Microsoft Security Advisory 3046015 AND Technet-connectivity.

Similar Messages

• Microsoft Security Advisory 3046015

  One of the workarounds for Microsoft Security Advisory 3046015 is to disable the RSA key exchange ciphers in Windows Vista and later systems by modifying the SSL Cipher Suite
  order in the Group Policy Object Editor but the cipher list in the Advisory is 1185 characters long but the max size for that GPO setting (SSL Cipher Suite order) is 1023 characters.

  Hi,
  Thank you for your update and feedback. It will be very beneficial for other community members who have similar questions.
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Microsoft security Advisory 2028859

  A serious security flaw has been found in Windows 7 systems running Aero.Untill microsoft releases a security patch users can disable the Aero theme to  prevent the issue from being exploited.
  To disable Windows Aero by changing the theme, perform the following steps for each user on a system:
  Click Start, select the Control Panel, and then click on Appearance and Personalization.
  Under the Personalization category, click on Change the Theme.
  Scroll to the bottom of the listed themes and select one of the available Basic and High Contrast Themes.
  For further information go through the below given link 
  http://www.microsoft.com/technet/security/advisory/2028859.mspx
  The above mentioned vulnerability only affects Windows 7 and Windows server 2008 R2 users.
  Cheers and regards,
  • » νιנαｿѕαяα∂нι ѕαмανє∂αм ™ « •
  ●๋•کáŕádhí'ک díáŕý ツ
  I am a volunteer here. I don't work for Lenovo

  Here is more information on Microsoft security advisory 2269637, mitigating it from Cisco devices:
  Vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=21268
  Mitigation buletin: http://tools.cisco.com/security/center/viewAlert.x?alertId=22317
  All security related advisories for cisco can be found from the Cisco SIO (Security Intelligence Operations):
  http://tools.cisco.com/security/center/home.x
  Hope that helps.

• Out-of-Band Microsoft Security Advisory

  Microsoft Security Advisory (2659883)
  Vulnerability in ASP.NET Could Allow Denial of Service https://technet.microsoft.com/en-us/security/advisory/2659883
  Editing to add additional link: https://blogs.technet.com/b/msrc/archive/2011/12/28/advanced-notification-for-out-of-band-release-to...
  ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
  If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
  Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
  Microsoft MVP - Consumer Security
  SpywareHammer

  Hi -
  Here is a link to the forum post I made regarding the OS security update policy for Cisco Unity - http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=Unified%20Communications%20Applications&topicID=.ee835d2&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc231ee/2#selected_message
  Regards, Ginger

• Microsoft Security Advisory (979267) on Flash Player 9

  Someone plaease answer this.
  We are currently using Adobe Flash player 9 on Windows XP operating system. We would like to know if Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP, could Allow Remote Code Execution mentioned in Microsoft Security Advisory (979267), is resolved in Flash Player 9? For more details on vulnerability please refer "Microsoft Security Advisory (979267)".
  Since we have security related issue with this please consider this call at high priority.
  ~
  Satu28

  Updated:
  Flash player 10.2.159.1
  Uninstall the old: http://download.macromedia.com/pub/flashplayer/current/uninstall_flash_player.exe
  Install the new for IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
  Plugin for other browsers: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe
  ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
  If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
  Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
  Microsoft MVP - Consumer Security
  SpywareHammer

• Microsoft Security Advisory (2269637)

  Microsoft Security Advisory (2269637)
  Insecure Library Loading Could Allow Remote Code  Execution
  This  vulnerability came out in August and is there a signature that will cover this in the ips and if not is there an idea if one is being reviewed?

  Here is more information on Microsoft security advisory 2269637, mitigating it from Cisco devices:
  Vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=21268
  Mitigation buletin: http://tools.cisco.com/security/center/viewAlert.x?alertId=22317
  All security related advisories for cisco can be found from the Cisco SIO (Security Intelligence Operations):
  http://tools.cisco.com/security/center/home.x
  Hope that helps.

