8 replies to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...curity/ms15-apr
April 14, 2015 - "This bulletin summary lists security bulletins released for April 2015...
(Total of -11-)

Microsoft Security Bulletin MS15-032 - Critical
Cumulative Security Update for Internet Explorer (3038314)
- https://technet.micr...curity/MS15-032
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-033 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)
- https://technet.micr...curity/MS15-033
Critical - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-034 - Critical
Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
- https://technet.micr...curity/MS15-034
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-035 - Critical
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306)
- https://technet.micr...curity/MS15-035
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-036 - Important
Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044)
- https://technet.micr...curity/MS15-036
Important - Elevation of Privilege - May require restart - Microsoft Server Software, Productivity Software

Microsoft Security Bulletin MS15-037 - Important
Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269)
- https://technet.micr...curity/MS15-037
Important - Elevation of Privilege - Does not require restart - Microsoft Windows

Microsoft Security Bulletin MS15-038 - Important
Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576)
- https://technet.micr...curity/MS15-038
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-039 - Important
Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482)
- https://technet.micr...curity/MS15-039
Important - Security Feature Bypass - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-040 - Important
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711)
- https://technet.micr...curity/MS15-040
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-041 - Important
Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)
- https://technet.micr...curity/MS15-041
Important  - Information Disclosure - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS15-042 - Important
Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234)
- https://technet.micr...curity/MS15-042
Important - Denial of Service - Requires restart - Microsoft Windows
___

- http://blogs.technet...15-updates.aspx
14 Apr 2015 - "... we released 11 security bulletins... We released one new Security Advisory:
Update to Improve PKU2U Authentication (3045755)
- https://technet.micr...ty/3045755.aspx
One Security Advisory was revised:
SSL 3.0 Update (3009008): https://technet.micr...ty/3009008.aspx

- https://technet.micr...ecurity/2755801
V39.0 (April 15, 2015): Added the 3049508 update* to the Current Update section.
Update for vulnerabilities in Adobe Flash
* https://support.micr...n-us/kb/3049508
Last Review: April 15, 2015 - Rev: 3.0
___

Exploitability Index:
- https://technet.micr...r.aspx#ID0EPEAC
___

April 2015 Office Update Release
- http://blogs.technet...te-release.aspx
14 Apr 2015 - "... There are 13 security updates (2 bulletins) and 42 non-security updates...
Security Bulletin MS15-033: https://technet.micr...curity/ms15-033
Security Bulletin MS15-036: https://technet.micr...curity/ms15-036..."
___

- http://www.securityt....com/id/1032108- MS15-032
- http://www.securityt....com/id/1032104- MS15-033
- http://www.securityt....com/id/1032109- MS15-034
- http://www.securityt....com/id/1032110- MS15-035
- http://www.securityt....com/id/1032111- MS15-036
- http://www.securityt....com/id/1032112- MS15-037
- http://www.securityt....com/id/1032113- MS15-038
- http://www.securityt....com/id/1032114- MS15-039
- http://www.securityt....com/id/1032115- MS15-040
- http://www.securityt....com/id/1032116- MS15-041
- http://www.securityt....com/id/1032117- MS15-042
___

ISC Analysis
- https://isc.sans.edu...l?storyid=19577
2015-04-14
 

.

Edited by AplusWebMaster, 15 April 2015 - 08:55 PM.

[AplusWebMaster]

FYI...

Microsoft woes: Re-issued patch KB 3013769 crashes, Skype for Business rolls, Windows 10 nagware resurfaces
Several of this month's Black Tuesday patches are already showing signs of trouble
- http://www.infoworld...resurfaces.html
Apr 15, 2015 - "Microsoft usually releases a list of non-security patches several days before the Black Tuesday rollout, but this month there was no information until several hours after the patches hit. That's a problem for users, particularly because Microsoft's track record with patches is so bad -- and this month is no exception. Yesterday Microsoft released dozens of patches for Windows in 11 bulletins covering 26 individually identified CVEs (common vulnerabilities and exposures), including 10 in Internet Explorer, four re-released security changes, and nine changes to non-security patch installers. The .Net security bulletin alone gives rise to 10 different downloadable patches... Not to be outdone, the Office team released a bewildering array of updates for Office 2013, including 13 security patches, two bulletins, and 42 non-security patches. Note that you must have Office 2013 SP1 before you can install any of these patches. There's also a Security Advisory about Public Key Cryptography User-to-User (PKU2U), called KB 3045755. It's still early in the game, but here are the problems I saw that cropped up overnight. KB 3013769, the December 2014 update rollup for Windows 8.1 and Server 2012 R2, has been re-released as an optional update. Many people using Kaspersky Antivirus report that installing the patch triggers a blue screen..."
(More detail at the infoworld URL above.)
 

