3 replies to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...lletin/ms14-feb
Feb 11, 2014 - "This bulletin summary lists security bulletins released for February 2014...
(Total of -7-)

Microsoft Security Bulletin MS14-010 - Critical
Cumulative Security Update for Internet Explorer (2909921)
- https://technet.micr...lletin/ms14-010
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS14-011 - Critical
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
- https://technet.micr...lletin/ms14-011
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-007 - Critical
Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)
- https://technet.micr...lletin/ms14-007
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-008 - Critical
Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution
- https://technet.micr...lletin/ms14-008
Critical - Remote Code Execution - May require restart - Microsoft Security Software

Microsoft Security Bulletin MS14-009 - Important
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)
- https://technet.micr...lletin/ms14-009
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS14-005 - Important
Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)
- https://technet.micr...lletin/ms14-005
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-006 - Important
Vulnerability in IPv6 Could Allow Denial of Service (2904659)
- https://technet.micr...lletin/ms14-006
Important - Denial of Service - Requires restart - Microsoft Windows
___

Deployment Priority, Severity, and Exploit Index
- https://blogs.techne..._Deployment.jpg

- https://blogs.techne...ty-updates.aspx
___

- https://secunia.com/advisories/56771/ - MS14-005 ... Reported as a 0-day.
- https://secunia.com/advisories/56775/ - MS14-006
- https://secunia.com/advisories/56781/ - MS14-007
- https://secunia.com/advisories/56788/ - MS14-008
- https://secunia.com/advisories/56793/ - MS14-009
- https://secunia.com/advisories/56796/ - MS14-010
- https://secunia.com/advisories/56814/ - MS14-011
___

February 2014 Office Updates Release
- https://blogs.techne...Redirected=true
11 Feb 2014 - "... There are 0 security updates and 8 non-security updates...
NON-SECURITY UPDATES
To improve stability and performance for Office 2010
• Update for Microsoft SharePoint Workspace 2010 (KB2760601)
• Update for Microsoft InfoPath 2010 (KB2817396)
• Update for Microsoft InfoPath 2010 (KB2817369)
• Update for Microsoft Office 2010 (KB2837583)
• Update for Microsoft OneNote 2010 (KB2837595)
• Update for Microsoft Outlook 2010 (KB2687567)
• Update for Microsoft PowerPoint 2010 (KB2775360) ...
There are no Outlook Junk Email Filter updates for February. The next Outlook Junk Email Filters updates will ship in the March 2014 update...
There is no Click-to-Run 2013 update for February.  The next Click-to-Run update will ship in the April 2014 update..."

Office 365 - Multi-Factor Authentication
- http://blogs.office....for-office-365/
Feb 10, 2014
___

- http://krebsonsecuri...ckwave-windows/
Feb 11, 2014 - "... seven patch bundles addressing at least 31 vulnerabilities in Windows and related software... The cumulative, critical security update for all versions of Internet Explorer (MS14-010) fixes two dozen vulnerabilities, including one that Microsoft says has already been publicly disclosed. The other patch that Microsoft specifically called out — MS14-011 — addresses a vulnerability in VBScript that could cause problems for IE users..."
___

ISC Analysis
- https://isc.sans.edu...l?storyid=17615
Last Updated: 2014-02-11 18:11:29

.

Edited by AplusWebMaster, 12 February 2014 - 06:30 AM.

[AplusWebMaster]

FYI...

- http://windowssecret...net-year-round/
Feb 12, 2014 - "... Patch Tuesday’s Internet Explorer patch fixes -24- vulnerabilities, most susceptible to remote code-execution exploits. KB 2909921 is a -critical- update for IE versions 6–11*, on -all- supported Windows workstations. If you’re still running IE9, KB 2909921 will fix a related VBScript threat. But all other supported versions of IE need KB 2928390 ...
What to do: Attacks using the vulnerabilities patched by KB 2909921 (MS14-010) could appear soon. Install this update when offered..."
* MS14-010: Cumulative security update for Internet Explorer ...
- http://technet.micro...lletin/MS14-010

- http://support.micro....com/kb/2909921
Last Review: Feb 11, 2014 - Rev: 1.0
___

MS14-011 - VBScript Scripting Engine ...
- http://technet.micro...lletin/MS14-011

- http://support.micro....com/kb/2928390
Last Review: Feb 11, 2014 - Rev: 1.0
 

Edited by AplusWebMaster, 13 February 2014 - 09:09 AM.

[AplusWebMaster]

FYI...

Outlook 2013 crash when you search for email msgs in Win7 or in Win Svr 2008 R2
- http://support.micro....com/kb/2742185
Last Review: Feb 5, 2013 - Revision: 4.0 - "... Hotfix information:
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix..."
 

Edited by AplusWebMaster, 20 February 2014 - 08:09 AM.

[AplusWebMaster]

FYI...

MS releases Office 2013 SP1, KB 2817430
- http://www.infoworld...-2817430-237152
Feb 25, 2014 - "... advice is to -wait- before installing SP1..."

- http://support.micro....com/kb/2817430
Last Review: Feb 27, 2014 - Rev: 4.0 <<<

- http://support.micro....com/kb/2817457
Last Review: Feb 25, 2014 - Rev: 1.0
 

Edited by AplusWebMaster, 28 February 2014 - 12:31 AM.