Microsoft Security Advisory Notification Issued: January 27, 2015

Security Bulletins / Advisories No Comments »

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2755801)
– Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
https://technet.microsoft.com/library/security/2755801
– Revision Note: V36.0 (January 27, 2015): Added the 3035034
update to the Current Update section.

Security Advisory for Adobe Flash Player Release date: January 22, 2015

Security Bulletins / Advisories No Comments »

Summary

A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 16.0.0.287 and earlier versions for Windows, Macintosh and Linux.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below.

Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26.

http://helpx.adobe.com/security/products/flash-player/apsa15-01.html

Security updates available for Adobe Flash Player Release date: January 22, 2015

Security Bulletins / Advisories No Comments »

Summary

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address a vulnerability that could be used to circumvent memory randomization mitigations on the Windows platform.

Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player.  Additionally, we are investigating reports that a separate exploit for Flash Player 16.0.0.287 and earlier also exists in the wild.  For the latest information, please refer to the PSIRT blog here.

Adobe recommends users update their product installations to the latest versions:

Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.287.
Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.262.
Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.438.
Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.287.

http://helpx.adobe.com/security/products/flash-player/apsb15-02.html

Microsoft Security Advisory Notification Issued: January 22, 2015

Security Bulletins / Advisories No Comments »

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2755801)
– Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
https://technet.microsoft.com/library/security/2755801
– Revision Note: V35.0 (January 22, 2015): Added the 3033408
update to the Current Update section.

Microsoft Security Bulletin & Bulletin Summary Minor Revisions Issued: January 21, 2015

Security Bulletins / Advisories No Comments »

Summary

The following bulletins and bulletin summary have undergone a minor
revision increment.

Please see the appropriate bulletin or bulletin summary for more
details.

* MS15-006 – Important

Bulletin Information:

MS15-006 – Important

– Title: Vulnerability in Windows Error Reporting Could Allow
Security Feature Bypass
https://technet.microsoft.com/library/security/ms15-006
– Reason for Revision: V1.1 (January 21, 2015): Bulletin revised
to correct Server Core installation entries in the Affected
Software and Severity Ratings tables. This is an informational
change only. Customers who have already successfully installed
the update do not have to take any action.
– Originally posted: January 13, 2015
– Updated: January 21, 2015
– Bulletin Severity Rating: Important
– Version: 1.1

Oracle Critical Patch Update Pre-Release Announcement – January 2015

Security Bulletins / Advisories 2 Comments »

Description

This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2015, which will be released on Tuesday, January 20, 2015.  While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. This Critical Patch Update contains 167 new security vulnerability fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products.  Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.

Vulnerabilities fixed by this Critical Patch Update are scored using the standard CVSS 2.0 scoring (see Oracle’s Use of CVSS Scoring). The highest CVSS 2.0 Base Score for vulnerabilities in this Critical Patch Update is 10.0 for Fujitsu M10-1 of Oracle Sun Systems Products Suite, Java SE of Oracle Java SE, M10-4 of Oracle Sun Systems Products Suite and M10-4S Servers of Oracle Sun Systems Products Suite.

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Microsoft Security Advisory Notification Issued: January 13, 2015

Security Bulletins / Advisories No Comments »

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2755801)
– Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
https://technet.microsoft.com/library/security/2755801
– Revision Note: V34.0 (January 13, 2015): Added the 3024663
update to the Current Update section.

Microsoft Security Bulletin Releases Issued: January 13, 2015

Security Bulletins / Advisories 1 Comment »

Summary

The following bulletins have undergone a major revision increment.

* MS14-080 – Critical

Bulletin Information:

MS14-080 – Critical

– Title: Cumulative Security Update for Internet Explorer
– https://technet.microsoft.com/library/security/ms14-080
– Reason for Revision: V2.0 (January 13, 2015): To address issues
with Security Update 3008923, Microsoft re-released MS14-080 to
comprehensively address CVE-2014-6363. In addition to installing
update 3008923, customers running Internet Explorer 10 on Windows 8,
Windows Server 2012, or Window RT should also install update
3029449, which has been added with this rerelease. Customers who
have already successfully installed the 3008923 update, which has
not changed since its original release, do not need to reinstall
it. See Microsoft Knowledge Base Article 3008923 for more
information.
– Originally posted: December 9, 2014
– Updated: January 13, 2015
– Bulletin Severity Rating: Critical
– Version: 2.0