[AplusWebMaster]

FYI...

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.micr...ecurity/2755801
V39.0 (April 15, 2015): Added the 3049508 update to the Current Update section.

Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer
- https://support.micr...n-us/kb/3049508
April 15, 2015 - "... Known issues with this security update:
Windows Update will not offer this security update to Windows RT-based computers until update 2808380* is installed. For more information, click the following article number to view the article in the Microsoft Knowledge Base...
* https://support.micr...n-us/kb/2808380
Last Review: April 15, 2015 - Rev: 3.0
Applies to:
Windows RT 8.1
Windows 8.1...
Windows Server 2012...
Windows 8...
___

- http://www.infoworld...10-preview.html
Apr 15, 2015

Pwn2Own fixes ...
- http://windowssecret...backups/#story6
Apr 15, 2015 - "... after every Pwn2Own contest, there’s a round of browser updates. In the case of IE, the fixes are in April’s KB 3038314*, a cumulative patch that reportedly addresses -10- vulnerabilities — including one that could let a hacker bypass IE’s key Address Space Layout Randomization (ASLR) security feature.
Adobe has released Flash Player 17.0.0.169, according to the company’s April 14 security bulletin. Flash should be automatically updated in Google Chrome (enter “chrome://plugins” to check), Firefox, and Internet Explorer 11. But April’s Flash update in IE is still rolling out. (To check your Flash version in IE, click Manage add-ons and select All add-ons in the Show dropdown menu. Look for “Shockwave Flash Object”).
Google has updated Chrome to version 42.0.2311.90..."
* MS15-032 (3038314):
> https://support.micr...n-us/kb/3038314
Last Review: Apr 15, 2015 - Rev: 3.0
Applies to:
    Internet Explorer 11
    Internet Explorer 10
    Windows Internet Explorer 9
    Windows Internet Explorer 8
    Windows Internet Explorer 7
    Microsoft Internet Explorer 6.0

BrowserCheck: https://browsercheck...m/?scan_type=js
 

Edited by AplusWebMaster, 16 April 2015 - 08:29 AM.

[AplusWebMaster]

FYI...

MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution - PATCH NOW
- https://isc.sans.edu...l?storyid=19583
Last Updated: 2015-04-16 18:05:38 UTC - "Denial of Service (DoS) exploits are widely available to exploit CVE-2015-1635, a vulnerability in HTTP.sys, affecting Internet Information Server(IIS). The patch was released on Tuesday (April 14th) as part of Microsoft's Patch Tuesday. Due to the ease with which this vulnerability can be exploited, we recommend that you expedite patching this vulnerability.
Update: We are seeing active exploits hitting our honeypots from 78.186.123.180. We will be going to Infocon Yellow as these scans use the DoS version, not the "detection" version of the exploit. The scans appear to be "Internet wide"... Based on posts on Twitter, 171.13.14.0/24 is also sending the exploit code in 'somewhat targeted' scans..."

Microsoft Security Bulletin MS15-034 - Critical
Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
* https://technet.micr...curity/MS15-034
April 14, 2015
> https://support.micr...n-us/kb/3042553
Last Review: April 14, 2015 - Rev: 1.0
(SEE: 'Applies to...")

- https://web.nvd.nist...d=CVE-2015-1635  - 10.0 (HIGH)
"... HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability..."

- http://news.netcraft...n-websites.html
16 April, 2015

- http://blog.trendmic...-vulnerability/
Apr 22, 2015
___

KB 2965295, KB 2965270 freeze Calendar and syncing, cause lockouts
- http://www.infoworld...e-lockouts.html
Apr 16, 2015 - "... more and more reports of problems with two new patches: KB 2965295, the 'April 14, 2015 update for Outlook 2010' and KB 2965270, descriptively entitled 'April 14, 2015 update for Outlook 2013'. I'm also hearing new rumblings about our old friends KB 2956128 - the February Outlook 2010 update rollup (with problems that Microsoft promised to fix 'by the 3rd week of April') - and its successor of sorts, KB 2956203, the 'March 10, 2015 update for Outlook 2010'..."
(More detail at the infoworld URL above.)
 

