch Thursday' ??

FYI...

MS fixes 'external database' bug with patches that have even more bugs
... Yesterday, in an odd Patch Thursday, Microsoft released five patches for the “Unexpected error from external database driver” bug. But the cure’s worse than the disease. If you installed one, yank it now — and expect Microsoft to pull the patches soon
- https://www.computerworld.com/artic...ug-with-patches-that-have-even-more-bugs.html
Nov 3, 2017 - "... It’s too early to assess all of the damage, but reports from many corners say installing these new patches brings back old, unpatched versions of many files. If you installed one of the patches from yesterday, best to uninstall it. Now..."
(More detail at the URL above.)

> https://www.ghacks.net/2017/11/03/microsoft-releases-kb4052234-kb4052233-and-windows-10-updates/
Nov 3, 2017 - "... users may run into another issue after installing the update..."
___

- https://www.ghacks.net/2017/11/03/microsoft-releases-kb4052234-kb4052233-and-windows-10-updates/
Last Update: Nov 5, 2017 - "Microsoft released a whole bunch of non-security updates for its operating systems Windows 7, Windows 8.1, and several versions of Windows 10 yesterday.
Update: Microsoft pulled KB4052234 and KB4052234. It is unclear right now why the company did so..."

Microsoft yanks buggy Windows patches KB 4052233, 4052234, 4052235
...In a startling departure from the norm, Microsoft has not only pulled the buggy Win7/Server 2008 R2, Server 2012, and Win 8.1/Server 2012 R2 patches; it’s even eliminated the associated KB articles and entries in the official update history pages...
- https://www.computerworld.com/artic...ndows-patches-kb-4052233-4052234-4052235.html
Nov 6, 2017
___

Non-security Office updates due today
- https://askwoody.com/2017/ms-defcon-2-non-security-office-updates-due-today/
Nov 7, 2017 - "Which means it’s a good time to check and make sure you have Automatic Updates turned off...
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it."

... With a crop of non-security Office updates due today, a big dose of security patches expected in a week, and a known bug in the KB 4041686 Win7 Preview, now’s a good time to make sure you have Automatic Update set so it won’t deal you a nasty surprise
> https://www.computerworld.com/artic...rarily-turn-off-windows-automatic-update.html
Nov 7, 2017

>> https://www.computerworld.com/artic...th-the-reprise-of-kb-2952664-and-2976978.html
Nov 8, 2017

:fear::fear::fear:
 
Last edited:
MS Security Updates - Nov 2017

FYI...

November 2017 security update release
- https://blogs.technet.microsoft.com/msrc/2017/11/14/november-2017-security-update-release/
Nov 14, 2017 - "Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically..."

> https://portal.msrc.microsoft.com/e...tedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99
Nov 14, 2017 - "The November security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
ASP.NET Core and .NET Core
Chakra Core ...

Known Issues:
- https://support.microsoft.com/en-us/help/4048954/
- https://support.microsoft.com/en-us/help/4048953/
- https://support.microsoft.com/en-us/help/4048955
- https://support.microsoft.com/en-us/help/4048952/
- https://support.microsoft.com/en-us/help/4048956
- https://support.microsoft.com/en-us/help/4048958
- https://support.microsoft.com/en-us/help/4048961
- https://support.microsoft.com/en-us/help/4048957
- https://support.microsoft.com/en-us/help/4048960

Security Update Summary
> https://portal.msrc.microsoft.com/en-us/security-guidance
___

- https://www.askwoody.com/tag/november-2017-black-tuesday/
"... Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it..."
___

- https://www.us-cert.gov/ncas/curren...osoft-Releases-November-2017-Security-Updates
Nov 14, 2017
___

ghacks.net: https://www.ghacks.net/2017/11/14/microsoft-security-updates-november-2017-release/
Nov 14, 2017 - "Microsoft released security updates for Microsoft Windows, Microsoft Office, and other company products on the November 2017 Patch Day...
Executive Summary:
Microsoft released security updates for all supported versions of Windows (client and server), and Internet Explorer, Microsoft Edge, Microsoft Office, .Net Core and ASP.NET Core, and Chakra Core.
No critical updates for Windows, but for IE 11 and Microsoft Edge.
Lots of known issues. <<
Operating System Distribution:
Windows 7: 12 vulnerabilities of which 12 are rated important
Windows 8.1: 11 vulnerabilities of which 11 are rated important
Windows 10 version 1607: 12 vulnerabilities of which 12 are rated important
Windows 10 version 1703: 12 vulnerabilities of which 12 are rated important
Windows 10 version 1709: 9 vulnerabilities of which 9 are rated important
Windows Server products:
Windows Server 2008: 11 vulnerabilities of which 11 are rated important
Windows Server 2008 R2: 12 vulnerabilities of which 12 are rated important
Windows Server 2012 and 2012 R2: 11 vulnerabilities of which 11 are rated important.
Windows Server 2016: 12 vulnerabilities of which 12 are rated important
Other Microsoft Products
Internet Explorer 11: 13 vulnerabilities, 8 critical, 4 important, 1 moderate
Microsoft Edge: 24 vulnerabilities, 16 critical, 8 important ..."

Qualys analysis: https://blog.qualys.com/laws-of-vul...53-vulnerabilities-and-a-massive-adobe-update
Nov 14, 2017 - "This November Patch Tuesday is moderate in volume, and in severity. Microsoft released patches to address -53- unique vulnerabilities, with 25 focused on Remote Code Execution fixes. Windows OS gets 14 patches, while the lion’s share is focused on Browsers, Microsoft Office, and Adobe. According to Microsoft, there do not appear to be any actively attacked vulnerabilities in the wild in this patch release.
Interestingly enough, none of the Windows OS patches are listed as Critical this month, but we do recommend focusing on CVE-2017-11830 and CVE-2017-11847, as they address a Security Feature Bypass, and a Privilege Elevation respectively. It should also be noted that CVE-2017-11848,CVE-2017-11827,CVE-2017-11883,CVE-2017-8700 have public exploits, but they do not appear to be used in any active campaigns.
From a prioritization standpoint, focus on the fixes for CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11871, and CVE-2017-11873, which all address the Scripting Engine in Edge and Internet Explorer, especially on laptops, and other workstation-type systems where the logged in user may have administrative privileges. Microsoft lists exploitation as More Likely for these vulnerabilities, especially if a user is tricked into viewing a malicious site or opening an attachment. While Microsoft lists the fix for CVE-2017-11882 as Important, there may be POC code for this vulnerability, so it is recommended that you give the Office updates attention this month as well. It should also be noted that last Patch Tuesday, Microsoft quietly released the fix for CVE-2017-13080, widely known as the KRACK vulnerability in WPA2 wireless protocol, but did not make it known until a week later, when the vulnerability was publicly disclosed. Therefore, it is recommended you ensure last month’s security patches are fully addressed. Alternatively, you can install this month’s Monthly Rollups, as they should include this fix.
Adobe has also released patches for 9 advisories, fixing a stunning -62- CVEs for Acrobat and Reader alone, so ensure that you are updating Adobe across your environment to stay protected."
___