• The icon of microsoft security essentials disappear and i can't scan or update my computer and also some updates for microsoft security essentials they fail to update

  I have xp system, and the icon of microsoft security essentials disappear and i can't scan or update my computer

  Same also occour in Windows 7, happened with more than
  one
  occasion, so it,s seems not to be related to faliur in installalation or Windows XP. Have
  also
  seen
  it
  on several
  different
  Windows
  7
  clients.
  It is
  common way
  for many, response on problems, that explain the
  errors/problems are not related to
  MS products.
  "Just Reboot
  and reinstall".
  General
  conclusion is, the
  problem
  has
  most likely not root in current
  product,
  but in the second
  circumstance. And there stop the respons, (Please remember to click “Mark as Answer” on the post that helps you)

• Microsoft Security Advisory 2963983

  https://technet.microsoft.com/library/security/2963983
  I called MS today not sure i had the right department, but the gentleman didn't know what I was referencing does anyone know of a site to get up to date information of this issue and when MS plans on releasing a patch?
  Also were advising everyone to disable the Adobe flash in internet explorer Add-on's, anything else that we can do to remedy this is greatly valued.
  Thank you,

  Summary:
  For more information on these and other remediation options, please see
  Security Advisory 2963983.  Additional information on this limited, targeted attack can be found on the
  MSRC blog. 
  IE is widely recognized as the most secure browser against socially-engineered malware, the most common form of attack, blocking 99.9% of malware in a
  recent NSS Labs test. 
  We encourage you to consider upgrading to the latest version of IE for improved security features such as Enhanced Protected Mode, better backward compatibility through
  Enterprise Mode, increased performance, and support for the modern web standards that run today’s websites and services.
  On April 26, 2014, Microsoft released a
  Security Advisory (2963983) to notify customers of a vulnerability in IE.  At this time we are aware of limited, targeted attacks.  We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is
  finalized.
  Guidance on suggested mitigations:
  Our investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in IE10 and IE11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, could help protect against this potential
  risk.  We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.
  The Enhanced Mitigation Experience Toolkit 4.1: (EMET)
  helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit.  EMET 4.1 is supported by Microsoft, and is automatically configured to help protect Internet Explorer.  EMET
  can also be configured using Group Policy.  For more information, see
  Microsoft Knowledge Base Article 2458544.
  More details:
  Deploy the Enhanced Mitigation Experience Toolkit 4.1
  Pros:  Blocks potential exploits of this vulnerability
  Cons:  May be incompatible with some web apps
  Enable Enhanced Protected Mode
  Pros: Blocks potential exploits of this vulnerability
  Cons:  May be incompatible with some web apps; not available on 32-bit Windows 7
  Businesses who have upgraded to IE11 or IE10 can enable
  Enhanced Protected Mode
  (EPM) for additional security protection.   On Windows 8 and Windows 8.1, EPM is enabled by default for the modern, immersive browsing experience.  Customers using the touch-friendly IE11 browser on Windows tablets, for example, are already
  using EPM and may not be susceptible to this and similar attacks.   
  Enhanced Protected Mode can be enabled and managed through Group Policy.  To manually enable EPM in IE, perform the following steps:
  On the IE Tools menu, click Internet Options.
  In the Internet Options dialog box, click the Advanced tab, and then scroll down to the Security section of the settings list.
  Ensure the checkboxes next to Enable Enhanced Protected Mode and Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems) are selected.
  Click OK to accept the changes and return to IE.
  Restart your system.
  While Enhanced Protected Mode provides significant additional protection, it may not be compatible with some add-ons and enterprise web apps.  Also, while EPM is available for
  64-bit Windows 7, it is not an option for 32-bit Windows 7 installations. 
   Unregister VGX.DLL
  Pros:  Relatively simple workaround
  Cons:  May not protect against other exploits
  Known attacks currently take advantage of VGX.DLL, which provides support for Vector Markup Language (VML).  VML is not natively supported by most web browsers today,
  so this remediation option may have the least impact on enterprise web app compatibility. 
  To unregister VGX.DLL:
  Click Start, click Run, and type "%SystemRoot%\System32\regsvr32.exe" /u /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
  After an update has been released and installed, you can re-register VGX.DLL with:  "%SystemRoot%\System32\regsvr32.exe" /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
  These commands can be issued as batch files via Microsoft System Center Configuration Manager or other infrastructure management solutions. 
  Rob^_^

• Microsoft Security Advisory (2757760): Vulnerabil​ity in Internet Explorer

  Vulnerability in Internet Explorer Could Allow Remote Code Execution
  Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9. Internet Explorer 10 is not affected. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability.
  A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
  On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
  Article including some suggested actions is continued here: http://technet.microsoft.com/en-us/security/adviso​ry/2757760
  Related: http://nakedsecurity.sophos.com/2012/09/17/new-ie-​zero-day-exploit-poison-ivy/
  ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
  If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
  Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
  Microsoft MVP - Consumer Security
  SpywareHammer