Microsoft Security Bulletin(s) for January 13, 2015

Security Bulletins / Advisories No Comments »

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
»technet.microsoft.com/library/se···ms15-jan

Critical (1)

Microsoft Security Bulletin MS15-002
Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393)
»technet.microsoft.com/library/se···ms15-002

Important (7)

Microsoft Security Bulletin MS15-001
Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (3023266)
»technet.microsoft.com/library/se···ms15-001

Microsoft Security Bulletin MS15-003
Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674)
»technet.microsoft.com/library/se···ms15-003

Microsoft Security Bulletin MS15-004
Vulnerability in Windows Components Could Allow Elevation of Privilege (3025421)
»technet.microsoft.com/library/se···ms15-004

Microsoft Security Bulletin MS15-005
Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass (3022777)
»technet.microsoft.com/library/se···ms15-005

Microsoft Security Bulletin MS15-006
Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (3004365)
»technet.microsoft.com/library/se···ms15-006

Microsoft Security Bulletin MS15-007
Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029)
»technet.microsoft.com/library/se···ms15-007

Microsoft Security Bulletin MS15-008
Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3019215)
»technet.microsoft.com/library/se···ms15-008

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website – visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

Microsoft Security Bulletin Minor Revisions Issued: December 19, 2014

Security Bulletins / Advisories 2 Comments »

Summary

The following bulletins and bulletin summary have undergone a minor
revision increment.

Please see the appropriate bulletin or bulletin summary for more
details.

* MS14-051 – Critical
* MS14-052 – Critical
* MS14-076 – Important
* MS14-AUG
* MS14-NOV

Bulletin Information:

MS14-051 – Critical

– Title: Cumulative Security Update for Internet Explorer
https://technet.microsoft.com/library/security/ms14-051
– Reason for Revision: V1.2 (December 19, 2014): Corrected the
severity table and vulnerability information to add CVE-2014-6354
as a vulnerability addressed by this update. This is an
informational change only. Customers who have already
successfully installed the update do not have to take any action.
– Originally posted: August 12, 2014
– Updated: December 19, 2014
– Bulletin Severity Rating: Critical
– Version: 1.2

MS14-052 – Critical

– Title: Cumulative Security Update for Internet Explorer
https://technet.microsoft.com/library/security/ms14-052
– Reason for Revision: V1.1 (December 19, 2014): Revised bulletin
to change Known Issues entry in the Knowledge Base Article section
from “None” to “Yes”. Corrected mitigations and workarounds for
the Internet Explorer Resource Information Disclosure
Vulnerability (CVE-2013-7331).
– Originally posted: September 9, 2014
– Updated: December 19, 2014
– Bulletin Severity Rating: Critical
– Version: 1.1

MS14-076 – Important

– Title: Vulnerability in Internet Information Services (IIS) Could
Allow Security Feature Bypass
https://technet.microsoft.com/library/security/ms14-076
– Reason for Revision: V1.1 (December 19, 2014): Bulletin revised
to include Windows 2012 Server Core installation and Windows 2012
R2 Server Core installation as affected software.
– Originally posted: November 11, 2014
– Updated: December 19, 2014
– Bulletin Severity Rating: Important
– Version: 1.1
Bulletin Summary Information:

MS14-AUG

– Title: Microsoft Security Bulletin Summary for August 2014
https://technet.microsoft.com/en-us/library/security/ms14-aug
– Reason for Revision: V2.2 (December 19, 2014): For MS14-051,
added an Exploitability Assessment in the Exploitability Index for
CVE-2014-6354. This is an informational change only.
– Originally posted: August 12, 2014
– Updated: December 19, 2014
– Version: 2.2

MS14-NOV

– Title: Microsoft Security Bulletin Summary for November 2014
https://technet.microsoft.com/library/security/ms14-nov
– Reason for Revision: V2.1 (December 19, 2014): Bulletin Summary
revised to include Windows 2012 Server Core installation and
Windows 2012 R2 Server Core installation in the Affected
Software table for MS14-076.
– Originally posted: November 11, 2014
– Updated: December 19, 2014
– Version: 2.1


© 2015 DP's Security Bits.
WordPress Theme & Icons by N.Design Studio. Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs
Entries RSS Comments RSS Log in