Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

MS Security Bulletin Summary - December 2014


  • Please log in to reply
12 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 09 December 2014 - 01:43 PM

FYI...

- https://technet.micr...curity/ms14-dec
Dec 9, 2014 - "This bulletin summary lists security bulletins released for December 2014...
(Total of -7-).

Microsoft Security Bulletin MS14-075 - Important
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)
- https://technet.micr...curity/MS14-075
Important - Elevation of Privilege - May require restart - Microsoft Exchange

Microsoft Security Bulletin MS14-080 - Critical
Cumulative Security Update for Internet Explorer (3008923)
- https://technet.micr...curity/ms14-080
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS14-081 - Critical
Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301)
- https://technet.micr...curity/ms14-081
Critical - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS14-082 - Important
Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)
- https://technet.micr...curity/ms14-082
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS14-083 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
- https://technet.micr...curity/ms14-083

Microsoft Security Bulletin MS14-084 - Critical
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)
- https://technet.micr...curity/ms14-084
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-085 - Important
Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)
- https://technet.micr...curity/ms14-085
Important - Information Disclosure - May require restart - Microsoft Windows
___

- http://blogs.technet...14-updates.aspx
Dec 9, 2014 - "... we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange...
We re-released two Security Bulletins:
MS14-065 Cumulative Security Update for Internet Explorer
- http://support.micro....com/kb/3003057
MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution
- https://technet.micr...curity/MS14-066
One Security Advisory was revised:
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)..."
- https://technet.micr...ecurity/2755801
___

MS Advisories for Dec 2014:

Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.micr...ecurity/3009008
Oct 14, 2014 | Updated: Dec 9, 2014
V2.1

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.micr...ecurity/2755801
Updated: Dec 9, 2014
V33.0
___

- http://www.securityt....com/id/1031318 - MS14-075
- http://www.securityt....com/id/1031315 - MS14-080
- http://www.securityt....com/id/1031314 - MS14-081
- http://www.securityt....com/id/1031319 - MS14-082
- http://www.securityt....com/id/1031320 - MS14-083
- http://www.securityt....com/id/1031313 - MS14-084
- http://www.securityt....com/id/1031324 - MS14-085
___

ISC Analysis
- https://isc.sans.edu...l?storyid=19043
2014-12-09

.


Edited by AplusWebMaster, 09 December 2014 - 06:43 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

    Advertisements

Register to Remove


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 10 December 2014 - 01:25 PM

FYI...

"Crash Wednesday"...
- http://www.infoworld...il-defende.html
Dec 10, 2014 - "If yesterday was Black Tuesday, today must be Crash Wednesday. I'm seeing lots of reports of problems with KB 3004394, which modifies the Windows Root Certificate checker so that it looks for bad root certificates daily. As usual, there's no confirmation from Microsoft about the problem, no documentation that I can find, and no advice on how to proceed. Users with problems find they go away if they uninstall the patch.
Lead3 started a thread on the Microsoft Answers Forum on Tuesday that described two problems with KB 3004394: 'All MMC functions (Event Viewer, etc.) now require Administrator action, although in an Administrator account. Windows Defender service will not start. The Windows Defender Service Terminated with the following error %%-2147023113'
In the same thread, Thinger123 reported: 'After I install it, I can't install any other Windows Updates. I get an error message on Windows Update. I have already did some advanced troubleshooting and narrowed the problem down to KB3004394. The update itself installs fine, but after a reboot, no other Windows Updates will install. As soon as I clicked Install Updates on other updates, it goes right to a red X and error message. Removing the update and rebooting allows all other updates to complete as usual.'
And q454 posted: 'I'm also having problems with update KB3004394. everytime I try running taskmngr it kept asking that an unknown program wanted to make changes. I try going to msconfig and got the same thing, then went to UAC settings and got the same alert. basically everything that had to do with Microsoft UAC gave me an alert that an unknown program wanted to make changes to my pc'
Tim Birming said: 'MSE installation also aborts with error 8004ff91 after this patch. Error code reveals nothing.'
And KellyPratt noted: 'VirtualBox went back to working after I uninstalled this update. The AMD forum is alight with problems installing the AMD Catalyst Omega driver.'
Poster necrophyte said: 'with kb3004394 not installed (but all other patches from yesterdays patch tuesday installed), ran ddu, rebooted, installed 14.12 with no issues, rebooted, and now finally after 11h of hair tearing i have a functioning display driver again, even better, the omega one.. blame microsoft for this kb3004394 root certificate update, which almost made me do an OS repair install.. hope theyll read my technet thread where i first mentioned kb3004394 being the culprit'
The KB 3002339 problem, by contrast, is relatively innocuous. SnydrRydr posted on the Answers forum:
' have been installing the Update for Visual Studio 2012 (KB3002339) for over an hour now and it's still not done. I took a look at the support article and it looks like it's a small bug fix update. So why is it taking so long to install?'
W Jezewski offered a solution: 'I ran into the same issue with three machines. Manual download and install did the trick.'
You can download KB 3002339 directly from the Microsoft Download Center*."
* https://www.microsof...s.aspx?id=44907
___

