Microsoft Security Advisory 2963983

https://technet.microsoft.com/library/security/2963983
I called MS today not sure i had the right department, but the gentleman didn't know what I was referencing does anyone know of a site to get up to date information of this issue and when MS plans on releasing a patch?
Also were advising everyone to disable the Adobe flash in internet explorer Add-on's, anything else that we can do to remedy this is greatly valued.
Thank you,

Summary:
For more information on these and other remediation options, please see
Security Advisory 2963983. Additional information on this limited, targeted attack can be found on the
MSRC blog.
IE is widely recognized as the most secure browser against socially-engineered malware, the most common form of attack, blocking 99.9% of malware in a
recent NSS Labs test.
We encourage you to consider upgrading to the latest version of IE for improved security features such as Enhanced Protected Mode, better backward compatibility through
Enterprise Mode, increased performance, and support for the modern web standards that run today’s websites and services.
On April 26, 2014, Microsoft released a
Security Advisory (2963983) to notify customers of a vulnerability in IE. At this time we are aware of limited, targeted attacks. We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is
finalized.
Guidance on suggested mitigations:
Our investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in IE10 and IE11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, could help protect against this potential
risk. We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.
The Enhanced Mitigation Experience Toolkit 4.1: (EMET)
helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit. EMET 4.1 is supported by Microsoft, and is automatically configured to help protect Internet Explorer. EMET
can also be configured using Group Policy. For more information, see
Microsoft Knowledge Base Article 2458544.
More details:
Deploy the Enhanced Mitigation Experience Toolkit 4.1
Pros: Blocks potential exploits of this vulnerability
Cons: May be incompatible with some web apps
Enable Enhanced Protected Mode
Pros: Blocks potential exploits of this vulnerability
Cons: May be incompatible with some web apps; not available on 32-bit Windows 7
Businesses who have upgraded to IE11 or IE10 can enable
Enhanced Protected Mode
(EPM) for additional security protection. On Windows 8 and Windows 8.1, EPM is enabled by default for the modern, immersive browsing experience. Customers using the touch-friendly IE11 browser on Windows tablets, for example, are already
using EPM and may not be susceptible to this and similar attacks.
Enhanced Protected Mode can be enabled and managed through Group Policy. To manually enable EPM in IE, perform the following steps:
On the IE Tools menu, click Internet Options.
In the Internet Options dialog box, click the Advanced tab, and then scroll down to the Security section of the settings list.
Ensure the checkboxes next to Enable Enhanced Protected Mode and Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems) are selected.
Click OK to accept the changes and return to IE.
Restart your system.
While Enhanced Protected Mode provides significant additional protection, it may not be compatible with some add-ons and enterprise web apps. Also, while EPM is available for
64-bit Windows 7, it is not an option for 32-bit Windows 7 installations.
Unregister VGX.DLL
Pros: Relatively simple workaround
Cons: May not protect against other exploits
Known attacks currently take advantage of VGX.DLL, which provides support for Vector Markup Language (VML). VML is not natively supported by most web browsers today,
so this remediation option may have the least impact on enterprise web app compatibility.
To unregister VGX.DLL:
Click Start, click Run, and type "%SystemRoot%\System32\regsvr32.exe" /u /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
After an update has been released and installed, you can re-register VGX.DLL with: "%SystemRoot%\System32\regsvr32.exe" /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
These commands can be issued as batch files via Microsoft System Center Configuration Manager or other infrastructure management solutions.
Rob^_^

Similar Messages

How to Silently Unregister DLLs Related To Security Advisory 2963983 0-Day Exploit?

Microsoft gave these labor-intensive instructions:
Unregister VGX.DLL
For 32-bit Windows systems
Important: For this workaround to take effect, you MUST run it from an elevated command prompt.
From an elevated command prompt enter the following command:
"%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
A dialog box should appear after the command is run to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Close and reopen Internet Explorer for the changes to take effect.
For 64-bit Windows systems
Note The following commands must be entered from an elevated command prompt.
From an elevated command prompt enter the following commands:
"%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
"%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles(x86)%\Microsoft Shared\VGX\vgx.dll"
A dialog box should appear after each command is run to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Close and reopen Internet Explorer for the changes to take effect
However, we need to automate this because we cannot ask users to do this, nor can we go from PC to PC running these commands manually. According to their instructions, you must click through confirmation prompts to complete it.
How can we run this command silently so that it requires no user interaction (clicking OK on dialog boxes, etc.)?
We would like to add it to a computer startup script so that users do not need to do anything.

