317 replies to this topic

[AplusWebMaster]

FYI...

Metasploit releases CVE-2013-3893 ...
- https://community.ra...-use-after-free
Sep 30, 2013 - "Recently the public has shown a lot of interest in the new Internet Explorer vulnerability (CVE-2013-3893) that has been exploited in the wild, which was initially discovered in Japan. At the time of this writing there is still no patch available, but there is still at least a temporary fix-it that you can apply from Microsoft, which can be downloaded here*... The vulnerability affects Internet Explorer from 6 all the way to 11, however, the exploit in the wild primarily targets Internet Explorer 8 on Windows XP, and Internet Explorer 8 and 9 on Windows 7... The Metasploit module currently can be only tested on Internet Explorer 9 on Windows 7 SP1 with either Office 2007 or Office 2010 installed..."
* https://support.micr...7505#FixItForMe
Microsoft Fix it 51001

- https://isc.sans.edu...l?storyid=16697
Last Updated: 2013-10-01 19:57:14 UTC... Version: 2

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2887505)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2887505
Updated: October 08, 2013 - Version: 2.0 - "... We have issued MS13-080* to address the Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893)..."
* https://technet.micr...lletin/ms13-080

- https://secunia.com/advisories/54884/
Last Update: 2013-10-11
Criticality: Extremely Critical
CVE Reference(s): CVE-2013-3872, CVE-2013-3873, CVE-2013-3874, CVE-2013-3875, CVE-2013-3882, CVE-2013-3885, CVE-2013-3886, CVE-2013-3893*, CVE-2013-3897
... vulnerability is currently being actively exploited in targeted attacks.

- https://web.nvd.nist...d=CVE-2013-3872 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2013-3873 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2013-3874 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2013-3875 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2013-3882 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2013-3885 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2013-3886 - 9.3 (HIGH)
* https://web.nvd.nist...d=CVE-2013-3893 - 9.3 (HIGH)
Last revised: 10/10/2013
- https://web.nvd.nist...d=CVE-2013-3897 - 9.3 (HIGH)
Last revised: 10/10/2013 - "... as exploited in the wild in September and October 2013..."

- http://www.darkreadi...endly=this-page
Oct 09, 2013

- http://community.web...gh-profile.aspx
9 Oct 2013 - CVE-2013-3897
___

Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.micro...dvisory/2862973
Updated: October 08, 2013 - Version: 1.2 - "Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks... Note that the 2862966 update is a prerequisite and must be applied before this update can be installed. The 2862966 update contains associated framework changes to Microsoft Windows. For more information, see Microsoft Knowledge Base Article 2862966.
Known Issues. Microsoft Knowledge Base Article 2862973 documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues..."
- http://support.micro....com/kb/2862966
Last Review: August 27, 2013 - Revision: 4.0
- http://support.micro....com/kb/2862973
Last Review: August 15, 2013 - Revision: 2.0

Edited by AplusWebMaster, 11 October 2013 - 06:09 AM.

[AplusWebMaster]

FYI...

Clarification on Security Advisory 2896666 ...
- https://blogs.techne...Redirected=true
7 Nov 2013
___

Microsoft Security Advisory (2896666)
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
- http://technet.micro...dvisory/2896666
5 Nov 2013 - "Microsoft is investigating private reports of a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Microsoft Office products. The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images...  
Workarounds: Disable the TIFF codec
Note See Microsoft Knowledge Base Article 2896666* to use the automated Microsoft Fix it solution..."
* https://support.micr....com/kb/2896666
Enable this Fix it - Microsoft Fix it 51004...

