Patch Tuesday Wednesday (May-2013)

This month Microsoft have released ten (10) security bulletins of which two (2) have a maximum rating of Critical, and eight (8) have a maximum rating of Important.

Today, we are releasing 10 bulletins, addressing 33 vulnerabilities in Microsoft products. Before we get into the details, we wanted to first let our enterprise customers know about a change in how we’re communicating technical details within our security advisories. Starting today, customers will be able to clearly identify key security updates within advisories. For further details, please visit Knowledge Base article 2849195.
Let’s talk about the updates that we released today. Ten bulletins were released, two Critical and eight Important, addressing 33 vulnerabilities in Internet Explorer, Microsoft Windows, Microsoft Office, Server and Tools, and .NET Framework. For those who need to prioritize deployment, we recommend focusing on MS13-037, MS13-038 and MS13-039 first. As always, customers should deploy all security updates as soon as possible. [1]

Bulletin	KB number	Description	Severity	Impact	Software
MS13-037	2829530	Cumulative Security Update for Internet Explorer	Remote Code Execution	Critical	Microsoft Windows, Internet Explorer
MS13-038	2847204	Security Update for Internet Explorer	Remote Code Execution	Critical	Microsoft Windows, Internet Explorer
MS13-039	2829254	Vulnerability in HTTP.sys Could Allow Denial of Service	Denial of Service	Important	Microsoft Windows
MS13-040	2836440	Vulnerabilities in .NET Framework Could Allow Spoofing	Spoofing	Important	Microsoft Windows, Microsoft .NET Framework
MS13-041	2834695	Vulnerability in Lync Could Allow Remote Code Execution	Remote Code Execution	Important	Microsoft Lync
MS13-042	2830397	Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution	Remote Code Execution	Important	Microsoft Office
MS13-043	2830399	Vulnerability in Microsoft Word Could Allow Remote Code Execution	Remote Code Execution	Important	Microsoft Office
MS13-044	2834692	Vulnerability in Microsoft Visio Could Allow Information Disclosure	Information Disclosure	Important	Microsoft Office
MS13-045	2813707	Vulnerability in Windows Essentials Could Allow Information Disclosure	Information Disclosure	Important	Windows Essentials
MS13-046	2840221	Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege	Elevation of Privilege	Important	Microsoft Windows

PATCH NOW:
* MS13-038 (Microsoft Internet Explorer)

LINKS:
[1.] Microsoft Customer Protections for May 2013 (2013-May-14) [MS: MSRC]
[2.] Microsoft May 2013 Black Tuesday Overview (2013-May-14) [SANS]
[3.] Microsoft Security Bulletin Summary for May 2013 (2013-May-14) [MS]
[4.] Microsoft security updates for May 2013 (2013-May-14) [MS]

Patch Tuesday, a Heads Up. (May-2013)

Next scheduled release: May 14th, 2012
The heads up for this month is; On Tuesday 14th May (US time; Wednesday 15th May AU time) Microsoft expect to release ten (10) new security bulletins. Two (2) bulletins carry a maximum aggregate rating of Critical, and eight (8) are rated Important.

Today we’re providing Advance Notification of 10 bulletins for release on Tuesday, May 14, 2013. This release brings two Critical and eight Important-class bulletins, which address 33 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows and Internet Explorer. Of note, we are working to have the Internet Explorer Security Update address the issue described in Security Advisory 2847140, supplementing the currently available Fix it. The Important-rated bulletins address issues in Microsoft Windows, Microsoft Office, Server and Tools, and .NET Framework.
As always, we will publish the bulletins on the second Tuesday of the month, at approximately 10 a.m. PST. … [1]

LINKS:
[1] Advance Notification Service for the May 2013 Security Bulletin Release (2013-May-09) [MSRC]

Patch Tuesday Wednesday (Apr-2013)