Additional information - MS released patches:
- https://www.securitytracker.com/id/1039780
- https://www.securitytracker.com/id/1039781
- https://www.securitytracker.com/id/1039782
- https://www.securitytracker.com/id/1039783
- https://www.securitytracker.com/id/1039787

- https://www.securitytracker.com/id/1039788
- https://www.securitytracker.com/id/1039789
- https://www.securitytracker.com/id/1039790
- https://www.securitytracker.com/id/1039792
- https://www.securitytracker.com/id/1039793

- https://www.securitytracker.com/id/1039794
- https://www.securitytracker.com/id/1039795
- https://www.securitytracker.com/id/1039796
- https://www.securitytracker.com/id/1039797
- https://www.securitytracker.com/id/1039801
___

November 2017 Office Update Release
- https://blogs.technet.microsoft.com...17/11/14/november-2017-office-update-release/
Nov 14, 2017 - "... This month, there are -23- security updates and 43 non-security updates. All of the security and non-security updates are listed in KB article 4051890*.
* https://support.microsoft.com/en-us/help/4051890/november-2017-updates-for-microsoft-office
Last Review: Nov 14, 2017 - Rev: 10

A new version of Office 2013 Click-To-Run is available: 15.0.4981.1001

A new version of Office 2010 Click-To-Run is available: 14.0.7190.5001
___

> https://www.computerworld.com/artic...1709-and-other-patch-tuesday-shenanigans.html
Nov 15, 2017 - "... It’s a messy month. With no “critical” Windows updates, as long as you don’t use IE or Edge, there’s no huge pressure to apply the updates just yet..."

:fear::fear::fear:
 
Last edited:
MS Nov 2017 Patch status

FYI...

Patch alert...
... Patch Tuesday problems roll out, with a new acknowledgment from Microsoft about a dot matrix printer bug, continued reports of Win10 1703-to-1709 upgrades, one unconfirmed report of a forced 1607-to-1709 upgrade, and a memory violation error with CDPUserSvc...
> https://www.computerworld.com/artic...rinter-bug-forced-1709-upgrades-continue.html
Nov 17, 2017

> https://www.askwoody.com/2017/roundup-of-bugs-in-the-november-patch-tuesday-crop/
Nov 17, 2017

> https://www.ghacks.net/2017/11/17/m...-printer-bug-caused-by-november-2017-updates/
Nov 17, 2017

... Nov patch bugs... see the URLs above...

i.e.: Nov 14, 2017—KB4048957 (Monthly Rollup)
> https://support.microsoft.com/en-us/help/4048957/windows-7-update-kb4048957
"... After installing this update, some Epson SIDM and Dot Matrix printers cannot print on x86 and x64-based systems.
Microsoft and Epson have determined the cause of the issue and are working on a solution. This problem is not related to the printer driver, so installing current or older print drivers will not resolve the issue.
Microsoft will provide an update in an upcoming release."
Article ID: 4048957 - Last Review: Nov 17, 2017 - Rev: 19
Applies to: Windows Server 2008 R2 Standard, Windows 7 Service Pack 1

:fear::fear::fear:
 
Last edited:
Windows 8 and later - ASLR

FYI...

Windows ASLR Vulnerability
> https://www.us-cert.gov/ncas/current-activity/2017/11/20/Windows-ASLR-Vulnerability
Nov 20, 2017 - "... released information on a vulnerability in Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system..."

Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard
- https://www.kb.cert.org/vuls/id/817544
19 Nov 2017 - "Overview: Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to properly randomize executables that do not opt in to ASLR.
Description: Address Space Layout Randomization (ASLR)
Starting with Windows Vista, a feature called ASLR was introduced to Windows that helps prevent code-reuse attacks. By loading executable modules at non-predictable addresses, Windows can help to mitigate attacks that rely on code being at predictable locations. Return-oriented programming (ROP) is an exploit technique that relies on code that is loaded to a predictable or discoverable location. One weakness with the implementation of ASLR is that it requires that the code is linked with the /DYNAMICBASE flag to opt in to ASLR.
Mandatory ASLR and Windows 8: Both EMET and Windows Defender Exploit Guard can enable mandatory ASLR for code that isn't linked with the /DYNAMICBASE flag. This can be done on a per-application or system-wide basis. Before Windows 8, system-wide mandatory ASLR was implemented using the HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\MoveImages registry value. By settings this value to 0xFFFFFFFF, Windows will automatically relocate code that has a relocation table, and the new location of the code will be different across reboots of the same system or between different systems. Starting with Windows 8, system-wide mandatory ASLR is implemented differently than with prior versions of Windows. With Windows 8 and newer, system-wide mandatory ASLR is implemented via the HKLM\System\CurrentControlSet\Control\Session Manager\Kernel\MitigationOptions binary registry value. The other change introduced with Windows 8 is that system-wide ASLR must have system-wide bottom-up ASLR enabled to supply entropy to mandatory ASLR.
The Problem: Both EMET and Windows Defender Exploit Guard enable system-wide ASLR without also enabling system-wide bottom-up ASLR. Although Windows Defender Exploit guard does have a system-wide option for system-wide bottom-up-ASLR, the default GUI value of "On by default" does not reflect the underlying registry value (unset). This causes programs without /DYNAMICBASE to get relocated, but without any entropy. The result of this is that such programs will be relocated, but to the same address every time across reboots and even across different systems.
Impact: Windows 8 and newer systems that have system-wide ASLR enabled via EMET or Windows Defender Exploit Guard will have non-DYNAMICBASE applications relocated to a predictable location, thus voiding any benefit of mandatory ASLR. This can make exploitation of some classes of vulnerabilities easier.
Solution: The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workaround:
Enable system-wide bottom-up ASLR on systems that have system-wide mandatory ASLR
To enable both bottom-up ASLR and mandatory ASLR on a system-wide basis on a Windows 8 or newer system, the following registry value should be imported:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00

Note that importing this registry value will overwrite any existing system-wide mitigations specified by this registry value. The bottom-up ASLR setting specifically is the second 01 in the binary string, while the mandatory ASLR setting is the first 01. Also note that in the past, enabling system-wide mandatory ASLR could cause problems if older AMD/ATI video card drivers are in use. This issue was addressed in the Catalyst 12.6 drivers released in June, 2012."

