Security Advisory 3046310 - Managing Updates

Similar Messages

• Microsoft Security Advisory 2963983

  https://technet.microsoft.com/library/security/2963983
  I called MS today not sure i had the right department, but the gentleman didn't know what I was referencing does anyone know of a site to get up to date information of this issue and when MS plans on releasing a patch?
  Also were advising everyone to disable the Adobe flash in internet explorer Add-on's, anything else that we can do to remedy this is greatly valued.
  Thank you,

  Summary:
  For more information on these and other remediation options, please see
  Security Advisory 2963983.  Additional information on this limited, targeted attack can be found on the
  MSRC blog. 
  IE is widely recognized as the most secure browser against socially-engineered malware, the most common form of attack, blocking 99.9% of malware in a
  recent NSS Labs test. 
  We encourage you to consider upgrading to the latest version of IE for improved security features such as Enhanced Protected Mode, better backward compatibility through
  Enterprise Mode, increased performance, and support for the modern web standards that run today’s websites and services.
  On April 26, 2014, Microsoft released a
  Security Advisory (2963983) to notify customers of a vulnerability in IE.  At this time we are aware of limited, targeted attacks.  We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is
  finalized.
  Guidance on suggested mitigations:
  Our investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in IE10 and IE11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, could help protect against this potential
  risk.  We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.
  The Enhanced Mitigation Experience Toolkit 4.1: (EMET)
  helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit.  EMET 4.1 is supported by Microsoft, and is automatically configured to help protect Internet Explorer.  EMET
  can also be configured using Group Policy.  For more information, see
  Microsoft Knowledge Base Article 2458544.
  More details:
  Deploy the Enhanced Mitigation Experience Toolkit 4.1
  Pros:  Blocks potential exploits of this vulnerability
  Cons:  May be incompatible with some web apps
  Enable Enhanced Protected Mode
  Pros: Blocks potential exploits of this vulnerability
  Cons:  May be incompatible with some web apps; not available on 32-bit Windows 7
  Businesses who have upgraded to IE11 or IE10 can enable
  Enhanced Protected Mode
  (EPM) for additional security protection.   On Windows 8 and Windows 8.1, EPM is enabled by default for the modern, immersive browsing experience.  Customers using the touch-friendly IE11 browser on Windows tablets, for example, are already
  using EPM and may not be susceptible to this and similar attacks.   
  Enhanced Protected Mode can be enabled and managed through Group Policy.  To manually enable EPM in IE, perform the following steps:
  On the IE Tools menu, click Internet Options.
  In the Internet Options dialog box, click the Advanced tab, and then scroll down to the Security section of the settings list.
  Ensure the checkboxes next to Enable Enhanced Protected Mode and Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems) are selected.
  Click OK to accept the changes and return to IE.
  Restart your system.
  While Enhanced Protected Mode provides significant additional protection, it may not be compatible with some add-ons and enterprise web apps.  Also, while EPM is available for
  64-bit Windows 7, it is not an option for 32-bit Windows 7 installations. 
   Unregister VGX.DLL
  Pros:  Relatively simple workaround
  Cons:  May not protect against other exploits
  Known attacks currently take advantage of VGX.DLL, which provides support for Vector Markup Language (VML).  VML is not natively supported by most web browsers today,
  so this remediation option may have the least impact on enterprise web app compatibility. 
  To unregister VGX.DLL:
  Click Start, click Run, and type "%SystemRoot%\System32\regsvr32.exe" /u /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
  After an update has been released and installed, you can re-register VGX.DLL with:  "%SystemRoot%\System32\regsvr32.exe" /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
  These commands can be issued as batch files via Microsoft System Center Configuration Manager or other infrastructure management solutions. 
  Rob^_^