Edited by AplusWebMaster, 22 April 2015 - 06:04 AM.

[AplusWebMaster]

FYI...

'Optional' Windows 8.1 update KB 3022345 fails to install with error 800F0922
- http://www.infoworld...r-800f0922.html
Apr 22, 2015 - "At least one of the optional Windows updates Microsoft released yesterday is running into problems. Messages are popping up in every corner of the Web that patch KB 3022345 -- an "Update to enable the Diagnostics Tracking Service in Windows 8.1 and Windows Server 2012 R2" -- triggers an installation failure 800F0922..."
* https://support.micr...n-us/kb/3022345
Last Review: Apr 21, 2015 - Rev: 2.0
___

Microsoft to release massive set of 34 non-security patches Tuesday
- http://www.infoworld...is-tuesday.html
Apr 20, 2015 - "The official list of Windows Update patches was updated over the weekend to show that 34 patches rated "optional" are headed for the Automatic Update chute this Tuesday, April 21...
For those Windows users with Automatic Update turned on, who automatically install optional updates, this could prove to be a rocky Tuesday."
(More detail at the infoworld URL above.)
___

IE11 patch KB 3038314 blocks search engines and may fail with error 80092004
The latest IE11 patch prevents some Windows users from adding Google as a search provider - if it finishes installing at all
- http://www.infoworld...r-80092004.html
Apr 20, 2015 - "We don't know the full extent of the problem yet, but it appears the latest Internet Explorer patch prevents Internet Explorer 11 - and possibly other versions of IE - from installing Google and other search engines. And the problem may go beyond Windows 7 SP1 and Windows 8.1 Update 1 PCs. Many IE11 customers are reporting on the Microsoft Answers Forum* (and elsewhere**) that the latest IE11 patch rollup, MS15-032 KB 3038314***, reports that it failed to install with error 80092004. Others say the download on that patch -stalls- at 11 percent and doesn't budge, or that the download kicks out at 11 percent with the same failed-to-install error message, code 80092004... No response yet from Microsoft, of course."
(More detail at the infoworld URL above.)
* http://answers.micro...9e-3bca16e3f3cc

** http://www.techspot....14-4-17.212083/

*** https://support.micr...n-us/kb/3038314
___

KB 2952664 triggers daily telemetry run in Windows 7 - and may be snooping on users
Microsoft bills the 'compatibility update' as way to ease the upgrade process to Windows 10 - but it's collecting data daily
- http://www.infoworld...e-snooping.html
Apr 20, 2015 - "If you think that KB 2952664* just tweaks your system a bit to improve the upgrade process, you may be in for a surprise. It could also be triggering a daily telemetry run and maybe even snooping on you. KB 2952664 is billed as a "compatibility update for upgrading Windows 7… [that] helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows." So I was surprised when reader Carl Anderson sent me an email, pointing out a Microsoft Answers forum thread** that accuses the February 2015 Black Tuesday patches of installing a process that red-lines one core of the CPU every time Windows 7 is started..."
(More detail at the infoworld URL above.)
* https://support.micr...n-us/kb/2952664

** http://answers.micro...dfbab2b5?page=1
 

Edited by AplusWebMaster, 23 April 2015 - 04:51 AM.

[AplusWebMaster]

FYI...

April Patch Watch... notes
- http://windowssecret...edition-report/
Apr 22, 2015 - "As if the list of April’s Patch Tuesday nonsecurity fixes weren’t long enough, Microsoft has just released another downpour of patches. These are, for the most part, operating-system updates, primarily for Windows 8.1. None is critical... a second release of nonsecurity updates in the same month is -not- what I had in mind...
Two security-update notes: There are a few reports of problems with Internet Explorer cumulative update KB 3038314. After installing the patch, some users are unable to add another search provider...
Another update, KB 3045999 (MS15-038), is being flagged by software vendor Romax. The company states that the update is incompatible with the company’s software and recommends that its customers remove it. This problem is probably not widespread, but it’s a reminder to keep updates in mind anytime an application starts misbehaving..."