> https://www.kb.cert.org/vuls/id/458153

> https://support.amd.com/en-us/download
___

> https://www.bleepingcomputer.com/ne...fail-to-properly-apply-aslr-heres-how-to-fix/
Nov 17, 2017 - "... Optionally, Bleeping Computer has created an ASLR-fix registry fix file that users only need to download and double-click."
> https://download.bleepingcomputer.com/reg/ASLR-fix.reg

:fear::fear::fear:
 
Last edited:
MS KB 4055038 - fix for KB 4048957, etc.

FYI...

November 21, 2017—KB4055038
- https://support.microsoft.com/en-us/help/4055038/november-21-2017-kb4055038
Nov 21, 2017 - "Summary: This update addresses an issue that prevents some Epson SIDM (Dot Matrix) and TM (POS) printers from printing on x86-based and x64-based systems..."
Last Review: Nov 21, 2017 - Rev: 9
Applies to:
Windows 8.1, Windows 7 Service Pack 1, Windows Server 2012 Standard, Windows Server 2012 R2 Standard, Windows Server 2008 R2 Service Pack 1
___

November 14, 2017—KB4048957 (Monthly Rollup)
- https://support.microsoft.com/en-us/help/4048957/windows-7-update-kb4048957
"... After installing this update, some Epson SIDM (Dot Matrix) and TM (POS) printers cannot print on x86 and x64-based systems. This issue has been resolved in KB4055038."
Last Review: Nov 22, 2017 - Rev: 24
Applies to:
Windows Server 2008 R2 Standard, Windows 7 Service Pack 1

> See: "Known issues in this update..."
___

Also:

November 14, 2017—KB4048954
(OS Build 15063.726 and 15063.728)
Windows 10 Version 1703
- https://support.microsoft.com/en-us/help/4048954/windows-10-update-kb4048954
Last Review: Nov 22, 2017 - Rev: 31
Applies to:
Windows 10, Windows 10 Version 1703

> See: "Known issues in this update..."
___

DDEAuto Attacks Could Leave You at Risk
- https://windowssecrets.com/windows-secrets/ddeauto-attacks-could-leave-you-at-risk/
Nov 21, 2017 - "Office has long been used as a means to infiltrate our systems a means by which attackers get into our systems. Every month Office is patched for remote code execution attacks.
Microsoft patches what vulnerabilities it can. Take the November Office updates that fixed issues with older obsolete components in Office 2016 that impacted ODBC drivers. But as pointed out in this research blog post*, mitigation in addition to patching is probably wise.
* https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about
The view that mitigation may be better than patching is reinforced with the disclosure of another Office vulnerability that won’t be patched. It can’t be patched, as it impacts functionality of your system. You have to make the determination of how much at risk you want to be. Called the DDEAuto attacks** allows the execution of malicious code on an email without the use of attachments or macros. These macro-less attacks have been used in various attacks[3] such as malware campaigns such as Vortex ransomware and Hancitor.
** https://community.sophos.com/kb/en-us/127711
3] https://www.endgame.com/blog/techni...te-back-yet-again-ddeauto-root-cause-analysis
In the example noted in the Sophos blog, an attack can come from in the form of a calendar invite instead of an email. The attachment is in the form of a RTF – or rich text format – and is often not in the form of a traditional attachment. So what can one do if you want to protect yourself from these attacks? Stop opening emails? Don’t open Excel or Word documents? An admirable protection scheme but not realistic to most computer users — and especially not to small businesses.
Defining DDE
Microsoft has long built into its Office products the means to exchange data between applications and other platforms. Dynamic Data Exchange or DDE is one such method."

:fear::fear:
 
Last edited:
MS Nov 2017 patch status

FYI...

MS Nov 2017 patch status: ... One patch disappears, another yanked
... all sorts of Windows patch inanities await. The Epson dot matrix bug in this month’s security patches was fixed for older versions of Windows, but .NET patch KB 4049016 and others got pulled
- https://www.computerworld.com/artic...keys-one-patch-disappears-another-yanked.html
Nov 27, 2017 - "... make sure Automatic Update is turned off... over the long weekend we discovered how Microsoft tests and fixes dot matrix printers, and how it stumbles over its own .Net patching regimen..."
___

November 27, 2017 — KB4051034 (Preview of Monthly Rollup)
- https://support.microsoft.com/en-us/help/4051034/windows-7-update-kb4051034
Last Review: Nov 27, 2017 - Rev. 16
Applies to
Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1

See: "Known issues in this update..."
___

November 27, 2017 — KB4050946 (Preview of Monthly Rollup)
- https://support.microsoft.com/en-us/help/4050946/windows-81-update-kb4050946
Article ID: 4050946 - Last Review: Nov 27, 2017 - Rev: 16
Applies to
Windows Server 2012 R2 Standard, Windows 8.1

See: "Known issues in this update..."
___

Description of Software Update Services and Windows Server Update Services changes in content for 2017
- https://support.microsoft.com/en-us...and-windows-server-update-services-changes-in
Article ID: 894199 - Last Review: Nov 27, 2017 - Rev: 139

:fear::fear::fear:
 
Last edited:
MS Patch Alert - Nov 2017

FYI...

MS Patch Alert: November’s forced upgrades, broken printers and more
This month’s security patches brought forced upgrades, broken Epson printers, a vanishing patch, yanked .NET patches that underscore confusion inside Microsoft itself, blocked cumulative updates, and a self-induced memory violation error
- https://www.computerworld.com/artic...forced-upgrades-broken-printers-and-more.html
Nov 28, 2017

See details at the URL above...

:fear::fear::fear:
 
MS Patch status: Nov 2017 / Office Vuln - 11.29.2017

FYI...

Get November Windows and Office updates installed — carefully
... We’ve been through a mess of patches, re-patches, pulled patches and forced upgrades. But in the past few days, it looks as if things have calmed down a bit. I suggest that you get your machine brought up to speed, and let’s see what December shall bring
- https://www.computerworld.com/artic...s-and-office-updates-installed-carefully.html
Nov 30, 2017
(-Many- details at the URL above.)

> https://www.askwoody.com/2017/ms-defcon-3-yep-its-time-to-get-patched/
Nov 30, 2017 - "Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems."

