5 replies to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...curity/ms16-May
May 10, 2016 - "This bulletin summary lists security bulletins released for May 2016...
(Total of -16-)

Microsoft Security Bulletin MS16-051 - Critical
Cumulative Security Update for Internet Explorer (3155533)
- https://technet.micr...curity/MS16-051
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-052 - Critical
Cumulative Security Update for Microsoft Edge (3155538)
- https://technet.micr...curity/MS16-052
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-053 - Critical
Cumulative Security Update for JScript and VBScript (3156764)
- https://technet.micr...curity/MS16-053
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-054 - Critical
Security Update for Microsoft Office (3155544)
- https://technet.micr...curity/MS16-054
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Svcs and Web Apps

Microsoft Security Bulletin MS16-055 - Critical
Security Update for Microsoft Graphics Component (3156754)
- https://technet.micr...curity/MS16-055
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-056 - Critical
Security Update for Windows Journal (3156761)
- https://technet.micr...curity/MS16-056
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-057 - Critical
Security Update for Windows Shell (3156987)
- https://technet.micr...curity/MS16-057
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-058 - Important
Security Update for Windows IIS (3141083)
- https://technet.micr...curity/MS16-058
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-059 - Important
Security Update for Windows Media Center (3150220)
- https://technet.micr...curity/MS16-059
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-060 - Important
Security Update for Windows Kernel (3154846)
- https://technet.micr...curity/MS16-060
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-061 - Important
Security Update for Microsoft RPC (3155520)
- https://technet.micr...curity/MS16-061
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-062 - Important
Security Update for Windows Kernel-Mode Drivers (3158222)
- https://technet.micr...curity/MS16-062
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-064 - Critical
Security Update for Adobe Flash Player (3157993)
- https://technet.micr...curity/MS16-064
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player
V2.0 (May 13, 2016): Bulletin revised to announce the release of update 3163207 to address the vulnerabilities included in Adobe Security Bulletin APSB16-15. Note that update 3163207 replaces the update previously released in this bulletin (update 3157993). Microsoft strongly recommends that customers install update 3163207 to help be protected from the vulnerabilities described in Adobe Security Bulletin APSB16-15.

Microsoft Security Bulletin MS16-065 - Important
Security Update for .NET Framework (3156757)
- https://technet.micr...curity/MS16-065
Important - Information Disclosure - May require restart - Microsoft Windows, .NET Framework

Microsoft Security Bulletin MS16-066 - Important
Security Update for Virtual Secure Mode (3155451)
- https://technet.micr...curity/MS16-066
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-067 - Important
Security Update for Volume Manager Driver (3155784)
- https://technet.micr...curity/MS16-067
Important - Information Disclosure - May require restart - Microsoft Windows
___

- https://blogs.techne...update-release/
May 10, 2016

Microsoft Security Advisory 3155527
Update to Cipher Suites for FalseStart
- https://technet.micr...ty/3155527.aspx
May 10, 2016

May 2016 Office Update Release
- https://blogs.techne...update-release/
May 10, 2016 - "... This month, there are -15- security updates (1 bulletin) and -44- non-security updates.
Security bulletins: MS16-054: https://technet.micr...y/ms16-054.aspx
All of the security and non-security updates for March are listed in KB article 3158453:
> https://support.micr...n-us/kb/3158453
A new version of Office 2013 Click-To-Run is available: 15.0.4823.1002
A new version of Office 2010 Click-To-Run is available: 14.0.7169.5000
For information on Office 365 Click-To-Run updates, see Office 365 client update branch releases:
> https://technet.micr.../en-us/mt465751

May 2016 Non-Security Office Update Release
- https://blogs.techne...update-release/
May 3, 2016
___

MS16-051: http://www.securityt....com/id/1035820
MS16-052: http://www.securityt....com/id/1035821
MS16-053: http://www.securityt....com/id/1035822
MS16-054: http://www.securityt....com/id/1035819
MS16-055: http://www.securityt....com/id/1035823
MS16-056: http://www.securityt....com/id/1035824
MS16-057: http://www.securityt....com/id/1035825
MS16-058: http://www.securityt....com/id/1035834
MS16-059: http://www.securityt....com/id/1035832
MS16-060: http://www.securityt....com/id/1035833
MS16-061: http://www.securityt....com/id/1035837
MS16-062: http://www.securityt....com/id/1035841
MS16-064:
MS16-065: http://www.securityt....com/id/1035842
MS16-066: http://www.securityt....com/id/1035843
MS16-067: http://www.securityt....com/id/1035844
___

ISC Analysis
- https://isc.sans.edu...wday=2016-05-10
2016-05-10

Qualys Analysis
- https://blog.qualys....sday-may-2015-2
May 10, 2016

.

