Schlagwort-Archive: Technet

Willkommen

SG IT-Dienstleistungen – Stefan Geiger – Gerokstraße 1 – 71332 Waiblingen

Startseite – IT-Beratung – IT-LösungenIT-SupportIT-SicherheitImpressumKontakt


Sie befinden sich auf einem Mobilgerät und sehen hier folgend nur BLOG-Beiträge.

Gehen Sie oben über das Menu auf die entsprechenden Seiten die Sie bei uns interessieren.

 

April 2015 Microsoft Security Bulletin Release

What is the purpose of this alert?
This alert is to provide you with an overview of the new security bulletins being released on April 14, 2015. New security bulletins are released monthly to address product vulnerabilities.
New Security Bulletins
Microsoft is releasing the following 11 security bulletins for newly discovered vulnerabilities:
Bulletin ID Bulletin Title Max Severity Rating Vulnerability Impact Restart Requirement Affected Software
MS15-032 Cumulative Security Update for Internet Explorer (3038314) Critical Remote Code Execution Requires restart Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on affected Microsoft Windows clients and Windows servers.
MS15-033 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019) Critical Remote Code Execution May require restart All supported editions of Microsoft Office 2007, Office 2010, Office 2013, Office 2013 RT, Office for Mac, Word Viewer, Office Compatibility Pack, SharePoint Server 2010, SharePoint Server 2013, Office Web Apps 2010, and Office Web Apps 2013.
MS15-034 Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553) Critical Remote Code Execution Requires restart All supported editions of Microsoft Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2.
MS15-035 Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306) Critical Remote Code Execution May require restart All supported editions of Microsoft Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS15-036 Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044) Important Elevation of Privilege May require restart All supported editions of Microsoft SharePoint Server 2010, SharePoint Server 2013, and SharePoint Foundation 2013.
MS15-037 Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269) Important Elevation of Privilege Does not require restart All supported editions of Microsoft Windows 7 and Windows Server 2008 R2.
MS15-038 Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576) Important Elevation of Privilege Requires restart All supported releases of Microsoft Windows.
MS15-039 Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482) Important Security Feature Bypass May require restart All supported editions of Microsoft Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS15-040 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711) Important Information Disclosure May require restart Active Directory Federation Services 3.0.
MS15-041 Vulnerability in .NET Framework Could Allow Information Disclosure (3048010) Important Information Disclosure May require restart Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, Microsoft .NET Framework 4.5, Microsoft .NET Framework 4.5.1, and Microsoft .NET Framework 4.5.2 on affected releases of Microsoft Windows.
MS15-042 Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234) Important Denial of Service Requires restart Microsoft Windows 8.1 and Windows Server 2012 R2.
Summaries for new bulletin(s) may be found at https://technet.microsoft.com/library/security/ms15-apr.
The Malicious Software Removal Tool and Non-Security Updates
  • Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Information on the Microsoft Windows Malicious Software Removal Tool is available at https://support.microsoft.com/kb/890830.
  • High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at https://support.microsoft.com/kb/894199.
Rereleased Security Bulletin
Microsoft rereleased one security bulletin on April 14, 2015. Here is an overview of this rereleased security bulletin:
MS14-080 Cumulative Security Update for Internet Explorer (3008923)
Executive Summary and Recommended Actions To comprehensively address issues with the 3008923 security update, customers running Internet Explorer 11 on either Windows 7 or Windows Server 2008 R2 should also install the 3038314 security update released on April 14, 2015. For more information, see MS15-032.
More Information https://technet.microsoft.com/library/security/MS14-080
New Security Advisory
Microsoft published one new security advisory on April 14, 2015. Here is an overview of this new security advisory:
Security Advisory 3045755 Update to Improve PKU2U Authentication
Executive Summary Microsoft on April 14, 2015, is announcing the availability of a defense-in-depth update that improves the authentication used by the Public Key Cryptography User-to-User (PKU2U) security support provider (SSP) in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The improvement is part of ongoing efforts to bolster the effectiveness of security controls in Windows.
Available Updates Microsoft released an update (3045755) for all supported editions of Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update is available on the Download Center as well as the Microsoft Update Catalog for all affected software. It is also offered via automatic updating and through the Microsoft Update service. For more information, see Microsoft Knowledge Base Article 3045755.

