5 replies to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...curity/ms16-nov
Nov 8, 2016 - "This bulletin summary lists security bulletins released for November 2016...
(Total of -14-)

Microsoft Security Bulletin MS16-129 - Critical
Cumulative Security Update for Microsoft Edge (3199057)
- https://technet.micr...curity/MS16-129
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-130 - Critical
Security Update for Microsoft Windows (3199172)
- https://technet.micr...curity/MS16-130
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-131 - Critical
Security Update for Microsoft Video Control (3199151)
- https://technet.micr...curity/MS16-131
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-132 - Critical
Security Update for Microsoft Graphics Component (3199120)
- https://technet.micr...curity/MS16-132
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-133 - Important
Security Update for Microsoft Office (3199168)
- https://technet.micr...curity/MS16-133
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS16-134 - Important
Security Update for Common Log File System Driver (3193706)
- https://technet.micr...curity/MS16-134
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-135 - Important
Security Update for Windows Kernel-Mode Drivers (3199135)
- https://technet.micr...curity/MS16-135
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-136 - Important
Security Update for SQL Server (3199641)
- https://technet.micr...curity/MS16-136
Important - Elevation of Privilege - May require restart - Microsoft SQL Server

Microsoft Security Bulletin MS16-137 - Important
Security Update for Windows Authentication Methods (3199173)
- https://technet.micr...curity/MS16-137
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-138 - Important
Security Update for Microsoft Virtual Hard Disk Driver (3199647)
- https://technet.micr...curity/MS16-138
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-139 - Important
Security Update for Windows Kernel (3199720)
- https://technet.micr...curity/MS16-139
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-140 - Important
Security Update for Boot Manager (3193479)
- https://technet.micr...curity/MS16-140
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-141 - Critical
Security Update for Adobe Flash Player (3202790)
- https://technet.micr...curity/MS16-141
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-142 - Critical
Cumulative Security Update for Internet Explorer (3198467)
- https://technet.micr...curity/MS16-142
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
___

MS16-129: http://www.securityt....com/id/1037245
MS16-130: http://www.securityt....com/id/1037241
MS16-131: http://www.securityt....com/id/1037242
MS16-132: http://www.securityt....com/id/1037243
MS16-133: http://www.securityt....com/id/1037246
MS16-134: http://www.securityt....com/id/1037252
MS16-135: http://www.securityt....com/id/1037251
MS16-136: http://www.securityt....com/id/1037250
MS16-137: http://www.securityt....com/id/1037249
MS16-138: http://www.securityt....com/id/1037248
MS16-139: http://www.securityt....com/id/1037253
MS16-140: http://www.securityt....com/id/1037255
MS16-141: http://www.securityt....com/id/1037240
MS16-142: http://www.securityt....com/id/1037247
___

- https://blogs.techne...update-release/
Nov 8, 2016

Nov 2016 Office Update Release
- https://blogs.techne...update-release/
Nov 8, 2016 - "... there are -25- security updates (1 bulletin) and 39 non-security updates.
Security bulletins: MS16-133:
> https://technet.micr...y/ms16-133.aspx
All of the security and non-security updates for November are listed in KB article 3200802:
> https://support.micr...n-us/kb/3200802
A new version of Office 2013 Click-To-Run is available: 15.0.4875.1001
A new version of Office 2010 Click-To-Run is available: 14.0.7176.5000
For information on Office 365 Click-To-Run updates, see Office 365 client update branch releases:
> https://technet.micr.../en-us/mt465751

November 2016 security monthly quality rollup
- https://support.micr... quality rollup
___

ISC Analysis
- https://isc.sans.edu...atch Day/21689/
2016-11-08 - "Microsoft today released 13 bulletins (plus one bulletin from Adobe for Flash). 5 of the Microsoft bulletins, and the Adobe Flash bulletin are rated critical. There are a number of vulnerabilities that have either already been known, or have already been exploited:
- https://isc.sans.edu...wday=2016-11-08
2016-11-08

Qualys Analysis
- https://blog.qualys....-and-sql-server
Nov 8, 2016 - "Today Microsoft released 14 security bulletins with six critical and eight important security fixes. It patched 0-day vulnerability CVE-2016-7255 in the MS16-135 which was actively attacked and disclosed by Google in their disclosure blog a few days ago. Since it is publicly disclosed and actively exploited it should be the top priority for organizations. Three more vulnerabilities that were previously disclosed before availability of patches were fixed. These three issues are in IE and Edge browser and were fixed in MS16-142 and MS16-129 respectively (CVE-2016-7227 for IE, CVE-2016-7199 and CVE-2016-7209 for Edge). Microsoft office bulletin MS16-133 contains fixes for 10 vulnerabilities that could allow attackers to take complete control of the system. In addition to these 10 fixes there is an information disclosure as well as a denial-of-service i.e crash which was fixed. Since office documents are prevalent in typical corporate environment I think this bulletin should be treated as critical even if it is rated as ‘Important’..."

.

Edited by AplusWebMaster, 09 November 2016 - 08:58 AM.

[AplusWebMaster]

FYI...

MS to revamp its documentation for security patches
Microsoft has eliminated individual patches from every Windows version, and Security Bulletins will go away soon, replaced by a spreadsheet with tools
> http://www.infoworld...ty-patches.html
Nov 10, 2016 - "... Starting in January, per the Microsoft Security Response Center*, the Security Bulletins are going away..."
* https://blogs.techne...curity-updates/
"...  After the January 2017 Update Tuesday release, we will only publish update information to the Security Updates Guide**."

Software Update Summary
** https://portal.msrc....uidance/summary

> https://portal.msrc....curity-guidance

> https://portal.msrc....soft.com/en-us/
 

[Juliet]

 

Security Bulletins will go away soon

 

grrrrrrrrrr

[AplusWebMaster]

                                                ms-borg1.jpg   7.11KB   0 downloads

[Juliet]

LOL

[AplusWebMaster]

FYI...

Microsoft pulls MS 3197868 Win7 Security Rollup
- https://www.askwoody...t-malwarebytes/
Nov 23, 2016

> https://www.catalog.....aspx?q=3197868

- https://support.malw...tive-?b_id=6442
11.11.2016 - "... false positive was caused by Microsoft not digitally signing over 500 files included in "November, 2016 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB3197868)". Malwarebytes triggered on these unsigned files despite efforts in the 1.80 and 2.x releases to enhance safeguards and prevent false positives on legitimate files. We are working on correcting what actions took place to better protect from this in the future..."
___

 

‘Appears to have been restored:

> https://www.catalog.....aspx?q=3197868

Last Updated: 11/23/2016
 

Edited by AplusWebMaster, 24 November 2016 - 07:24 AM.