Windows XP was originally released on August 24, 2001. Since that time, high-speed Internet connections and wireless networking have gone from being a rarity to the norm, and Internet usage has grown from 360 million to almost two-and-a-half billion users. Thanks to programs like Skype, we now make video calls with regularity, and social media has grown from a curiosity to a part of our everyday lives. But through it all, Windows XP keeps chugging along. With its longevity and wide user base, Windows XP has served its customers faithfully over the years, but all good things must come to an end, and Windows XP is no exception.
In just 52 shorts weeks, support for the Windows XP will come to an end. …[1]

This month Microsoft have released nine (9) security bulletins of which two (2) have a maximum rating of Critical, and seven (7) have a maximum rating of Important.

We are releasing nine bulletins, two Critical-class and seven Important-class, addressing 14 vulnerabilities in Tools Microsoft Windows, Internet Explorer, Microsoft Antimalware Client, Office, and Server Software. For those who need to prioritize deployment, we recommend focusing on MS13-028 and MS13-029 first. [1]

Bulletin	KB number	Description	Severity	Impact	Software
MS13-028	2817183	Cumulative Security Update for Internet Explorer	Remote Code Execution	Critical	Microsoft Windows, Internet Explorer
MS13-029	2828223	Vulnerability in Remote Desktop Client Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS13-030	2827663	Vulnerability in SharePoint Could Allow Information Disclosure	Information Disclosure	Important	Microsoft Office, Microsoft Server Software
MS13-031	2813170	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege	Elevation of Privilege	Important	Microsoft Windows
MS13-032	2830914	Vulnerability in Active Directory Could Lead to Denial of Service	Denial of Service	Important	Microsoft Windows
MS13-033	2820917	Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege	Elevation of Privilege	Important	Microsoft Windows
MS13-034	2823482	Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege	Elevation of Privilege	Important	Microsoft Security Software
MS13-035	2821818	Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege	Elevation of Privilege	Important	Microsoft Office, Microsoft Server Software
MS13-036	2829996	Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege	Elevation of Privilege	Important	Microsoft Windows

PATCH NOW:
* MS13-028 (Microsoft Internet Explorer)
* MS13-029 (Windows Remote Desktop Client)

LINKS:
[1.] Out with the old, in with the April 2013 security updates (2013-Apr-09) [MS: MSRC]
[2.] Microsoft April 2013 Black Tuesday Overview (2013-Apr-09) [SANS]
[3.] Microsoft Security Bulletin Summary for April 2013 (2013-Apr-09) [MS]
[4.] Microsoft security updates for April 2013 (2013-Apr-09) [MS]

Patch Tuesday, a Heads Up. (Apr-2013)

Next scheduled release: April 09th, 2012
The heads up for this month is; On Tuesday 09th April (US time; Wednesday 10th April AU time) Microsoft expect to release nine (9) new security bulletins. Two (2) bulletins carry a maximum aggregate rating of Critical, and seven (7) are rated Important.

In celebration of spring’s onset, today we’re providing advance notification for the April 2013 release of nine bulletins; two Critical and seven Important. The Critical bulletins address vulnerabilities in Microsoft Windows and Internet Explorer, and the seven Important-rated bulletins will address issues in Microsoft Windows, Office, Antimalware Software, and Server Software. [1]

LINKS:
[1] Advance Notification Service for the April 2013 Security Bulletin Release (2013-Apr-04) [MSRC]

Patch Tuesday Wednesday (Mar-2013)

This month Microsoft have released seven (7) security bulletins of which four (4) have a maximum rating of Critical, and three (3) have a maximum rating of Important.

