Security Bulletin MS13-067 and MS14-022

Similar Messages

• Cannot validate pgp signatures of microsoft security bulletins

  So I've been getting Microsoft security bulletins for years and I thought I would actually verify the PGP signature. I have not been able to yet. I found two public keys on microsoft sites:https://technet.microsoft.com/en-us/security/dn753714was the first key I imported. My PGP software says it is the wrong key for the June 2015 security bulletin:PHPWrong signature of Microsoft SecurityNotifications (Key ID: BF05BFF43AA549E5)Notably on that link above, the page says it was "Updated: December 15, 2015" (in the future). I found that page linked fromanother page.I found another key and replaced the above key with a slightly older one. I still get an "unknown" key errorTextSigned with unknown key(Key ID: BF05BFF43AA549E5)I also foundboth keyson the MIT key server.What do you get when you verify Microsoft PGP signatures?
  This topic first appeared in the Spiceworks Community

  Hi,
  Thanks for your advise. I record your feedback.
  Juke Chou
  TechNet Community Support

• MS14-022 and User Profile related issues

  Hi all.
  Since applying the patches in MS14-022 on Friday I've been having issues with certain aspects of two specific web applications.
  Our intranet home page will not load and generates a large number of the following entries in the ULS log...
  05/20/2014 07:53:36.54 
  w3wp.exe (0x146C)                       
  0x1504
  SharePoint Server             
  General                       
  0
  Medium  
  Constructed a new async cache named Profile Property Cache
  0f15c23c-64b1-42bc-bdd8-f0a84cf358ba
  05/20/2014 07:53:36.60 
  w3wp.exe (0x146C)                       
  0x1504
  SharePoint Portal Server      
  User Profiles                 
  g11n
  High    
  UserProfileApplicationProxy.InitializePropertyCache: System.Security.Cryptography.CryptographicException: Object already exists.       at Microsoft.Office.Server.UserProfiles.MossClientBase`1.ExecuteOnChannel(String operationName,
  CodeBlock codeBlock)     at Microsoft.Office.Server.UserProfiles.ProfilePropertyServiceClient.ExecuteOnChannel(String operationName, CodeBlock codeBlock)     at Microsoft.Office.Server.UserProfiles.ProfilePropertyServiceClient.GetProfileProperties()    
  at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.RefreshProperties(Guid applicationID)     at Microsoft.Office.Server.Utilities.SPAsyncCache`2.GetValueNow(K key)     at Microsoft.Office.Server.Utilities.SPAsyncCache`2.GetValue(K
  key, Boolean asynchronous)     at Microsoft.Office.Server.Adminis...
  0f15c23c-64b1-42bc-bdd8-f0a84cf358ba
  05/20/2014 07:53:36.60*
  w3wp.exe (0x146C)                       
  0x1504
  SharePoint Portal Server      
  User Profiles                 
  g11n
  High    
  ...tration.UserProfileApplicationProxy.InitializePropertyCache()
  0f15c23c-64b1-42bc-bdd8-f0a84cf358ba
  05/20/2014 07:53:36.60 
  w3wp.exe (0x146C)                       
  0x1504
  SharePoint Portal Server      
  User Profiles                 
  cm6y
  High    
  User Profile Application Proxy failed to retrieve partitions from User Profile Application: Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException: No User Profile Application available to service the request. Contact your farm administrator.    
  at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_ApplicationProperties()     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_PartitionIDs()     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.IsAvailable(SPServiceContext
  serviceContext)
  0f15c23c-64b1-42bc-bdd8-f0a84cf358ba
  The same is logged when trying to view the PWA site of our Project Server 2010 web app.
  All other web apps are responding as expected and, strangely enough, other pages and sites in the intranet and PWA Site Collections are fine too.
  Has anyone any ideas as to why this problem exists and why only certain pages/sites are affected?
  The User Profile Service is responding on all 4 servers in the farm and User Profile Sync's are running on time with no issues.
  I've searched and found similar issues but there are no issues with our SharePoint Web Services site authentication settings which is proposed as a resolution in the following article even though our User Profile Services all seem fine...
  http://blogs.technet.com/b/manjesh/archive/2011/02/06/sharepoint-2010-unable-to-start-the-user-profile-synchronization-service.aspx
  Thanks in advance.

  Try below:
  http://torydouglas.com/?p=88
  http://blogs.technet.com/b/steve_chen/archive/2010/10/13/troubleshooting-user-profile-sync-issues-on-sharepoint-2010.aspx
  http://technet.microsoft.com/en-in/library/gg750254%28v=office.14%29.aspx
  http://technet.microsoft.com/en-in/library/gg750257%28v=office.14%29.aspx

• Do new Security bulletins and advisories of all adobe products supersede the old ones?