Synopsis of functionality added by the update:
The update improves certain authentication scenarios for PKU2U. After applying this defense-in-depth update, PKU2U will no longer authenticate to a Windows Live ID (WLID) if an initial authentication attempt fails.
More Information https://technet.microsoft.com/library/security/3045755
Rereleased Security Advisory
Microsoft rereleased one security advisory on April 14, 2015. Here is an overview of this rereleased security advisory:
Security Advisory 3009008 Vulnerability in SSL 3.0 Could Allow Information Disclosure
What Has Changed? Microsoft is announcing that with the release of security update 3038314 on April 14, 2015, SSL 3.0 is disabled by default in Internet Explorer 11. Microsoft is also announcing that SSL 3.0 will be disabled across Microsoft online services over the coming months.
Recommended Actions Microsoft recommends that customers migrate clients and services to more secure security protocols, such as TLS 1.0, TLS 1.1 or TLS 1.2.

See the “Suggested Actions” section of the advisory for workarounds to disable SSL 3.0. Microsoft recommends customers use these workarounds to test their clients and services for the usage of SSL 3.0 and start migrating accordingly.
More Information https://technet.microsoft.com/library/security/3009008
New Security Bulletin Technical Details
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle website at http://support.microsoft.com/lifecycle/.
Bulletin Identifier Microsoft Security Bulletin MS15-032
Bulletin Title Cumulative Security Update for Internet Explorer (3038314)
Executive Summary This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory and by helping to ensure that affected versions of Internet Explorer properly implement the ASLR security feature.
Severity Ratings and Affected Software This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on affected Windows clients, and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on affected Windows servers.
Attack Vectors Memory Corruption Vulnerabilities:

An attacker could host a specially crafted website that is designed to exploit these vulnerabilities through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit these vulnerabilities. An attacker would have to convince users to take action, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker’s website, or by getting them to open an attachment sent through email.
CVE-2015-1661:
An attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.
Mitigating Factors Microsoft has not identified any mitigations for these vulnerabilities.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update MS15-018
Full Details https://technet.microsoft.com/library/security/MS15-032

Bulletin Identifier Microsoft Security Bulletin MS15-033
Bulletin Title Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)
Executive Summary This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.

The security update addresses the vulnerabilities by correcting how Microsoft Office parses specially crafted files, by correcting how Office handles files in memory, and by helping to ensure that SharePoint Server properly sanitizes user input.
Severity Ratings and Affected Software This security update is rated Critical for all supported editions of the following software:

  • Microsoft Word 2007, Microsoft Office 2010, Microsoft Word 2010
  • Microsoft Word Viewer, Microsoft Office Compatibility Pack
  • Word Automation Services on Microsoft SharePoint Server 2010
  • Microsoft Office Web Apps Server 2010
This security update is rated Important for all supported editions of the following software:
  • Microsoft Word 2013
  • Microsoft Office for Mac 2011, Microsoft Word for Mac 2011, Outlook for Mac for Office 365
  • Word Automation Services on Microsoft SharePoint Server 2013
  • Microsoft Office Web Apps Server 2013
Attack Vectors CVE-2015-1641, CVE-2015-1649, CVE-2015-1650, and CVE-2015-1651:

Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending a specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities.
CVE-2015-1639:
Exploitation of this vulnerability requires that a user views specially crafted content, which then could run a script in the context of the user. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains specially crafted content that is designed to exploit the vulnerability. An attacker would have to convince users to visit an affected website, typically by getting them to click a link in an instant messenger or email message, and then convince them to open the specially crafted file.
Mitigating Factors Microsoft has not identified any mitigating factors for these vulnerabilities.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update MS14-081 and MS15-022
Full Details https://technet.microsoft.com/library/security/MS15-033

Bulletin Identifier Microsoft Security Bulletin MS15-034
Bulletin Title Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
Executive Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system.

The security update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.
Severity Ratings and Affected Software This security update is rated Critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2.
Attack Vectors To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system.
Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update None
Full Details https://technet.microsoft.com/library/security/MS15-034

Bulletin Identifier Microsoft Security Bulletin MS15-035
Bulletin Title Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306)
Executive Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or browse to a working directory that contains a specially crafted Enhanced Metafile (EMF) image file. In all cases, however, an attacker would have no way to force users to take such actions; an attacker would have to convince users to do so, typically by way of enticements in email or instant messages.

The security update addresses the vulnerability by correcting how Microsoft Windows processes EMF files.
Severity Ratings and Affected Software This security update is rated Critical for all supported editions of Microsoft Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Attack Vectors In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince users to view the website. This could also include compromised websites or websites that accept or host user-provided content or banner advertisements; such websites could contain specially crafted content that is designed to exploit the vulnerability. An attacker would have to convince users to visit an affected website, typically by getting them to click a link in an email or instant message request.