• T61p Client Security Solutions + Password Manager + Two Operating Systems

  Greetings.
      I am running both XP and VISTA on my T61p.  I use the client security solutions password manager feature for websites and network shares.  Since my model has the biometric scanner instead of entering the user ID and password I just swipe my finger.  The issue is that when I first setup client security solutions it creates some system key that I assume is tied to the security chip hardware.  Once I have it setup and working under one operating system it fails to authenticate me under the other operating system.  It brings up a windows that says, "Verify Identity" / "reason for authentication:  system key recovery"  Why am I not able to use this feature under both operating systems?
  Thanks for your time.
   XSYLUS

  Thanks for the reply.
  I was using an older version of RnR, however, after the attempt to re-install, I upgraded to the latest version.  It still errors out.
  As to your second guess, I was hopefull this was the fix, I had forgotten to go through the registry.  I deleted an empty CSS folder in the Common Files folder.  And found several registry entries which have now been deleted.  I don't believe I missed any.  But unfortunately no luck.  I cleared the chip again as well.
  If it adds any clues, the system update was not working either.  But the language fix posted on the forums resolved it.  If I remember correctly the first time I tried to reinstall CSS it did ask a question/comment about language not matching.  I could be wrong, however, there have been alot of attempts.
  I spoke with tech support on the phone with the only suggestion being a clean restore of the laptop which I would like to avoid.
  Thanks again.

• Cisco Security Advisory: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

  Hello Experts,
  I need to rule out that we have affected openSSL version 1.0.1 running on our devices. I need to know what is the version of openSSL that is current on the following platforms:
  Cisco PIX
  Cisco FWSM
  Cisco ISR
  Cisco VPN Concentrator
  I know ASA runs 0.9.8f and I know that PIX and Concentrator are very old, and they might run an older version, however for a security assessment I need to rule those out too.
  Does anyone know what is the version for these platforms?
  Thanks in advance.

  The definitive source is and will continue to be the Cisco Security Advisory. It has already been updated several times today. Please keep checking back to it at the following URL:
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
  That said, the Pix and VPN Concentrator development and code release ended prior to the release of openssl with the vulnerability so I would hazard an educated guess that you won't have any problems with respect to this particular vulnerability. THAT said, if you're concerned about security vulnerabilities why are you running products with associated code that has not had other documented bugs and vulnerabilities patched for at least several years?
  The ISR G2 will almost certainly depend on the IOS level and whether you are using any of the ssl-related features.

• Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks

  I recieved this Cisco Advisory e-mail today. I have 1200 access points that I upgraded yesterday to 12.3(7)JA2, in which this problem was corrected. In the advisory it states to upgrade to this software release and to make a configuration change on each radio interface. I made this change on Dot11Radio0 interface and it took. I have 2 more interfaces ( Dot11Radio0.2 and Dot11Radio0.75) in which I get an error when I try to make this configuration change. I don't quite understand these interfaces, so I would like to know if I really need to make this change on the other 2 interfaces or is making the change on the 1st one enough. Any information is certainly appreciated. Thanks, Laurie Coles

  Since you have subinterfaces configured, you are apparently using
  VLANs on your APs. The ARP table is only relevant for the VLAN
  with the management IF, that is the native VLAN.
  For all other VLANs it's simply bridging, therefore no ARP table,
  and therefore this vulnerability doesn't apply here.
  So your only concern should be the native VLAN, and unless you
  need wireless access for managing your APs the best way for
  securing this would be to not configure a SSID for this VLAN.
  Then the only access to the AP would be over the Ethernet-IF.
  The security advisory is more important for APs configured
  without VLANs where wireless clients and the management IF
  of the AP are in the same (W)LAN.

• Microsoft Security Advisory 3046015

  One of the workarounds for Microsoft Security Advisory 3046015 is to disable the RSA key exchange ciphers in Windows Vista and later systems by modifying the SSL Cipher Suite
  order in the Group Policy Object Editor but the cipher list in the Advisory is 1185 characters long but the max size for that GPO setting (SSL Cipher Suite order) is 1023 characters.

