Out-of-Band Microsoft Security Advisory

Similar Messages

• Microsoft Security Advisory (2269637)

  Microsoft Security Advisory (2269637)
  Insecure Library Loading Could Allow Remote Code  Execution
  This  vulnerability came out in August and is there a signature that will cover this in the ips and if not is there an idea if one is being reviewed?

  Here is more information on Microsoft security advisory 2269637, mitigating it from Cisco devices:
  Vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=21268
  Mitigation buletin: http://tools.cisco.com/security/center/viewAlert.x?alertId=22317
  All security related advisories for cisco can be found from the Cisco SIO (Security Intelligence Operations):
  http://tools.cisco.com/security/center/home.x
  Hope that helps.

• Microsoft Security Advisory (979267) on Flash Player 9

  Someone plaease answer this.
  We are currently using Adobe Flash player 9 on Windows XP operating system. We would like to know if Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP, could Allow Remote Code Execution mentioned in Microsoft Security Advisory (979267), is resolved in Flash Player 9? For more details on vulnerability please refer "Microsoft Security Advisory (979267)".
  Since we have security related issue with this please consider this call at high priority.
  ~
  Satu28

  Updated:
  Flash player 10.2.159.1
  Uninstall the old: http://download.macromedia.com/pub/flashplayer/current/uninstall_flash_player.exe
  Install the new for IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
  Plugin for other browsers: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe
  ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
  If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
  Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
  Microsoft MVP - Consumer Security
  SpywareHammer

• Microsoft security Advisory 2028859

  A serious security flaw has been found in Windows 7 systems running Aero.Untill microsoft releases a security patch users can disable the Aero theme to  prevent the issue from being exploited.
  To disable Windows Aero by changing the theme, perform the following steps for each user on a system:
  Click Start, select the Control Panel, and then click on Appearance and Personalization.
  Under the Personalization category, click on Change the Theme.
  Scroll to the bottom of the listed themes and select one of the available Basic and High Contrast Themes.
  For further information go through the below given link 
  http://www.microsoft.com/technet/security/advisory/2028859.mspx
  The above mentioned vulnerability only affects Windows 7 and Windows server 2008 R2 users.
  Cheers and regards,
  • » νιנαｿѕαяα∂нι ѕαмανє∂αм ™ « •
  ●๋•کáŕádhí'ک díáŕý ツ
  I am a volunteer here. I don't work for Lenovo

  Here is more information on Microsoft security advisory 2269637, mitigating it from Cisco devices:
  Vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=21268
  Mitigation buletin: http://tools.cisco.com/security/center/viewAlert.x?alertId=22317
  All security related advisories for cisco can be found from the Cisco SIO (Security Intelligence Operations):
  http://tools.cisco.com/security/center/home.x
  Hope that helps.

• Microsoft Security Advisory 3046015

  One of the workarounds for Microsoft Security Advisory 3046015 is to disable the RSA key exchange ciphers in Windows Vista and later systems by modifying the SSL Cipher Suite
  order in the Group Policy Object Editor but the cipher list in the Advisory is 1185 characters long but the max size for that GPO setting (SSL Cipher Suite order) is 1023 characters.

  Hi,
  Thank you for your update and feedback. It will be very beneficial for other community members who have similar questions.
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Microsoft Security Advisory 2963983

  https://technet.microsoft.com/library/security/2963983
  I called MS today not sure i had the right department, but the gentleman didn't know what I was referencing does anyone know of a site to get up to date information of this issue and when MS plans on releasing a patch?
  Also were advising everyone to disable the Adobe flash in internet explorer Add-on's, anything else that we can do to remedy this is greatly valued.
  Thank you,

