4 replies to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...curity/ms16-jul
July 12, 2016
MS16-084 – MS16-094
(Total of -11-)

Microsoft Security Bulletin MS16-084 - Critical
Cumulative Security Update for Internet Explorer (3169991)
- https://technet.micr...curity/MS16-084
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-085 - Critical
Cumulative Security Update for Microsoft Edge (3169999)
- https://technet.micr...curity/MS16-085
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-086 - Critical
Cumulative Security Update for JScript and VBScript (3169996)
- https://technet.micr...curity/MS16-086
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-087 - Critical
Security Update for Windows Print Spooler Components (3170005)
- https://technet.micr...curity/MS16-087
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS16-088 - Critical
Security Update for Microsoft Office (3170008)
- https://technet.micr...curity/MS16-088
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS16-089 - Important
Security Update for Windows Secure Kernel Mode (3170050)
- https://technet.micr...curity/MS16-089
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-090 - Important
Security Update for Windows Kernel-Mode Drivers (3171481)
- https://technet.micr...curity/MS16-090
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-091 - Important
Security Update for .NET Framework (3170048)
- https://technet.micr...curity/MS16-091
Important - Information Disclosure - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS16-092 - Important
Security Update for Windows Kernel (3171910)
- https://technet.micr...curity/MS16-092
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-093 - Critical
Security Update for Adobe Flash Player (3174060)
- https://technet.micr...curity/MS16-093
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player

Microsoft Security Bulletin MS16-094 - Important
Security Update for Secure Boot (3177404)
- https://technet.micr...curity/MS16-094
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___

July 2016 Office Update Release
- https://blogs.techne...update-release/
July 12, 2016 - "... This month, there are -26- security updates (1 bulletin) and -41- non-security updates.
Security bulletins: MS16-088: https://technet.micr...y/ms16-088.aspx
All of the security and non-security updates for June are listed in KB article 3173835* ..."
* https://support.micr...n-us/kb/3173835
Last Review: 07/12/2016 16:32:00 - Rev: 1.0
___

MS16-084: http://www.securityt....com/id/1036283
MS16-085: http://www.securityt....com/id/1036286
MS16-086: http://www.securityt....com/id/1036282
MS16-087: http://www.securityt....com/id/1036277
MS16-088: http://www.securityt....com/id/1036274
- http://www.securityt....com/id/1036275
MS16-089: http://www.securityt....com/id/1036287
MS16-090: http://www.securityt....com/id/1036288
MS16-091: http://www.securityt....com/id/1036291
MS16-092: http://www.securityt....com/id/1036289
MS16-093:
MS16-094: http://www.securityt....com/id/1036290
___

ISC Analysis: https://isc.sans.edu...l?storyid=21249
2016-07-12: https://isc.sans.edu...wday=2016-07-12

Qualys Analysis: https://blog.qualys....osoft-and-adobe
July 12, 2016 - "... 11 security updates that affect a host of desktop and server systems. Six updates are categorized as Critical while the rest are categorized as Important. All critical updates released today affect desktop systems. Top priority should be given to fixing browsers and Office which includes MS16-084 that affects Internet Explorer, MS16-085 which affects Microsoft Edge and MS16-088 for Office. All three updates fix vulnerabilities that allow an attacker to take complete control of the victim’s machine and therefore these should be patched immediately... Adobe Reader is back after being dormant for three months.  Adobe has released APSB16-26 which fixes 30 vulnerabilities on Windows and Mac platforms. Many vulnerabilities fixed by APSB16-26 allows an attacker to take complete control of the victim machine and we recommend applying patch for this critical issue as soon as possible. This is the third Acrobat Reader fix in 2016 while the count of Adobe Flash is more than double. Adobe has also released an update for its Flash Player – APSB16-25 which fixes -52- vulnerabilities... we recommend applying the Flash and Reader update immediately..."

.

Edited by AplusWebMaster, 13 July 2016 - 06:26 AM.

[AplusWebMaster]

FYI...

