5 replies to this topic

[AplusWebMaster]

FYI...

> https://technet.micr...curity/ms15-jun
June 9, 2015 - "This bulletin summary lists security bulletins released for June 2015...
(Total of -8-)

Microsoft Security Bulletin MS15-056 - Critical
Cumulative Security Update for Internet Explorer (3058515)
- https://technet.micr...curity/MS15-056
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-057 - Critical
Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890)
- https://technet.micr...curity/MS15-057
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-059 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)
- https://technet.micr...curity/MS15-059
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-060 - Important
Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)
- https://technet.micr...curity/MS15-060
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-061 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)
- https://technet.micr...curity/MS15-061
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-062 - Important
Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)
- https://technet.micr...curity/MS15-062
Important - Elevation of Privilege - Does not require restart - Microsoft Windows

Microsoft Security Bulletin MS15-063 - Important
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)
- https://technet.micr...curity/MS15-063
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-064 - Important
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)
- https://technet.micr...curity/MS15-064
Important - Elevation of Privilege - Does not require restart - Microsoft Exchange Server
___

MS15-056: http://www.securityt....com/id/1032521
MS15-057: http://www.securityt....com/id/1032522
MS15-059: http://www.securityt....com/id/1032523
MS15-060: http://www.securityt....com/id/1032524
MS15-061: http://www.securityt....com/id/1032525
MS15-062: http://www.securityt....com/id/1032526
MS15-063: http://www.securityt....com/id/1032527
MS15-064: http://www.securityt....com/id/1032528
___

- http://blogs.technet...15-updates.aspx
9 Jun 2015 - "... we released 8 security bulletins...
We released one new Security Advisory:
Update for Juniper Network Windows In-Box Junos Pulse Client (2962393)
- https://technet.micr...ty/2962393.aspx
One Security Advisory has been revised:
Update for Adobe Flash Player in Internet Explorer (2755801)
- https://technet.micr...ty/2755801.aspx
___

June 2015 Office Update Release
- http://blogs.technet...te-release.aspx
9 Jun 2015 - "... There are 16 security updates (2 bulletins) and 45 non-security updates..."

MS15-059: http://technet.micro...curity/ms15-059

MS15-046 :https://technet.micr...curity/ms15-046
"... To address issues with the security updates for all affected Microsoft Office 2010 software, Microsoft re-released MS15-046...
    V1.0 (May 12, 2015): Bulletin published.
    V2.0 (May 19, 2015): Bulletin revised...
    V3.0 (June 9, 2015): To address issues with the security updates for all affected Microsoft Office 2010 software, Microsoft re-released MS15-046 to comprehensively address CVE-2015-1682. Microsoft recommends that customers running affected Office 2010 software should install the security updates released with this bulletin revision to be fully protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3057181* for more information and download links."
* https://support.micr...n-us/kb/3057181
Last Review: June 9, 2015 - Rev: 2.0

- https://web.nvd.nist...d=CVE-2015-1682/ 9.3 (HIGH)
___

HTTP Strict Transport Security comes to Internet Explorer 11 on Windows 8.1 and Windows 7
- http://blogs.windows...-and-windows-7/
June 9, 2015 - "In February, we released the first preview of HTTP Strict Transport Security in Internet Explorer 11 in the Windows 10 Insider Preview. The HTTP Strict Transport Security (HSTS) policy protects against variants of man-in-the-middle attacks that can strip TLS out of communications with a server, leaving the user vulnerable. With today’s monthly security updates (KB 3058515), we’re bringing the protections offered by HSTS to Internet Explorer 11 on Windows 8.1 and Windows 7. HSTS is also available in both Internet Explorer 11 and Microsoft Edge on Windows 10. Site developers can use HSTS policies to secure connections by opting in to an HSTS preload list, which registers websites to be hardcoded by Microsoft Edge, Internet Explorer, and other browsers to redirect HTTP traffic to HTTPS. Communications with these websites from the initial connection are automatically upgraded to be secure..."
MS15-056: https://support.micr...n-us/kb/3058515
Last Review: June 9, 2015 - Rev: 1.0
___

ISC Analysis
- https://isc.sans.edu...l?storyid=19781
2015-06-09
___

- http://www.theinquir...ystery-omission
Jun 10 2015 - "... There's no MS15-058. We don't know why this is. Perhaps something was pulled at the last minute, or perhaps there's an out-of-band coming up..."