- https://support.micr...96666#appliesto

- http://blogs.technet...-documents.aspx
5 Nov 2013 - "... Security Advisory 2896666 which includes a proactive Fix it workaround for blocking this attack..."
___

- https://secunia.com/advisories/55584/
Release Date: 2013-11-06
Criticality: Extremely Critical
Where: From remote
Impact: System access ...
... vulnerability is currently being actively exploited in targeted attacks.
Provided and/or discovered by: Reported as 0-day.
Original Advisory: Microsoft (KB2896666):
http://technet.micro...dvisory/2896666

- https://web.nvd.nist...d=CVE-2013-3906 - 9.3 (HIGH)
Last revised: 11/07/2013 - "... allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013"

0-Day Attack on Office...
- http://krebsonsecuri...tack-on-office/
5 Nov 2013 - "... the exploit combines multiple techniques to bypass exploit mitigation techniques such as data execution prevention (DEP) and address space layout randomization (ASLR). The company says this exploit will -not- affect Office 2013, but will affect older versions such as Office 2003 and Office 2007..."

- http://blogs.technet...ve/2013/11.aspx
Nov 5, 2013 - "... the exploit combines multiple techniques to bypass DEP and ASLR protections... Office 2010 uses the vulnerable graphic library, it is only affected only when running on older platforms such as Windows XP or Windows Server 2003, but it is -not- affected when running on newer Windows families (7, 8 and 8.1)..."
 

Edited by AplusWebMaster, 09 November 2013 - 06:01 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2896666)
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
- http://technet.micro...dvisory/2896666
V1.1 (November 12, 2013): Clarified the scope of the active attacks, clarified affected software configurations, and revised workarounds...

- http://atlas.arbor.n...ndex#2125368770
High Severity
15 Nov 2013 15:38:46 +0000
The CVE-2013-3906* vulnerability has been leveraged by several threat actors. Organizations are strongly encouraged to ensure they are protected against this seriously vulnerability which has yet to be patched. A workaround is available**.
Source: http://www.fireeye.c...-2013-3906.html

* https://web.nvd.nist...d=CVE-2013-3906 - 9.3 (HIGH)

** https://support.micr....com/kb/2896666
Last Review: Nov 12, 2013 - Rev 3.0
Microsoft Fix it 51004
___

Microsoft Security Advisory (2880823)
Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.micro...dvisory/2880823
Nov 12, 2013 - "Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing after January 1, 2016. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
Recommendation: Microsoft recommends that certificate authorities no longer sign newly generated certificates using the SHA-1 hashing algorithm and begin migrating to SHA-2. Microsoft also recommends that customers replace their SHA-1 certificates with SHA-2 certificates at the earliest opportunity. Please see the Suggested Actions section of this advisory for more information..."

Microsoft Security Advisory (2868725)
Update for Disabling RC4
- http://technet.micro...dvisory/2868725
Nov 12, 2013 - "Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT to address known weaknesses in RC4. The update supports the removal of RC4 as an available cipher on affected systems through registry settings. It also allows developers to remove RC4 in individual applications through the use of the SCH_USE_STRONG_CRYPTO flag in the SCHANNEL_CRED structure. These options are -not- enabled by default.
Recommendation. Microsoft recommends that customers download and install the update immediately and then test the new settings in their environments. Please see the Suggested Actions section of this advisory for more information..."

Microsoft Security Advisory (2862152)
Vulnerability in DirectAccess Could Allow Security Feature Bypass
- http://technet.micro...dvisory/2862152
Nov 12, 2013 - "Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how DirectAccess authenticates DirectAccess server connections to DirectAccess clients. An attacker who successfully exploited the vulnerability could use a specially crafted DirectAccess server to pose as a legitimate DirectAccess Server in order to establish connections with legitimate DirectAccess clients. The attacker-controlled system, appearing to be a legitimate server, could cause a client system to automatically authenticate and connect with the attacker-controlled system, allowing the attacker to intercept the target user's network traffic and potentially determine their encrypted domain credentials. Microsoft is not aware of any active attacks that are exploiting this vulnerability as of the release of this advisory.
Recommendation: Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.
Note: In addition to installing the update, additional administrative steps are required to be protected from the vulnerability described in this advisory. Please see the Suggested Actions section of this advisory for more information..."
___

Microsoft Security Advisory (2854544)
Updates to Improve Cryptography and Digital Certificate Handling in Windows
- http://technet.micro...dvisory/2854544
V1.3 (November 12, 2013): Added the 2868725 update and Root Certificates Policy announcement to the Available Updates and Release Notes section.
 