  Summary:
  For more information on these and other remediation options, please see
  Security Advisory 2963983.  Additional information on this limited, targeted attack can be found on the
  MSRC blog. 
  IE is widely recognized as the most secure browser against socially-engineered malware, the most common form of attack, blocking 99.9% of malware in a
  recent NSS Labs test. 
  We encourage you to consider upgrading to the latest version of IE for improved security features such as Enhanced Protected Mode, better backward compatibility through
  Enterprise Mode, increased performance, and support for the modern web standards that run today’s websites and services.
  On April 26, 2014, Microsoft released a
  Security Advisory (2963983) to notify customers of a vulnerability in IE.  At this time we are aware of limited, targeted attacks.  We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is
  finalized.
  Guidance on suggested mitigations:
  Our investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in IE10 and IE11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, could help protect against this potential
  risk.  We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.
  The Enhanced Mitigation Experience Toolkit 4.1: (EMET)
  helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit.  EMET 4.1 is supported by Microsoft, and is automatically configured to help protect Internet Explorer.  EMET
  can also be configured using Group Policy.  For more information, see
  Microsoft Knowledge Base Article 2458544.
  More details:
  Deploy the Enhanced Mitigation Experience Toolkit 4.1
  Pros:  Blocks potential exploits of this vulnerability
  Cons:  May be incompatible with some web apps
  Enable Enhanced Protected Mode
  Pros: Blocks potential exploits of this vulnerability
  Cons:  May be incompatible with some web apps; not available on 32-bit Windows 7
  Businesses who have upgraded to IE11 or IE10 can enable
  Enhanced Protected Mode
  (EPM) for additional security protection.   On Windows 8 and Windows 8.1, EPM is enabled by default for the modern, immersive browsing experience.  Customers using the touch-friendly IE11 browser on Windows tablets, for example, are already
  using EPM and may not be susceptible to this and similar attacks.   
  Enhanced Protected Mode can be enabled and managed through Group Policy.  To manually enable EPM in IE, perform the following steps:
  On the IE Tools menu, click Internet Options.
  In the Internet Options dialog box, click the Advanced tab, and then scroll down to the Security section of the settings list.
  Ensure the checkboxes next to Enable Enhanced Protected Mode and Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems) are selected.
  Click OK to accept the changes and return to IE.
  Restart your system.
  While Enhanced Protected Mode provides significant additional protection, it may not be compatible with some add-ons and enterprise web apps.  Also, while EPM is available for
  64-bit Windows 7, it is not an option for 32-bit Windows 7 installations. 
   Unregister VGX.DLL
  Pros:  Relatively simple workaround
  Cons:  May not protect against other exploits
  Known attacks currently take advantage of VGX.DLL, which provides support for Vector Markup Language (VML).  VML is not natively supported by most web browsers today,
  so this remediation option may have the least impact on enterprise web app compatibility. 
  To unregister VGX.DLL:
  Click Start, click Run, and type "%SystemRoot%\System32\regsvr32.exe" /u /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
  After an update has been released and installed, you can re-register VGX.DLL with:  "%SystemRoot%\System32\regsvr32.exe" /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
  These commands can be issued as batch files via Microsoft System Center Configuration Manager or other infrastructure management solutions. 
  Rob^_^

• Microsoft Out of Band Critical Security Update for Windows Server

  Hello,
  Does anyone know the Cisco stance as relates to applying the recently released critical security update released just this past Thursday? Is this update approved or on its way to be approved for Unity, MeetingPlace, etc?
  Here's this link.
  http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
  Thanks in advance! All replies rateed

  Hi -
  Here is a link to the forum post I made regarding the OS security update policy for Cisco Unity - http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=Unified%20Communications%20Applications&topicID=.ee835d2&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc231ee/2#selected_message
  Regards, Ginger

• Microsoft Security Advisory (2757760): Vulnerabil​ity in Internet Explorer

  Vulnerability in Internet Explorer Could Allow Remote Code Execution
  Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9. Internet Explorer 10 is not affected. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability.
  A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
  On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
  Article including some suggested actions is continued here: http://technet.microsoft.com/en-us/security/adviso​ry/2757760
  Related: http://nakedsecurity.sophos.com/2012/09/17/new-ie-​zero-day-exploit-poison-ivy/
  ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
  If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
  Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
  Microsoft MVP - Consumer Security
  SpywareHammer