- https://support.micr...b/3004394/en-us
Dec 9, 2014 - Rev: 1.0

Windows update KB3004394 issues
- https://answers.micr...06907a18?page=1

- http://www.bleepingc...messages/page-2
Posted Today, 05:42 AM
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 11 December 2014 - 06:30 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 11 December 2014 - 09:20 PM

FYI...

MS on KB 3004394 patch: Uninstall it ...
- http://www.infoworld...kb-3004394.html
Dec 11, 2014 - "... Microsoft has pulled the botched patch KB 3004394. That's the Windows Root Cert patch causing endless problems - Windows Defender wouldn't start, installing KB 3004394 blocked installing other Windows Updates, UAC prompts appeared in the weirdest places, MSE wouldn't install, VirtualBox stopped working, and on and on... Microsoft acknowledged the problem and told us what to do about it. Microsoft engineer and forum moderator Pinaki Mohanty*, writing on the Microsoft Answers forum, announced that you should uninstall KB 3004394, if you were unfortunate enough to get it. Here's the official advice:
    'We encourage Windows 7 and Windows Server 2008 R2 customers who are impacted, to uninstall the updates/KB3004394. Once ready, we will re-release the updates.'* "
* https://answers.micr...5db57c1a?page=2
Pinaki Mohanty - Microsoft Forum Moderator Dec 11, 2014

- https://support.micr....com/kb/3004394
Last Review: Dec 11, 2014 - Rev: 2.0
___

- http://www.infoworld...-root-cert.html
Dec 11, 2014 - "Overnight, Microsoft pulled two high-profile screwed-up patches: KB 3011970 and KB 3004394. Another patch, KB 2553154, is killing some Excel 2010 and 2013 macros, saying the ActiveX control "has stopped working in Excel." Admins are reporting that KB 3008923 has broken modal dialogs in IE. And the hang on installing KB 3002339 described yesterday* is still kicking...
I'm seeing reports of this problem with both Excel 2010 and Excel 2013. It isn't clear at this point if the same problem applies to other Office 2010 or 2013 programs, such as Word. It's also not clear if the same problem affects Office 2007, which is included in the security bulletin...
KB 2986475, the Exchange Server 2010 SP3 update rollup 8, was pulled yesterday, as reported. If you started rolling out the update, you need to roll it back (at least, if you want to connect to Outlook). I've seen no further official word as to the cause or the cure. KB 3002339 -- a patch of a .Net Framework 4.5.3 patch -- is still hanging on installation for some people. If the patch takes more than, oh, 30 minutes to install, kill the installer, then manually download it...
KB 3008923, the MS14-080 Internet Explorer rollup, is crashing Internet Explorer, although which versions of IE is unclear... At this point, I've seen reports of the problem with IE9 and IE11, but one report says it affects IE11 only, and not IE9 or IE10. As usual, there's no acknowledgment of the problem in the KB article (although the KB article does say there may be an installation error 8024001d with Windows 10 Technical Preview). No clue as to a workaround.
Finally, KB 3011970 -- the Silverlight patch -- crashed so spectacularly that Time Warner Cable issued an alert...
* http://www.infoworld...il-defende.html
Dec 10, 2014
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 12 December 2014 - 06:17 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 12 December 2014 - 12:50 PM

FYI...