Edited by AplusWebMaster, 17 November 2013 - 10:32 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2914486)
Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege
- http://technet.micro...dvisory/2914486
November 27, 2013 - "Microsoft is investigating new reports of a vulnerability in a kernel component of Windows XP and Windows Server 2003. We are aware of limited, targeted attacks that attempt to exploit this vulnerability. Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003. The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Microsoft is actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs..."

0 day exploit in wild
- https://isc.sans.edu...l?storyid=17117
Last Updated: 2013-11-28 01:05:44 - "... the temporary fix outlined breaks some windows features, specifically some IPSEC VPN functions..."

- http://www.fireeye.c...n-the-wild.html
November 27, 2013 - "... The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit..."
- http://www.adobe.com...latform=Windows

- https://atlas.arbor....dex#-1423916473
High Severity
Published: Fri, 06 Dec 2013 00:00:26 +0000
Public exploit code has been released for CVE-2013-5065, a vulnerability in the Windows Kernel NDPROXY component that allows for privilege escalation attacks.
Analysis: .... With public exploit code available, the bar has been lowered significantly.
Source: http://1337day.com/exploits/21615

- https://web.nvd.nist...d=CVE-2013-5065 - 7.2 (HIGH)
Last revised: 11/29/2013 - "... as exploited in the wild in November 2013."
 

Edited by AplusWebMaster, 07 December 2013 - 09:14 AM.

[AplusWebMaster]

FYI...

MS Security Advisory (2916652)
Improperly Issued Digital Certificates Could Allow Spoofing
- http://technet.micro...dvisory/2916652
Dec 9, 2013 - "Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. The improperly issued subordinate CA certificate has been misused to issue SSL certificates for multiple sites, including Google web properties. These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. The subordinate CA certificate may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks. To help protect customers from potentially fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of certificates that are causing this issue. For more information about these certificates, see the Frequently Asked Questions section of this advisory... in addition to addressing the certificates described in this advisory, this update is cumulative and includes digital certificates described in previous advisories..."
 

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2915720)
Changes in Windows Authenticode Signature Verification
- http://technet.micro...dvisory/2915720
Dec 10, 2013 - "Microsoft is announcing the availability of an update for all supported releases of Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with Security Bulletin MS13-098, but will not be enabled until June 10, 2014. Once enabled, the new default behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure. Note that after June 10, 2014, Windows will no longer recognize non-compliant binaries as signed... see the Suggested Actions section of this advisory for more information..."  

Microsoft Security Advisory (2905247)
Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege
- http://technet.micro...dvisory/2905247
Dec 10, 2013 - "Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NET view state that exists when Machine Authentication Code (MAC) validation is disabled through configuration settings. The vulnerability could allow elevation of privilege and affects all supported versions of Microsoft .NET Framework except .NET Framework 3.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1. Any ASP.NET site for which view state MAC has become disabled through configuration settings is vulnerable to attack. An attacker who successfully exploited the vulnerability could use specially crafted HTTP content to inject code to be run in the context of the service account on the ASP.NET server. Microsoft is aware of general information available publicly that could be used to exploit this vulnerability, but is not aware of any active attacks... see the Suggested Actions section of this advisory for more information..."