Edited by AplusWebMaster, 14 May 2016 - 12:12 PM.

[AplusWebMaster]

FYI...

MS Security Bulletin MS16-064 - Critical
Security Update for Adobe Flash Player (3157993)
- https://technet.micr...curity/MS16-064
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player
V2.0 (May 13, 2016): Bulletin revised to announce the release of update 3163207 to address the vulnerabilities included in Adobe Security Bulletin APSB16-15. Note that update 3163207 replaces the update previously released in this bulletin (update 3157993). Microsoft strongly recommends that customers install update 3163207* to help be protected from the vulnerabilities described in Adobe Security Bulletin APSB16-15.
> https://support.micr...n-us/kb/3163207
Applies to:
    Windows 10
    Windows 10 Version 1511
    Windows Server 2012 R2 Datacenter
    Windows Server 2012 R2 Standard
    Windows Server 2012 R2 Essentials
    Windows Server 2012 R2 Foundation
    Windows 8.1 Enterprise
    Windows 8.1 Pro
    Windows 8.1
    Windows RT 8.1
    Windows Server 2012 Datacenter
    Windows Server 2012 Standard
    Windows Server 2012 Essentials
    Windows Server 2012 Foundation
 

[AplusWebMaster]

FYI...

MS Security Bulletin MS16-035 - Important
Security Update for .NET Framework to Address Security Feature Bypass (3141780)
- https://technet.micr...curity/MS16-035
V2.0 (May 10, 2016): Revised bulletin to announce the security updates for Microsoft .NET Framework 4.5.2 and Microsoft .NET Framework 4.6/4.6.1 have been rereleased to address issues with certain printing scenarios. The rereleases are available via Windows Update and the Microsoft Update Catalog. Note that this re-release applies only to LDR (Limited Distribution Release) customers. GDR (General Distribution Release) customers are not affected. For more information about the specific security updates that were re-released, see the Update FAQs section of this bulletin (MS16-035).
V2.1 (May 18, 2016): Revised bulletin to clarify the distribution audience for the Microsoft .NET Framework 4.5.2 and Microsoft .NET Framework 4.6/4.6.1 security updates that were re-released on May 10, 2016, as follows: The security updates for Microsoft .NET Framework 4.5.2 have been re-released to Limited Distribution Release (LDR) customers only. The security updates for Microsoft .NET Framework 4.6/4.6.1 have been re-released to all customers.
___

MS Security Advisory 2880823
Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program
- https://technet.micr...ecurity/2880823
V2.0 (May 18, 2016): Advisory updated to provide links to the current information regarding the use of the SHA1 hashing algorithm for the purposes of SSL and code signing. For more information, see Windows Enforcement of Authenticode Code Signing and Timestamping*.
* http://social.techne...mestamping.aspx
___

Convenience rollup update for Windows 7 SP1 and Windows Server 2008 R2 SP1
- https://support.micr...n-us/kb/3125574
Last Review: 05/17/2016 17:38:00 - Rev: 1.0
Cautionary note - see: "... Known issue in this convenience rollup..."

> https://blogs.techne...dows-7-and-8-1/
May 17, 2016

MSI repair doesn't work when MSI source is installed on an HTTP share in Windows
- https://support.micr...n-us/kb/3139923
Last Review: 05/17/2016 19:43:00 - Rev: 3.0

>> http://www.infoworld...p-updating.html
May 18, 2016
 

Edited by AplusWebMaster, 19 May 2016 - 03:03 PM.

[AplusWebMaster]

FYI...

