8 replies to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...curity/ms16-Mar
Mar 8, 2016 - "This bulletin summary lists security bulletins released for March 2016...
(Total of -13-)

Microsoft Security Bulletin MS16-023 - Critical
Cumulative Security Update for Internet Explorer (3142015)
- https://technet.micr...curity/MS16-023
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-024 - Critical
Cumulative Security Update for Microsoft Edge (3142019)
- https://technet.micr...curity/MS16-024
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-025 - Important
Security Update for Windows Library Loading to Address Remote Code Execution (3140709)
- https://technet.micr...curity/MS16-025[/b]
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-026 - Critical
Security Update for Graphic Fonts to Address Remote Code Execution (3143148)
- https://technet.micr...curity/MS16-026
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-027 - Critical
Security Update for Windows Media to Address Remote Code Execution (3143146)
- https://technet.micr...curity/MS16-027
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-028 - Critical
Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081)
- https://technet.micr...curity/MS16-028
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-029 - Important
Security Update for Microsoft Office to Address Remote Code Execution (3141806)
- https://technet.micr...curity/MS16-029
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Server Software

Microsoft Security Bulletin MS16-030 - Important
Security Update for Windows OLE to Address Remote Code Execution (3143136)
- https://technet.micr...curity/MS16-030
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-031 - Important
Security Update for Microsoft Windows to Address Elevation of Privilege (3140410)
- https://technet.micr...curity/MS16-031
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-032 - Important
Security Update for Secondary Logon to Address Elevation of Privilege (3143141)
- https://technet.micr...curity/MS16-032
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-033 - Important
Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142)
- https://technet.micr...curity/MS16-033
Important - Elevation of Privilege - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-034 - Important
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145)
- https://technet.micr...curity/MS16-034
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-035 - Important
Security Update for .NET Framework to Address Security Feature Bypass (3141780)
- https://technet.micr...curity/MS16-035
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework
___

MS16-023: http://www.securityt....com/id/1035203
MS16-024: http://www.securityt....com/id/1035204
MS16-025: http://www.securityt....com/id/1035205
MS16-026: http://www.securityt....com/id/1035198
MS16-027: http://www.securityt....com/id/1035200
MS16-028: http://www.securityt....com/id/1035202
MS16-029: http://www.securityt....com/id/1035206
> http://www.securityt....com/id/1035207
MS16-030: http://www.securityt....com/id/1035208
MS16-031: http://www.securityt....com/id/1035209
MS16-032: http://www.securityt....com/id/1035210
MS16-033: http://www.securityt....com/id/1035211
MS16-034: http://www.securityt....com/id/1035212
MS16-035: http://www.securityt....com/id/1035213
___

- http://blogs.technet...se-summary.aspx
8 Mar 2016

Security Advisories - March 2016
- https://technet.micr...y/mt631688.aspx
___

March 2016 Office Update Release
- https://blogs.techne...update-release/
March 9, 2016 - The March 2016 Public Update releases for Office are now available. This month, there are -22- security updates (1 bulletin) and -41- non-security updates.
Security bulletins: MS16-029:
> https://technet.micr...y/ms16-029.aspx
All of the security and non-security updates for March are listed in KB article 3143491:
> https://support.micr...n-us/kb/3143491
Last Review: 03/09/2016 00:52:00 - Rev: 1.0
___

 

ISC Analysis
- https://isc.sans.edu...wday=2016-03-08
2016-03-08
 

Qualys Analysis
- https://blog.qualys....sday-march-2016
March 8, 2016

.

Edited by AplusWebMaster, 09 March 2016 - 12:14 PM.

[AplusWebMaster]

FYI...

March 2016 Office Update Release
- https://blogs.techne...update-release/
Update – March 9, 2016 - "KB 3085515* is no longer available because it may prevent Access 2010 from opening VB-enabled apps and wizards. The workaround is to -uninstall- this update. See the Access Support Team blog** for more details."

* https://support.micr...n-us/kb/3085515
Last Review: 03/09/2016 22:49:00 - Rev: 2.0
"Notice: This update is no longer available from Microsoft Update or the Microsoft Download Center. After you install this update, you may not be able to open Microsoft Visual Basic-enabled apps in Microsoft Access 2010. Also, Access wizards may not run. To work around this problem, -uninstall- this update by following the steps in the "How to uninstall this update"[1] section."
1] https://support.micr...kmark-uninstall

** http://blogs.technet...-kb3085515.aspx
9 Mar 2016
___

When a security update is not a security update ...
Microsoft buried a 'Get Windows 10 ad generator' inside this month's Internet Explorer security patch for Windows 7 and 8.1
- http://www.infoworld...ity-update.html
Mar 9, 2016 - "If Microsoft's documentation is correct, installing Patch Tuesday's KB 3139929* security update for Internet Explorer also installs a new Windows 10 ad-generating routine called KB 3146449**... putting an 'ad generator' inside a security patch crosses way over the line. In fact, you have to ask yourself if there are any lines any more... It's important to note that KB 3146449 is not installed separately. You can't remove it. If you look in your installed updates list, KB 3146449 doesn't appear. Instead, it's baked into the IE security patch KB 3139929. The only way to get rid of the new advertising inside Internet Explorer 11 is to remove the security patch entirely... Rubbing salt in the wound: PCs attached to -corporate- domains are spared the pain - but not the bits - of this decidedly nonsecurity patch. In bypassing domain-joined PCs, Microsoft has avoided the inevitable screams of "foul play" from its largest corporate customers."