.

Edited by AplusWebMaster, 10 June 2015 - 11:43 AM.

[AplusWebMaster]

FYI...

June's Patch Tuesday includes IE update, 18 nonsecurity patches...
- http://www.infoworld...ty-patches.html
Jun 10, 2015 - "... Looking only at the number of security bulletins issued this month - eight - you might think June's been a walk in the park. But if you look at what's being patched and what's missing, the numbers and headaches begin to pile up... there's the obligatory giant Internet Explorer patch, MS15-056/KB 3058515, which tackles a couple dozen independently identified security holes in IE6, IE7, IE8, IE9, IE10, and IE11. If you're still using IE, it's worth noting that Microsoft has pushed out boatloads of IE patches every month over the past year except January. IE patching has turned from a comedy to a tragedy. Microsoft Edge, the browser in Windows 10, can't come a moment too soon. The other seven vulnerabilities being patched run quite a gamut, although it's worth noting that the SANS Internet Storm Center only lists one, MS15-060, as having a known exploit - and it's rated as important, not critical. SANS notes that the bulletin for MS15-062 includes a line of code that appears to be a proof-of-concept exploit. Microsoft re-released many old, nonsecurity patches this month, including KB 2952664 and KB2976978 - the Windows10 nagware patches that were re-re-re-re-released five days ago..."
(More detail at the infoworld URL above.)

- http://windowssecret...office-updates/
June 11, 2015 - "... Office 2010 and 2013 both get a slew of nonsecurity fixes. June’s Patch Tuesday release was also bulked up with a bunch of reissued security updates for Office 2010 and some patches that prepare Win7 and Win8 machines for Windows 10... Microsoft has added HTTP Strict Transport Security (HSTS; more info*) to IE 11 on Windows 8.1 and 7. June’s cumulative IE update, KB 3058515, among other things, adds support for HSTS to IE clients. But actually implementing this security feature will be up to individual site developers. Rated critical, KB 3058515 patches over 20 IE vulnerabilities. It also includes seven nonsecurity fixes — among them, one that improves HTML table display speed and another that solves an issue with slow or crashing Web apps..."
* https://en.wikipedia...nsport_Security

- https://support.micr...n-us/kb/3058515
Last Review: June 10, 2015 - Rev: 2.0

HTTP Strict Transport Security (HSTS): https://tools.ietf.org/html/rfc6797
 

Edited by AplusWebMaster, 14 June 2015 - 05:16 AM.

[AplusWebMaster]

FYI...

MS Security Bulletin MS15-048 - Important
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)
- https://technet.micr...curity/MS15-048
May 12, 2015 | V1.1 (June 17, 2015): Corrected bulletin replacement for the 3035488 update for .NET Framework 2.0 on all affected editions of Windows Server 2003 Service Pack 2.
- https://support.micr...n-us/kb/3057134
Last Review: May 12, 2015 - Rev: 1.0
- https://support.micr...n-us/kb/3035488
Last Review: May 12, 2015 - Rev: 1.0
- https://support.micr...n-us/kb/3023220
Last Review: May 12, 2015 - Rev: 1.0

- https://web.nvd.nist...d=CVE-2015-1672
5.0
- https://web.nvd.nist...d=CVE-2015-1673
9.3 (HIGH)
 

 

___

Windows 10 Q&A
- https://www.microsof.../windows-10-faq

.

Edited by AplusWebMaster, 19 June 2015 - 03:58 AM.

[AplusWebMaster]

FYI... MS - miscellaneous notes:

Win8 users face patch spigot shutoff in 7 months
-  http://www.computerw...n-7-months.html
Jun 19, 2015
- https://support.micr...e-windows81-faq
"What is the support lifecycle policy for Windows 8.1? Windows 8.1 falls under the same lifecycle policy as Windows 8, and will reach end of Mainstream Support on January 9, 2018, and end of Extended Support on January 10, 2023. With the General Availability of Windows 8.1, customers on Windows 8 have 2 years, until January 12, 2016, to move to Windows 8.1 in order to remain supported..."
___

An issue you might encounter after installing Microsoft Security Update 3004375
- http://blogs.technet...te-3004375.aspx
15 Jun 2015
___

Revised content for the Windows 10 in-place upgrade via task sequence for Configuration Manager
- http://blogs.technet...-configmgr.aspx
16 Jun 2015 - "... And now a word from our lawyers: the attached content is -not- for production use; it is a sample for evaluation only and thus subject to the Microsoft Limited Public License (see Exhibit B of the TechNet Terms of Use). This posting is provided "AS IS" with no warranties and confers no rights..."