MS releases 'Silver Bullet' patch KB 3024777 to eliminate KB 3004394
More information unfolds about the Windows Root Certification patch and its foibles
- http://www.infoworld...kb-3004394.html
Dec 12, 2014 - "Another episode of the KB 3004394 saga is unfolding, as Microsoft releases a new patch, KB 3024777, specifically designed to take out this week's Black Tuesday fiasco, KB 3004394, on Windows 7 SP1 and Windows Server 2008 R2 SP1 machines. The story's a little more complicated...  You'll recall this week's bête noire, KB 3004394. Issued on Tuesday, by Wednesday there were dozens of reports of problems with odd UAC prompts, Windows Diagnostic Tool error 8000706f7, failure on attempting to install the AMD Catalyst driver, Windows Defender error 2147023113, and several more. It's as if Microsoft didn't test the patch before releasing it. On Thursday, Microsoft yanked the patch and later advised in an Answers forum post that you should uninstall KB 3004394. Today's a new day, and we have a new explanation -- and marching orders.
Microsoft has updated its KB 3004394* article to say that the problems only occur on Windows 7 SP1 and Windows Server 2008 R2 SP1:
* http://support2.micr...b/3004394/en-us
'... We have found that this update is causing additional problem on computers that are running Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This includes the inability to install future updates. The KB 3004394 update does not cause any known problems on the -other- systems for which it is released. We recommend that you install the update on the other systems.
    If you have not yet deployed KB 3004394 on Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers, we recommend that you -delay- installation until a new version of this update becomes available.
    If you have already installed KB 3004394 on Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers that were not restarted after the update was installed, we recommend that you -delay- the restart if it is possible until more information is added to this article about a method to remove the update.
    If the installation of KB 3004394 is causing problems on these computers, -remove- the update, and then restart the computers. >> The ability to remove Windows Updates through Control Panel may no longer function on some Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers after KB 3004394 is installed...
' ...

 

 Reading between the lines - several of them, actually - it looks like this is what you should do:
    On Windows 7 SP1/Server 2008 R2 SP1 machines: Crank up Windows Update. If KB 3024777 is listed, run it. If the installation fails, manually download the Silver Bullet and fire. Er, run it.
    On Windows 8/8.1/Server 2012 machines: I wouldn't manually uninstall KB 3004394, if you have it, until Microsoft tells us more about potential conflicts..."

(More detail at the the infoworld URL at the top of this post.)
___

- http://support2.micr....com/kb/3024777
Last Review: Dec 12, 2014 - Rev: 6.0
___
 

:ph34r:  :wacko:


Edited by AplusWebMaster, 12 December 2014 - 01:12 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 13 December 2014 - 11:10 AM

FYI...

MS14-080: https://support.micr....com/kb/3008923  - IE
Last Review: Dec 13, 2014 - Rev: 5.1

 

MS14-082: https://support.micr....com/kb/3017349 - Office

Last Review: Dec 13, 2014 - Rev: 3.0

 

:ph34r: :ph34r:


Edited by AplusWebMaster, 13 December 2014 - 04:03 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#6 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 15 December 2014 - 11:54 AM

FYI...

Win7 hit by rash of -bogus- 'not genuine' reports, validation code 0x8004FE21
- http://www.infoworld...0x8004fe21.html
Dec 15, 2014 - "... I see at least a hundred posts from people who are being told their copy of Windows 7 is disingenuous when, in fact, they know it's genuine. If you guessed that all of those problems were caused by a bad Black Tuesday patch, you win the small prize. If you guessed that the aberrant patch is KB 3004394, you get the big prize... Windows users started screaming about KB 3004394 within hours of it being rolled out of the Automatic Update chute last Tuesday: Bogus UAC prompts, MMC plug-ins refused to start, Windows Defender wouldn't start, Microsoft Security Essentials wouldn't install, VirtualBox wouldn't work, the AMD Catalyst Omega driver wouldn't install, and other Windows Updates wouldn't install after KB 3004394 infected those machines. On Thursday morning, Microsoft -pulled- the patch. On Thursday afternoon, Microsoft started advising in the Answers Forum that people infected with KB 3004394 should manually remove the patch, although the KB 3004394 article admonished, "The ability to remove Windows Updates through Control Panel may no longer function on some Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers after KB 3004394 is installed." Then we started hearing rumors that manually uninstalling KB 3004394 would, in fact, cause -more- problems... a whole lot of bad advice flowing around this problem. Even at this late date -- working all the way through the weekend, until late Sunday night -- I'm not sure that this fix will work in all cases..."