MS16-023: Security update for Internet Explorer
* https://support.micr...n-us/kb/3139929
Last Review: 03/09/2016 17:51:00 - Rev: 2.0

Updated Internet Explorer 11 capabilities to upgrade Windows 8.1 and Windows 7
** https://support.micr...n-us/kb/3146449
Last Review: 03/08/2016 17:37:00 - Rev: 1.0

>> http://www.infoworld...ows-10-ads.html
Mar 9, 2016
> http://core0.staticw...-large.idge.jpg
 

Edited by AplusWebMaster, 10 March 2016 - 11:41 AM.

[AplusWebMaster]

FYI...

Microsoft Security Bulletin MS16-036 - Critical
Security Update for Adobe Flash Player (3144756)
- https://technet.micr...curity/MS16-036
March 10, 2016 - "This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. This security update is rated Critical. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge..."

- https://support.micr...n-us/kb/3144756
Last Review: 03/10/2016 21:33:00 - Rev: 1.2
___

- https://technet.micr...curity/ms16-mar
V2.0 (March 10, 2016): Bulletin Summary revised to document the out-of-band release of MS16-036.
V2.1 (March 10, 2016): Added a Known Issues reference to the Executive Summaries table for MS16-035. For more information, see Microsoft Knowledge Base Article 3148821*.

After you apply security update 3141780, .NET Framework applications encounter exception errors or unexpected failures while processing files that contain SignedXml
* https://support.micr...n-us/kb/3148821
Last Review: 03/16/2016 20:51:00 - Rev: 5.0
Applies to:
    Microsoft .NET Framework 4.6.1
    Microsoft .NET Framework 4.6
    Microsoft .NET Framework 4.5.2
    Microsoft .NET Framework 3.5.1
    Microsoft .NET Framework 3.5
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 2.0 Service Pack 2
 

Edited by AplusWebMaster, 28 March 2016 - 09:13 AM.

[AplusWebMaster]

FYI...

MS upgraded users to Win10 -without- their OK
- http://www.infoworld...t-their-ok.html
Mar 14, 2016 - "... the complaints really started piling up Friday evening. More and more Windows 7 and 8.1 customers are complaining that Microsoft upgraded their computers to Windows 10 - and they didn't do anything to bring it on... If you haven't been bit yet, make sure you run GWX-Control-Panel*, then turn Automatic Update to 'Check for Updates but Let Me Choose Whether to Download and Install Them'...
> http://core0.staticw...650025-orig.jpg

* http://blog.ultimate...tly-remove.html

- http://ultimateoutsider.com/downloads/

Remove the 'Get Windows 10' icon on Win7 and Win8
>

- http://www.infoworld...0-upgrades.html
Mar 14, 2016 - "... if you enable 'Automatic Update' then Microsoft owns your computer - it can make your PC do anything it likes. You've been pwned..."
___

MS16-023: Security update for Internet Explorer
- https://support.micr...n-us/kb/3139929
"... Additionally, this security update includes several nonsecurity-related fixes for Internet Explorer..."
Last Review: 03/17/2016 08:33:00 - Rev: 3.0
Applies to:
    Internet Explorer 11
    Internet Explorer 10
    Windows Internet Explorer 9
    Windows Internet Explorer 8

Updated Internet Explorer 11 capabilities to upgrade Windows 8.1 and Windows 7
> https://support.micr...n-us/kb/3146449
"This update adds functionality to Internet Explorer 11 on some computers that lets users learn about Windows 10 or start an upgrade to Windows 10..."
Last Review: 03/08/2016 17:37:00 - Rev: 1.0

Empty "textarea" loses its closing tag after conversion from XML to HTML in Internet Explorer 11
> https://support.micr...n-us/kb/3144523
"... Note This update was first included in the MS16-023: Security update for Internet Explorer: March 8, 2016."
Last Review: 03/08/2016 17:35:00 - Rev: 1.0

- http://windowssecret...in10-upgrading/
March 10, 2016

- http://www.theinquir...tuesday-updates
Mar 10 2016
___

- http://www.theinquir...t-system-admins
Mar 11 2016
 

  

Edited by AplusWebMaster, 17 March 2016 - 09:43 AM.

[AplusWebMaster]

FYI...

Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
- https://support.micr...n-us/kb/3035583
Last Review: 03/23/2016 18:07:00 - Rev: 11.0
___

GWX Control Panel
"... disable 'Upgrade to Windows 10' behavior"
> http://ultimateoutsider.com/downloads/
Version: 1.7.4.1
April 1, 2016

'Never 10'
> https://www.grc.com/never10.htm
Mar 28, 2016

> http://www.infoworld...trol-panel.html
Mar 30, 2016
___

- http://www.infoworld...ller-again.html
Mar 24, 2016 - "... strongly recommend you turn Automatic Update to 'Check for updates but let me choose whether to download and install them' and -uncheck- the box marked 'Give me recommended updates the same way I receive important updates'. That advice stands..."
___

>> http://windowssecret...s-many-updates/
March 24, 2016 - "... keep the Windows Update option 'Give me recommended updates the same way I receive important updates' -unchecked- ..."
 