Fixes or workarounds for recent Office installation or activation issues
> https://support.office.com/en-us/ar...n-issues-30453145-72e9-4061-a88c-cd74884f292f
Last updated: November 2017
___

CVE-2017-11882 | Microsoft Office Memory Corruption Vulnerability
Security Vulnerability
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882
Published: 11/14/2017 | Last Updated : 11/29/2017
> https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11882#ID0EMGAC
Workarounds: Disable Equation Editor 3.0
For instructions on disabling the Equation Editor, see Microsoft Knowledge Base Article 4055535:

How to disable Equation Editor 3.0
>> https://support.microsoft.com/en-us/help/4055535/how-to-disable-equation-editor-3-0
Last Review: Nov 21, 2017 - Rev: 56
Applies to
Microsoft Office Professional 2016, Microsoft Office Standard 2016, Microsoft Office 2013 Service Pack 1, Microsoft Office 2010 Service Pack 2, Microsoft Office Standard 2007, Microsoft Office Professional 2007
___

Win10 V1709 - November 30, 2017—KB4051963 (OS Build 16299.98)
- https://support.microsoft.com/en-us/help/4051963/windows-10-update-kb4051963
Nov 30, 2017
Last Review: Nov 30, 2017 - Rev: 25
Applies to
Windows 10, Windows 10 version 1709

See: "Known issues in this update..."
___

- https://windowssecrets.com/windows-secrets/patch-watch-windows-10-version-1709-has-issues/
Nov 30, 2017

:fear::fear::fear:
 
Last edited:
Update for Win7 broken

FYI...

Update for Win7 broken, throwing error 80248015
... Microsoft -forgot- to change an expiration date, and now all attempts to run Windows Update in Win7 are failing with the bogus message 'Windows Update cannot currently check for updates, because the service is not running'
- https://www.computerworld.com/artic...-for-win7-broken-throwing-error-80248015.html
Dec 4, 2017

> https://answers.microsoft.com/en-us...fcd-100a-4478-8da4-a2b9558c229e?auth=1&page=4
12/4/2017 - "... This is an issue that only microsoft can solve by issuing a new expiry date for the Windows Update program. Any manual fix attempt (aside a possible patch distributed by ms to update the expiry date) will just risk damaging your windows installation..."
___

>> https://www.askwoody.com/forums/topic/windows-update-service-not-running/
December 4, 2017 at 2:36 pm

Also see:
- http://borncity.com/win/2017/12/04/windows7-error-0x80248015-in-update-search-dec-4-2017/
2017-12-04 - "Microsoft has successfully killed Windows Update search in Windows 7 SP1. Since December 4, 2017 Windows Update search stalls with 0x80248015. Here are a few details and some workarounds..."
___

> https://www.bleepingcomputer.com/ne...-80248015-error-heres-why-and-how-to-fix-it-/
Dec 4, 2017

> https://www.ghacks.net/2017/12/04/getting-windows-7-update-error-80248015-you-are-not-alone/
Dec 4, 2017

> https://answers.microsoft.com/en-us...fcd-100a-4478-8da4-a2b9558c229e?auth=1&page=8
Dec 5, 2017

:fear::fear:
 
Last edited:
MS Malware Protection Engine - Remote Code Execution Vuln

FYI...

MS Malware Protection Engine - Remote Code Execution Vuln
> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11937
12/06/2017 Critical - "... First version of the Microsoft Malware Protection Engine with this vulnerability addressed: Version 1.1.14405.2 ..."

> https://portal.msrc.microsoft.com/en-us/security-guidance/summary
12/06/2017

- https://www.securitytracker.com/id/1039972
CVE Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-11937
Dec 7 2017
Impact: Execution of arbitrary code via network, Root access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 1.1.14306.0 ...
Impact: A remote user can create content that, when scanned by the target Microsoft Malware Protection Engine, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (1.1.14405.2)...

Microsoft Issues Fix for Microsoft Exchange Server
> https://www.securitytracker.com/id/1039973
Dec 7 2017

Microsoft Issues Fix for Microsoft Forefront Endpoint Protection
> https://www.securitytracker.com/id/1039974
Dec 7 2017

Microsoft Issues Fix for Microsoft Windows Defender
> https://www.securitytracker.com/id/1039975
Dec 7 2017

> https://support.microsoft.com/en-us...ware-protection-engine-deployment-information
___

- https://www.us-cert.gov/ncas/curren...ecurity-Updates-its-Malware-Protection-Engine
Dec 7, 2017

:fear::fear:
 
Last edited:
MS Security Updates - Dec 2017

FYI...

- https://blogs.technet.microsoft.com/msrc/2017/12/12/december-2017-security-update-release/
Dec 12, 2017 - "Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically..."

Release Notes - December 2017 Security Updates
- https://portal.msrc.microsoft.com/e...tedetail/c383fa60-b852-e711-80dd-000d3a32f9b6
Dec 12, 2017 - "The December security release consists of security updates for the following software:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Exchange Server
- ChakraCore
- Microsoft Malware Protection Engine..."

Security Update Summary
> https://portal.msrc.microsoft.com/en-us/security-guidance
___

December 2017 Office Update Release
- https://blogs.technet.microsoft.com...17/12/12/december-2017-office-update-release/
Dec 12, 2017 - "... This month, there are -9- security updates and 30 non-security updates. All of the security and non-security updates are listed in KB article 4055454*.
A new version of Office 2013 Click-To-Run is available: 15.0.4989.1000
A new version of Office 2010 Click-To-Run is available: 14.0.7191.5000 ..."

* https://support.microsoft.com/en-us/help/4055454/december-2017-updates-for-microsoft-office
Last Updated: Dec 12, 2017
___

ADV170022 | December 2017 Flash Security Update
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170022#ID0EGB
12/12/2017
- https://support.microsoft.com/en-us...pdate-for-adobe-flash-player-december-12-2017
___

- https://www.askwoody.com/2017/ms-defcon-2-make-sure-you-have-windows-automatic-update-turned-off/
"... Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it..."
___

ghacks.net: https://www.ghacks.net/2017/12/12/microsoft-security-updates-december-2017-release/
Dec 12, 2017 - "... Executive Summary:
Microsoft released security updates for all versions of Windows the company supports (client and server).
No critical updates for Windows, but for IE and Edge.
Other Microsoft products with security updates are: Microsoft Office, Microsoft Exchange Server, Microsoft Edge and Internet Explorer.
Operating System Distribution:
Windows 7: 2 vulnerabilities of which 2 are rated important
Windows 8.1: 2 vulnerabilities of which 2 are rated important
Windows 10 version 1607: 3 vulnerabilities of which 3 are rated important
Windows 10 version 1703: 3 vulnerabilities of which 3 are rated important
Windows 10 version 1709: 3 vulnerabilities of which 3 are rated important
Windows Server products:
Windows Server 2008: 2 vulnerabilities of which 2 are rated important
Windows Server 2008 R2: 2 vulnerabilities of which 2 are rated important
Windows Server 2012 and 2012 R2: 2 vulnerabilities of which 2 are rated important
Windows Server 2016: 3 vulnerabilities of which 3 are rated important
Other Microsoft Products:
Internet Explorer 11: 13 vulnerabilities, 9 critical, 4 important
Microsoft Edge: 13 vulnerabilities, 12 critical, 1 important..."

