5 replies to this topic

[AplusWebMaster]

FYI...

MS Security Updates - May 2017
- https://portal.msrc....curity-guidance
May 9, 2017
> https://portal.msrc....uidance/summary

- https://portal.msrc....da-000d3a32fc99
May 09, 2017 - "The May security release consists of security updates for the following software:
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    NET Framework
    Adobe Flash Player ..."

- https://blogs.techne...update-release/
May 9, 2017

Coming together to address Encapsulated PostScript (EPS) attacks
- https://blogs.techne...pt-eps-attacks/
May 9, 2017
"... Related links:
CVE-2017-0261: https://portal.msrc....y/CVE-2017-0261
CVE-2017-0262: https://portal.msrc....y/CVE-2017-0262
CVE-2017-0263: https://portal.msrc....y/CVE-2017-0263
Enterprise customers can check here* to see if they have the latest Office 365 updates."
* https://technet.micr...office/mt465751

MS Malware Protection Engine Remote Code Execution Vuln
> https://portal.msrc....y/CVE-2017-0290
Internet Explorer Memory Corruption Vuln
> https://portal.msrc....y/CVE-2017-0222
Scripting Engine Memory Corruption Vuln
> https://portal.msrc....y/CVE-2017-0229
Windows SMB Remote Code Execution Vuln
> https://portal.msrc....y/CVE-2017-0277
Windows SMB Remote Code Execution Vuln
> https://portal.msrc....y/CVE-2017-0278
Windows SMB Remote Code Execution Vuln
> https://portal.msrc....y/CVE-2017-0279
Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11
> https://technet.micr...ecurity/4010323
May 9, 2017
___

May 2017 Office Update Release
- https://blogs.techne...update-release/
May 9, 2017 - "... This month, there are -36- security updates and 28 non-security updates. All of the security and non-security updates are listed in KB article 4020152*.
* https://support.micr...icrosoft-office
Last Review: May 9, 2017 - Rev: 10

A new version of Office 2013 Click-To-Run is available: 15.0.4927.1002

A new version of Office 2010 Click-To-Run is available: 14.0.7181.5002"
___

Microsoft Security Bulletin MS17-013 - Critical
Security Update for Microsoft Graphics Component (4013075)
- https://technet.micr...curity/MS17-013
V3.0 (May 9, 2017): "Microsoft has re-released security update 4017018 for affected editions of Windows Server 2008. The re-release has been re-classified as a security update. Microsoft recommends that customers should install update 4017018 to be fully protected from CVE-2017-0038. Customers who have already installed the update do not need to take any further action.
In addition, this security update correction also applies to Windows Server 2008 for Itanium-based Systems."
___

CVE-2017-0290: http://www.securityt....com/id/1038419
- http://www.securityt....com/id/1038420

CVE-2017-0064: http://www.securityt....com/id/1038447

CVE-2017-0077: http://www.securityt....com/id/1038454

CVE-2017-0175: http://www.securityt....com/id/1038452

CVE-2017-0190: http://www.securityt....com/id/1038451

CVE-2017-0213: http://www.securityt....com/id/1038457

CVE-2017-0220: http://www.securityt....com/id/1038445

CVE-2017-0222: http://www.securityt....com/id/1038423

CVE-2017-0227, CVE-2017-0240: http://www.securityt....com/id/1038424

CVE-2017-0228: http://www.securityt....com/id/1038425
CVE-2017-0228: http://www.securityt....com/id/1038426

CVE-2017-0231: http://www.securityt....com/id/1038455
- http://www.securityt....com/id/1038456

CVE-2017-0234, CVE-2017-0236: http://www.securityt....com/id/1038431

CVE-2017-0244: http://www.securityt....com/id/1038453

CVE-2017-0246, CVE-2017-0263: http://www.securityt....com/id/1038449

CVE-2017-0248: http://www.securityt....com/id/1038458

CVE-2017-0254: http://www.securityt....com/id/1038443

CVE-2017-0258: http://www.securityt....com/id/1038446

CVE-2017-0261: http://www.securityt....com/id/1038444

CVE-2017-0265: http://www.securityt....com/id/1038448

CVE-2017-0267, CVE-2017-0271, CVE-2017-0275: http://www.securityt....com/id/1038432

CVE-2017-0269, CVE-2017-0273: http://www.securityt....com/id/1038433
___

MS Security Advisory 4021279
Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege
- https://technet.micr...ecurity/4021279
Updated: May 10, 2017
V1.1 (May 10, 2017): "Advisory revised to include a table of issue CVEs and their descriptions. This is an informational change only."
___

Description of Software Update Services and Windows Server Update Services changes in content for 2017
- https://support.micr...ontent-for-2017
Last Review: May 9, 2017 - Rev: 64
___

Qualys Analysis:
- https://blog.qualys....vulnerabilities
May 9, 2017 - "... In today’s patch Tuesday update Microsoft released a total of -57- vulnerability fixes. Highest priority should go to patching 0-day issues which are actively exploited.  On top of our list is the Office patch for CVE-2017-0261 which is triggered when a victim opens an office file containing malformed graphics image. The file could be delivered via email or any other means. As this is actively exploited in the wild and attackers can take complete control of the victim system this should be treated with priority...
In Summary today’s release fixed 3 actively exploited and 4 publicly disclosed issues including the malware protection engine, Office, IE, Edge and SMB vulnerabilities."