Microsoft Security Advisory (2896666)
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
- http://technet.micro...dvisory/2896666
Updated: Dec 10, 2013 - "... We have issued MS13-096* to address the Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2013-3906). For more information about this issue, including download links for an available security update, please review MS13-096..."
* https://technet.micr...lletin/ms13-096

Microsoft Security Advisory (2871690)
Update to Revoke Non-compliant UEFI Modules
- http://technet.micro...dvisory/2871690
Dec 10, 2013 - "Microsoft is announcing the availability of an update for Windows 8 and Windows Server 2012 that revokes the digital signatures for nine private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are either not in compliance with our certification program or their authors have requested that the packages be revoked. At the time of this release, these UEFI modules are not known to be available publicly. Microsoft is not aware of any misuse of the affected UEFI modules. Microsoft is proactively revoking these non-compliant modules as part of ongoing efforts to protect customers. This action only affects systems running Windows 8 and Windows Server 2012 that are capable of UEFI Secure Boot where the system is configured to boot via UEFI and Secure Boot is enabled. There is no action on systems that do not support UEFI Secure Boot or where it is disabled... Microsoft Knowledge Base Article 2871690* documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues..."
* https://support.micr....com/kb/2871690

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.micro...dvisory/2755801
Dec 10, 2013 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update..."
 

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2916652)
Improperly Issued Digital Certificates Could Allow Spoofing
- http://technet.micro...dvisory/2916652
• V2.0 (December 12, 2013): Advisory revised to announce the availability of the 2917500 update for customers running Windows XP or Windows Server 2003, or for customers who choose not to install the automatic updater of revoked certificates. The 2917500 update* is available via the Microsoft Update service and from the download center. For more information, see the Suggested Actions section of this advisory.
* http://support.micro....com/kb/2917500
Last Review: December 12, 2013
 

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2915720)
Changes in Windows Authenticode Signature Verification
- http://technet.micro...dvisory/2915720
• V1.1 (December 13, 2013): Corrected the registry key information in the Test the Improvement to Authenticode Signature Verification suggested action. Customers who have applied or plan to apply the suggested action should review the revised information.
 

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2914486)
Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege
- http://technet.micro...dvisory/2914486
Updated: Jan 14, 2014 - "... We have issued MS14-002* to address the Kernel NDProxy Vulnerability (CVE-2013-5065)..."
* https://technet.micr...lletin/ms14-002

- https://web.nvd.nist...d=CVE-2013-5065 - 7.2 (HIGH)
___

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.micro...dvisory/2755801
Updated: Jan 14, 2014 - "... update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... available via Windows Update*..."
* https://update.microsoft.com/
___

Microsoft Security Advisory (2916652)
Improperly Issued Digital Certificates Could Allow Spoofing
- http://technet.micro...dvisory/2916652
V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
 

Edited by AplusWebMaster, 16 January 2014 - 03:46 PM.

[AplusWebMaster]

FYI...

MS Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.micro...dvisory/2755801
Updated: Feb 04, 2014 Ver: 19.0 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service..."
- https://support.micr....com/kb/2929825
Last Review: Feb 4, 2014 - Rev: 2.0
 

Edited by AplusWebMaster, 04 February 2014 - 09:29 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2915720)
Changes in Windows Authenticode Signature Verification
- http://technet.micro...dvisory/2915720
Feb 11, 2014 - Ver: 1.2

Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.micro...dvisory/2862973
Feb 11, 2014 - Ver: 2.0
 

Edited by AplusWebMaster, 14 February 2014 - 05:47 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.micro...dvisory/2755801
Updated: Feb 20, 2014 - "... Microsoft released an update (2934802) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-07. For more information about this update, including download links, see Microsoft Knowledge Base Article 2934802*.
Prerequisite: This update is not cumulative and requires that cumulative update 2916626**, released on January 14, 2014, be installed. The previous update (2929825), released on February 4, 2014, is not a dependency; the fixes it contains have been rolled into this current update (2934802).
Note: Updates for Windows RT and Windows RT 8.1 are available via Windows Update**..."
* https://support.micr....com/kb/2934802