MS15-032: Cumulative security update for Internet Explorer...
> https://support.micr...-us/kb/3038314/
Last Review: 04/24/2015 - Rev: 4.0

MS15-038: Description of the security update for Windows...
> https://support.micr...-us/kb/3045999/
Last Review: 04/14/2015 - Rev: 1.0

Windows Update KB3045999 Incompatability With All Romax Software...
- http://support.romax...-Romax-Software
Apr 17, 2015
 

Edited by AplusWebMaster, 25 April 2015 - 04:14 AM.

[AplusWebMaster]

FYI...

KB 3045999 conflicts with McAfee (error c0000018), Romax, VirtualBox
- http://www.infoworld...virtualbox.html
Apr 27, 2015 - "... it now appears as if an “elevation of privilege” patch for Windows, MS 15-038/KB 3045999, causes intermittent problems with a wide array of software.
McAfee ServicePortal reports:
- https://kc.mcafee.co...tent&id=KB84538
'Several applications fail to start after you install Microsoft Patch MS15-038 on systems with DLP [Data Loss Prevention for] Endpoint. Affected applications include, but are not limited to:
        CMD.EXE
        Explorer.EXE
        MMC-based applications
        Microsoft Office applications
        PowerShell
    Example startup errors include:
        csc.exe- Application Error -- The application was unable to start correctly (0xc0000142)
        iexplore.exe- Application Error -- The application was unable to start correctly (0xc0000018)
        mmc.exe- Application Error -- The application was unable to start correctly (0xc0000018)
        cmd.exe- Application Error -- The application was unable to start correctly (0xc0000018)'
Romax reports:
- http://support.romax...-Romax-Software
'... an error message from Xenocode Virtual Application Studio ISV, “The applications were unable to load a required virtual machine component. Please contact the publisher of this application for more information.” They go on to say:
    We have become aware that a specific Microsoft Windows update KB3045999 published on 13th April 2015 prevents all Romax software from starting up. If your Romax software works, we recommend you immediately contact your IT department and ask them to stop installation of Microsoft Windows update KB3045999. If you are receiving the … error message when starting Romax software then please check if this update has been installed; if it has then this update will need to be uninstalled...'
VirtualBox users:
- https://forums.virtu...tart=45#p318687
'... I too am getting the error "supR3HardenedWinReadErrorInfoDevice: 'ntdll.dll: 7981 differences between 0x300c and 0x4fff in #1 (.text), first: 4c != 1f.'" I've been using this install of VBox for years (installing updates as they arrive), and after just installing Windows Updates (last updated in March 2015, these were April 2015 updates), none of my VM's (various flavors of Windows & Linux) will start up...' "

MS15-038 ...
- https://support.micr...n-us/kb/3045999
Last Review: Apr 14, 2015 - Rev: 1.0
___

Win10 patch KB 3055415 released with no details
- http://www.infoworld...no-details.html
Apr 27, 2015 - "Microsoft just released a new patch for Windows 10. Like all Windows 10 patches, you get to install it whether you want to or not, and it'll be automatically installed for you, likely overnight. 'Update for Windows Technical Preview April Update for x64-based systems (KB3055415)'  forces a reboot. Inside Windows, you get this illuminating notice:
    'Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.' ..."
 

[AplusWebMaster]

FYI...

MS15-032: MS Internet Explorer Multiple Bugs Let Remote Users Bypass ASLR and Execute Arbitrary Code
- http://www.securityt....com/id/1032108
Updated: May 1 2015
[Editor's note: On April 30, 2015, the vendor updated their advisory to indicate that users of IE on Windows Server 2003 SP2 who installed update 3038314 -prior- to April 22, 2015 should -re-install- update 3038314.]

- https://technet.micr...curity/ms15-032
V2.0 (April 30, 2015): Updated bulletin to inform customers running Internet Explorer on Windows Server 2003 SP2 that the 3038314 update on the Microsoft Download Center was updated on April 22, 2015. Microsoft recommends that customers who installed the 3038314 update -prior- to April 22 should -reinstall- the update to be fully protected from the vulnerabilities discussed in this bulletin.