@REM Security Advisory 2963983 0-Day Exploit remediation
@REM Usage as Logon script or SCCM deployment
   @REM Specify the batch environment
   @Echo Off
   CD /D %SystemRoot%\System32
   Set Path=%SystemRoot%;%SystemRoot%\System32;%SystemRoot%\System32\Wbem
   SetLocal ENABLEEXTENSIONS
   SetLocal ENABLEDELAYEDEXPANSION
   @REM Check the OS Architecture then execute
   For /f "usebackq" %%a in (`@Echo %PROCESSOR_ARCHITECTURE% ^| Findstr 86`) Do (Set PROCESSORARCHITECTURE=x86)
   If Not Defined PROCESSORARCHITECTURE (For /f "usebackq" %%a in (`@Echo %PROCESSOR_ARCHITECTURE% ^| Findstr 64`) Do (Set PROCESSORARCHITECTURE=x64))
   If /i %PROCESSORARCHITECTURE%==x86 (
      If Exist "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll" ("%SystemRoot%\System32\Regsvr32.exe" /s /u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll")
   If /i %PROCESSORARCHITECTURE%==x64 (
      If Exist "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll" ("%SystemRoot%\System32\Regsvr32.exe" /s /u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll")
      If Exist "%CommonProgramFiles(x86)%\Microsoft Shared\VGX\vgx.dll" ("%SystemRoot%\System32\Regsvr32.exe" /s /u "%CommonProgramFiles(x86)%\Microsoft Shared\VGX\vgx.dll")
   @REM Determine the Exit Code
   For /f "TOKENS=4*" %%a in ('%SystemRoot%\System32\Reg.exe Query "HKEY_CLASSES_ROOT\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\InprocServer32" /ve ^| Findstr /i "vgx"') Do (Set ExitCode=1)
   If Not Defined ExitCode (Set ExitCode=0)
   Exit /B %ExitCode%

Microsoft Security Advisory (979267) on Flash Player 9

Someone plaease answer this.
We are currently using Adobe Flash player 9 on Windows XP operating system. We would like to know if Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP, could Allow Remote Code Execution mentioned in Microsoft Security Advisory (979267), is resolved in Flash Player 9? For more details on vulnerability please refer "Microsoft Security Advisory (979267)".
Since we have security related issue with this please consider this call at high priority.
~
Satu28

Updated:
Flash player 10.2.159.1
Uninstall the old: http://download.macromedia.com/pub/flashplayer/current/uninstall_flash_player.exe
Install the new for IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
Plugin for other browsers: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe
ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
Microsoft MVP - Consumer Security
SpywareHammer

Microsoft security Advisory 2028859

A serious security flaw has been found in Windows 7 systems running Aero.Untill microsoft releases a security patch users can disable the Aero theme to prevent the issue from being exploited.
To disable Windows Aero by changing the theme, perform the following steps for each user on a system:
Click Start, select the Control Panel, and then click on Appearance and Personalization.
Under the Personalization category, click on Change the Theme.
Scroll to the bottom of the listed themes and select one of the available Basic and High Contrast Themes.
For further information go through the below given link
http://www.microsoft.com/technet/security/advisory/2028859.mspx
The above mentioned vulnerability only affects Windows 7 and Windows server 2008 R2 users.
Cheers and regards,
• » νιנαｿѕαяα∂нι ѕαмανє∂αм ™ « •
●๋•کáŕádhí'ک díáŕý ツ
I am a volunteer here. I don't work for Lenovo

Here is more information on Microsoft security advisory 2269637, mitigating it from Cisco devices:
Vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=21268
Mitigation buletin: http://tools.cisco.com/security/center/viewAlert.x?alertId=22317
All security related advisories for cisco can be found from the Cisco SIO (Security Intelligence Operations):
http://tools.cisco.com/security/center/home.x
Hope that helps.

Microsoft Security Advisory (2269637)

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
This vulnerability came out in August and is there a signature that will cover this in the ips and if not is there an idea if one is being reviewed?

Here is more information on Microsoft security advisory 2269637, mitigating it from Cisco devices:
Vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=21268
Mitigation buletin: http://tools.cisco.com/security/center/viewAlert.x?alertId=22317
All security related advisories for cisco can be found from the Cisco SIO (Security Intelligence Operations):
http://tools.cisco.com/security/center/home.x
Hope that helps.