In an email attack scenario, an attacker could exploit the vulnerability by sending Outlook users a specially crafted email, or sending them a specially crafted Office document as an attachment, and convincing the user to read the message or open the file.
An attacker could also exploit this vulnerability by hosting a malicious image file on a network share and convincing users to navigate to the folder in Windows Explorer.
Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update None
Full Details https://technet.microsoft.com/library/security/MS15-035

Bulletin Identifier Microsoft Security Bulletin MS15-036
Bulletin Title Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044)
Executive Summary This security update resolves vulnerabilities in Microsoft Office server and productivity software. The vulnerabilities could allow elevation of privilege if an attacker sends a specially crafted request to an affected SharePoint server. An attacker who successfully exploited the vulnerabilities could read content that the attacker is not authorized to read, use the victim’s identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the victim’s browser.

The security update addresses the vulnerabilities by helping to ensure that Microsoft SharePoint Server properly sanitizes user input.
Severity Ratings and Affected Software This security update is rated Important for supported editions of Microsoft SharePoint Server 2010, Microsoft SharePoint Server 2013, and Microsoft SharePoint Foundation 2013.
Attack Vectors An authenticated attacker could exploit these vulnerabilities by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited these vulnerabilities could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim’s identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the victim’s browser.
Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update MS14-022 and MS15-022.
Full Details https://technet.microsoft.com/library/security/MS15-036

Bulletin Identifier Microsoft Security Bulletin MS15-037
Bulletin Title Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269)
Executive Summary This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could leverage a known invalid task to cause Task Scheduler to run a specially crafted application in the context of the System account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The security update addresses the vulnerability by ensuring that the known invalid Windows Defender task is either not present on or removed from affected systems.
Severity Ratings and Affected Software This security update is rated Important for all supported editions of Microsoft Windows 7 and Windows Server 2008 R2.
Attack Vectors To exploit the vulnerability, an attacker would first have to log on to the target system and determine whether or not the known invalid task was present on the system. If present, the attacker could then engineer the task to execute a specially crafted application in the context of the System account.
Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement This update does not require a restart.
Bulletins Replaced by This Update None
Full Details https://technet.microsoft.com/library/security/MS15-037
Bulletin Identifier Microsoft Security Bulletin MS15-038
Bulletin Title Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576)
Executive Summary This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An authenticated attacker who successfully exploited these vulnerabilities could acquire administrator credentials.

The security update addresses the vulnerability by correcting how Microsoft Windows validates impersonation events.
Severity Ratings and Affected Software This security update is rated Important for all supported releases of Microsoft Windows.
Attack Vectors To exploit these vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to increase privileges.
Mitigating Factors Microsoft has not identified any mitigating factors for these vulnerabilities.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update MS15-025 and MS15-031.
Full Details https://technet.microsoft.com/library/security/MS15-038

Bulletin Identifier Microsoft Security Bulletin MS15-039
Bulletin Title Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482)
Executive Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a user opens a specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft XML Core services enforces the same-origin policy in a document type declaration (DTD) scenario.
Severity Ratings and Affected Software This security update for Microsoft XML Core Services 3.0 is rated Important for all supported editions of Microsoft Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Attack Vectors In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and by convincing the user to open the file. In a web-based attack scenario, an attacker could host a website that contains a file that is used to attempt to exploit the vulnerability. An attacker would have to convince users to open the file, typically by way of an enticement in an email or instant message.
Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update MS14-067
Full Details https://technet.microsoft.com/library/security/MS15-039

Bulletin Identifier Microsoft Security Bulletin MS15-040
Bulletin Title Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711)
Executive Summary This security update resolves a vulnerability in Active Directory Federation Services (AD FS). The vulnerability could allow information disclosure if a user leaves their browser open after logging off from an application and an attacker reopens the application in the browser immediately after the user has logged off.

The security update addresses the vulnerability by ensuring that the logoff process properly logs off the user.
Severity Ratings and Affected Software This security update is rated Important for AD FS 3.0 when installed on x64-based editions of Microsoft Windows Server 2012 R2.
Attack Vectors An attacker who successfully exploited this vulnerability could gain access to a user’s information by reopening an application from which the user has logged off. Since the logoff actually fails an attacker is not prompted to enter a username or password. An attacker could then use this vulnerability to discover information to which an AD FS user has access.
Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update None
Full Details https://technet.microsoft.com/library/security/MS15-040

Bulletin Identifier Microsoft Security Bulletin MS15-041
Bulletin Title Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)
Executive Summary This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if an attacker sends a specially crafted web request to an affected server that has custom error messages disabled. An attacker who successfully exploited the vulnerability would be able to view parts of a web configuration file, which could expose sensitive information.

