9 replies to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...curity/ms15-Dec
Dec 8, 2015 - "This bulletin summary lists security bulletins released for December 2015...
(Total of -12-)

Microsoft Security Bulletin MS15-124 - Critical
Cumulative Security Update for Internet Explorer (3116180)
- https://technet.micr...curity/MS15-124
Critical - Remote Code Execution- Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS15-125 - Critical
Cumulative Security Update for Microsoft Edge (3116184)
- https://technet.micr...curity/MS15-125
Critical - Remote Code Execution- Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS15-126 - Critical
Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178)
- https://technet.micr...curity/MS15-126
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-127 - Critical
Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465)
- https://technet.micr...curity/MS15-127
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-128 - Critical
Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503)
- https://technet.micr...curity/MS15-128
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft .NET Framework, MS Office, Skype for Business, Microsoft Lync, Silverlight

Microsoft Security Bulletin MS15-129 - Critical
Security Update for Silverlight to Address Remote Code Execution (3106614)
- https://technet.micr...curity/MS15-129
Critical - Remote Code Execution - Does not require a restart - Microsoft Silverlight

Microsoft Security Bulletin MS15-130 - Critical
Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670)
- https://technet.micr...curity/MS15-130
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-131 - Critical
Security Update for Microsoft Office to Address Remote Code Execution (3116111)
- https://technet.micr...curity/MS15-131
Critical - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS15-132 - Important
Security Update for Microsoft Windows to Address Remote Code Execution (3116162)
- https://technet.micr...curity/MS15-132
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-133 - Important
Security Update for Windows PGM to Address Elevation of Privilege (3116130)
- https://technet.micr...curity/MS15-133
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS15-134 - Important
Security Update for Windows Media Center to Address Remote Code Execution (3108669)
- https://technet.micr...curity/MS15-134
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS15-135 - Important
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075)
- https://technet.micr...curity/MS15-135
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

MS15-124: http://www.securityt....com/id/1034315
MS15-125: http://www.securityt....com/id/1034316
MS15-126: http://www.securityt....com/id/1034317
MS15-127: http://www.securityt....com/id/1034323
MS15-128: http://www.securityt....com/id/1034329
- http://www.securityt....com/id/1034330
- http://www.securityt....com/id/1034331
- http://www.securityt....com/id/1034332
- http://www.securityt....com/id/1034333
- http://www.securityt....com/id/1034336
MS15-129: http://www.securityt....com/id/1034321
MS15-130: http://www.securityt....com/id/1034337
MS15-131: http://www.securityt....com/id/1034324
- http://www.securityt....com/id/1034325
MS15-132: http://www.securityt....com/id/1034338
MS15-133: http://www.securityt....com/id/1034339
MS15-134: http://www.securityt....com/id/1034335
MS15-135: http://www.securityt....com/id/1034334
___

- http://blogs.technet...se-summary.aspx
Dec 8, 2015 - "... we released security updates to provide additional protections against malicious attackers..."

Security Advisories (3):

Microsoft Security Advisory 3057154
Update to Harden Use of DES Encryption
- https://technet.micr...ecurity/3057154
Published: July 14, 2015 | Updated: Dec 8, 2015

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- https://technet.micr...ecurity/2755801
Version: 51.0

Microsoft Security Advisory 3123040
Inadvertently Disclosed Digital Certificate Could Allow Spoofing
- https://technet.micr...ecurity/3123040
Dec 8, 2015
___

December 2015 Office Update Release
- http://blogs.technet...te-release.aspx
8 Dec 2015 - "... there are 19 security updates (2 bulletins) and 61 non-security updates..."
MS15-128: https://technet.micr...curity/MS15-128

MS15-131: https://technet.micr...curity/MS15-131
___

ISC Analysis
- https://isc.sans.edu...l?storyid=20461
Last Updated: 2015-12-08

.

Edited by AplusWebMaster, 09 December 2015 - 06:20 AM.

[AplusWebMaster]

FYI...

MS pulls botched patch KB 3114409 - triggered problems with Outlook 2010
- http://www.infoworld...tlook-2010.html
Dec 9, 2015  - "... Patch Tuesday update KB 3114409, intended to help admins keep Outlook 2010 from starting in safe mode, has in fact done just the opposite. Many Outlook 2010 customers report that installing KB 3114409 forces Outlook to start in safe mode. As of early Wednesday morning, the patch has been pulled, but if you're experiencing odd problems with Outlook 2010 -- it opens in safe mode only (always opens maximized and has no sounds, no reading pane, or other view settings that stick), has broken templates, and much more -- you should look at the KB 3114409 article* for instructions on how to -remove- the patch..."
* https://support.micr...n-us/kb/3114409
Last Review: 12/09/2015 05:42:00 - Rev: 4.0
"Notice: After you install this update, Outlook 2010 may start only in safe mode. If this issue occurs, uninstall the update. This update is no longer available now."
___

- https://isc.sans.edu... Tuesday/20461/
(17 Comments)
 

Edited by AplusWebMaster, 09 December 2015 - 01:20 PM.

[AplusWebMaster]

FYI...