  Hi
  Can I get the information where new Security bulletins and advisories of all adobe products supersede the old ones..
  Example :
  Is APSB13-15 Security updates available for Adobe Reader and Acrobat supersedes any security bulletins and advisories.
  Please provide me the information where I can get this info..

  Thank you..Some what helpful.
  But I need to get the Security bulletins and advisories supersede information, Like Microsoft is publishing the Updates Replaced information.
  It will be a great helpful if I can get the information.

• Security Bulletin for SharePoint 2013??

  Microsoft released the SharePoint 2013 version 5 Security bulletins.....in our enviorment do we need to apply all old bulletin or patching latest one will affect it.
  MS14-001  (Latest One) - 1/14/2014
  MS13-100 
  MS13-084
  MS13-067
  MS13-030  (4/9/2013)
   

  The bulletins will notate if they've superseded any patches. If not, you'll want to apply each one.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Parsing Microsoft Security Bulletin Web Pages

  I have been tasked with determining which bulletings are pertintent starting in 2013 to the present.  I am placing a link to the bulletin and other information on a spreadsheet.  I have a reference to the Internet Controls in my project.
  I need to determine which operating systems for each bulletin.
  I have been able to parse the security bulletins page by year (https://technet.microsoft.com/en-us/library/security/dn631924.aspx) to get the next level of the bulletin
  (https://technet.microsoft.com/library/security/ms13-106).
  My problem has come in parsing the affected software table.  Not all the bulletins have the same formatting from year to year or even within the same year. 
  I have been useing the DOM explorer in IE to help me find all the parts, but I have found many of the tags (table name) are empty so I am having to check each and every line and element to find the information I am looking for.
  My code is ending up with a number of if/elseif type of checks and is getting very complicated.  Does anyone have a solution for this already or am I missing something?
  Thanks in advance.

  Hi Shu Hu,
  I am able to parse the table and find all the tr tags.
  The problem I am having is the different layouts used on the web pages.
  The pages for the security bulletin's for 2013 (https://technet.microsoft.com/en-us/library/security/ms13-106.aspx)
  are a different format from the bulletin's for 2014 (https://technet.microsoft.com/library/security/ms14-085).
  Initally I thought I could find just tables but the table I am looking to parse is not the same index from page to page.  I thought I could use the table name attribute but that was not populated.  I started looking at each elelement on the HTML
  page until I found the text "Affected Software." Once I found the tag in the innerText field I looked for the next table to process the rows.
  I was hoping that the formatting would be the same from year to year but it is not so I was looking to see if there was a solution already but it does not look that way.
  I will take a closer look at the article you provided to see if that will help.

• Microsoft Security Bulletin Advance Notificati​on for April 2011

  Wow! Microsoft's April Patch is planning 17 Bulletins to Fix 64 Bugs. As always it includes some security updates.
  https://www.microsoft.com/technet/security/bulleti​n/ms11-apr.mspx
  ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
  If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
  Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
  Microsoft MVP - Consumer Security
  SpywareHammer

  Hi Shu Hu,
  I am able to parse the table and find all the tr tags.
  The problem I am having is the different layouts used on the web pages.
  The pages for the security bulletin's for 2013 (https://technet.microsoft.com/en-us/library/security/ms13-106.aspx)
  are a different format from the bulletin's for 2014 (https://technet.microsoft.com/library/security/ms14-085).
  Initally I thought I could find just tables but the table I am looking to parse is not the same index from page to page.  I thought I could use the table name attribute but that was not populated.  I started looking at each elelement on the HTML
  page until I found the text "Affected Software." Once I found the tag in the innerText field I looked for the next table to process the rows.
  I was hoping that the formatting would be the same from year to year but it is not so I was looking to see if there was a solution already but it does not look that way.
  I will take a closer look at the article you provided to see if that will help.