  The suggested setting in EMET for IE is to be protected against ALL the available exploits --- that is to say, including Mandatory ASLR as well as BottomUpASLR.   Unless you experience an issue with it [and the EMET Notifier should advise you of any problems it encounters], there's no reason to "generically" turn-off MandatoryASLR.
  Having said that, here are the common exceptions people need to be aware of:
  1) Windows Media Player users should UNcheck Mandatory ASLR for their Windows Media Player.
  2) Skype users should UNcheck EAF for their Skype.
  3) Some versions of Trusteer Rapport are having trouble with Microsoft EMET - web browsers do not open at all or open a blank, unusable window. In such case, Windows XP users should UNcheck EAF protection for each of their web browsers; and Windows Vista and 7 users should UNcheck Mandatory ASLR protection for each of their web browsers.
  4) Configuring the system setting for DEP changes a boot option for Windows. For systems using BitLocker, this will cause BitLocker to detect that “system boot information has changed” and you will be forced to enter your recovery key the next time you boot Windows. It is highly recommended that you have your recovery key ready before changing the system configuration setting for DEP on a system with BitLocker enabled.
  Windows 7 Pro SP1 (64-bit), avast! V7 Free, MBAM Pro, Windows Firewall, EMET, OpenDNS Family Shield, IE9 & Firefox (both using WOT & KeyScrambler), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS, SAS (on-demand scanner), Secunia PSI.
  [I am experimenting with Sandboxie, and believe computer-users who sandbox are acting prudently.]

• Microsoft Security Advisory 3046015 AND Technet-connectivity.

  Goodday,
  I've changed the "SSL Cipher Suite Order" according to the 3046015-workaround (gpedit/Computer config./Adm. templates/Network/SSL Configuration/SSL Cipher Suite Order.
  I've also enabled this setting and rebooted.
  Since then I get no connection to the Technet-site. Eror: "This page canrsquo;t be displayed" (this is NOT a type-error!).
  Who knows what's up?
  Evert Rademaker.

  As is detailed in
  MS15-031, this vulnerability is now resolved by
  Windows Update KB3046049. Please let us know if you continue to experience issues after installation of this security update.
  Brandon
  Windows Outreach Team- IT Pro
  Windows for IT Pros on TechNet

• Security Advisory 3046310 - Managing Updates

  Just took at look at Security Advisory 3046310 (
  https://technet.microsoft.com/en-us/library/security/3046310.aspx ). It says that Windows 8/2012 will update automatically. I've checked a few machines and don't see the update yet in the Certs mmc. As for Windows 7 and Server 2008, I'm guessing I should
  apply the update in kb2677070.
  We manage our systems with SCCM 2012 and are looking for some guidance on using those tools for this Bulletin if possible.
  Orange County District Attorney

  Hi,
  According to Microsoft Security Advisory 3046310:
  for Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, and Windows Server 2012 R2 systems, you can check the Application log in the Event Viewer for an entry with the following values:
  Source: CAPI2
  Level: Information
  Event ID: 4112
  Description: Successful auto update of disallowed certificate list with effective date: Monday, December 5, 2013 (or later).
  Have you seen this event logged on these machines?
  If not, please ensure that these machines are connecting to Internet. In addition, ports TCP 80 and TCP 443 need to be open.
  Microsoft Security Advisory 3046310
  https://technet.microsoft.com/en-us/library/security/3046310.aspx?f=255&MSPPError=-2147217396
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Microsoft Out-of-Band Update May 1, 2014

  Microsoft has released an emergency (out-of-band) update for all versions of Internet Explorer 6-11... including for  WinXP. 
  https://technet.microsoft.com/library/security/ms14-021
  ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
  If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
  Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
  Microsoft MVP - Consumer Security
  SpywareHammer

  Hi -
  Here is a link to the forum post I made regarding the OS security update policy for Cisco Unity - http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=Unified%20Communications%20Applications&topicID=.ee835d2&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc231ee/2#selected_message
  Regards, Ginger

• Critical Windows Exploit Microsoft Security Bulle...