** https://support.micr....com/kb/2916626

*** http://update.micros...microsoftupdate

- https://secunia.com/advisories/57067/
Release Date: 2014-02-21
Criticality: Highly Critical
Where: From remote
Impact: Exposure of sensitive information, System access...
For more information: https://secunia.com/SA57057/
Solution: Apply updates...
___

Microsoft Security Advisory (2934088)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2934088
Feb 19, 2014

- http://support.micro....com/kb/2934088
Last Review: Feb 19, 2014 - Rev: 1.0
Enable MSHTML shim workaround - Microsoft Fix it 51007*
... Before you install this Fix it solution, you must first install the latest updates for Internet Explorer 9 or Internet Explorer 10. To install the most current update for Internet Explorer, go to the following Microsoft webpage:
- http://update.micros...microsoftupdate

* http://support.micro...4088#FixItForMe

- http://support.micro....com/kb/2909921 - MS14-010
Last Review: Feb 11, 2014 - Rev: 1.0

- https://web.nvd.nist...d=CVE-2014-0322 - 9.3 (HIGH)
Last revised: 02/21/2014 - "... as exploited in the wild in January and February 2014"

- http://atlas.arbor.n...dex#-1535410988
High Severity
20 Feb 2014
"... 0day exploit code for Internet Explorer 10. IE 9 is also vulnerable. Earlier exploit activity around CVE-2014-0322 has also been observed. The actual exploit code has been made publicly available. A security bulletin and fix-it are available from Microsoft..."
 

Edited by AplusWebMaster, 21 February 2014 - 03:31 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2871690)
Update to Revoke Non-compliant UEFI Modules
- http://technet.micro...dvisory/2871690
Updated: Feb 27, 2014 Ver: 2.0 - "Microsoft is announcing the availability of an update for Windows 8 and Windows Server 2012 that revokes the digital signatures for nine private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are either not in compliance with our certification program or their authors have requested that the packages be revoked. At the time of this release, these UEFI modules are not known to be available publicly...
... The -rereleased- update* addresses an issue where specific third-party BIOS versions did not properly validate the signature of the original update... The 2871777 update** is a -prerequisite- and must be applied before this update can be installed..."

* https://support.micr....com/kb/2871690
Last Review: Feb 27, 2014 - Rev: 2.0
Also see: Known issues with this security update...

** https://support.micr....com/kb/2871777
Last Review: Sep 18, 2013 - Rev: 6.0
Applies to: Win8, winSvr2012
 

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2862152)
Vulnerability in DirectAccess and IPsec Could Allow Security Feature Bypass
- http://technet.micro...dvisory/2862152
Published: Nov 12, 2013 | Updated: Feb 28, 2014 Ver: 1.1 - "Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how server connections are authenticated to clients in either DirectAccess or IPsec site-to-site tunnels. An attacker who successfully exploited the vulnerability could use a specially crafted DirectAccess server to pose as a legitimate DirectAccess Server in order to establish connections with legitimate DirectAccess clients. The attacker-controlled system, appearing to be a legitimate server, could cause a client system to automatically authenticate and connect with the attacker-controlled system, allowing the attacker to intercept the target user's network traffic and potentially determine their encrypted domain credentials. Microsoft is not aware of any active attacks that are exploiting this vulnerability as of the release of this advisory.
Recommendation: Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service*.
Note: In addition to installing the update, additional administrative steps are required to be protected from the vulnerability described in this advisory. Please see the Suggested Actions section of this advisory for more information... customers must also follow the configuration guidance provided in Microsoft Knowledge Base Article 2862152** to be fully protected from the vulnerability..."
• V1.0 (November 12, 2013): Advisory published.
• V1.1 (February 28, 2014): Advisory -revised- to announce a detection change in the 2862152 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows Server 2012 R2, and Windows RT 8.1. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.

* http://update.micros...icrosoftupdate/

** http://support.micro....com/kb/2862152
Last Review: Dec 2, 2013 - Rev: 2.0
 

.