ISC Analysis:
- https://isc.sans.edu...l?storyid=22396
2017-05-09

ghacks Analysis:
- https://www.ghacks.n...y-2017-release/
May 9, 2017 [See 'Executive Summary']

- https://www.thezdi.c...y-update-review
May 09, 2017 - "... table of all CVEs released by Microsoft for May, 2017..."

- https://www.askwoody...is-rolling-out/
May 09, 2017
___

- https://www.us-cert....ecurity-Updates
May 09, 2017 - "Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.
US-CERT encourages users and administrators to review Microsoft's May 2017 Security Update Summary* and Deployment Information** and apply the necessary updates."
* https://portal.msrc....uidance/summary

** https://support.micr...tion-may-9-2017
Last Review: May 9, 2017 - Rev: 22

.

Edited by AplusWebMaster, 12 May 2017 - 09:54 AM.

[AplusWebMaster]

FYI...

MS Security Advisory 4022345
Identifying and correcting failure of Windows Update client to receive updates
- https://technet.micr...ecurity/4022345
May 9, 2017 - "Microsoft is releasing this security advisory to provide information related to an uncommon deployment scenario in which the Windows Update Client may not properly scan for, or download, updates. This scenario may affect customers who installed a Windows 10 or Windows Server 2016 operating system, and who have never interactively logged in to the system or connected to it through remote desktop services. These systems may not receive Windows updates until a user has completed initial setup by interactively logging in or by logging in through remote desktop services..."
V1.0 (May 9, 2017): Advisory published.
V1.1 (May 10, 2017): Advisory updated to include Logon Type 2 Security Event Log entries. This is an informational change only.
V1.2 (May11, 2017): Advisory updated to clarify the WSUS environment. This is an informational change only.
V1.3 (May 17, 2017): Updated FAQ to clarify the update that needs to be installed: “the current cumulative update”...

 

Edited by AplusWebMaster, 18 May 2017 - 06:14 AM.

[AplusWebMaster]

FYI...

Updating MS antimalware and antispyware software...
> https://www.microsof...adl.aspx#manual
May 16, 2017 - "... Force a daily update:
If you want Windows to update your software, go to Windows Update or:
   Open your Microsoft security software.
    Click the Update tab.
    Click the Update button.
>> https://www.microsof...32-0011b7504d55
... Manually download the latest updates:
If you need to get the latest updates available, you can download and install them from here.
For all Microsoft security software, you will need to download the antimalware and antispyware updates.
Antimalware and antispyware updates:
For antimalware and antispyware, the latest definitions are 1.243.529.0, dated May 16, 2017 6:2 PM UTC.
To download these updates:
1. Check whether your version of Windows is 32-bit or 64-bit.
2. In the table below, right-click on the link that will work for your version of Windows and choose Save target as... or Save link as...
3. Save the file to your Desktop.
4. When the file has finished downloading, go to your Desktop and double-click the file (it will be called mpam-fe.exe, mpas-fe.exe, or mpam-feX64.exe).
5. Follow the prompts to install the update..."
___

> https://www.microsof...ts/default.aspx
"Windows Defender in Windows 10 and Windows 8.1, and Microsoft Security Essentials in Windows 7 and Windows Vista help protect your PC from malware and other threats in exactly the same way. You -can't- use Microsoft-Security-Essentials with Windows-10 or Windows 8.1. Windows Defender in Windows 10 and Windows 8.1 is built into Windows and ready to work as soon as you turn your PC on..."
> https://www.microsof...s-defender.aspx
___

Do You Need [an Intel] Firmware Update?
- http://windowssecret...irmware-update/
May 11, 2017 - "For those of you with Intel processors, it’s time to see if you are vulnerable. Meanwhile we’re business as usual for Windows updates and Flash updates. And if you use Microsoft’s native antivirus protection, be sure that you’ve received the latest engine update to fix a critical flaw... Intel’s processors are vulnerable to a flaw in Intel’s Active management technology, Small Business Technology or Intel Standard Manageability software, and although I read that this “did not impact consumer PCs” I honestly ignored the warnings: 'I follow security best practices. This can’t impact my workstations'. And then I used the Intel Detection Tool* and determined that many of my workstations – especially in my office -did- have the vulnerable code in my systems. So much for best security practices! Fortunately, while I may have the vulnerable code, the 'Active management technology' is and was not ever -enabled- and I don’t have it set to be accessible from outside of my office. Thus I am not vulnerable to attack even though I may have the vulnerable code on my system. Nevertheless, I recommend that you scan your own system and see if it can detect what chipset you have and if you too may have the vulnerable software. Then contact or view the forums of your OEM vendors and see when they plan to release a bios update to fix this issue. Some like Dell** have posted a listing of impacted systems. HP*** also has a page where you can follow up with more information."
* https://downloadcent.../download/26755

** http://en.community....papers/20443914

*** http://www8.hp.com/u...ilityissue.html
 

Edited by AplusWebMaster, 16 May 2017 - 02:31 PM.

