Parsing Microsoft Security Bulletin Web Pages

Similar Messages

• Cannot validate pgp signatures of microsoft security bulletins

  So I've been getting Microsoft security bulletins for years and I thought I would actually verify the PGP signature. I have not been able to yet. I found two public keys on microsoft sites:https://technet.microsoft.com/en-us/security/dn753714was the first key I imported. My PGP software says it is the wrong key for the June 2015 security bulletin:PHPWrong signature of Microsoft SecurityNotifications (Key ID: BF05BFF43AA549E5)Notably on that link above, the page says it was "Updated: December 15, 2015" (in the future). I found that page linked fromanother page.I found another key and replaced the above key with a slightly older one. I still get an "unknown" key errorTextSigned with unknown key(Key ID: BF05BFF43AA549E5)I also foundboth keyson the MIT key server.What do you get when you verify Microsoft PGP signatures?
  This topic first appeared in the Spiceworks Community

  Hi,
  Thanks for your advise. I record your feedback.
  Juke Chou
  TechNet Community Support

• Microsoft Security Bulletin Advance Notificati​on for April 2011

  Wow! Microsoft's April Patch is planning 17 Bulletins to Fix 64 Bugs. As always it includes some security updates.
  https://www.microsoft.com/technet/security/bulleti​n/ms11-apr.mspx
  ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
  If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
  Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
  Microsoft MVP - Consumer Security
  SpywareHammer

  Hi Shu Hu,
  I am able to parse the table and find all the tr tags.
  The problem I am having is the different layouts used on the web pages.
  The pages for the security bulletin's for 2013 (https://technet.microsoft.com/en-us/library/security/ms13-106.aspx)
  are a different format from the bulletin's for 2014 (https://technet.microsoft.com/library/security/ms14-085).
  Initally I thought I could find just tables but the table I am looking to parse is not the same index from page to page.  I thought I could use the table name attribute but that was not populated.  I started looking at each elelement on the HTML
  page until I found the text "Affected Software." Once I found the tag in the innerText field I looked for the next table to process the rows.
  I was hoping that the formatting would be the same from year to year but it is not so I was looking to see if there was a solution already but it does not look that way.
  I will take a closer look at the article you provided to see if that will help.

• A tab popped up wich said Mozzilla Security, the web page seemed to scan my computer, stated it was infested with several viruses, and that I should download protection immediatly. Is this legit?

  A new tab opened up on my tool bar labeled Mozilla Security. The website looks like your security warning. But the security button is gray, McAfee doesn't recognize the site, and the web address does not contain Mozilla.com. The web address of this pop up page is: http://update89.modyett.co.be/index.php?Q57hGtS5bW5G7Hr+M0lEZy4rE7T40TcfocDyRAcjpCPVLS/PhAEpv1Hgq9vgx1qxsLunLyiXHnwwL5T3qX/CE0Q/ZRXJp+2mKYsC+kRq
  Do I have a virus, as it states, or is this uninvited web page trying to install a virus? What should I do?

  Just because it said Mozilla Security in the title bar does not mean it is from Mozilla as Mozilla nor the Firefox browser has ever done such a thing.
  This sounds like one of those fake animated scanners which claims it is scanning your computer and then says you are infected with such and such. It then suggests to download something that will be what really infects your computer if using Windows. As long as you did not download and install this whatever.exe then you should be safe. Though you may want to scan your computer with whatever antivirus software you have with updated definitions just to be safer.
  This sort of thing is even more obvious on being fake when Linux and Mac users can encounter these pages.

• Safari can not access any secure (HTTPS) web pages

  Does anyone have an idea why a good frined of mine using Safari 1.3.2 on a Power Book G4 with Mac OS 10.3.9 can not access any secure web pages (those that start with HTTPS)? I can not find any preferences that might control this. She can access the pages with IE but not Safari. What setting on her computer might control this? Any ideas would be appreciated. I even through away (com.apple.Safari.plist) file. Not change. An ideas??