The security update addresses the vulnerability by removing file content details from the error messages that were facilitating the information disclosure.
Severity Ratings and Affected Software This security update is rated Important for Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, Microsoft .NET Framework 4.5, Microsoft .NET Framework 4.5.1, and Microsoft .NET Framework 4.5.2 on affected releases of Microsoft Windows.
Attack Vectors To exploit this vulnerability, an attacker could a send a specially crafted web request to an affected server with the intention of eliciting an error message that could disclose information pertaining to the source line that originated the exception. Ultimately, this could disclose information that was not intended to be accessible.
Mitigating Factors Only IIS servers that serve verbose error messages are affected; production servers are unlikely to be affected.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update MS14-009
Full Details https://technet.microsoft.com/library/security/MS15-041

Bulletin Identifier Microsoft Security Bulletin MS15-042
Bulletin Title Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234)
Executive Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an authenticated attacker runs a specially crafted application in a virtual machine (VM) session. Note that the denial of service does not allow an attacker to execute code or elevate user rights on other VMs running on the Hyper-V host; however, it could cause other VMs on the host to not be manageable in Virtual Machine Manager.

The security update addresses the vulnerability by correcting how Virtual Machine Manager validates user input.
Severity Ratings and Affected Software This security update is rated Important for Microsoft Windows 8.1 for x64-based Systems and Windows Server 2012 R2.
Attack Vectors An authenticated attacker runs a specially crafted application in a virtual machine (VM) session.
Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update None
Full Details https://technet.microsoft.com/library/security/MS15-042

PatchDay- September 2014 Microsoft Security Bulletin Release

New Security Bulletins

Microsoft is releasing the following four new security bulletins for newly discovered vulnerabilities:

Bulletin ID Bulletin Title Max Severity Rating Vulnerability Impact Restart Requirement Affected Software
MS14-052 Cumulative Security Update for Internet Explorer (2977629) Critical Remote Code Execution Requires restart Internet Explorer on all supported editions of Microsoft Windows.
MS14-053 Vulnerability in .NET Framework Could Allow Denial of Service (2990931) Important Denial of Service May require restart Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, and Microsoft .NET Framework 4.5/4.5.1/4.5.2 on affected releases of Microsoft Windows.
MS14-054 Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948) Important Elevation of Privilege Requires restart Microsoft Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.
MS14-055 Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928) Important Denial of Service Does not requires restart Microsoft Lync Server 2010 and Microsoft Lync Server 2013.

Summaries for new bulletin(s) may be found at https://technet.microsoft.com/library/security/ms14-sep.

 

Seit diesem August Patchday benötigen Systeme, die über WSUS oder Windows Update / Microsoft Update mit Security und non-Security Hotfixes bestückt werden, zwingend das sogenannte Spring Update KB 2919355. Ansonsten werden die neuen Hotfixes der folgenden Bulletins und künftige nicht angeboten werden.

MS14-052 ist maximal mit critical bewertet und beschreibt das diesmonatige Cumulative Security Update for Internet Explorer (2977629).

Betroffen ist der Internet Explorer auf allen supporteten Windows Client und Server Plattformen. Maximal sind Remote Code Executions beschrieben, die durch Besuch einer böswilligen Website ausgenutzt werden können, um Code im Kontext des angemeldeten Benutzers auszuführen.

Weiterhin werden mit diesem Cumulative Update veraltete Active-X-Controls deaktiviert, namentlich verwundbare Java-Controls:

  • J2SE 4, everything below (but not including) update 43
  • J2SE 5.0, everything below (but not including) update 71
  • Java SE 6, everything below (but not including) update 81
  • Java SE 7, everything below (but not including) update 65
  • Java SE 8, everything below (but not including) update 11

Aus der letztmonatigen Patchday-Information zum Thema Deaktivierung veralteter Active-X-Controls: Das Cumulative Update bringt auch einen neuen Mechanismus mit, der künftig (erstmals am 9. September 2014) verwendet werden wird, um veraltete Active-X Controls zu blockieren. Aufgrund des Presse-, Kunden- und internen Echos wurde der Aktivierungstermin des Blockierungsmechanismus‘ um 30 Tage [auf den September Patchday] verschoben. Im September werden veraltete Oracle Java Plugins deaktiviert, wie Firefox und Chrome es bereits heute tun. Wie beschrieben im IE Blog unter http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx werden nach der Aktivierung des Mechanismus in allen IE Zonen außer Local Intranet Zone und Trusted Sites Zone die im Blog benannten Controls gesperrt, die in der XML Datei http://go.microsoft.com/fwlink/?LinkId=403864 -> https://iecvlist.microsoft.com/ie11blocklist/1401746408/versionlist.xml gelistet sind. Im Blog ist ebenfalls beschrieben, wie die Behandlung von veralteten Active-X Controls per GPO konfiguriert werden kann (auch z.B. für ein Logging only). Außerdem ist beschrieben, wie die Einstellungen alternativ per Registry Key durchgeführt werden können. Weiterführende Informationen finden Sie in der technischen Dokumentation unter http://technet.microsoft.com/en-us/ie/dn798785.aspx.