- https://support.micr....com/kb/3004394
Last Review: Dec 11, 2014 - Rev: 2.0

> https://support.micr....com/kb/3024777
Last Review: Dec 12, 2014 - Rev: 6.0
___

MS sends out KB 2920807, KB 2920738 for Office
- http://www.infoworld...for-office.html
Dec 12, 2014 - "...  short version:
If you're using Office 2010 or Office 2013 and you installed the October Office update (MS14-061/KB 3000434), you've been living with a bug for the past couple of months. A new TechNet post explains:
    Shortly after the release of the October Public Update, we received notification of a potential issue affecting Office 2010 and Office 2013 users. In some cases, users running Office 2013 or Office 2010 may not be able update Microsoft Word fields in a few scenarios after the October Public updates are installed. We have since corrected the issue in Office 2013 Click-to-Run build 15.0.4675.1002.
If you have Office Click-to-Run (one component of Office 365), you're already fixed. But if you use an installed version of Office 2010 or Office 2013, this bug has been lurking for a couple of months: When you print or print preview a document in Word that has the Print Markup option enabled, the page numbers of the document may be displayed incorrectly. No idea why it's taken months to articulate the bug or squash it. The patch for Office 2013 is listed as KB 2920738. The patch for Office 2010 SP2 is KB 2920807..."

- https://support.micr....com/kb/3000434 - MS14-061

- https://support.micr....com/kb/2920738 - Office 2013
Last Review: Dec 15, 2014 - Rev: 4.0

- https://support.micr....com/kb/2920807 - Office 2010 SP2
Last Review: Dec 15, 2014 - Rev: 4.0
___

- http://www.theinquir...n-patch-tuesday
Dec 15 2014
 

:ph34r: :ph34r:  : (


Edited by AplusWebMaster, 15 December 2014 - 03:27 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#7 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 17 December 2014 - 07:35 AM

FYI...

MS14-080: Cumulative security update for I/E ...
- https://support.micr....com/kb/3008923
Last Review: Dec 13, 2014 - Rev: 5.1
Applies to:
    Internet Explorer 11
    Internet Explorer 10
    Windows Internet Explorer 9
    Windows Internet Explorer 8
    Windows Internet Explorer 7
    Microsoft Internet Explorer 6.0

> patchmanagement.org - Message 39536
16 Dec 2014 - "The KB article lists known issues of IE9 crashing and IE11 dialog box errors..."
___

MS14-082: Office 2013 ...
- https://support.micr....com/kb/2726958
Last Review: Dec 16, 2014 - Rev: 4.0
 

:ph34r: :ph34r:  :blink:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#8 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 18 December 2014 - 07:59 AM

FYI...

MS ships KB 3025390 to fix IE11 screwups in KB 3008923
As of noon Wednesday, MS still hasn't pulled -or- updated the botched patch MS 14-080 / KB 3008923
- http://www.infoworld...kb-3008923.html
Dec 17, 2014 - "...  the link in the Windows Update description doesn't work, but you can find detailed information at support2.microsoft.com (note the "support2" in the link). Here's what that KB article says:
    'You install MS14-080: Cumulative security update for Internet Explorer: December 9, 2014 ( https://support.micr....com/kb/3008923 ) on a computer that's running Internet Explorer 11 or the Internet Explorer 11 Web Browser control. However, after you do this, you may experience unexpected behavior when you interact with sites that use one or more web application modal dialog boxes. Any data or information that's provided in the modal dialog box may not be returned to the application window or to the dialog box that created the data or information. Therefore, the application that created the dialog box may exhibit errors or lack specific functionality that was dependent on that dialog box data...'
German sites report that the patch appears in the English language, though their patches normally appear in German. I talked about the original problem with KB 3008923 last week, and Microsoft has since updated the KB 3008923 article (now at version 5.1) with this explanation:
    'We are aware of some reports of functional issues on sites that use nested modal dialog boxes on Internet Explorer 11 that occur after you install this security update…
    We are aware of some limited reports of Internet Explorer 9 crashing after you apply this security update.
    Microsoft is researching this issue and will post more information in this article when the information becomes available.
'
Many people haven't been able to -find- the KB article, and they're cautious about installing a patch simply because it magically appeared in Windows Update, with -no- explanation..."
(More detail and links at the infoworld URL at the top of this post.)