  I have the same problem! However, this is ONLY while running wireless internet. Anytime I want to use an HTTPS site, I have to plug directly into my router, so I'm not wireless anymore, and then it works fine. Every now and then (like maybe 5% of the time), I get lucky and it will work for a short while such as logging into yahoo mail for example (logging into here didn't work at first but after waiting a bit, i was able to log in), but trying to stay on a secure connection such as a bank accnt. is impossible.
  Any help would be GREATLY appreciated! Everyone I've asked says they've never had the problem. I thought I was the only one.
  I checked my proxy settings -- nothing is checked. I've tried deleting preferences and I reset safari often.

• Re: Microsoft Security Bulletin Data

  My question (suggestion) regards the Detailed Bulletin Information that can be downloaded as an Excel spreadsheet. The problem that I'm having is with superseded Bulletins\Advisories. I use this spreadsheet (http://www.microsoft.com/en-us/download/details.aspx?id=36982)
  to verify what patches that are identified as missing by my my vulnerability scanning tool, which unfortunately likes to tell me that I have to apply a patch(s) that that has been superseded.
  This spreadsheet contains 14 columns, one of which is "Supersedes"... which is great, but I have to search that column to see if a particular patch has itself been superseded. My suggestion is why not ad a column "Superseded
  By", this way you can just look up the "Bulletin ID" in question? A simple example of this would be the following:
  Date Posted    Bulletin ID      Severity    Title                              
                          Supersedes
  5/13/2014        MS14-029       Critical        Security Update for Internet Explorer    MS14-021[2964358]
  ... which unless I'm wrong, is telling me that MS14-029 supersedes or replaces MS14-021 and its subsequent advisories. Now this is very easy to look up because they both happened withing 15 days of each other, meaning my scanning tool is telling me that
  MS14-021 is required, and that's just not true. Now, imagine doing this for older bulletins that may have been released years ago, I have to search the
  Supersedes field instead of just looking at that bulletin to get that information. I do understand that this is mostly an issue that I have to solve with my vendor and we are addressing that, but Microsoft posts this spreadsheet for
  us to use and I do use it to its full effect, I just want them to make it easier to use, so that I can be more efficient, that's it.
  The only reason I posted this message (rant) here is because other than Twitter, I cannot find a way to contact Microsoft regarding this and I've been looking for over an hour this morning, hopefully someone from that area will see this and at least respond.
  Thank you,
  Donald Jackson

  Hi,
  Thanks for your advise. I record your feedback.
  Juke Chou
  TechNet Community Support

• Secure a web page with mod_ldap or similar method

  Hi, I need to secure some areas of my site with http basic auth. modauthzldap.so does not exist.. How can I do this on a Leopard Server?

  The pages are on a Leopard server being served up from the installed apache. What are the directives to control access to a location? I want to use the local leopard ldap.
  Typically you do something like:
  <Location />
  AuthzLDAPAuthoritative off
  AuthName "foobar"
  AuthType Basic
  AuthBasicProvider ldap
  AuthLDAPURL ldap://127.0.0.1:389/dc=foo,dc=bar,dc=net?uid
  require valid-user
  </Location>
  Can I control access via group with that kind of directive using the apple auth?
  Thanks.

• Microsoft Security Bulletin Installation Prerequisites

  Hi Team,
  Just wanted to know that, is there any Prerequisites before installing / deploying any Microsoft patches to Servers 2003/2008/2012. Thanks
  Regards,
  Pavi

  Hi,
  You could consider to using Microsoft Baseline Security Analyzer tools,
  MBSA 2.3 runs on Windows 8.1, Windows Server 2012, and Windows Server 2012 R2, Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP systems and will scan for missing security updates, rollups and service
  packs using Microsoft Update technologies. To assess missing security updates, MBSA will only scan for missing security updates, update rollups and service packs available from Microsoft Update. MBSA will not scan or report missing non-security updates, tools
  or drivers.
  http://www.microsoft.com/en-us/download/details.aspx?id=7558
  Regards.
  Vivian Wang

• What happened to the lock symbol that indicated a secure (https) web page?