  Hi,
  Thank you for your update and feedback. It will be very beneficial for other community members who have similar questions.
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service

  Hello,
  Question regarding the work around for the recent Cisco Security Advisory (cisco-sa-20070124). The link to this advisory is here:http://www.cisco.com/en/US/customer/products/products_security_advisory09186a00807cb0e4.shtml#vuln
  The work around says to create an access-list for example:
  access-list 150 permit tcp TRUSTED_HOSTS MASK INFRASTRUCTURE_ADDRESSES MASK
  So trusted_hosts, is that the hosts on my network?
  Infrastructure_addresses, is this my routers
  I'm not sure what they are saying here. If anyone could shed some light, that would be great
  Thanks
  Mike

  Pretty close. Trusted hosts SHOULD be hosts that are A.,trusted and B., require access to those devices. So as an example "TRUSTES_HOSTS" could be management stations, admin desktops, or whatever is required to have access and you is "trusted". Ideally infrastructure address space should only be reachable from trusted users that need access and no one else. Infrastructure space would likely include addresses for routers, firewalls, switches , authentication servers, monitoring servers, basically anything that makes the network run and keeps it alive. Hope this helps.

• Out-of-Band Microsoft Security Advisory

  Microsoft Security Advisory (2659883)
  Vulnerability in ASP.NET Could Allow Denial of Service https://technet.microsoft.com/en-us/security/advisory/2659883
  Editing to add additional link: https://blogs.technet.com/b/msrc/archive/2011/12/28/advanced-notification-for-out-of-band-release-to...
  ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
  If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
  Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
  Microsoft MVP - Consumer Security
  SpywareHammer

  Hi -
  Here is a link to the forum post I made regarding the OS security update policy for Cisco Unity - http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=Unified%20Communications%20Applications&topicID=.ee835d2&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc231ee/2#selected_message
  Regards, Ginger

• Where is Security Advisory 2974294 Hiding?

  Since reading the SCEP security advisory (
  https://technet.microsoft.com/library/security/2974294 ) I've been scouring my SCCM world looking for the update. My SCEP clients are still below the minimum version. I've resync'd several times today but don't see any new engine updates coming my way.
  Is it still in the works?
  Orange County District Attorney

  2974294 is simply an advisory KB, it is not a hotfix that you will see in the WSUS catalog. The actual engine update will be delivered along with one of the next definition updates just like all engine updates are:
  http://blogs.technet.com/b/msrc/archive/2014/06/17/microsoft-releases-security-advisory-2974294.aspx
  Jason | http://blog.configmgrftw.com

• New ISC BIND packages [Security Advisory]

  Hi there.
  A new version of BIND 9.3.x (9.3.4) has been released addressing a DoS vulnerability as seen on SecurityFocus:
  http://www.securityfocus.com/bid/22231
  I don't know what's the "legal" procedure, maybe I had to mark the bind package as old before posting or something, but I just wanted to let the developers know about this.
  Thanks for paying attention... now I'll go and mark bind as old.
  Last edited by ckristi (2007-01-30 06:22:08)

  Thanks for the answer. I am using Arch as my primary workstation OS. And I am a very happy user. But I think it feels bad to see, for example, updates for beryl and not for a security advisory. I am kind of a "Linux literate". I will always use Slackware for a server due to its stability. But speed of Arch and the easiness in using it made me think that at some point I could switch at least my home server to Arch, too. Also I can and, if that's the case, will compile my possibly vulnerable program from sources before an updated package is in the repo (and if I or some security advisory site thinks it is a critical vulnerability). I was just thinking about people who think they're safe if they run "pacman -Syu" at least every day and who don't have "securityfocus dot com" or some other security advisory site in their bookmarks menu. I am one of the people who just occasionally visits securityfocus.com just to see how serious is a problem. And now, what dragged me to securityfocus was the update of bind in Slackware and Fedora which happened 4-5 days ago and no bind update for Arch.

