4 replies to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...lletin/ms13-dec
Dec 10, 2013 - "This bulletin summary lists security bulletins released for December 2013...
(Total of -11-)

Microsoft Security Bulletin MS13-096 - Critical
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (2908005)
- https://technet.micr...lletin/ms13-096
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office, Microsoft Lync

• V1.1 (December 10, 2013): Clarified that users should -undo- the Disable the TIFF Codec workaround* and the Disable data collaboration in Lync workaround after applying the update. See the Update FAQ for more information. Added undo steps to the Disable data collaboration in Lync workaround...
* https://support.micr....com/kb/2908005
Disable this Fix it - 51005
• V1.2 (December 20, 2013): Revised the Based on the configuration of my system, how do I know if my system is affected? Update FAQ to include the updates that are applicable for each configuration...
 

Microsoft Security Bulletin MS13-097 - Critical
Cumulative Security Update for Internet Explorer (2898785)
- https://technet.micr...lletin/ms13-097
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS13-098 - Critical
Vulnerability in Windows Could Allow Remote Code Execution (2893294)
- https://technet.micr...lletin/ms13-098
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-099 - Critical
Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)
- https://technet.micr...lletin/ms13-099
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS13-105 - Critical
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)
- https://technet.micr...lletin/ms13-105
Critical - Remote Code Execution - Does not require restart - Microsoft Exchange
• V1.1 (December 10, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".

Microsoft Security Bulletin MS13-100 - Important
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244)
- https://technet.micr...lletin/ms13-100
Important - Remote Code Execution - May require restart - Microsoft SharePoint

Microsoft Security Bulletin MS13-101 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)
- https://technet.micr...lletin/ms13-101
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-102 - Important
Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715)
- https://technet.micr...lletin/ms13-102
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-103 - Important
Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)
- https://technet.micr...lletin/ms13-103  
Important - Elevation of Privilege - Does not require restart - Microsoft Developer Tools

Microsoft Security Bulletin MS13-104 - Important
Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)
- https://technet.micr...lletin/ms13-104
Important - Information Disclosure - May require restart - Microsoft Office

Microsoft Security Bulletin MS13-106 - Important
Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass
- https://technet.micr...lletin/ms13-106
Important - Security Feature Bypass - May require restart - Microsoft Office
___

- http://blogs.technet...Redirected=true

Deployment Priority
- https://blogs.techne..._2D00_550x0.jpg

- http://blogs.technet...ty-updates.aspx
"... we released eleven security bulletins addressing 24 CVE’s..."
___

December 2013 Office Update Release
- http://blogs.technet...te-release.aspx
9 Dec 2013 - "... There are 12 security updates (4 bulletins) and 43 non-security updates..."
(More detail at the URL above.)
___

- https://secunia.com/advisories/55584/ - MS13-096
- https://secunia.com/advisories/55967/ - MS13-097
- https://secunia.com/advisories/55971/ - MS13-098
- https://secunia.com/advisories/55981/ - MS13-099
- https://secunia.com/advisories/55985/ - MS13-100
- https://secunia.com/advisories/55986/ - MS13-101
- https://secunia.com/advisories/55988/ - MS13-102
- https://secunia.com/advisories/55991/ - MS13-103
- https://secunia.com/advisories/56007/ - MS13-103
- https://secunia.com/advisories/55997/ - MS13-104
- https://secunia.com/advisories/55998/ - MS13-105
- https://web.nvd.nist...d=CVE-2013-5057 - MS13-106
___

ISC Analysis
- https://isc.sans.edu...l?storyid=17198
Last Updated: 2013-12-10 20:39:23 UTC
___

0-Day Fixes From Adobe, Microsoft
- http://krebsonsecuri...dobe-microsoft/
Dec 10, 2013

.

Edited by AplusWebMaster, 25 December 2013 - 11:43 PM.

[AplusWebMaster]

FYI...

Event ID 27, "Calendar Folder property is missing," after you apply
Office 2010 SP2: http://support.micro....com/kb/2883156

- http://msmvps.com/bl...hotfix-out.aspx
Dec 12 2013 - "If you are suffering from that
Try this hotfix..."

Description of the Outlook 2010 hotfix package (Outlook-x-none.msp):
December 10, 2013
- http://support.micro....com/kb/2849973
 

[AplusWebMaster]

FYI...

MS to fix Win XP SVCHOST redlining 'ASAP' ...
- http://www.infoworld...possible-232675
Dec 16, 2013 - "... the XP Windows Update agent WUAUCLT.EXE running in a SVCHOST wrapper redlines, taking 100 percent of the CPU for five, 10, 15 minutes - up to an hour or two. If you have Automatic Update enabled on your computer, that means every time you re-boot Windows XP your machine can lock up for hours on end; pull the plug, and the -same- thing happens over again. On Friday night we (finally) received an official explanation that describes why the problem happens, along with a description of what Microsoft is doing to resolve it and a promise that it'll get fixed "as soon as possible"... with something like half a billion Windows XP machines out there still connected to the Internet, it's a horrendous problem... Doug Neal, senior program manager for Windows and Microsoft Update, sent a message to the PatchManagement listserv on Friday night...
    'In September we witnessed a large number of reports of SVCHOST taking high CPU for extended periods of time. This was primarily on Windows XP machines running IE6 or IE7. There were a few reports of this happening on Windows XP with IE8, but only a few.' ..."
 

   

[AplusWebMaster]

FYI...

MS yanks second botched Surface update ...
MS pulls the bad December firmware update for the Surface Pro 2 - with no hint as to when a fix is coming or what afflicted customers should do
- http://www.infoworld...y-months-232943
Dec 19, 2013 - "... On Dec. 10, Microsoft released a firmware update that was intended to improve stability, push updated Wi-Fi drivers, and promote better cover interaction with sleep, screen dimming, and more on the Surface Pro 2. Microsoft keeps a list of the firmware changes on one obscure page on its website* - not in the Knowledge Base, -not- on the official Windows blog. That page has no indication at all that the botched patch has been pulled..."
* http://www.microsoft...history?lc=1041
 

[AplusWebMaster]

FYI...

MS pulls plug on MSE for XP
- http://www.infoworld...ndows-xp-233721
Jan 8, 2014 - "... the official end of support Web page* now states that 'Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP on this date'... "
* http://windows.micro...nd-support-help
"... after April 8, 2014, technical assistance for Windows XP will no longer be available, including automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP on this date..."