 

- https://support.micr...n-us/kb/3038314
Last Review: Apr 29, 2015 - Rev: 5.0

 

Cumulative Security Update for IE 7 for Windows Server 2003 (KB3038314)
Download: https://www.microsof...s.aspx?id=46688
File Name: IE7-WindowsServer2003-KB3038314-x86-ENU.exe
___

Microsoft Security Advisory 3062591
Local Administrator Password Solution (LAPS) Now Available
- https://technet.micr...ecurity/3062591
May 1, 2015 - "Microsoft is offering the Local Administrator Password Solution (LAPS) that provides a solution to the issue of using a common local account with an identical password on every computer in a domain. LAPS resolves this issue by setting a different, random password for the common local administrator account on every computer in the domain. Domain administrators using the solution can determine which users, such as helpdesk administrators, are authorized to read passwords.
Compromised identical local account credentials could allow elevation of privilege if an attacker uses them to elevate from a local user/administrator to a domain/enterprise administrator. Local administrator credentials are needed for occasions when logon is required without domain access. In large environments, password management can become complex, leading to poor security practices, and such environments greatly increase the risk of a Pass-the-Hash (PtH) credential replay attack.
LAPS simplifies password management while helping customers implement recommended defenses against cyberattacks. In particular, the solution mitigates the risk of lateral escalation that results when customers use the same administrative local account and password combination on their computers...
For more information, see:
- https://support.micr....com/kb/3062591
Last Review: May 1, 2015 - Rev: 1.0

Microsoft Download Center
- https://www.microsof...23-6818fc2f07ec

Edited by AplusWebMaster, 01 May 2015 - 04:50 PM.

[AplusWebMaster]

FYI...

Patch Watch update: Cleaning up April’s leftovers
- http://windowssecret...rils-leftovers/
May 7, 2015 - "Most of Microsoft’s attention is likely focused on Windows 10, which might explain why we’ve seen updates for Windows 7 and 8 dribbled out over the past month. Some of the updates have a clear agenda: preparing our Win7 and Win8 systems for the transition to Windows 10.
> MS15-032 (3038314) - Still tracking Internet Explorer–update issues:
 KB 3038314 was April’s cumulative IE patch. It’s critical to install all IE security updates, but April’s was especially so — it fixed vulnerabilities publicly revealed at the recent Pwn2Own hacking contest. Unfortunately, the update did not go well for all Windows users. As noted in its info page, some users who upgraded from IE 8 to IE 11 received an 'error code 80092004' message.
 What’s more, other IE users discovered that they couldn’t add additional search providers after installing the update. At this time, it’s -unclear- whether Microsoft is working on this issue. Making things even more confusing, Microsoft apparently -reissued- the update on April 22, though there’s no information in the update’s information pages to explain why.
REVISION: The reissued KB 3038313 was for Windows Server 2003 -only-.
 What to do: If you downloaded and installed KB 3038314 from the Microsoft Download Center before April 22, you should go back and download it again. If you ran into the search-provider issue, you can try uninstalling KB 3038314 (MS15-032), adding any new search providers you want, and then reinstalling the update — and hope that Microsoft fixes the problem soon.
> MS15-041 - .NET Framework updates calmly sail through:
.NET updates were once notoriously troublesome. But most of that went away when Microsoft ended support for Windows XP. .NET fixes are still somewhat confusing because a particular update is made up of numerous separate patches for different versions of .NET. For example, April’s KB 3048010 includes the following specific fixes:
    KB 3037572 for .NET 1.1 SP1
    KB 3037573 for .NET 2.0 SP2
    KB 3037574 for .NET 4
    KB 3037575 for .NET 3.5 (Win8)
    KB 3037576 for .NET 3.5 (Win8 and Server 2012)
    KB 3037577 for .NET 2.0 SP2 (Server 2003)
    KB 3037578 for .NET 4
    KB 3037579 for .NET 4.5, 4.5.1, and 4.5.2 (Win8 and Server 2012)
    KB 3037580 for .NET 4.5, 4.5.1, and 4.5.2
    KB 3037581 for .NET 4.5, 4.5.1, and 4.5.2 "
___

Update to enable the Diagnostics Tracking Service in Windows
- https://support.micr...n-us/kb/3022345
May 6, 2015 - Rev: 4.0

- http://www.infoworld...-two-weeks.html
May 7, 2015
 

Edited by AplusWebMaster, 10 May 2015 - 08:17 AM.