MS Security Bulletin MS15-124 - Critical
Cumulative Security Update for Internet Explorer (3116180)
- https://technet.micr...curity/MS15-124
V1.1 (December 16, 2015): Bulletin revised to further clarify the steps users must take to be protected from the vulnerability described in CVE-2015-6161*. This bulletin, MS15-124, provides protections for this issue, but user action is required to enable them; the cumulative update for Internet Explorer does not enable the protections by default**. Before applying the protections, Microsoft recommends that customers perform testing appropriate to their environment and system configurations.
* https://web.nvd.nist...d=CVE-2015-6161

** https://technet.micr...15-124#Fix_6161

MS15-124: Vulnerability in Internet Explorer could lead to ASLR bypass: December 16, 2015
> https://support.micr...n-us/kb/3125869
Last Review: 12/16/2015 22:23:00 - Rev: 1.0
Applies to:
    Internet Explorer 11
    Internet Explorer 10
    Windows Internet Explorer 9
    Windows Internet Explorer 8
    Windows Internet Explorer 7
___

MS Security Bulletin MS15-125 - Critical
Cumulative Security Update for Microsoft Edge (3116184)
- https://technet.micr...curity/MS15-125
V1.1 (December 16, 2015): Revised the vulnerability description for CVE-2015-6161 to more accurately describe the ASLR Bypass. This is an informational change only. Customers who have already successfully installed security update 3116869 or 3116900 do not need to take any action.
___

MS pushes Windows -nagware- patch KB 3035583 for sixth time
If you don’t want to install Windows 10 just yet, hide the patch - but run GWX Control Panel to be sure
- http://www.infoworld...sixth-time.html
Dec 16, 2015 - "Last night Microsoft sent KB 3035583* down the Automatic Update chute. Again. The patch is listed as recommended, but -not- a security patch, for Windows 7 and 8.1 systems. Depending on your Windows Update settings... the patch will probably appear among your "Important" patches, and probably won't have its box checked. If that's what you see on your PC, KB 3035583 won't install unless you check the box and run Windows Update. As we've seen in the past, though, sometimes those unchecked patches suddenly get checked and Windows Update proceeds with the dirty deed. All the more reason to set Windows Update to "Notify but don't download." Your best bet right now, if you have Windows 7 or 8.1 and don't want to upgrade to Windows 10 just yet - remember, you have until July 28, 2016 to upgrade for free - is to cut KB 3035583 off at the knees. The easiest way to do that is by running GWX Control Panel**. Microsoft has provided no changelog, of course, and no indication what this version of Get Windows 10 does that's any different from the five previous versions..."
* https://support.micr...n-us/kb/3035583
Last Review: 12/15/2015 17:19:00 - Rev: 7.0
Applies to:
    Windows 8.1 Pro
    Windows 8.1
    Windows 7 Service Pack 1

** http://ultimateoutsider.com/downloads/
 

Edited by AplusWebMaster, 17 December 2015 - 11:30 AM.

[AplusWebMaster]

FYI...

Update for Windows Live Essentials Mail 2012
- https://support.micr...n-us/kb/3093594
Last Review: 12/18/2015 09:38:00 - Rev: 3.0
"Known issues about this update:
- Issue 1: After you install this update (that was released before December 17, 2015), you may find that the program crashes soon after start.
- Solution: Microsoft has identified the cause and has released a fix that addresses the issue for affected users on applicable platforms. To fix this issue, install this update that's released on December 17, 2015.
- Issue 2: After you install this update that's released on December 17, 2015, you may experience mail sync issues.
- This issue occurs because of a server-side problem. Microsoft is researching this issue and will post more information in this article when the information becomes available."
___

- http://www.infoworld...kb-3093594.html
Dec 18, 2015
 

[AplusWebMaster]

FYI...

Cumulative Update -11- for Exchange Server 2013
- https://support.micr...n-gb/kb/3099522
"... Several nonsecurity issues are fixed in this cumulative update or a later cumulative update for Exchange Server 2013*..."
Last Review: 12/15/2015 18:18:00 - Revision: 1.0
Applies to:
    Microsoft Exchange Server 2013 Service Pack 1

* https://technet.micr...exchg.150).aspx

Released: December 2015 Quarterly Exchange Updates
- http://blogs.technet...ge-updates.aspx
15 Dec 2015
 

[AplusWebMaster]

FYI...

MS15-124: Security update for Internet Explorer: December 8, 2015
- https://support.micr...n-us/kb/3104002
"... Known issues in this security update:
    After you install this security update, some classic ASP applications may not work correctly. For example, you may be unable to upload image files by using classic ASP applications.
    To resolve this issue, install hotfix 3125446. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    3125446 Classic ASP applications don't work correctly after security update 3104002 is installed in Windows..."
Last Review: 12/16/2015 22:53:00 - Rev: 3.0
Applies to:
    Internet Explorer 11
    Internet Explorer 10
    Windows Internet Explorer 9
    Windows Internet Explorer 8
    Windows Internet Explorer 7