Qualys analysis: https://blog.qualys.com/laws-of-vul.../december-patch-tuesday-quiet-end-to-the-year
Dec 12, 2017 - "This December Patch Tuesday is considerably lighter than last month’s patch releases. While only three of the fixes were for Windows operating system, the majority of the vulnerabilities to pay attention to are Browser/Scripting Engine based. For an overview, we show fixes for 32 unique CVEs addressed, with 19 Critical, and 24 addressing remote code execution at varying severity levels. No active exploits are listed by Microsoft again this month. From a prioritization standpoint, again we turn our focus to the browsers and the Scripting Engine Memory Corruption Vulnerabilities. We recommend prioritizing patching for user facing workstations to address the 19 Critical Internet Explorer and Edge updates released today by Microsoft, as they are listed as “Exploitation More Likely”. There are no known exploits as of yet, but this is an opportunity to remain ahead of any future exploits that may be released.
There is one Windows OS vulnerability that should be reviewed, and that is the fix for CVE-2017-1885, which is a Remote Code Execution using RPC on systems that have RRAS enabled. Make sure you are patching systems that are using RRAS, and ensure it is not enabled on systems that do not require it, as disabling RRAS will protect against the vulnerability. For that reason it is listed as Exploitation less likely, but should get your attention after patching the browsers. Additionally, we recommend you take some time to review ADV170021, a Defense-in-Depth update that has configuration options to allow you to exert more control over DDE behaviors, in light of the recent DDE exploits that have been publicized. Note that this configuration change would be made after installing the update referenced in the advisory.
It should also be noted that on December 7, Microsoft released an out-of-band emergency patch for CVE-2017-11937 and CVE-2017-11940, which was a flaw in the Microsoft Malware Protection engine that could allow an attacker to create a specially crafted file that would be scanned by the Malware Protection engine, allowing for code execution on the endpoint. The patch was automatically ingested by the affected engines via definition updates, so no action should be required. As a precautionary measure, if you are using Microsoft’s Malware Protection engine in Defender, Security Essentials, Forefront Endpoint Protection, or the engines in Exchange 2013 or 2016, ensure that your updates are being applied automatically, and that you are on at least Version 1.1.14405.2 of the Malware Protection Engine.
From the Adobe side, there was only one Flash update, APSB17-42 listed as a “Business Logic Error”. So all in all, a rather quiet end to a busy year in vulnerabilities..."
___

- https://www.us-cert.gov/ncas/curren...osoft-Releases-December-2017-Security-Updates
Dec 12, 2017
___

Additional information:
- https://www.securitytracker.com/id/1039987
- https://www.securitytracker.com/id/1039989
- https://www.securitytracker.com/id/1039990
- https://www.securitytracker.com/id/1039991
- https://www.securitytracker.com/id/1039992

- https://www.securitytracker.com/id/1039993
- https://www.securitytracker.com/id/1039994
- https://www.securitytracker.com/id/1039995
- https://www.securitytracker.com/id/1039996
- https://www.securitytracker.com/id/1039997

- https://www.securitytracker.com/id/1039998

:fear::fear::fear:
 
Last edited:
Win7 updates get bigger

FYI...

Win7 updates get bigger
... monthly security rollups for Windows 7 have almost -doubled- in size
> https://www.computerworld.com/artic...why-windows-7-updates-are-getting-bigger.html
Dec 14, 2017 - "... At the 12-update pace that Windows 7's rollups have established, the 64-bit version will weigh in at approximately 350MB by October 2018, and a year after that, as Windows 7 nears its expiration date, almost 600MB. The latter would represent a 20% boost above and beyond Mercer's target size. Likewise, the x86 edition would increase to 216MB and 374MB in 2018 and 2019, respectively, if the 12-update growth rate continues:
> https://images.idgesg.net/images/article/2017/12/win7-rollups-100744368-large.jpg
... The 64-bit security-only for July was just 30MB and the 32-bit was an even smaller 19MB, compared to the same month's rollups of 194MB and 119MB. The differences in December were even starker: 900KB and 1.4MB for the 32- and 64-bit security only updates, respectively, and 125.1MB and 204.7MB for the rollups. The rollups are larger not only because they drag their past with them - each succeeding rollup includes that month's patches as well as all previous patches back to October 2016 - but because they also include non-security bug fixes. Usually, though not always, issued later in each month, the non-security updates are bundled with the security patches, adding to the size of the rollup..."

:fear::fear: :sad:
 
MS Win10 - KB4058043 Dec 15, 2017

FYI...

MS Store reliability improvements for Windows 10 Version 1709
- https://support.microsoft.com/en-us...ty-improvements-for-windows-10-version-1709-d
Dec 15, 2017
Applies to: Windows 10 version 1709
"Summary: This update makes reliability improvements to Microsoft Store and fixes an issue that could cause app update failures and cause Microsoft Store to generate unnecessary network requests...
This update is available through Windows Update*. When you turn on automatic updating, this update will be downloaded and installed automatically..."
* https://support.microsoft.com/en-us/help/12373/windows-update-faq
___

> http://borncity.com/win/2017/12/16/windows10-v1709-reliability-update-kb4058043/
2017-12-16 - "... Microsoft has released another (reliability) update KB4058043 for Windows 10 Fall Creators Update on December 15, 2017. Here are some hints for this (reliability) update... Unfortunately they don’t tell us in detail, which app update error(code) has been fixed..."
> https://i.imgur.com/MRqZGV0.jpg
___

Win10 Fall Creators Update December patch KB 4054517 fails...
... This month’s cumulative update for Win10 Fall Creators Update fails hard on many systems, with INACCESSIBLE_BOOT_DEVICE, network problems and more. Several possible culprits identified, but no definitive solution
- https://www.computerworld.com/artic...december-patch-kb-4054517-fails-big-time.html
Dec 18, 2017 - "Some subset of users of Windows 10 Fall Creators Update, version 1709, report persistent bugs with this month’s Patch Tuesday missive, KB 4054517. Many of those reporting problems are using recent Surface devices. Microsoft has not acknowledged any problems... doesn’t seem to explain all of the problems that people are encountering, but it may account for some. Microsoft, as usual, has not confirmed the problem and the persistent “advice” is to Reset or reinstall Windows — a process that’s been shown, time and time again, to be ineffective. No, the Windows Update Troubleshooter doesn't work either."