- http://www.theinquir...-freebie-policy
Jun 22 2015
 

Edited by AplusWebMaster, 22 June 2015 - 12:07 PM.

[AplusWebMaster]

FYI...

- http://windowssecret...-drives/#story6
June 24, 2015 - "... This month’s leftover updating issues include an important out-of-band Adobe Flash fix and a lingering kernel patch...
- Patch Tuesday officially falls on the second Tuesday of the month. But there’s also been the somewhat unofficial Patch Tuesday on the fourth Tuesday of the month, used in the past mostly for nonsecurity updates. It now appears that Microsoft has quietly moved the release of nonsecurity fixes to the third Tuesday...
- Windows 10. Think of the new OS as a giant nonsecurity update. There’s -no- compelling reason to install it within days of its formal release. Put Win10 off for at least a couple of weeks; during that time, we’ll see whether there are reports of significant installation issues. The delay will also give third-party vendors time to tweak their applications and drivers.
Note: Make sure you have a full backup of your current system before staring the Win10 upgrade process! ..."
____

MS15-056: Cumulative security update for Internet Explorer: June 9, 2015
- https://support.micr...n-us/kb/3058515
Last Review: 06/25/2015 - Rev: 5.0
Applies to:
    Internet Explorer 11
    Internet Explorer 10
    Windows Internet Explorer 9
    Windows Internet Explorer 8
    Windows Internet Explorer 7
    Microsoft Internet Explorer 6.0
"Known issues: After you install this security update, you may be unable to install some ActiveX controls.
To resolve this issue, install 3072449*. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 3072449 Installation of ActiveX controls may fail in Internet Explorer in Windows 8.1 or Windows 8 (To work around this issue, run Internet Explorer as an administrator by using the Run as administrator option. To do this, right-click Internet Explorer, and then click Run as Administrator. This will enable the ActiveX controls to be installed. After ActiveX is installed, you no longer have to run Internet Explorer by using the Run as administrator option)."
* https://support.micr...n-us/kb/3072449
Last Review: 06/26/2015 - Rev: 2.0
___

MS Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.micr...ecurity/2755801
V42.0 (June 23, 2015): Added the 3074219 update* to the Current Update section.
"... The update addresses the vulnerabilities described in Adobe Security bulletin APSB15-14**..."
* https://support.micr...n-us/kb/3074219
Last Review: June 23, 2015 - Rev: 1.0

** http://helpx.adobe.c.../apsb15-14.html
June 23, 2015
 

>> http://forums.whatth...=93035&p=867701

___

MS Security Bulletin MS15-044 - Critical
Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)
- https://technet.micr...curity/MS15-044
V2.1 (June 23, 2015): Bulletin revised to announce a detection change in the 3056819 update for Microsoft Silverlight 5. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
___

MS Security Bulletin MS15-049 - Important
Vulnerability in Silverlight Could Allow Elevation of Privilege (3058985)
- https://technet.micr...curity/MS15-049
V1.1 (June 23, 2015): Bulletin revised to announce a detection change in the 3056819 update for Microsoft Silverlight 5. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
 

Edited by AplusWebMaster, 02 July 2015 - 10:23 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.micr...ecurity/2755801
July 8, 2015 V43.0 - "... updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... by 'checking for updates' using the Microsoft Update service... addresses the vulnerabilities described in Adobe Security bulletin APSB15-16*..."
* https://helpx.adobe..../apsb15-16.html
___

 

Windows nagware patches KB 2952664 and KB 2976978 install repeatedly
Microsoft released five patches on Tuesday, and at least two of them are having problems
- http://www.infoworld...repeatedly.html
Jul 8, 2015

> https://support.micr...n-us/kb/2952664
Last Review: 07/07/2015 - Rev: 10.0
Applies to:
    Windows 7 SP1

> https://support.micr...n-us/kb/2976978
Last Review: 07/07/2015 - Rev: 11.0
Applies to:
    Windows 8, 8.1 ...