• Re: Microsoft Security Bulletin Data

  My question (suggestion) regards the Detailed Bulletin Information that can be downloaded as an Excel spreadsheet. The problem that I'm having is with superseded Bulletins\Advisories. I use this spreadsheet (http://www.microsoft.com/en-us/download/details.aspx?id=36982)
  to verify what patches that are identified as missing by my my vulnerability scanning tool, which unfortunately likes to tell me that I have to apply a patch(s) that that has been superseded.
  This spreadsheet contains 14 columns, one of which is "Supersedes"... which is great, but I have to search that column to see if a particular patch has itself been superseded. My suggestion is why not ad a column "Superseded
  By", this way you can just look up the "Bulletin ID" in question? A simple example of this would be the following:
  Date Posted    Bulletin ID      Severity    Title                              
                          Supersedes
  5/13/2014        MS14-029       Critical        Security Update for Internet Explorer    MS14-021[2964358]
  ... which unless I'm wrong, is telling me that MS14-029 supersedes or replaces MS14-021 and its subsequent advisories. Now this is very easy to look up because they both happened withing 15 days of each other, meaning my scanning tool is telling me that
  MS14-021 is required, and that's just not true. Now, imagine doing this for older bulletins that may have been released years ago, I have to search the
  Supersedes field instead of just looking at that bulletin to get that information. I do understand that this is mostly an issue that I have to solve with my vendor and we are addressing that, but Microsoft posts this spreadsheet for
  us to use and I do use it to its full effect, I just want them to make it easier to use, so that I can be more efficient, that's it.
  The only reason I posted this message (rant) here is because other than Twitter, I cannot find a way to contact Microsoft regarding this and I've been looking for over an hour this morning, hopefully someone from that area will see this and at least respond.
  Thank you,
  Donald Jackson

  Hi,
  Thanks for your advise. I record your feedback.
  Juke Chou
  TechNet Community Support

• SharePoint Security Bulletin same downloads......

  This SharePoint Security Bulletin has 4 same download available on below site....which we should download?
  https://technet.microsoft.com/en-us/library/security/ms14-050.aspx

  There are versions for SharePoint Foundation, SharePoint Server, SharePoint Foundation SP1 and SharePoint Server Sp1. Pick the option that best describes your environment.
  You shouldn't need to install the Foundation and Server patch for MS14, just the Server package should suffice.

• Latest SharePoint Security Bulletins installation will cover old one or not?

  For SharePoint Security Bulleting installing latest one will cover all old patches or not. In below August 2014 is latest one.
  August-> 
  https://technet.microsoft.com/en-us/library/security/ms14-050.aspx
  May->
  https://technet.microsoft.com/en-us/library/security/ms14-022.aspx

  Hello,
  I donc think that the security are cumulative but ,according to this post from stefan gobner
  http://blogs.technet.com/b/stefan_gossner/archive/2014/07/10/common-question-on-hotfixes-security-updates-and-non-security-related-public-updates.aspx , it seems that the cumulative SharePoint contains the security updates, so if you keep you have the ltest
  CU, you should have all the security fix released before
  Best regards, Christopher.
  Blog |
  Mail
  Please remember to click "Mark As Answer" if a post solves your problem or
  "Vote As Helpful" if it was useful.
  Why mark as answer?

• Adobe AIR 13 Runtime Security Bulletin for Windows or Mac

  According to 5/13/2014 - Release - AIR 13 Runtime and SDK, the update for Adobe AIR 13 on 5/13/2014 includes fixes and security updates "Security update details can be found here: Security Bulletin (APSB14-14)", we have two questions:
  1. Why the Adobe Air 13 runtime for Windows and Mac is not listed in the security bulletin APSB14-14, like APSB14-02?
  2. Was the version released before Adobe AIR 13.0.0.111 for Windows Adobe AIR 4.0.0.1390 or Adobe AIR 13.0.0.83?
  Thanks!
  -TeamOCD

  MacWorld did a comparative evaluation of the October 2008 MBA with 1.86 GHz processor and the Mid-2009 MBA with 2.13 GHz chip. Their conclusion was that that 1.86 CPU was actually FASTER than the 2.13 in most applications.
  http://www.macworld.com/article/141296/2009/06/macbookairmid09.html
  They speculated that the 2.13 chip was being throttled by Apple to control heat issues and that's why it tested SLOWER than the (supposedly) slower 1.86 part.
  Have to wait for testing of these new MBA units to know if the same thing occurs. But, for the Rev. B and C MBAs, the 1.86 part was actually faster in real world use!

• Adobe Acrobat 7 Security Bulletin

  http://www.adobe.com/support/security/bulletins/apsb06-20.html
  Critical vulnerabilities have been identified in Adobe Reader and Acrobat 7.0 through 7.0.8 that could although Adobe is not aware of any specific code exploits at this time allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.
  Adobe Reader 7.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0 through 7.0.8 on the Windows platform when using Internet Explorer. Users of other browsers are not affected.
  More information available at the above link.

  If there are form fields, then whoever added them probably used the forms menu, not the Acrobat form fields. Thus the PDF was converted to Designer and you are out of luck. The FORMS button found in various places in Acrobat 7 and latter takes you to Designer, not the Acrobat form tools. The latter are located in the tools menu.

• HT6041 does anyone have information re: motion 5.1 ? the latest security bulletin describes the need for it but neither  " software update: or the "app store"  seems to have it.