  I can't seem to see this on the screen any more in any location on the browser when I am at secure sites.

  The padlock has been replaced by the site identity button, for details on using it see https://support.mozilla.com/kb/Site+Identity+Button

• Microsoft Security Bulletin MS15-022 - Critical and Windows XP

  I have a legacy Windows XP machine that I applied MD15-022 to, it took the Office 2007 patch
  I do not see it in Add / Remove, but in the Event Logs under Application, there are multiple entries.
  With doing this, how do I know the patch is there? 
  Thanks
  b.

  Find your situation here.
  https://support.microsoft.com/en-us/kb/3038999
  then goto KB, scroll to File Information section and compare with what you have.
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• I have three securty hotfixes that will not load (using the 02/08/2011 Microsoft Security Bulletin Summary) were not found installed. KB979909 - Important (details...) KB983583 - Critical (details...) KB2418241 - Important (details...) .

  The three hotfixes just will not install. I have used manual and automatic download to no avail

  As this is not a Firefox issue, you will be better off asking in a forum that specializes in Windows, such as Eileen's Lounge - http://eileenslounge.com

• Secure Calendar web pages

  Can the published iCal webpage be password protected? I can't see a way to do this.
  Chris

  Not with the current release of iCal.
  A version scheduled for release with Mac OS X 10.5 (in the near future) will support password-protected publication of both read-only and editable calendars. Generalized pre-release information about the 'new' iCal is available here:
  http://www.apple.com/macosx/leopard/ical.html

• Can't access secure web pages/sites

  For some reason, I can't access secure (https) web pages with Safari. It simply stopped working. It happens with any secure page regardless of the web site.
  I can access secure sites using Internet Explorer but not Safari. Also, I have another Mac and do not have this problem with it.
  Any help with this would be greatly appreciated.
  Thanks
    Mac OS X (10.3.9)  
  iBook   Mac OS X (10.3.9)  
    Mac OS X (10.3.9)  
    Mac OS X (10.3.9)  

  For some reason, I can't access secure (https) web pages with Safari. It simply stopped working. It happens with any secure page regardless of the web site.
  I can access secure sites using Internet Explorer but not Safari. Also, I have another Mac and do not have this problem with it.
  Any help with this would be greatly appreciated.
  Thanks
    Mac OS X (10.3.9)  
  iBook   Mac OS X (10.3.9)  
    Mac OS X (10.3.9)  
    Mac OS X (10.3.9)  

• Microsoft security patch  KB834707 side effects in NW. SAP Note 785308

  I figured we should make a thread with information known about this problem.
  Since the problem comes in the javascripts, I would belive the problem is on the client-side, not server side.
  Does anyone know exactly what the problem is (what has Microsoft changed) ?
  Please contribute with information you get from OSS's.
  I'll update this first post with all available information
  Information:
  15.11: Microsoft
  have to provide a solution to this problem and that it could take
  some time. The problem lies on the
  Microsoft side so we must wait for them before a solution can be
  provided.
  - Development has found that by adding the site to the intranet zones of
  the client browser, the problem is solved, some experience of late has
  shown that in some cases you have to add the full machine name to the
  intranet sites and not just in the form of *.somedomain.com.
  Microsoft and SAP are currently working on the problem and a proper and
  long term solution is expected shortly. However no exact date has been
  specified.
  - It is possible that the problems are caused by event handlers pointing directly to a DOM function:
  http://support.microsoft.com/kb/887741
  - I've noticed that we don't have a problem on a portal running EP 6 SP2 P3 Hf4 , after installing the hotfix on the client side. Maybe the problem is on the server side or maybe because it is an intranet portal only(however, I had no problems when setting it to be in the internet security zone). Awaiting confirmation from SAP
  SAP Note 785308
  http://service.sap.com/~form/sapnet?_FRAME=CONTAINER&_OBJECT=012006153200001521102004
  (direct link I think, albeit very slow)
  Microsoft KB834707
  http://support.microsoft.com/?id=834707
  Microsoft Security Bulletin 04-038
  http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx
  Last edited 2004-11-15 13:27
  Message was edited by: Dagfinn Parnas
  More information