[AplusWebMaster]

FYI...

Win7 SP1 and WinSvr2008 R2 SP1 - KB4019264 (Monthly Rollup)
> https://support.micr...pdate-kb4019264
Last Review: May 23, 2017 - Rev: 33
___

Where’s My Win10 Creators Update?
- http://windowssecret...reators-update/
May 23, 2017 - "... 'already been tracking a few known issues such as Network printers* failing due to machines having less than 4 GBs of memory:
* https://answers.micr...e0-6827f813fa21
There’s also a known issue when certain antivirus is installed while the creator’s update is installed as noted in the Answers forum**. To work around this issue, make sure you update the antivirus or remove it and reinstall it.
** https://answers.micr...9d-43ecbcf526e9
Because the Creators Update is heavily reliant on 3D and video enhancements, I’m seeing that video drivers are the key item that may need to be updated. In fact a -known- issue with Nvidia video drivers, as noted in the forum***, showcases that you need to update your video drivers..."
*** https://answers.micr...70-9dcb7e45cd9e

Win10’s recovery options:
- https://support.micr...ecovery-options 
Last Review: May 23, 2017 - Rev: 74
 

Edited by AplusWebMaster, 24 May 2017 - 11:34 AM.

[AplusWebMaster]

FYI...

When You should Disable Server Message Block v1
- http://windowssecret...ssage-block-v1/
May 25, 2017 - "The recent ransomware attacks have had a inadvertent side effect at my home and office: It has pointed out to me how much I’m still dependent on Server Message Block v1 (SMB v1). Microsoft’s -workaround- for the recent ransomware attacks have recommended the following workaround as noted in KB2696547*: disabling SMB v1, and leaving SMB v2 and SMB v3 -alone- unless you need to troubleshoot your security settings...
* https://support.micr...-windows-server
Last Review: May 22, 2017 - Rev: 35
... SMB v1 is a -30-year-old protocol that has seen better days. The recent ransomware attacks using this protocol to amplify their mayhem have some security researchers still unsure of exactly how the initial attack vector took place. It’s unclear at this time if this ransomware came through targeted email attacks (like many other ransomware attacks), or, if this was a unique attack that possibly infected a workstation, which then brought the attack into the impacted networks through some network access point previously used to bring in other worm like attacks. While it’s unclear how the initial infection started out, it’s -clear- that once the infection got into the network, it relied on vulnerabilities in SMB v1 to basically run rampant through the network. This is why so many security sites recommended disabling SMB v1 as an old and out of date protocol. As pointed out on the Vinransomware blog site**, the best way for a consumer or home user to disable SMBv1 is through the graphical user interface."
** http://www.vinransom...acry-ransomware
15 May 2017 - "... Please note: -Before- proceeding further it is strongly advised to take a backup of the machine because you will in some case might require to change the Windows Registry. If the steps are not carefully followed it might even crash the machine..."
 

[AplusWebMaster]

FYI...

Security Update for MS Malware Protection Engine - Critical
- https://technet.micr...ecurity/4022344
V1.0 (May 8, 2017): Advisory published.
V1.1 (May 11, 2017): Added link to the same information in the Security Update Guide. This is an informational change only.
V1.2 (May 12, 2017): Added entries into the affected software table. This is an informational change only.
"... For more information on how to manually update the Microsoft Malware Protection Engine and malware definitions, refer to Microsoft Knowledge Base Article 2510781* ..."

> https://nvd.nist.gov...l/CVE-2017-0290
Last revised: 05/25/2017

Microsoft Malware Protection Engine deployment info
* https://support.micr...ent-information

> https://www.microsof...s/whatsnew.aspx

> https://www.helpnets...n-engine-flaws/
May 30, 2017 - "... security issues have been fixed in version 1.1.13804.0 of the Microsoft Malware Protection Engine. The newest version of the engine is usually automatically downloaded and implemented by the security software that uses it... to verify whether the latest version of the MMPE and definition updates are being actively downloaded and installed for their Microsoft antimalware products can do so by clicking on the software’s Help tab, then choosing the 'About [that specific software]' option..."  

- http://www.securityt....com/id/1038571
CVE Reference: CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, CVE-2017-8538, CVE-2017-8539, CVE-2017-8540, CVE-2017-8541, CVE-2017-8542
May 26 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.1.13704.0 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code with LocalSystem privileges on the target system.
A local user can prevent the target Microsoft Malware Protection Engine from monitoring the target system. A service restart is required to return the system to normal operations.
Solution: The vendor has issued a fix (1.1.13804.0)...

- http://www.securityt....com/id/1038572

- http://www.securityt....com/id/1038573

- http://www.securityt....com/id/1038574
 

Edited by AplusWebMaster, 30 May 2017 - 02:50 PM.