- https://web.nvd.nist...d=CVE-2015-6161

- https://technet.micr...15-124#Fix_6161

MS15-124: Vulnerability in Internet Explorer could lead to ASLR bypass: December 16, 2015
- https://support.micr...n-us/kb/3125869
Last Review: 12/17/2015 21:02:00 - Rev: 2.0
Applies to:
    Internet Explorer 11
    Internet Explorer 10
    Windows Internet Explorer 9
    Windows Internet Explorer 8
    Windows Internet Explorer 7

Classic ASP applications don't work correctly after security update 3104002 is installed in Windows
- https://support.micr...n-us/kb/3125446
Symptoms: You can't upload files by using classic ASP applications in Internet Explorer after you install security update 3104002...
Hotfix Download Available...
Last Review: 12/16/2015 22:21:00 - Rev: 2.0
Applies to:
    Windows Server 2012 R2 Datacenter
    Windows Server 2012 R2 Standard
    Windows Server 2012 R2 Foundation
    Windows 8.1 Enterprise
    Windows 8.1 Pro
    Windows 8.1
    Windows Server 2008 R2 Service Pack 1
    Windows 7 Service Pack 1
    Windows Server 2008 Service Pack 2
    Windows Vista Service Pack 2
___

MS Security Bulletin MS15-131 - Critical
Security Update for Microsoft Office to Address Remote Code Execution (3116111)
- https://technet.micr...curity/MS15-131
V2.1 (December 18, 2015): Bulletin revised to correct the Updates Replaced for 3101532 and 3114342, and to add a workaround for CVE-2015-6172. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action.

> https://support.micr...n-us/kb/3101532
Last Review: 12/08/2015 18:44:00 - Rev: 1.0

> https://support.micr...n-us/kb/3114342
Last Review: 12/08/2015 18:42:00 - Rev: 1.0
 

Edited by AplusWebMaster, 23 December 2015 - 07:13 AM.

[AplusWebMaster]

FYI...

Win10 update KB 3124200 and Office update 6366
> http://www.infoworld...omizations.html
Dec 23, 2015
> https://support.micr...n-us/kb/3124200
Last Review: 12/17/2015 17:41:00 - Rev: 1.0
Applies to:
    Windows 10 Version 1511

Missing customizations in Office Word after an update
- https://support.micr...n-us/kb/3129969
Last Review: 12/22/2015 18:03:00 - Rev: 1.0
"Summary: After installing the latest update for Microsoft Office (6366.xxxx), all of your customizations for Word such as macros, autotext entries, and styles will no longer load. The issue is caused by a file that has been renamed during the update. To resolve this, use the following steps to help you restore the renamed file..."
Applies to:
    Microsoft Word 2013
    Microsoft Word 2010
    Word 2016
 

Edited by AplusWebMaster, 27 December 2015 - 12:00 PM.

[AplusWebMaster]

FYI...

MS Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- https://technet.micr...ecurity/2755801
V52.0 (Dec 29, 2015): Added the 3132372 update* to the Current Update section.

* https://support.micr...n-us/kb/3132372
Last Review: 12/30/2015 21:00:00 - Rev: 2.0
"Known issues in this security update:
We are aware of limited application crashes that occur after this security update is installed on Windows 10.
Microsoft is researching this problem with Adobe and will post more information in this article when the information becomes available..."
 

Edited by AplusWebMaster, 05 January 2016 - 09:12 AM.

[AplusWebMaster]

FYI...

Win10 patch notes - KB3132372, KB 3133431
The first forced Win10 patch of 2016 is entirely devoted to fixing the last forced patch of 2015, which broke a score of programs that rely on Flash
- http://www.infoworld...ivers-seat.html
Jan 6, 2016 - "Yesterday I reported on KB 3132372*, the last Windows 10 patch of 2015, released on Dec. 29. That forced patch broke Skype, HP Solution Center, Incredimail, several Serif programs, GameMaker, a bunch of games, skins for Mediamonkey, eBay Turbo Lister, and heaven knows how many other programs that still rely on Flash. Last night - a week after that initial patch brought down all those programs - Microsoft released a fix... the first forced Win10 patch of 2016 is entirely devoted to fixing the last forced patch of 2015..."

> https://support.micr...n-us/kb/3133431
Last Review: 01/06/2016 22:03:00 - Rev: 3.0

* https://support.micr...n-us/kb/3132372
Last Review: 01/06/2016 22:03:00 - Rev: 4.0
 

Edited by AplusWebMaster, 07 January 2016 - 07:17 AM.

[AplusWebMaster]

FYI...

Win10 nagware...
- http://www.infoworld...s-7-and-81.html
Jan 11, 2016 - "... Even if you use the Microsoft-sanctioned DisableGWX and DisableOSUpgrade registry settings, the KB 3035583 patch* -still- installs -all- of the Get Windows 10 nagware. GWX and all of its components sit there, hidden, running in the background even if you can't see the Get Windows 10 icon in the system tray..."

* https://support.micr...n-us/kb/3035583
Last Review: 12/15/2015 17:19:00 - Rev: 7.0

On your "Recommended updates" list, right click it and choose "Hide".
 

Edited by AplusWebMaster, 11 January 2016 - 02:51 PM.