> https://answers.microsoft.com/en-us...fails-to/5bde0909-3d46-4725-8681-d5d500780963
12/12/2017

December 12, 2017—KB4054517 (OS Build 16299.125)
Applies to: Windows 10, Windows 10 version 1709
> https://support.microsoft.com/en-us/help/4054517/windows-10-update-kb4054517
"... Microsoft is not currently aware of any issues with this update..."

"... My mind is going. I can feel it." - HAL 2001 Space Odyssey

:fear: :secret:
 
Last edited:
Win10 v1709 KB 4054517 - 'update failed to install'

FYI...

Windows 10 - Dec 12, 2017 — KB4054517 (OS Build 16299.125)
... Applies to: Windows 10, Windows 10 version 1709
Windows 10 Version 1709 - KB4054517 (OS Build 16299.125)
- https://support.microsoft.com/en-us/help/4054517/windows-10-update-kb4054517
Last Updated: Dec 20, 2017
"... Windows Update History reports that KB4054517 failed to install because of Error 0x80070643.
Even though the update was successfully installed, Windows Update incorrectly reports that the update failed to install. To verify the installation, select the Check for Updates button to confirm that there are no additional updates available. You can also type 'About your PC' in the Search box on your taskbar to confirm that your device is using OS Build 16299.15.
Microsoft is working on a resolution and will provide an update in an upcoming release."
Also see: "Known issues in this update..."

- https://www.askwoody.com/2017/microsoft-confirms-bugs-in-this-months-win10-1709-cumulative-update/
Dec 21, 2017 - "Update on these bugs and two more — an Excel 2016 security patch bug from last month, and an Exchange Server security patch bug from this month..."

- https://www.computerworld.com/artic...december-patch-kb-4054517-fails-big-time.html
Dec 18, 2017

> https://www.computerworld.com/artic...us-errors-in-win10-fcu-update-kb-4054517.html
Dec 21, 2017

Related:

Description of the security update for Excel 2016: November 14, 2017
> https://support.microsoft.com/en-us...curity-update-for-excel-2016-november-14-2017
Last Updated: Dec 19, 2017
See: "Known issues..."

Microsoft Exchange: September 12, 2017
> https://support.microsoft.com/en-us...ity-update-for-microsoft-exchange-december-12
Last Updated: Dec 19, 2017
See: "Known issues..."
___

MS Dec Security Update KB4054518 breaks opening office documents
- https://www.symantec.com/connect/fo...ate-kb4054518-breaks-opening-office-documents
14 Dec 2017 - "After installation of the December KB4054518 (Monthly Rollup), opening Office documents from a encrypted fileshare is broken..."
>> https://www.symantec.com/connect/fo...aks-opening-office-documents#comment-11943651

> https://support.microsoft.com/en-us/help/4054518/windows-7-update-kb4054518
Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1
Last Updated: Dec 10, 2017

:fear::fear:
 
Last edited:
Time to install MS patches - Dec 2017

FYI...

Dec 12, 2017 — KB4054518 (Monthly Rollup)
Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1
- https://support.microsoft.com/en-us/help/4054518/windows-7-update-kb4054518
Last Updated: Dec 10, 2017 ...
Known issues in this update: Microsoft is not currently aware of any issues with this update..."
___

Time to install MS patches -except- KB 4054517 for Win10 Fall Creators Update
... Although there are a few lingering problems, just about everybody should get this month’s patches installed now — except those of you who installed (or got forced into) the lump-of-coal Win10 version 1709
- https://www.computerworld.com/artic...b-4054517-for-win10-fall-creators-update.html
Dec 22, 2017 - "... If you’re running Win10 Creators Update, version 1703 (current preference), or version 1607, the Anniversary Update, and you want to stay on 1607 or 1703... As is always the case, DON’T CHECK ANYTHING THAT’S UNCHECKED. In particular, don’t be tempted to install anything marked 'Preview'...”
> https://www.askwoody.com/2017/ms-de...sing-win10-fall-creators-update-version-1709/

Microsoft confirms stalled downloads, bogus errors in Win10 FCU update KB 4054517
... Microsoft just confirmed two major bugs in this month’s cumulative update for Win10 Fall Creators Update, KB 4054517 — which we described earlier this week. We also have confirmation of bugs in the November Excel 2016 patch and in this month’s Exchange Server patch
- https://www.computerworld.com/artic...us-errors-in-win10-fcu-update-kb-4054517.html
Dec 21, 2017

December 12, 2017 — KB4054517 (OS Build 16299.125)
Applies to: Windows 10, Windows 10 version 1709
- https://support.microsoft.com/en-us/help/4054517/windows-10-update-kb4054517
Last Updated: Dec 20, 2017
"... Microsoft is working on a resolution and will provide an update in an upcoming release..."
See: "Known issues in this update..."

Windows 10, Version 1709 Has Issues
> https://windowssecrets.com/windows-secrets/patch-watch-windows-10-version-1709-has-issues/
Nov 30, 2017

... Windows 10 FCU — version 1709, build 16299, Redstone 3 — just around the corner, here are the best ways to ensure you install the update when you’re ready, -not- when Microsoft says so
- https://www.computerworld.com/artic...-10-fall-creators-update-from-installing.html
Oct 15, 2017

Fixes or workarounds for recent Office issues
... Applies To: Excel 2016 Word 2016 Outlook 2016 PowerPoint 2016 More...
- https://support.office.com/en-us/ar...e-issues-af8728b5-ec64-4359-812d-264c6907ea75

> https://support.office.com/en-us/ar...n-issues-30453145-72e9-4061-a88c-cd74884f292f
Last updated: December 2017

ADV170021 | Microsoft Office Defense in Depth Update
> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170021
12/12/2017

Microsoft Security Advisory 4053440
Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields
> https://technet.microsoft.com/library/security/4053440?ocid=cx-wdsi-ency
Published: November 8, 2017 | Updated: December 12, 2017
Version: 2.0

Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation
... Powerful behind-the-scenes features in Office have suddenly stepped back into the malware limelight, with an onslaught of mostly macro-less attacks starring jimmied Word, Excel and PowerPoint documents
- https://www.computerworld.com/artic...latform-dde-scriptlets-macro-obfuscation.html
Dec 19, 2017

:fear::fear::fear:
 
Last edited:
MS Security Updates - Jan 2018

FYI...