  Microsoft Security Bulletin Advance Notification for August 2010
  Published: July 30, 2010
  Microsoft Security Bulletin Advance Notification issued: July 30, 2010
  Microsoft Security Bulletin to be issued: August 2, 2010
  This is an advance notification of one out-of-band security bulletin that Microsoft is intending to release on August 2, 2010. The bulletin addresses a security vulnerability in all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, that is currently being exploited in malware attacks.
  Microsoft Security Bulletin Advance Notification for August 2010
  "I have this awful feeling someone is watching every move I make (one of my pet hates is router location tagging)." Marvin (A paranoid Android)

  Important note on the Microsoft Patch
  Quote:-
  Product Information dated August 03, 2010:
  Important note on the Microsoft Patch
  The Microsoft Patch just prevents that the trojan is installed automatically on the system. If a user with admin-rights (Microsoft Patch is installed) opens an infected LNK-file by mouse click, the computer will be infected - if no virus scanner has been installed. In order to avoid such an infection it is strongly recommended that users only come with power user rights. Power user don´t have the necessary rights in order to start code from another drive. Additional security gives the use of an actual virus scanner.
   Great Work .LNK Files are there to Launch Applications NOT the Trojans sitting in the .LNK extension! 
  "I have this awful feeling someone is watching every move I make (one of my pet hates is router location tagging)." Marvin (A paranoid Android)

• Out-of-Band provisioning issue

  Hi there,
  I'm migrating from Configmanager 2007 to 2012 SP1 at a customer.
  With CM 2007 I'd succesfully implemented Out-of-band management. Now I'm having some issues with provisioning AMT from CM2012.
  The testing machines have never been provisioned with CM2007.
  The oobmgmt.log at the client logs succesful activated the device.
  At the server in the amtopmgr.log file the follwoing error is logged:
  Error: Can NOT get OTP from target device (MachineId = 16777220)
  I know this has to do with a one time password that is generated...I dont know where I have to look to resolve this issue.
  Part of the amtopmgr logfile:
  >>>>>>>>>>>>>>>Provision task (In Band Provision) begin<<<<<<<<<<<<<<<    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:23  
   5268 (0x1494)
  Provision target is indicated with SMS resource id. (MachineId = 16777220 DSK-0925.water.intern)    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:23    5268 (0x1494)
  Found valid basic machine property for machine id = 16777220.    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:23    5268 (0x1494)
  Warning: Currently we don't support mutual auth. Change to TLS server auth mode.    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:23    5268 (0x1494)
  The provision mode for device DSK-0925.water.intern is 1.    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:23    5268 (0x1494)
  The IP addresses of the host DSK-0925.water.intern are 10.10.128.76.    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:23    5268 (0x1494)
  Root hash of provisioning certificate is 2796BAE63F1801E277261BA0D77770028F20EEE4.    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:23    5268 (0x1494)
  Attempting to establish connection with target device using SOAP.    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:23    5268 (0x1494)
  Create provisionHelper with (Hash: FD16D8C6A482C73C12832BC19D5BCABD4460D5A3)    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:23    5268 (0x1494)
  Set credential on provisionHelper...    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:23    5268 (0x1494)
  Try to use provisioning account to connect target machine 10.10.128.76...    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:23    5268 (0x1494)
  Core version of target machine 10.10.128.76 is: 9.0.3.    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:24    5268 (0x1494)
  Succeed to connect target machine 10.10.128.76 using provisioning account #0.    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:24    5268 (0x1494)
  GeneralInfo.GetProvisioningState finished with HResult = 0x0, status = 0x0, clientErr = 0.    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:24    5268 (0x1494)
  Get device provisioning state is In Provisioning    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:24    5268 (0x1494)
  Error: Can NOT get OTP from target device. (MachineId = 16777220)    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:25    5268 (0x1494)
  CStateMsgReporter::DeliverMessages - Queued message: TT=1201 TIDT=0 TID='Unspecified' SID=13 MUF=0 PCNT=1, P1='DSK-0925.water.intern' P2='' P3='' P4='' P5=''    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:25    5268
  (0x1494)
  CStateMsgReporter::DeliverMessages - Created state message file: C:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\ikjsq3c0.SMX    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:25  
   5268 (0x1494)
  >>>>>>>>>>>>>>>Provision task (In Band Provision) end<<<<<<<<<<<<<<<    SMS_AMT_OPERATION_MANAGER    28-10-2013 13:34:25  
   5268 (0x1494)
  Anyone has a good idea?
  Thanks in advance.
  Mark