- https://support.micr....com/kb/3008923
Last Review: Dec 17, 2014 - Rev: 6.0

- https://support.micr....com/kb/3025390
Last Review: Dec 17, 2014 - Rev: 1.0
___

- http://www.forbes.co...ndows-defender/
12/13/2014 - "... If you have Windows 7 set to automatically update every Tuesday, it may be time to permanently -disable- that feature. Microsoft has just confirmed that a recent update — specifically KB 3004394 — is causing a range of serious problems and recommends removing it... Unfortunately this newest update isn’t limited to graphics driver problems. Redmond hasn’t directly divulged each and every issue, but Microsoft’s Answer Forum is littered with tech-savvy users reporting that USB 3.0 drivers are broken and User Account Control (UAC) prompts have gone haywire. Microsoft has acknowledged that it even prevents the installation of future Windows Updates..."

Install KB3024777 to fix an issue with KB3004394...
- http://support.micro...b/3024777/en-us
Last Review: Dec 12, 2014 - Rev: 6.0
 

:ph34r: :ph34r:  : (


Edited by AplusWebMaster, 19 December 2014 - 07:33 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#9 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 19 December 2014 - 10:58 AM

FYI...

MS14-080: I/E...
- https://support.micr....com/kb/3008923
Last Review: Dec 18, 2014 - Rev: 7.0
Applies to:
    Internet Explorer 11
    Internet Explorer 10
    Windows Internet Explorer 9
    Windows Internet Explorer 8
    Windows Internet Explorer 7
    Microsoft Internet Explorer 6.0
___

For IE 11: Some web application modal dialog boxes don't work correctly in Internet Explorer 11 after you install update 3008923
- https://support.micr....com/kb/3025390
Last Review: Dec 17, 2014 - Rev: 1.0
 

:ph34r: :ph34r: :ph34r:


Edited by AplusWebMaster, 20 December 2014 - 07:33 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#10 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 24 December 2014 - 04:00 AM

FYI...

Install KB3024777 to fix an issue with KB3004394 on Windows 7 and Windows Server 2008 R2
- https://support.micr...b/3024777/en-us
Last Review: Dec 22, 2014 - Rev: 7.0
The KB 3004394 update that was dated December 10, 2014 can cause additional problems on computers that are running Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This includes the inability to install future updates. This new update is available to remove KB 3004394 from your computer.
For more information about the KB 3004394 update, see the following Microsoft Knowledge Base article:

Dec 2014 update for Windows Root Certificate Program in Windows
- https://support.micr....com/kb/3004394
Last Review: Dec 11, 2014 - Rev: 2.0
 

:ph34r: :ph34r:  :blink:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#11 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 26 December 2014 - 02:30 PM

FYI...

KB3008923 Compromises MS Baseline Security Analyzer's Results Report
- https://social.techn...8itproappcompat
Saturday, December 13, 2014 1:11 AM
... confirmed KB3008923 compromises MS Baseline Security Analyzer's Results Reports by uninstalling the KB. MS BSA now works as before. I don't use IE so I can't help you there but I presume BSA uses some IE modules. I know that there are many problems with KB3008923 across many platforms...

... the IE cumulative update + Repair fixed the issues with BSA...
>     Marked as answer by Phantom of the Mobile 15 hours 11 minutes ago
Wednesday, December 24, 2014 3:41 PM
___

MS14-080: Cumulative security update for Internet Explorer: December 9, 2014
> https://support.micr....com/KB/3008923
Last Review: Dec 18, 2014 - Rev: 7.0
Applies to:
    Internet Explorer 11
    Internet Explorer 10
    Windows Internet Explorer 9
    Windows Internet Explorer 8
    Windows Internet Explorer 7
    Microsoft Internet Explorer 6.0

> Known issues with this security update
>Issue 1:
    We are aware of some reports of functional issues on sites that use nested modal dialog boxes on Internet Explorer -11- that occur after you install this security update.
    To resolve this issue, install update 3025390. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    3025390 Some web application modal dialog boxes don't work correctly in Internet Explorer 11 after you install update 3008923
>Issue 2:
    We are aware of some limited reports of Internet Explorer -9- crashing after you apply this security update.
    Microsoft is researching this problem and will post more information in this article when the information becomes available.
___

> http://www.microsoft...px?q=kb 3008923

- https://support.micr...com/kb/3025390/
Last Review: Dec 17, 2014 - Rev: 1.0
> http://www.microsoft...px?q=kb 3025390
 

:ph34r: :ph34r:  :(


Edited by AplusWebMaster, 26 December 2014 - 02:46 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#12 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 30 December 2014 - 09:20 AM

FYI...

