Security Garden

Wednesday, August 27, 2014

Microsoft Security Bulletin MS14-045 Re-released

Tweet This


Due to issues some customers had with KB 2982791, Microsoft pulled that update on August 15, 2014.  KB 2993651 has been released as a replacement.

Although the original update did not cause problems for me or for anyone in the forums where I spend time, there was considerable discussion on whether or not KB 2982791 should still be uninstalled.

As indicated in the Update FAQ of the revised bulletin on TechNet, Microsoft Security Bulletin MS14-045, even if you have not had any problems, if you have KB 2982791 installed, it should be uninstalled.

How to Uninstall KB 2982791


  • Go to Control Panel\All Control Panel Items\Windows Update\View update history
  • Click "Installed Updates".  
  • Wait while the updates load.  If you have updates sorted by the Name column, you can find KB 2982791 at the bottom of the list.

MS14-045 Update FAQ

Following is a copy of the applicable information from Update FAQ:
Why was this bulletin revised on August 27, 2014? What happened to the original 2982791 security update?

To address known issues with security update 2982791, Microsoft rereleased MS14-045 to replace the 2982791 update with the 2993651 update for all supported releases of Microsoft Windows. Microsoft expired update 2982791 on August 15, 2014. All customers should apply the 2993651 update, which replaces the expired 2982791 update. Microsoft strongly recommends that customers who have not uninstalled the 2982791 update do so prior to applying the 2993651 update.{emphasis added}


I already successfully installed the original 2982791 security update and am not experiencing any difficulties. Should I apply the replacement update (2993651) released on August 27, 2014? 
Yes. All customers should apply the 2993651 update, which replaces the expired 2982791 update. Customers do not need to uninstall the expired 2982791 update before applying the 2993651 update; however, Microsoft strongly recommends it. Customers who do not remove the expired update will retain a listing for 2982791 under installed updates in Control Panel.

I uninstalled the original 2982791 security update. Should I apply the August 27, 2014 rereleased update (2993651)?

Yes. To be protected from CVE-2014-0318 and CVE-2014-1819, all customers should apply the rereleased update (2993651), which replaces the expired 2982791 update.
What if I experienced difficulties restarting my system after installing security update 2982791? 
Customers who experienced difficulties restarting their systems after installing security update 2982791 should no longer experience this problem after installing the replacement update (2993651). For more information about the problem with update 2982791, see the Known Issues section of Microsoft Knowledge Base Article 2982791.
References:

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, August 12, 2014

Microsoft Security Bulletin Release for August 2014

Tweet This


Microsoft released nine (9) bulletins.  Two of the bulletins are identified as Critical with the remaining seven as Important.

The updates address 37 Common Vulnerabilities & Exposures (CVEs) in SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer (IE). Reminder to those who have problems with .NET updates to install separately with a restart between other updates.

Critical:

  • MS14-051 -- Cumulative Security Update for Internet Explorer (2976627) 
  • MS14-043 -- Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742) 
Important:
  • MS14-048 -- Vulnerability in OneNote Could Allow Remote Code Execution (2977201) 
  • MS14-044  -- Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340) 
  • MS14-045  -- Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2984615) 
  • MS14-049  -- Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490) 
  • MS14-050  -- Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202) 
  • MS14-046  -- Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625) 
  • MS14-047 -- Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)

Notes

  • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  The updated version includes Win32/Lecpetex which will assist with the detection and clean-up of this family following the recent Facebook take-down of the Lecpetex botnet.  Additional details ave available in the MMPC blog post.
  • Internet Explorer -- As noted in the Addendum to Internet Explorer begins blocking out-of-date ActiveX controls, blocking out-of-date ActiveX controls is being delayed for 30 days in order to give customers time to test and manage their environments. 
  • Windows 8.1 -- Non-security new features and improvements for Windows 8.1. will now be included with the second Tuesday of the month updates.  Additional information is available at August updates for Windows 8.1 and Windows Server 2012 R2.
  • Windows XP -- Although Microsoft has stopped providing Microsoft Security Essentials for Windows XP, definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.
  • Other -- Changes to Internet Explorer and .NET Framework end of support dates were announced.  Refer to the references linked below.

The following additional information is provided in the Security Bulletin:

References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...



    Adobe Reader and Acrobat Security Update

    Tweet This

    Adobe
    Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.07) and earlier versions for Windows.

    These updates address a vulnerability that could allow an attacker to circumvent sandbox protection on the Windows platform.  Adobe Reader and Acrobat for Apple's OS X are not affected.

    Release date: August 12, 2014
    Vulnerability identifier: APSB14-19
    CVE numbers: CVE-2014-0546
    Platform: Windows

    Update or Complete Download

    Update checks can be manually activated by choosing Help > Check for Updates.
      Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

      Windows XP


      If you are still using Windows XP and have Adobe Reader installed, please note that there will be no additional security updates for it.  I suggest uninstalling it and install an alternate reader.  Personally, I like Sumatra PDF.  It isn't a target and doesn't include unwanted extras with the install or updates.  (See Replacing Adobe Reader with Sumatra PDF.)  Adobe Reference:  End of support | Acrobat and Reader for Windows XP

        Enable "Protected View"

        Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

        To enable this setting, do the following:
        • Click Edit > Preferences > Security (Enhanced) menu. 
        • Change the "Off" setting to "All Files".
        • Ensure the "Enable Enhanced Security" box is checked. 

        Adobe Protected View
        Image via Sophos Naked Security Blog
        If you are looking for a replacement for Adobe Reader, consider Replacing Adobe Reader with Sumatra PDF.

        References




        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...