  Hi Mark,
  I am experiencing the same issue you are, but only with one machine. I have over 1000 machines that have successfully provisioned, so it's a bit of a mystery at the moment.
  I have confirmed that my failing machine does have a OTP in the SCCM database by running the following query:
  select MachineID ,OTP from dbo.AMT_MachineProperties where HostName = '<machine name>'
  This shows a OTP for each machine, but I'm still having trouble with this one. Did you ever find a solution?
  Thanks,
  Russel

• Out-of-Band SMASH Library Event ID 4509 (SCOM 2012SP1UR3)

  Hi!
  I´m using the "Microsoft System Center Out-of-Band SMASH Library" 7.0.8707.0 found here:
  http://blogs.technet.com/b/momteam/archive/2012/04/02/ws-management-smash-device-discovery-template-released.aspx
  It is a reqiurement for some of DELLs MP:s.
  After creating a working (as it seems) discovery with the template, Event ID 4509 is logged with irregular intervals:
  The constructor for the managed module type "Microsoft.EnterpriseManagement.Mom.DatabaseQueryModules.GroupCalculationModule" threw an exception. This module was running in rule "Microsoft.SystemCenter.OOB.2cf63b4c061f4a67bac712ed75a57916.PoolManagesSMASHDevice.Discovery"
  running for instance "Network Monitoring Resource Pool" with id:"{E9178425-9B5C-85C1-E1DF-7E440E2E9FBF}" in management group "OMGROUP".
  The id “e9178425-9b5c-85c1-e1df-7e440e2e9fbf” is the "Network Monitoring Resource Pool", which is also the pool chosen for the discovery.
  I´ve also noticed that the initial discovery is carried out by the "All Management Servers Resource Pool", but then monitoring seem to be done by "Network Monitoring Resource Pool", but I don´t know if that is important:
  I don´t know what problems that can arise from this error, but it´s disturbing.
  Anyone else using this feature and seen or not seen the same?
  Regards
  Peter

  To fix your issue, refer to below link
  http://www.briandeyo.us/brd/wp/index.php/2009/10/08/operations-manager-not-sending-email-after-im-notification-settings-changed-event-id-4509
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer".

• NAC out of band supported devices?

  i am facing issue to control Cat 500 express switch.switch is not going to out of band,
  any suggestion?
  Sent from Cisco Technical Support iPhone App

  Thanks for ur quick reply.
  But for remediation purpose, affected client pc has to move bia core network as the remediation servers will be placed in internal segment. In this case the affected pc will travell throught my network & can damage my security policy...
  Let me make it clear to you:
  1. My AV & PM servers are located into server zone which is connected with core switch.
  2. If i implement NAC & any outside user with non updated AV in his/her pc tries to login, then CAS will find this non comliant & will send to remediation zone which is basically a server zone where all AV, PM & remediation servers are located.
  3. I want any affected pc say non updated AV, will not travell through my network. They will get an URL & click on that which interims will talk to the AV server a& get the latest updates & push it to the end user.
  Whether this is achieveable???