  The suggested setting in EMET for IE is to be protected against ALL the available exploits --- that is to say, including Mandatory ASLR as well as BottomUpASLR.   Unless you experience an issue with it [and the EMET Notifier should advise you of any problems it encounters], there's no reason to "generically" turn-off MandatoryASLR.
  Having said that, here are the common exceptions people need to be aware of:
  1) Windows Media Player users should UNcheck Mandatory ASLR for their Windows Media Player.
  2) Skype users should UNcheck EAF for their Skype.
  3) Some versions of Trusteer Rapport are having trouble with Microsoft EMET - web browsers do not open at all or open a blank, unusable window. In such case, Windows XP users should UNcheck EAF protection for each of their web browsers; and Windows Vista and 7 users should UNcheck Mandatory ASLR protection for each of their web browsers.
  4) Configuring the system setting for DEP changes a boot option for Windows. For systems using BitLocker, this will cause BitLocker to detect that “system boot information has changed” and you will be forced to enter your recovery key the next time you boot Windows. It is highly recommended that you have your recovery key ready before changing the system configuration setting for DEP on a system with BitLocker enabled.
  Windows 7 Pro SP1 (64-bit), avast! V7 Free, MBAM Pro, Windows Firewall, EMET, OpenDNS Family Shield, IE9 & Firefox (both using WOT & KeyScrambler), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS, SAS (on-demand scanner), Secunia PSI.
  [I am experimenting with Sandboxie, and believe computer-users who sandbox are acting prudently.]

• WARNING: Freak TLS - MS Advisory 3046015 & ZCM Server

  Hello,
  if one is planning to secure the devices according to Microsoft Security Advisory 3046015 (https://technet.microsoft.com/library/security/3046015) do some steps to Your ZCM Servers before.
  Otherwise the devices are not longer able to communicate with the Primary Servers !
  Change:
  Add the following in server.xml under %ZENWORKS_HOME%\share\tomcat\conf and restart the zcm services.
  Add to the ciphers= in this file :
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RS A_WITH_AES_128_CBC_SHA
  Development found this for our 11.2.4 MU1 but I think it is the same on 11.3.2.
  Do not forget the Satellites if You have some with the Authentication Service.
  (I do not have them and can't tell if it is also server.xml there.)
  Regards - Frank
  (If there is a space in RSA in the 2.nd cipher - remove the space - it was added by the System in the webview of this article.)

  Tessnow,
  https://www.novell.com/support/kb/doc.php?id=7016268
  Shaun Pond
  newly reminted as a Knowledge Professional

• Security Advisory 3046310 - Managing Updates

  Just took at look at Security Advisory 3046310 (
  https://technet.microsoft.com/en-us/library/security/3046310.aspx ). It says that Windows 8/2012 will update automatically. I've checked a few machines and don't see the update yet in the Certs mmc. As for Windows 7 and Server 2008, I'm guessing I should
  apply the update in kb2677070.
  We manage our systems with SCCM 2012 and are looking for some guidance on using those tools for this Bulletin if possible.
  Orange County District Attorney

  Hi,
  According to Microsoft Security Advisory 3046310:
  for Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, and Windows Server 2012 R2 systems, you can check the Application log in the Event Viewer for an entry with the following values:
  Source: CAPI2
  Level: Information
  Event ID: 4112
  Description: Successful auto update of disallowed certificate list with effective date: Monday, December 5, 2013 (or later).
  Have you seen this event logged on these machines?
  If not, please ensure that these machines are connecting to Internet. In addition, ports TCP 80 and TCP 443 need to be open.
  Microsoft Security Advisory 3046310
  https://technet.microsoft.com/en-us/library/security/3046310.aspx?f=255&MSPPError=-2147217396
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Microsoft Security Client OOBE Error plus 2 CSRSS Processes?

  This has to be a bit abnormal, but apparently this concerns what happened 30 minutes ago, System just flat out Froze up and then after the restart an error that received the Microsoft Security Client OOBE Error Code 0xc000000D had happened in the Kernel
  Tracing event, following the restart 2 CSRSS Process are now present, normally it should be 1 as a priority, and in turn that tells me an Exploit that Microsoft Might have missed some how hit my system and this issue is now concerning.