Edited by AplusWebMaster, 03 April 2016 - 08:01 AM.

[AplusWebMaster]

FYI...

(MS Office) Upcoming change to the release schedule for non-security updates
> https://blogs.techne...curity-updates/
March 28, 2016 - "We want to let you know about an important change coming to the release schedule for Office updates so that you can plan accordingly. Until now, both security and non-security updates have been released on the second Tuesday of each month.
Starting in April, the non-security updates will be released in Microsoft Update and the Windows Server Update Service (WSUS) on the -first- Tuesday of the month, which is April 5 in this case. This will include all updates that have the Critical or Definition classification. Updates with the Security classification will continue to release on second Tuesday as usual. This change applies only to the MSI version of Office. Office Click-To-Run (C2R) will release on second Tuesday."
Tags: Office Office 2003, Office 2007, Office 2010, Office 2013, Office 2016, Office Public Update, Public Update Security
___

- http://www.infoworld...ce-updates.html
Mar 31, 2016
 

Edited by AplusWebMaster, 31 March 2016 - 02:13 PM.

[AplusWebMaster]

FYI...

Compatibility update for upgrading Windows 7
- https://support.micr...n-us/kb/2952664
Last Review: 03/31/2016 16:17:00 - Rev: 19.0
___

Compatibility update for Windows 8.1 and Windows 8
- https://support.micr...n-us/kb/2976978
Last Review: 03/31/2016 16:18:00 - Rev: 22.0
___

Compatibility update for Windows 7 RTM
- https://support.micr...n-us/kb/2977759
Last Review: 03/31/2016 16:19:00 - Rev: 18.0
___

> http://www.infoworld...nd-2977759.html
Mar 31, 2016 - "Now weighing in at Version 19.0, KB 2952664 is a 'compatibility update' to ease upgrading from Windows 7 to Windows 10. The analogous patch for Windows 8.1, KB 2976978, is now up to version 22.0, and the patch for Windows 7 without SP 1, KB 2977759, stands at version 18.0. All three have been re-released -six- times in the past three months..."
 

[AplusWebMaster]

FYI...

More 'Win10 upgrade' updates ...

Compatibility update for upgrading Windows 7
- https://support.micr...n-us/kb/2952664
Last Review: 04/07/2016 20:12:00 - Rev: 20.0

Compatibility update for Windows 8.1 and Windows 8
- https://support.micr...n-us/kb/2976978
Last Review: 04/07/2016 23:49:00 - Rev: 24.0

Compatibility update for Windows 7 RTM
- https://support.micr...n-us/kb/2977759
Last Review: 04/07/2016 23:50:00 - Rev: 20.0

- http://www.infoworld...ad-pennies.html
Apr 8, 2016 - "... They appear in Windows Update as optional and unchecked.
    KB 2952664 is a "compatibility update" that eases upgrading from Win7 SP1 to Win10. It now sits at version 20, up from 19 last week.
    KB 2976978 does the same thing, but for Windows 8 and 8.1. It's at version 24, up from 22. There's no indication why Microsoft gave it an additional version number bump.
    KB 2977759 covers the same bases, but for Windows 7 without SP1. It, too, has been given an extra bump, from version 18 last week to version 20 this week..."
 

[AplusWebMaster]

FYI...

MS16-027 - Critical
Security Update for Windows Media to Address Remote Code Execution
- https://technet.micr...curity/MS16-027
V1.2 (April 7, 2016): Added a note to clarify that Windows Media is only enabled on Windows server operating systems when the Desktop Experience feature is enabled. This is an informational change only.

MS15-115 - Critical
Security Update for Microsoft Windows to Address Remote Code Execution
- https://technet.micr...curity/MS15-115
V2.1 (April 7, 2016): Updated the footnotes following the Affected Software table to further clarify installation order for security update 3101746 in MS15-115, 3081320 in MS15-121, and 3101246 in MS15-122. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.

MS15-121 - Important
Security Update for Schannel to Address Spoofing
- https://technet.micr...curity/MS15-121
V1.1 (April 7, 2016): Updated the footnotes following the Affected Software table to further clarify installation order for security update 3101746 in MS15-115, 3081320 in MS15-121, and 3101246 in MS15-122. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.

MS15-122 - Important
Security Update for Kerberos to Address Security Feature Bypass
- https://technet.micr...curity/MS15-122
V1.2 (April 7, 2016): Updated the footnotes following the Affected Software and Vulnerability Severity Ratings table to further clarify installation order for security update 3101746 in MS15-115, 3081320 in MS15-121, and 3101246 in MS15-122. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.

MS13-082 - Critical
Vulnerabilities in .NET Framework Could Allow Remote Code Execution
- https://technet.micr...curity/MS13-082
V1.2 (April 7, 2016): Corrected download links for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows 2008 R2. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.