Update installs 'Get Windows 10 app' in Win8.1 and Win7SP1
- https://support.micr...n-us/kb/3035583
Last Review: 07/19/2016 20:10:00 - Rev: 16.0
Applies to:
Windows 8.1 Pro
Windows 8.1
Windows 7 SP1

Win10 NAG screen: http://core0.staticw...-large.idge.jpg
___

GWX Control Panel
> http://ultimateoutsider.com/downloads/
"... disable 'Upgrade to Windows 10' behavior in the Windows Update control panel"

- http://www.infoworld...-yet-again.html
Jul 20, 2016
 

Edited by AplusWebMaster, 20 July 2016 - 01:37 PM.

[AplusWebMaster]

FYI...

Changing how Win7/8 will get nonsecurity fixes
- http://windowssecret...s-7-8-1-and-10/
July 28, 2016 - "... As first noted on a Microsoft blog*, monthly nonsecurity patches for the two operating systems are now released in a single, bundled (rollup) update. Making the process even more confusing, the rollup was initially not cumulative — i.e., it did not contain all updates from past months. Now, however, it appears Microsoft is releasing cumulative, nonsecurity updates for Win7 and Win8.1 — but not for Server 2012. As we’ve noted before, creating rollup patches makes the updating process easier, but it’s also more difficult to manage possibly troublesome patches. For example, KB 3172605 is the July nonsecurity cumulative update for Windows 7. It also includes the patches released in June..."
* https://blogs.techne...dows-7-and-8-1/

KB 3172605: https://support.micr...n-us/kb/3172605
Last Review: 07/25/2016 07:20:00 - Rev: 6.0
 

[AplusWebMaster]

FYI...

Update for Windows Journal component removal
- https://support.micr...n-us/kb/3161102
Article ID: 3161102 - Last Review: 07/29/2016 03:01:00 - Rev: 2.0
Applies to:
Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows 7 Service Pack 1
"Known issues in this update: This update does not work on Windows Embedded 7 and should not be installed on that operating system.
Remove Windows Journal Component: This update removes the Windows Journal component. We recommend that all users install this update immediately..."
___

Windows 10 upgrade stuck at 99 percent? Here are your options
- http://www.infoworld...ur-options.html
Jul 28, 2016

> http://answers.micro...4a-d2553f2fd645
___

Excel Workbooks may not open after installing MS16-088
- https://blogs.techne...lling-ms16-088/
"... Update 7/28/2016
Update: Our dev team is working on options to preserve security and assist customers with their workflow. Currently we do not have any further workarounds.
Additional background: The security update changed how Excel handles documents that are opened from untrusted locations (such the Internet zone) which are not supported in Protected View, such as HTML/XML/XLA files. Opening them without Protected View has led to a security vulnerability, and therefore files open from such locations are now blocked. We realize this breaks compatibility with some existing solutions, and are working on getting these file types supported with Protected View.  Until that happens, users will need to manually trust the file before they open them in Excel, as demonstrated in one of the workaround suggestions.  Excel can still open these files without an issue if they are trusted.
We strongly recommend against removing the security update..."
See: 'Additional info' for Office 2016, 2013, 2010 on '0ffice Trusted Locations'.
 

Edited by AplusWebMaster, 01 August 2016 - 06:35 AM.

[AplusWebMaster]

FYI...

Win10 'Anniversary Update' woes continue
... Problems with last week’s Anniversary Update keep piling up, and solutions remain elusive
- http://www.infoworld...s-continue.html
Aug 8, 2016

- http://www.theregist...xen_everywhere/
8 Aug 2016

Block forced Windows 10 updates
- http://www.infoworld...connection.html

Enable Metered Connection to Delay Windows 10 Updates
- http://lifehacker.co...ates-1723316525

>> http://www.guidingte...tes-windows-10/

>> http://www.howtogeek...-on-windows-10/
"... If you want to temporarily prevent Windows from automatically downloading and installing any updates, you can do it without using the above tool to block updates. Just set your current Internet connection as “metered” and Windows won’t download updates while connected to it — at least until you tell Windows the connection isn’t metered anymore."

> http://www.howtogeek...oading-updates/
 

Edited by AplusWebMaster, 09 August 2016 - 07:07 AM.