Microsoft Security Advisory 3046015

One of the workarounds for Microsoft Security Advisory 3046015 is to disable the RSA key exchange ciphers in Windows Vista and later systems by modifying the SSL Cipher Suite
order in the Group Policy Object Editor but the cipher list in the Advisory is 1185 characters long but the max size for that GPO setting (SSL Cipher Suite order) is 1023 characters.

Hi,
Thank you for your update and feedback. It will be very beneficial for other community members who have similar questions.
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Out-of-Band Microsoft Security Advisory

Microsoft Security Advisory (2659883)
Vulnerability in ASP.NET Could Allow Denial of Service https://technet.microsoft.com/en-us/security/advisory/2659883
Editing to add additional link: https://blogs.technet.com/b/msrc/archive/2011/12/28/advanced-notification-for-out-of-band-release-to...
ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
Microsoft MVP - Consumer Security
SpywareHammer

Hi -
Here is a link to the forum post I made regarding the OS security update policy for Cisco Unity - http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=Unified%20Communications%20Applications&topicID=.ee835d2&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc231ee/2#selected_message
Regards, Ginger

Microsoft Security Advisory (2757760): Vulnerability in Internet Explorer

Vulnerability in Internet Explorer Could Allow Remote Code Execution
Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9. Internet Explorer 10 is not affected. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability.
A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
Article including some suggested actions is continued here: http://technet.microsoft.com/en-us/security/advisory/2757760
Related: http://nakedsecurity.sophos.com/2012/09/17/new-ie-zero-day-exploit-poison-ivy/
ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
Microsoft MVP - Consumer Security
SpywareHammer

The suggested setting in EMET for IE is to be protected against ALL the available exploits --- that is to say, including Mandatory ASLR as well as BottomUpASLR. Unless you experience an issue with it [and the EMET Notifier should advise you of any problems it encounters], there's no reason to "generically" turn-off MandatoryASLR.
Having said that, here are the common exceptions people need to be aware of:
1) Windows Media Player users should UNcheck Mandatory ASLR for their Windows Media Player.
2) Skype users should UNcheck EAF for their Skype.
3) Some versions of Trusteer Rapport are having trouble with Microsoft EMET - web browsers do not open at all or open a blank, unusable window. In such case, Windows XP users should UNcheck EAF protection for each of their web browsers; and Windows Vista and 7 users should UNcheck Mandatory ASLR protection for each of their web browsers.
4) Configuring the system setting for DEP changes a boot option for Windows. For systems using BitLocker, this will cause BitLocker to detect that “system boot information has changed” and you will be forced to enter your recovery key the next time you boot Windows. It is highly recommended that you have your recovery key ready before changing the system configuration setting for DEP on a system with BitLocker enabled.
Windows 7 Pro SP1 (64-bit), avast! V7 Free, MBAM Pro, Windows Firewall, EMET, OpenDNS Family Shield, IE9 & Firefox (both using WOT & KeyScrambler), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS, SAS (on-demand scanner), Secunia PSI.
[I am experimenting with Sandboxie, and believe computer-users who sandbox are acting prudently.]

Microsoft Security Advisory 3046015 AND Technet-connectivity.

Goodday,
I've changed the "SSL Cipher Suite Order" according to the 3046015-workaround (gpedit/Computer config./Adm. templates/Network/SSL Configuration/SSL Cipher Suite Order.
I've also enabled this setting and rebooted.
Since then I get no connection to the Technet-site. Eror: "This page canrsquo;t be displayed" (this is NOT a type-error!).
Who knows what's up?
Evert Rademaker.

As is detailed in
MS15-031, this vulnerability is now resolved by
Windows Update KB3046049. Please let us know if you continue to experience issues after installation of this security update.
Brandon
Windows Outreach Team- IT Pro
Windows for IT Pros on TechNet

Security Advisory 3046310 - Managing Updates

Just took at look at Security Advisory 3046310 (
https://technet.microsoft.com/en-us/library/security/3046310.aspx ). It says that Windows 8/2012 will update automatically. I've checked a few machines and don't see the update yet in the Certs mmc. As for Windows 7 and Server 2008, I'm guessing I should
apply the update in kb2677070.
We manage our systems with SCCM 2012 and are looking for some guidance on using those tools for this Bulletin if possible.
Orange County District Attorney