We’re releasing 7 bulletins, four Critical-class and three Important-class, addressing 20 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Server Tools, and Silverlight. For those who need to prioritize deployment, we recommend focusing on MS13-021, MS13-022 and MS13-027 first. [1]

Bulletin	KB number	Description	Severity	Impact	Software
MS13-021	2809289	Cumulative Security Update for Internet Explorer	Remote Code Execution	Critical	Microsoft Windows, Internet Explorer
MS13-022	2814124	Vulnerability in Silverlight Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Silverlight
MS13-023	2801261	Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Office
MS13-024	2780176	Vulnerabilities in SharePoint Could Allow Elevation of Privilege	Elevation of Privilege	Critical	Microsoft Office, Microsoft Server Software
MS13-025	2816264	Vulnerability in Microsoft OneNote Could Allow Information Disclosure	Information Disclosure	Important	Microsoft Office
MS13-026	2813682	Vulnerability in Office Outlook for Mac Could Allow Information Disclosure	Information Disclosure	Important	Microsoft Office
MS13-027	2807986	Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege	Elevation of Privilege	Important	Microsoft Windows

PATCH NOW:
* MS13-021
* MS13-022
* MS13-027

LINKS:
[1.] Evolving Response and the March 2013 Bulletin Release (2013-Mar-12) [MS: MSRC]
[2.] Microsoft March 2013 Black Tuesday Overview (2013-Mar-12) [SANS]
[3.] Microsoft Security Bulletin Summary for March 2013 (2013-Mar-12) [MS]
[4.] Microsoft security updates for March 2013 (2013-Mar-12) [MS]

Patch Tuesday, a Heads Up. (Mar-2013)

Next scheduled release: March 12th, 2012
The heads up for this month is; On Tuesday 12th March (US time; Wednesday 13th March AU time) Microsoft expect to release seven (7) new security bulletins. Four (4) bulletins carry a maximum aggregate rating of Critical, and three (3) are rated Important.

Today we’re providing advance notification for the release of seven bulletins, four Critical and three Important, for March 2013. The Critical bulletins address vulnerabilities in Microsoft Silverlight, Internet Explorer, Office and Microsoft Server Software. The three Important-rated bulletins will address issues in Microsoft Windows and Office. [1]

LINKS:
[1] Advance Notification Service for March 2013 Security Bulletin Release (2013-Mar-07) [MSRC]

Patch Tuesday Wednesday (Feb-2013)

This month Microsoft have released twelve (12) security bulletins of which five (5) have a maximum rating of Critical, and seven (7) have a maximum rating of Important.

We’re releasing 12 bulletins, five Critical-class and seven Important-class, addressing 57 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Exchange and .NET Framework. For those who need to prioritize deployment, we recommend focusing on MS13-009, MS13-010 and MS13-020 first. [1]

Bulletin	KB number	Description	Severity	Impact	Software
MS13-009	2792100	Cumulative Security Update for Internet Explorer	Remote Code Execution	Critical	Microsoft Windows, Internet Explorer
MS13-010	2797052	Vulnerability in Vector Markup Language Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows, Internet Explorer
MS13-011	2780091	Vulnerability in Media Decompression Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS13-012	2809279	Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Server Software
MS13-013	2784242	Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution	Remote Code Execution	Important	Microsoft Office, Microsoft Server Software
MS13-014	2790978	Vulnerability in NFS Server Could Allow Denial of Service	Denial of Service	Important	Microsoft Windows
MS13-015	2800277	Vulnerability in .NET Framework Could Allow Elevation of Privilege	Elevation of Privilege	Important	Microsoft Windows, Microsoft .NET Framework
MS13-016	2778344	Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege	Elevation of Privilege	Important	Microsoft Windows
MS13-018	2799494	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege/td>	Elevation of Privilege	Important	Microsoft Windows
MS13-018	2790655	Vulnerability in TCP/IP Could Allow Denial of Service	Denial of Service	Important	Microsoft Windows
MS13-019	2790113	Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege	Elevation of Privilege	Important	Microsoft Windows
MS13-020	2802968	Vulnerability in OLE Automation Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows

PATCH NOW:
* MS13-009 (Microsoft Internet Explorer)
* MS13-010 (Vector Markup Language)
* MS13-020 (Microsoft Windows)