UPDATE: Office 2010 ActiveX Disabled - December Update KB2553154
- http://blogs.technet...-kb2553154.aspx
12 Dec 2014 - "An issue has been discovered in Security Update for Microsoft Office 2010 (KB2553154*) that disables ActiveX controls. A workaround for this issue can be found at KB3025036**."

MS14-082: Description of the security update for Microsoft Office 2010: Dec 9, 2014
* https://support.micr....com/KB/2553154
Last Review: Dec 16, 2014 - Rev: 4.0

"Cannot insert object" error in an ActiveX custom Office solution after you install the

MS14-082 security update
** https://support.micr....com/kb/3025036
Dec 30, 2014 - Rev: 7.0

Office Updates
- http://blogs.technet...ed_engineering/
______

Best / Last / End-of-the-year 2014 MS support “guesses” found:

- http://windowssecret...office-updates/
Dec 22, 2014 - "It’s been a long year of security fixes, broken patches, and enhancements for Windows, Office, and other applications. As we close the book on 2014 updating, we’re still missing a bit of holiday cheer — there are a couple of remaining fixes for IE and Excel updates.

 

MS14-080 (3008923)
Problems with IE 11 and IE 9 rollup updates: December’s cumulative update for Internet Explorer 11 reportedly patched 14 vulnerabilities, but it also came with a few issues of its own. Soon after KB 3008923 was released, there were reports of problems with a few websites and line-of-business platforms. To patch the patch, Microsoft released KB 3025390.
As briefly noted in MS article KB 3008923, a few IE 9 users are reporting browser crashes after installing the December update. So far, there’s no fix or workaround — Microsoft is still “researching this problem.” -All- IE users should keep in mind that Microsoft wants you running IE 11 as soon as possible. As noted in an IEBlog post, beginning Jan. 12, 2016, Microsoft will support IE 11 -only- on Win7 and Win8 workstation systems. (It will continue to support IE 9 on Vista. Support for Vista ends on April 11, 2017.)

- What to do: IE 9 users who run into issues with KB 3008923 (MS14-080) will have to -uninstall- the update and wait for another update. IE 11 users should install KB 3025390 to fix problems with the December cumulative update.

 

MS14-082: Office patch results in an Excel macro bug... MS14-082 included three updates designed to quash a vulnerability in MS Office that could lead to a remote takeover of your system. But an unintended consequent of the patch is ActiveX controls failures in Office documents. In some cases, the update breaks Excel macros. For example, if you apply the update on one PC and then save an Excel document containing ActiveX controls, macros might -fail- when the document is opened on a system that has -not- been updated with MS14-082."
 

:ph34r:  :huh:


Edited by AplusWebMaster, 31 December 2014 - 10:16 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#13 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 07 January 2015 - 04:50 PM

FYI...

MS patch hangover: KB 3008923, 2553154, 2726958, 3004394, 3011970
... a slew of December Black Tuesday patches -didn't- get fixed over the holidays.
- http://www.infoworld...58-3004394.html
Jan 6, 2015 - "December 2014 will likely go down in the annals of Windows pain as the worst patching month ever. Depending on how you count, roughly a quarter of all the patches that rolled out the Automatic Update chute on Dec. 9 have encountered problems - some quite spectacular. Microsoft's more advanced customers (the ones who figured out why their machines weren't working right) have complained bitterly. You might think that while the rest of us were downing copious quantities of eggnog and designer microbrew, the Microsoft elves would have been busy fixing what went wrong. While there's been progress, many of the problems have been abandoned. Others were given a quick band-aid and declared fixed. With one week to go before a new year of Black Tuesdays starts, we're looking at lots of dead and wounded..."
(Much -more- detail at the infoworld URL above.)
 

:ph34r: :ph34r:  <_<


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users