  Hi,
  Do you still get OOBE Error Code now?
  Regarding  your problems getting Microsoft Security Essentials OOBE error code 0xc000000D.
  Please navigate to C:/program data/microsoft/microsoft security essentials/support/  , and then locate the file: "MSSEOOBE.etl" and simply delete it.
  The MSE will recreate it after your restarting your computer. That could solve the issue.
  Please refer to the following thread for more details.
  Session "Microsoft Security Essentials OOBE" stopped due to the following error: 0xC000000D
  http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/session-microsoft-security-essentials-oobe-stopped/387c21ed-75db-47e3-9baf-687f6c66f0eb
  My Windows 7 has two csrss processes too.
  We can locate the file in the folder C: Windows/System32. Please test.
  If they are located in other folder, we could suspect them as virus. I suggest you to conducting a Antivirus scan.
  Please refer to the following thread for more detail.
  2 csrss.exe running Windows 8.1.
  http://answers.microsoft.com/en-us/windows/forum/windows8_1-files/2-csrssexe-running-windows-81/cdbaf6d0-4920-4595-9f4f-b0d6e45b9d2a
  If there are any problems, please let me know.
  Best regards

• Access Connection​s Problems With Windows 7 and Microsoft Security Essentials

  There appears to be a conflict with Access Connections and Microsoft Security Essentials which causes Microsoft Security Essentials to generate high page faults and high CPU usage, and prevents normal operation of Access Connections.
  After fresh install and reboot Access Connections would not launch, and when cursor was moved to the taskbar, the cursor pointer changed to a spinning loop.  Clicking on the Access Connections gadget did nothing. Looking at Task Manager, Microsoft Security Essentials program msmpeng.exe was experiencing 5000+ page faults per interval.  Terminating msmpeng.exe immediately caused Access Connections to launch.
  System configuration: Lenovo Thinkpad x200s with Windows 7 Ultimate 64 RTM (installed with a fresh install) with all current updates, and all updates from Leovo including Access Connections V 5,42 Build 6JC725WW,
  Solved!
  Go to Solution.

  Here is a workaround to fix the issue
  1) Launch MS Security Essentials
  2) Click on the "settings" tab
  3) Click on "Excluded files & Locations"
  4) Click "Add"
  5) browse and add the following exceptions
   a) C:\Users\Public\Lenovo\Access connections
   b) C:\Users\Public\Lenovo\Access connections\AccConnAdvanced.html
  6) Click "Save Changes"
  The issue is also resolved in AC 5.5 which is posted to the web
  http://www-307.ibm.com/pc/support/site.wss/documen​t.do?lndocid=MIGR-73682
  Can someone please test both solutions and let me know if the issue is resolved.
  Thanks

• Dot net Applilcations are not running after Microsoft Security patches in Sep and Nov 2014

  My team did the microsoft security patches of Aug2014 and November2014 on 10 client machines (10 macines 2005) without a hitch. The Client machine (Windows 2005) accepted the patch, but all machines one of the applicaiton(VB6.0 and VB.net2005) is not able to
  connect to the server.The event log was filled with SChannel errors indicating code 80 (internal_error), implying something that was deeply wrong with SChannel:
  The following fatal alert was generated: 80. The internal error state is 1250.
  and
  The following fatal alert was generated: 80. The internal error state is 1051.
  Has anyone else experienced this issue with this or another update, or have some tips as to how I might better diagnose the issue? Thank you.

  Hi,
  I have seen a few threads with the same error, please try to uninstall KB2992611 to see if the issue persists.
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• How can I find out the server port for a secured FTP site and creating a FTP Connection Manager

  I have to create a FTP Task to go out and get the files that our 3rd party vendor will be dropping on a secured FTP site. I have all the credentials to access that Secured FTP Site and have successfully done so through FileZilla.
  Now I need to set-up a FTP Task to go out and get their files and in so doing create a FTP Connection Manager. Is there any way I can determine the
  Server Port number from the Secured FTP site? I let it default to 21 and tried the Test Connect and it failed.
  Thanks for your review and am hopeful for a reply.

  Hi ITBobbyP,
  SSIS has a built in FTP task, while this only works for the FTP protocol, it doesn’t support SFTP. But there are some free clients like WinSCP and
  SSIS SFTP Task Control Flow Component
  available in the CodePlex which can invoked from SSIS.
  References:
  SSIS SFTP Task Control Flow Component approach
  WinSCP approach
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support