  > Does anyone know exactly what the problem is (what has Microsoft changed) ?
  a) Go to <http://www.ciac.org/ciac/bulletins/p-006.shtml> and search for the "CAN-" links. Each component has a one paragraph description.
  b) According to <http://patch-info.de/IE/2004/10/12/20-35-16.html> it contains:
  mshtml.dll (6,0,2800,1476 - 29,09,2004)
  urlmon.dll (6,0,2800,1474 - 23,09,2004)
  shdocvw.dll (6,0,2800,1584 - 27,08,2004)
  wininet.dll (6,0,2800,1468 - 23,08,2004)
  browseui.dll (6,0,2800,1584 - 22,08,2004)
  shlwapi.dll (6,0,2800,1584 - 20,08,2004)
  c) Some of the things that could be breaking are DOM references and DHTML, which are advanced features that not every application uses.
  From <http://www.microsoft.com/technet/security/bulletin/MS04-038.mspx>:
  "Caveats: Microsoft Knowledge Base Article 834707 <http://support.microsoft.com/?id=834707> documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues."
  Among other issues, that page says [<b>emphasis</b> added]:
  - After you install the MS04-038 security updates for Internet Explorer, some dynamic HTML (DHTML) <b>drag-and-drop operations are blocked</b> by Internet Explorer.
  - Security update 834707 includes a change to the way that Internet Explorer handles function pointers. This change in functionality occurs when an event handler points directly to a Document Object Model (DOM) function [...] Change in Internet Explorer function pointer behavior <b>causes code to not be executed</b> when an event handler is set to directly reference a DOM function after installing MS04-038 security updates.
  BTW, Note 785308 has been updated with a workaround.
  Regards,
  Sean

• How to take parts of a web page and feed into a PDF template to create a PDF

  Interesting quesiton that I think was what LiveCycle was for: How can someone take parts of a web page or xml document (say by id name or a specialized tag) and feed the chosen items into different regions inside a PDF template?
  Basically, can you identify areas on a page and then tie them to place holders in a pdf template (with high res graphics say) and create a PDF?
  Please note: this is not about converting a whole webpage to a pdf, but select portions of it.
  Anyone have experiences in doing this? So far, it appears to require a toolset like LiveCycle or Adlib to utilize only selected items and not the whole page.

  The lack of answers is likely due to folks having no clue. What you have asked is not really the purpose of either Acrobat or LiveCycle, but that is not to say it can not be done. A starting point is to bring a WEB page into Acrobat as a PDF. This can be done by printing from the browser to the Adobe PDF printer, using PDF Maker with IE or FIrefox, or simply creating directly in Acrobat. Those are the normal ways to get things from a web page to a PDF.
  That said, it is not what you asked. You are asking about being able to parse parts of the web page. That is a lot more work and may not be directly possible, though with JavaScript it might be possible. I suspect that if it is possible you would require a lot of extra programming to allow the material selection. It may be the folks in the SDK sub-forum can help.
  Being I have no clue how to implement what you have asked (and probably no one else either), I can only suggest some things to look at or other places to inquire. If you think the XML of LiveCycle would help, then you might try the LiveCycle forum.
  In terms of your post, I really don't remember seeing the original, but that was right near the end of the semester and I was not checking the forum very much. There are various reasons folks may not reply, typically because they have no clue. Templates are also somewhat specialized and there are not many posts about them. My guess is that the template aspect may have had a lot of folks skip the post. In any case, I have tried to give you some thoughts.