>> https://doublepulsar.com/important-...-fixes-antivirus-vendors-and-you-a852ba0292ec
Jan 8, 2018 - "... the Microsoft knowledge base articles have had extensive edits since publishing. There’s some really important things you should know before trying to apply the patches..."
>> https://support.microsoft.com/en-us...ndows-security-updates-and-antivirus-software
Last Updated: Jan 6, 2018

- https://docs.google.com/spreadsheet...iuirADzf3cL42FQ/htmlview?usp=sharing&sle=true
CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 (Meltdown and Spectre) Windows antivirus patch compatibility
Last update: 8th January 2018 @20.30 GMT
___

> https://blogs.technet.microsoft.com/msrc/2018/01/09/january-2018-security-update-release/
Jan 9, 2018 - "Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically..."

Release Notes - Jan 2018 Security Updates
> https://portal.msrc.microsoft.com/e...tedetail/858123b8-25ca-e711-a957-000d3a33cf99
Jan 09, 2018 - "The January security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
SQL Server
ChakraCore
.NET Framework
.NET Core
ASP.NET Core
Adobe Flash ..."

Known Issues:
4056890: https://support.microsoft.com/help/4056890
4056891: https://support.microsoft.com/help/4056891
4056892: https://support.microsoft.com/help/4056892
4056893: https://support.microsoft.com/help/4056893
4056888: https://support.microsoft.com/help/4056888
4056895: https://support.microsoft.com/help/4056895
4056898: https://support.microsoft.com/help/4056898
4056894: https://support.microsoft.com/help/4056894
4056897: https://support.microsoft.com/help/4056897
4056896: https://support.microsoft.com/help/4056896
4056899: https://support.microsoft.com/help/4056899

Security Updates: https://portal.msrc.microsoft.com/en-us/security-guidance

Security Update Summary: https://portal.msrc.microsoft.com/en-us/security-guidance/summary

January 2018 Office Update Release
- https://blogs.technet.microsoft.com...018/01/09/january-2018-office-update-release/
Jan 9, 2018 - "The January 2018 Public Update releases for Office are now available! This month, there are 36 security updates and 25 non-security updates. All of the security and non-security updates are listed in KB article 4058103*.
A new version of Office 2013 Click-To-Run is available: 15.0.4997.1000
A new version of Office 2010 Click-To-Run is available: 14.0.7193.5000"
* https://support.microsoft.com/help/4058103
___

ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Security Advisory
Published: 01/03/2018 | Last Updated : 01/09/2018
... Disclaimer: The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions: Version / Date / Description
1.0 01/03/2018 Information published.
2.0 01/03/2018 Revised ADV180002 to announce release of SQL 2016 and 2017 updates.
3.0 01/05/2018 The following updates have been made: Revised the Affected Products table to include Windows 10 Version 1709 for x64-based Systems because the update provides mitigations for ADV180002. Corrected the security update numbers for the 2016 and 2017 SQL Server Cumulative Updates. Removed Windows Server 2012 and Windows Server 2012 (Server Core installation) from the Affected Products table because there are no mitigations available for ADV180002 for these products. Revised the Affected Products table to include Monthly Rollup updates for Windows 7 and Windows Server 2008 R2. Customers who install monthly rollups should install these updates to receive the mitigations against the vulnerabilities discussed in this advisory. In the Recommended Actions section, added information for Surface customers. Added an FAQ to explain why Windows Server 2008 and Windows Server 2012 will not receive mitigations for these vulnerabilities. Added an FAQ to explain the protection against these vulnerabilties for customers using x86 architecture.
4.0 01/09/2018 Revised the Affected Products table to include updates for the following supported editions of SQL Server because the updates provide mitigations for ADV180002: Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3 (QFE), Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 (QFE), Microsoft SQL Server 2008 for Itanium-Based Systems Service Pack 3 (QFE), Microsoft SQL Server 2008 for Itanium-Based Systems Service Pack 4 (QFE), Microsoft SQL Server 2016 for x64-based Systems, Microsoft SQL Server 2016 for x64-based Systems (CU).
___

ghacks.net:
- https://www.ghacks.net/2018/01/09/microsoft-security-updates-january-2018-release/
Jan 9, 2018

Qualys blog: https://blog.qualys.com/laws-of-vul...e-16-critical-microsoft-patches-1-adobe-patch
Jan 9, 2018 - "... It is important to note that OS-level and BIOS (microcode) patches that are designed to mitigate Meltdown and Spectre may lead to performance issues. It is important to test all patches before deploying.
Some of these updates are incompatible with third-party antivirus software, and may require updating AV on workstations and servers. Microsoft has released guidance documents for both Windows clients and servers. Windows Server requires registry changes in order to implement the protections added by the patches.
Microsoft has also halted the deployment of patches for some AMD systems, as there have been issues with systems after installation.
Aside from these patches, today Microsoft has released patches covering 59 vulnerabilities. Of these vulnerabilities, 16 are ranked as “Critical,” with 20 potentially leading to remote code execution.
In today’s release there are patches for both Microsoft Word and Outlook, which should also be prioritized for workstation-type devices. Most of the patches released today are for browsers and involve the Scripting Engine. These patches should be prioritized for systems that access the internet via a browser..."
___

- https://www.us-cert.gov/ncas/curren...rosoft-Releases-January-2018-Security-Updates
Jan 09, 2018
- https://support.microsoft.com/en-us...-update-deployment-information-january-9-2018

:fear::fear::fear:
 
Last edited:
BIOS Updates to Patch CPU Flaws

FYI...

BIOS Updates to Patch CPU Flaws
- http://www.securityweek.com/device-manufacturers-working-bios-updates-patch-cpu-flaws
Jan 15, 2018 - "Acer, Asus, Dell, Fujitsu, HP, IBM, Lenovo, Panasonic, Toshiba and other device manufacturers have started releasing BIOS updates that should patch the recently disclosed Spectre and Meltdown vulnerabilities.
The flaws exploited by the Meltdown and Spectre attacks, tracked as CVE-2017-5715, CVE-2017-5753and CVE-2017-5754, allow malicious applications to bypass memory isolation mechanisms and access sensitive data. Billions of PCs, servers, smartphones and tablets using processors from Intel, AMD, ARM, IBM and Qualcomm are affected...
(Much more detail at the URL above.)