Hi,
According to Microsoft Security Advisory 3046310:
for Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, and Windows Server 2012 R2 systems, you can check the Application log in the Event Viewer for an entry with the following values:
Source: CAPI2
Level: Information
Event ID: 4112
Description: Successful auto update of disallowed certificate list with effective date: Monday, December 5, 2013 (or later).
Have you seen this event logged on these machines?
If not, please ensure that these machines are connecting to Internet. In addition, ports TCP 80 and TCP 443 need to be open.
Microsoft Security Advisory 3046310
https://technet.microsoft.com/en-us/library/security/3046310.aspx?f=255&MSPPError=-2147217396
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]

Where is Security Advisory 2974294 Hiding?

Since reading the SCEP security advisory (
https://technet.microsoft.com/library/security/2974294 ) I've been scouring my SCCM world looking for the update. My SCEP clients are still below the minimum version. I've resync'd several times today but don't see any new engine updates coming my way.
Is it still in the works?
Orange County District Attorney

2974294 is simply an advisory KB, it is not a hotfix that you will see in the WSUS catalog. The actual engine update will be delivered along with one of the next definition updates just like all engine updates are:
http://blogs.technet.com/b/msrc/archive/2014/06/17/microsoft-releases-security-advisory-2974294.aspx
Jason | http://blog.configmgrftw.com

Safari/Windows blended threat - security advisory.

Anybody have anything more on this:
http://www.microsoft.com/technet/security/advisory/953818.mspx

The main issue is that Safari does not currently ask you if you want to download the file or not. The majority of browsers do give you the option to decline whereas Safari happily downloads whatever the website sends to it.
So, even if you change the download location to the Desktop, it doesn't guarantee the file will get there (providing the user pays attention to what they click 'OK' to )

Security Advisory 2982792 - Available for SCCM?

Does anyone know if the update for Security Advisory 2982792 (Digital Cert Spoofing) is going to be available in SCCM?
Orange County District Attorney

https://technet.microsoft.com/en-us/library/security/2982792
Recommendation. An automatic updater of revoked certificates is included in supported editions of Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, and Windows Server 2012 R2, and for devices running
Windows Phone 8 or Windows Phone 8.1. For these operating systems or devices, customers do not need to take any action because the CTL will be updated automatically.
For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 that are using the automatic updater of revoked certificates (see
Microsoft Knowledge Base Article 2677070 for details), customers do not need to take any action because the CTL will be updated automatically.
https://support.microsoft.com/kb/2982792
Prerequisites
In order to receive this update, you may have to have one or both of the following updates installed:
2677070 (http://support.microsoft.com/kb/2677070/
An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
2813430 (http://support.microsoft.com/kb/2813430/
An update is available that enables administrators to update trusted and disallowed CTLs in disconnected environments in Windows
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

ITunes still doesn't recognize iPod Touch with Microsoft Security Essentials Installed

Just updated iTunes to v. 10.3.1.55 and still have the same problem with iTunes freezing when connecting my iTouch. It will eventually respond but never recognizes my ipod. Un-install Microsoft Security Essentials and it works fine. I have 2 other computers with the same setup (software wise) and neither of those have this issue.
Here's a thread with more details I've posted trying to find an answer to this...
http://www.sevenforums.com/system-security/161085-security-essentials-itunes.htm l#post1439068
Any help would be appreciated...
Thanks,
Mike

Thanks for the suggestions, however I have already tried that and it had no effect. I've put in exclusions, and even went so far as to disable the MSE service and still have the issue. The only thing that corrects it is uninstalling MSE completely.
This USED to work fine until I updated to iTunes 10.2.2 a couple of months ago...that release seems to be when it broke.
I've even went so far as to completely reload my PC and it will work perfectly until MSE is installed....then no luck.

Can not update microsoft security system. Error service registration is missing or corrupt

microsoft security essentials will not update error code 8024402c
Side note: internet is working ok.

Hi,
Please try Microsoft fix:
http://windows.microsoft.com/en-au/windows/windows-update-error-8024402c#1TC=windows-7
Regards.
BH
**Click the KUDOS thumb up on the left to say 'Thanks'**
Make it easier for other people to find solutions by marking a Reply 'Accept as Solution' if it solves your problem.

Microsoft Security Advisory 2963983

Similar Messages

Maybe you are looking for