MS 'tactics' upgrading people to Win10
- https://bgr.com/2016...-upgrade-trick/
May 25, 2016 - "For months now, Microsoft has done everything in its power to shove Windows 10 down your throat. The 'free' update is mandatory at this point, and we’ve heard from many Windows users who discovered their computers updated to the newest version automatically, -without- their knowledge or explicit permission. Microsoft kept offering excuses for these annoying occurrences, and even said it will stop pushing upgrades to Windows users refuse to hop aboard the Windows 10 train. Now, the company has come up with its most evil trick yet to get you to update your PC to Windows 10, and it’s based on the same methodology hackers use to trick people into installing malware. 'Pop-ups' often appear when you visit 'malicious' websites and when you click the “X” to close them, malware is installed on your computer. Well, Microsoft just tweaked its 'Windows 10 upgrade alert pop-up' so that the update is triggered when clicking the X, PC World explains:
> http://www.pcworld.c...-upgrading.html
May 22, 2016
>> https://boygeniusrep...popup-alert.jpg
The Get Windows X app that pushes the update prompt has recently changed the behavior of the “X” button. Earlier, users would have been able to dismiss the pop-up by pressing the button, as you would expect. But you can’t do that anymore. Pressing the X now has a different function. It tells the company you’re happy to have your computer updated at the time shown inside the pop-up. The only way to get rid of it is to change the update time manually. But of course, that’s not intuitive at all and many people are about to be tricked into upgrading. The trick is disingenuous at best, since Microsoft isn’t technically doing anything wrong. It’s just turning the function of the X button from “close and do nothing” to “close and upgrade later.” You know, without explaining this tiny change to anyone. Come July 29th, Microsoft will stop prompting users to upgrade, Business Insider reminds us*, so make sure you change your Windows 10 upgrade time to August or later!"
* http://www.businessi...rading-x-2016-5

>> http://core0.staticw...662456-orig.png
May 22, 2016
???

>>
Apr 27, 2016
 

Edited by AplusWebMaster, 27 May 2016 - 08:51 AM.

[AplusWebMaster]

FYI...

MS Security Bulletin MS16-003 - Critical
Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540)
- https://technet.micr...curity/MS16-003
V1.1 (May 25, 2016): Removed redundant rows from the Vulnerability Severity Rating and Maximum Security Impact by Affected Software table, and added the applicable update numbers for clarity. This is an informational change only.
___

Microsoft Security Bulletin MS15-126 - Critical
Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178)
- https://technet.micr...curity/MS15-126
V1.1 (May 25, 2016): Removed redundant rows from the Vulnerability Severity Rating and Maximum Security Impact by Affected Software table, and added the applicable update numbers for clarity. This is an informational change only.
___

Update installs 'Get Windows 10 app' in Windows 8.1 and Windows 7 SP1
- https://support.micr...n-us/kb/3035583
Last Review: 05/25/2016 17:40:00 - Rev: 14.0

>> http://windowssecret...for-windows-10/
May 25, 2016

GWX Control Panel
> http://blog.ultimate...tly-remove.html
Version: 1.7.4.1
April 1, 2016
> http://blog.ultimate...-notes-and.html
 

Edited by AplusWebMaster, 27 May 2016 - 02:12 PM.

[AplusWebMaster]

FYI...

Microsoft 'Convenience Update' and VMware VMXNet3 Incompatibilities
- https://blogs.vmware...tibilities.html
June 1, 2016 - "Microsoft recently released a “Convenience Update” patch for Windows 7 and Windows Server 2008 R2 SP1. This update has -incompatibility- issues with virtual machines running on the VMware vSphere virtualization platform. This -incompatibility- is confined to one specific configuration scenario – It impacts VMs that use the VMware VMXNet3 virtual network adapter type..."

> https://support.micr...n-us/kb/3125574
Last Review: 05/31/2016 18:55:00 - Rev: 2.1
"... Known issue in this convenience rollup
    Known issue 1:
    Symptoms: A new Ethernet vNIC may be created with default settings in place of the previously existing vNIC, causing network issues.  Any custom settings on the previous vNIC are still persisted in the registry but unused.
    Resolution: To resolve this issue, -uninstall- the convenience rollup.
    Status: Microsoft is investigating this issue to determine proper course of action with VMWare. To resolve this issue -uninstall- the convenience rollup. Further information will be posted here as the investigation continues.

    Known issue 2:
    Symptoms: After you install this rollup, virtualized applications in Microsoft Application Virtualization (App-V) versions 4.5, 4.6, and 5.0 may have problems loading. When these problems occur, you may receive an error message that resembles the following:
    Launching MyApp 100%
    Note: In this error message, MyApp represents the name of the App-V application.
    Depending on the scenario, the virtualized app may freeze after it starts, or the app may not start at all..."
(More detail at the MS KB URL above.)