  I have read and re read this security bulletin and I have checked software update and the " app store" and there is no mention of "motion" or "motion 5.1"

  FWIW, here is the Apple troubleshooting note for Motion updates that aren't being offered, and the Apple best practices for Motion and related.   Here are the Mac App Store troubleshooting tips.

• Does ColdFusion : Security Bulletin APSB10-11 apply to MX 7.0.2

  I contacted adobe phone support and was directed to post my question to the forum because adobe doesn't provide phone support for server products.
  So, Does ColdFusion : Security Bulletin APSB10-11 apply to MX 7.0.2?
  In the Security Bulleting it reads like it does:
  Summary
  Important vulnerabilities have been identified in ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX. The vulnerabilities could lead to cross-site scripting and information disclosure.
  source: http://www.adobe.com/support/security/bulletins/apsb10-11.html
  However, there are no solutions in the technote:
  Issue
  Note: This technote and the attachments have been updated on 05/13/2010. All ColdFusion users should review the technote again. An issue when this security fix was applied with Cumulative Hot Fix 4 for ColdFusion 8.0.1 has been identified and resolved. The issue was caused by a naming conflict.
  ColdFusion 9.0, 8.0.1 and 8.0 are affected with the issue mentioned in the security bulletin APSB10-11. This technote provides fixes for the security issues along with the installation instructions.
  source: http://kb2.adobe.com/cps/841/cpsid_84102.html
  Additionally, does anyone know if Cold Fusion MX 7.0.2 is a supported product?
  Thank you any help will be benifitial.

  I contacted adobe phone support and was directed to post my question to the forum because adobe doesn't provide phone support for server products.
  I have had phone support from them, and they were quite helpful.  Do you mean they don't do free phone support?  No, they don't.
  I cannot believe they suggested you raise an issue on the forum.  That's just sh!t.  There's no other way of describing that.
  Additionally, does anyone know if Cold Fusion MX 7.0.2 is a supported product?
  http://www.adobe.com/support/products/enterprise/eol/eol_matrix.html#63
  Only for "Extended support", whatever that is.
  [searches]
  Hmmm... http://www.adobe.com/support/programs/policies/terms_customer.html:
  Extended Support. If version of software held by Customer at time of renewal has been end-of-lifed during the next renewal term, Customer may renew to Extended Support, provided that Extended Support is available for such software version.  Information about Software that has been or soon will be end-of-lifed and Extended Support availability dates by product version are published at www.adobe.com/support. If Customer elects to purchase Extended Support, the Annual Support Fee shall be twenty-five (25%) percent of the license fee paid for the Software (if such fee cannot be established, the percentage would be based on the then-current list price of the license fee for the Software), however in no event shall the amount be less than the last renewal prior to renewing under Extended Support.
  If extended support is renewed, the renewal fee would be the Annual Support Fee paid for the prior year increased by the applicable Consumer Price Index (CPI)*, for the 12-month period preceding the renewal date. Should Customer upgrade to the next major version of the Software (e.g., upgrade from 4.0 to 5.0), the Annual Support Fee for the upgraded version shall be the lesser of twenty percent (20%) of the then current list price of the license fee for such upgraded version, or the Annual Support Fee for the last renewal prior to renewing under Extended Support increased by the applicable Consumer Price Index (CPI)*, for the 12-month period preceding the renewal date.
  So there you go.  It's something you'd have to be paying for anyhow, and my reading of that is that it's too late to get it now anyhow.
  I think this will also mean that you're definitely out of luck in regards to any sort of patching going on for CFMX7.
  Adam

• Subscribe to only coldfusion security bulletins

  How can I subscribe to *ONLY* coldfusion security bulletins.  Preferably CF9 only.
  thanks,
  jbee

  Is Microsoft is still releasing security bulletins for pre-SP1 Windows Server 2008 R2?  My guess is no.  The "service pack support end date" is listed as 4/9/2013.
  Which is exactly what that date means. No more updates for the previous SP level(s) of the product; no more
  support for systems running the previous SP level(s) of the product.
  But the admin thinks pre-SP1 is still eligible for security bulletins until the end of its Extended Support
  The 'admin' is incorrect, and this behavior is no different than it has been since the updates for Windows Server 2003 Service Pack 1 were cut off in April 2007. Following the cutoff date, updates are explicitly coded to ignore older SP level(s) of the product.
  This should be very easy to prove to your 'admin'. Show your 'admin' a WS2008R2 *RTM* machine in the WSUS console with one of those current updates released after April 2013 and observe very closely the
  Not Applicable status that is reported, and have the 'admin' contemplate why that is. Or, if no WSUS, just scan WU and try to find anything released after April 2013 in the list of available updates (assuming there are actually
  any available updates at all).
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.