LINKS:
[1.] Baseball, Bulletins and the February 2013 Release (2013-Feb-12) [MS: MSRC]
[2.] Microsoft February 2013 Black Tuesday Update – Overview (2013-Feb-12) [SANS]
[3.] Microsoft Security Bulletin Summary for February 2013 (2013-Feb-12) [MS]
[4.] Microsoft security updates for February 2013 (2013-Feb-12) [MS]

Patch Tuesday, a Heads Up. (Feb-2013)

Next scheduled release: February 12th, 2012
The heads up for this month is; On Tuesday 12th February (US time; Wednesday 13th February AU time) Microsoft expect to release twelve (12) new security bulletins, addressing 57 unique vulnerabilities. Five (5) bulletins carry a maximum aggregate rating of Critical, and seven (7) are rated Important.

We’re kicking off the February 2013 Security Bulletin Release with Advance Notification of 12 bulletins for release Tuesday, February 12. This release brings five Critical and seven Important-class bulletins, which address 57 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows, Internet Explorer and Exchange Software. The Important-rated bulletins address issues in Microsoft Windows, Office, .NET Framework, and Microsoft Server Software. [1]

LINKS:
[1] Advance Notification Service for the February 2013 Security Bulletin Release (2013-Feb-07) [MSRC]
[2] Microsoft Security Bulletin Summary for February 2013 (2013-Feb-07) [MS Technet]

Cisco VPN Client 5.0.07.0290 and Windows 8

The existing Cisco VPN Client 5.0.07.0290 will fail to connect when installed on Windows 8 – a “422 error” is displayed

Secure VPN Connection terminated locally by the Client.
Reason 442: Failed to enable Virtual Adapter.

To get it to work in Windows 8 64-bit make the following registry edit:

Modify
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVirtA\DisplayName

From Original:
@oem46.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows

Change to:
Cisco Systems VPN Adapter for 64-bit Windows

The New Cisco Anyconnect VPN client will be rolling out soon and is compatible with Windows 8, although it would appear that this issue has been around since the Win 8 developer preview [2]so CISCO has not been quick to come through with what appears to be a simple fix in their installer.

LINKS:
[1] Cisco VPN Client 5 on Windows 8 (2012-Sep-04) [http://www.bradleyschacht.com]
[2] How To Get Cisco VPN to Work on Windows 8 (developer preview) (2011-Oct-07) [Windows 7 Hacker]

Patch Tuesday Wednesday (Dec-2012)

This month Microsoft have released seven (7) security bulletins of which five (5) have a maximum rating of Critical, and two (2) have a maximum rating of Important.

Now, on to the news of the day; today we’re releasing seven bulletins, five Critical-class and two Important-class, addressing 12 vulnerabilities in Microsoft Windows, Internet Explorer (IE), Word and Windows Server. [1]

Bulletin	KB number	Description	Severity	Impact	Software
MS12-077	2761465	Cumulative Security Update for Internet Explorer	Remote Code Execution	Critical	Microsoft Windows, Internet Explorer
MS12-078	2783534	Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS12-079	2780642	Vulnerability in Microsoft Word Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Office
MS12-080	2784126	Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Server Software
MS12-081	2758857	Vulnerability in Windows File Handling Component Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS12-082	2770660	Vulnerability in DirectPlay Could Allow Remote Code Execution	Remote Code Execution	Important	Microsoft Windows
MS12-083	2765809	Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass	Security Feature Bypass	Important	Microsoft Windows

PATCH NOW:
* MS12-077 (Internet Explorer)
* MS12-079 (Microsoft Word)

LINKS:
[1.] It’s That Time of Year, For the December 2012 Bulletin Release (2012-Dec-11) [MS: MSRC]
[2.] Microsoft December 2012 Black Tuesday Update – Overview (2012-Dec-11) [SANS]
[3.] Microsoft Security Bulletin Summary for December 2012 (2012-Dec-11) [MS]
[4.] Microsoft security updates for December 2012 (2012-Dec-11) [MS]