• Does security advisory 03-35 and 03-36 affect 451?

  Hi all,
  My manager wants to check if BEA Security Advisory 03-35.00 and 03-36.00
  apply to Weblogic 451. I checked around the knowledge database and found out these
  two advisories have no issue with weblogic451. I just want to make sure. Thanks

  "Kenny Yang" <[email protected]> wrote in message
  news:3f3d3902$[email protected]..
  >
  Hi all,
  My manager wants to check if BEA Security Advisory 03-35.00 and03-36.00
  apply to Weblogic 451. I checked around the knowledge database and foundout these
  two advisories have no issue with weblogic451. I just want to make sure.Thanks
  BEA03-35.00 was introduced in 7.0 sp3 so it should not affect 451.
  I am not sure about 03-36.00 - I would check with support. 4.5.1 is no
  longer supported
  so a patch would not be created for this version.

• Will Security Advisory 2949927 add SHA-2 to TMG?

  I know that this topic has been under discussion for many times, but i still want to keep up hope..
  Does anyone happen to know if Security Advisory 2949927 that brings SHA-2 support to underlaying OS of TMG, would also bring it to TMG? Since TMG is relying on OS schannel process..
  s
  Antti Laatikainen IT Security Manager Santen Europe

  Hi,
  I am sorry to say that there is no official documents that indicate SHA-2 is supported in TMG because of the availability of SHA-2 hashing algorithm for Windows Server 2008 R2 at present.
  Best regards,
  Susie

• Security Advisory 2982792 - Available for SCCM?

  Does anyone know if the update for Security Advisory 2982792 (Digital Cert Spoofing) is going to be available in SCCM?
  Orange County District Attorney

  https://technet.microsoft.com/en-us/library/security/2982792
  Recommendation. An automatic updater of revoked certificates is included in supported editions of Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, and Windows Server 2012 R2, and for devices running
  Windows Phone 8 or Windows Phone 8.1. For these operating systems or devices, customers do not need to take any action because the CTL will be updated automatically.
  For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 that are using the automatic updater of revoked certificates (see
  Microsoft Knowledge Base Article 2677070 for details), customers do not need to take any action because the CTL will be updated automatically.
  https://support.microsoft.com/kb/2982792
  Prerequisites
  In order to receive this update, you may have to have one or both of the following updates installed:
  2677070       (http://support.microsoft.com/kb/2677070/            
  An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 
  2813430      (http://support.microsoft.com/kb/2813430/            
  An update is available that enables administrators to update trusted and disallowed CTLs in disconnected environments in Windows
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• System error in Funds Management update

  Dear you,
  Have anyone seen the following when updating FM from FI document:
  "System error:Funds management update (FMRI, CHECK_WE_RE)"
  Any ideas what to do?
  Thanks
  Sonja

  Hi there,
  The update problem occurs both if we try to post with FB50L or if I try to make a transfer of FI postings in FM. This all happens in the new installation where we plan to use new GL and FM.
  This note you gave did not ring a bell for me
  The error message is FI057. But we have not yet found a suitable note.
  Therefore any ideas are still welcomed.

• Failed installation: How to rerun Adobe Application Manager updates for Photoshop CS6

  Hi.
  The installation of  Adobe Extension Manager CS6 failed - while 2 others update for Photoshop CS6 did intall. I was installing Adobe Reader X .
  That's why I discovered the notication from the application manager about updates for CS6 - and I just confirmed that as well.
  Apparently the Reader installation blocked only the update installation of Adobe Extension Manager CS6 - saying another installation process was running ... such stuff happens sometimes.
  However, it seems Adobes Application Manager update module does not track its failed installations? It does not automatically advertise that update has not been installed and notifiying me again to install it. At least not immediately ...
  So how do I rerun the Adobe Application Manager update moduel to check for updates manually?

  You go Photoshop CS6 > Help > Updates ...