> https://www.sans.org/newsletters/newsbites/xx/3#1
"CPU Patches - (January 9, 10, & 11, 2018)
Some vendor patches for the Spectre and Meltdown CPU vulnerabilities have been causing problems for users. Microsoft said that systems running incompatible anti-virus products would not receive any further updates; anti-virus vendors must confirm compatibility by setting a registry key. Linux has released microcode to address the CPU problems for certain processors. Canonical had to release a new patch after Ubuntu Xenial 16.04 users reported that the first fix rendered their systems unable to boot. Google says it applied patches for the flaws last year and that they have not slowed down its cloud services.
The patches are complicated and some require steps beyond just clicking install to complete the mitigation. They are also changing rapidly as issues surface and are resolved. Test not only for stability after application but also for performance impact.
There are patches and then there are PATCHES. It is pretty clear that software/firmware PATCHES for Spectre/Meltdown are complex and will, at a minimum, have performance impact. They will require significantly more QA testing than routine monthly Microsoft vulnerability Tuesday patches, probably even more than quarterly Oracle CPU PATCHES. Spinning up production environments (with obfuscated data) on IaaS services has enabled many organizations to increase depth of patch/PATCH testing while minimizing increases in time to patch. But, shielding, mitigation and monitoring will be needed in the interim..."

- http://www.zdnet.com/article/micros...all-if-your-av-clashes-with-our-meltdown-fix/
Jan 10, 2018

- https://www.computerworld.com/artic...s-for-some-amd-processors-but-which-ones.html
Jan 11, 2018

> https://www.askwoody.com/2018/reaffirming-that-were-still-at-ms-defcon-2/
"...Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it."

:fear::fear::fear:
 
GRC test utility for 'Meltdown and Spectre', Tracking Issues with the Spectre Patches

FYI...

GRC test utility for 'Meltdown and Spectre' vulnerabilties
- https://www.grc.com/inspectre.htm
Jan 15, 2018 - "This is the Initial Release of InSpectre - We did not wish to delay this application's release while building additional confidence in its conclusions and output. It has been carefully tested under as many different scenarios as possible. But new is new, and it is new. We may well have missed something. So please use and enjoy InSpectre now. But you may wish to check back in a few days to see whether we may have found and fixed some last bits of debris.... Protection from these two significant vulnerabilities requires updates to every system's hardware – its BIOS which reloads updated processor firmware – and its operating system – to use the new processor features. To further complicate matters, newer processors contain features to minimize the performance impact of these important security improvements. But older processors, lacking these newer features, will be significantly burdened and system performance will suffer under some workloads.
This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance."
(Download the utility from the URL above.) - Thank you, Steve!!!

... Added Jan 16, 2018: "High incidence of -false-positive- A/V warnings:
People are reporting that their 3rd-party anti-virus systems are quarantining InSpectre under the mistaken belief that it's malicious. This did not occur during early work, and is almost certainly due to the end-of-project inclusion of the protection enable/disable buttons and the presence of the registry key they use. I would rather not remove that feature... I will explore obscuring the use of that key to see whether false positive anti-virus warnings can be eliminated. At that time I will clarify some of the conflicting language the app can produce and also explain why the enable/disable buttons may be disabled (there's nothing for them to enable or disable in specific circumstances.)"
___

Windows 7 SP1 and Windows Server 2008 R2 SP1
January 4, 2018 — KB4056894 (Monthly Rollup)
Applies to: Windows Server 2008 R2 Service Pack 1Windows 7 Service Pack 1
- https://support.microsoft.com/en-us/help/4056894/windows-7-update-kb4056894
Last Updated: Jan 12, 2018
___

Patch Watch: Tracking Issues with the Spectre Patches on AMD Machines
> https://windowssecrets.com/windows-...ues-with-the-spectre-patches-on-amd-machines/
Jan 11, 2018 - "Beware, AMD chip owners. For you Windows Secrets readers who have computers with AMD inside, these Spectre/Meltdown patches are causing more issues than they are preventing. So much so that Microsoft has halted release of the updates on machines that have AMD chipsets. Some of the relevant security posts include the following:
Microsoft’s KB4073707 on the issues with AMD chip sets and how Microsoft is blocking the patches until the issue is resolved:
- https://support.microsoft.com/en-us...urity-update-block-for-some-amd-based-devices
Microsoft’s KB4073757 recapping the overall guidance:
- https://support.microsoft.com/en-us...your-windows-devices-against-spectre-meltdown
Let’s recap the big picture:
> Intel CPU chips have a bug in their very architecture.
Researchers found a way for attackers to possibly steal passwords and other confidential information from our machines. As of publication, the attack has not been used in the wild. However, the potential is there and it’sreally concerning up in cloud servers as it could mean that fellow virtual servers could read information from a tenant next door.
It won’t be enough to patch for the Windows operating system, you’ll need to patch the firmware on your computer as well.
It’s not a Microsoft bug, but because everything uses CPUs, pretty much everything needs to be patched ranging from phones to firewalls. So after you get your patches for Windows, go look for updates for anything else that has a CPU included in it (I’m not kidding or overstating the issue).
A bigger concern to many will be the performance hit this “fix” will make on your system as discussed in a Microsoft blog[2].
2] https://cloudblogs.microsoft.com/mi...-and-meltdown-mitigations-on-windows-systems/
The older your computer the more the “hit” will be. If you have a computer that is a 2015-era PC with Haswell or older CPU – you will notice a difference.
CERT goes so far as to recommend replacing the CPU hardware in their blog post[1]. I’m not ready to go that far, but it would be wise to review how old your computer hardware is, evaluate the performance hit and plan accordingly.
1] https://web.archive.org/web/20180104032628/https:/www.kb.cert.org/vuls/id/584653
Check That Your Antivirus Is Supported:
Because this is a kernel update, antivirus vendors who have hooked into the kernel for additional protection could trigger blue screens of death if they are not updated for the change introduced by this patch. Thus Microsoft is requiring that before the January Windows and .NET updates are installed that a registry entry is made by the vendor – or by you if your vendor doesn’t provide the registry key in an update – before the January updates are installed.
Make sure you review the antivirus listing page that is tracking all of the antivirus vendors and when they plan to support these January updates. If your vendor doesn’t support these updates, it’s time to find a new vendor...
Make sure you review the antivirus listing page*** that is tracking all of the antivirus vendors and when they plan to support these January updates. If your vendor doesn’t support these updates, it’s time to find a new vendor...
*** https://docs.google.com/spreadsheet...AVLpzAtckQxYiuirADzf3cL42FQ/htmlview?sle=true

Protect your Windows devices against Spectre and Meltdown
Applies to: Windows 10, Windows 10 Mobile, Windows 8.1, Windows 7, HoloLens, Windows Server 2016, Windows Server 2012 Standard, Windows Server 2012 R2 Standard, Windows Server 2008 R2 Standard
> https://support.microsoft.com/en-us...your-windows-devices-against-spectre-meltdown
Last Updated: Jan 10, 2018

:fear::fear: :blink:
 
Last edited:
You must log in or register to reply here.
Back
Top