MS14-053 ist maximal mit important bewertet und beschreibt die Vulnerability in .NET Framework Could Allow Denial of Service (2990931).

Betroffen sind alle supporteten Versionen von .NET Framework außer .NET 3.5 SP1.

Um verwundbar zu sein, muß ASP.NET manuell installiert und aktiviert und eine .NET verwendende Website im IIS registriert sein.

Dabei werden Hash-Kollisionen (identische Hash-Werte bei unterschiedlichen Konstellationen) ausgenutzt.

Mit wenigen böswilligen Anfragen kann hier die Performance so stark herabgesetzt werden, um eine Denial of Servie Situation herbeizuführen.

Hinweis für Entwickler ab .NET Framework 4.5: Aktivieren Sie die Applikations-Runtime-Einstellung UseRandomizedStringHashAlgorithm um Hash-Kollisionen auf einer per-Application-Domain Basis zu vermeiden. Mehr Informationen hierzu finden Sie unter http://msdn.microsoft.com/en-us/library/jj152924(v=vs.110).aspx.

MS14-054 ist mit important bewertet und beschreibt die Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948).

Betroffen sind Windows Client 8 und 8.1 (inklusive RT und 8.1 RT) sowie Windows Server 2012 und 2012 R2 (inklusive Server Core).

Durch die fehlerhafte Implementierung von Integritätsprüfungen kann ein Angreifer mittels böswilliger Task Schedulder Tasks Code im Kontext von Local System ausführen und damit ein System potentiell übernehmen.

MS14-055 ist mit important bewertet und beschreibt die Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928).

Betroffen sind Lync Server 2010 und 2013.

Zwei der Schwachstellen sind unter Kenntnis einer validen SIP-Adresse oder einer Lync-Einladung geeignet für einen Denial of Service Angriff.

Eine Schachstelle stellt eine reflected Cross Site Scripting (XSS) Information Disclosure Schwachstelle dar. Hier kann ein Angreifer mittels böswilliger Websites Scripts im Kontext des besuchenden Users von Web Sessions ausführen.

Vor Installation des Security Hotfixes ist jeweils das neueste Cumulative Update (CU) von Lync Server als Voraussetzung erforderlich.

Ergänzender Nachtrag zu MS14-045 vom AugustVulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615):

Der Security Hotfix 2982791 wurde seinerzeit wegen ungewollten Bluescreens (BSoD) durch 2993651 ersetzt.

Im zugehörigen KB-Artikel http://support.microsoft.com/kb/2993651/en-us wurde bei Known Issue 2 “dringend empfohlen”, vor dem neuen Security Hotfix den alten zu deinstallieren. Diese Dringlichkeit ist etwas dramatisch formuliert. Primär geht es hier um “Housekeeping” – Aufräumen von Registry-Informationen zu installierten Hotfixes. Technisch ist zur Wirksamkeit des Security Hotfixes und zur Vermeidung der BSoD Probleme die Deinstallation des alt-Security-Hotfixes nicht zwingend nötig.

Im MBSA wird der alte Fix zwar als überholt (superseded) angezeigt, aber gleichzeitig der neue Security Hotfix als korrekt erkannt.

Das Security Advisory (2905247) Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege wurde re-released (http://technet.microsoft.com/en-us/library/2905247):

Die Updates, bislang nur über das Download Center / Windows Update Catalog bereitgestellt wurden, stehen jetzt auch zur automatischen Installation per Windows Update zur Verfügung.

Das Security Advisory zu Pass-The-Hash (PTH), Update to Improve Credentials Protection and Management (2871997) http://technet.microsoft.com/en-us/library/2871997 wurde aktualisiert: Die Sicherheitsmechanismen aus Windows 8.1 und Server 2012 R2 wurden auf Windows 7 SP1 und Server 2008 R2 SP1 übernommen (backported):

 

 

Bereits veröffentlicht – die Liste wichtiger Updates über MU, WU und WSUS:

Die Informationen dazu finden Sie in Artikel http://support.microsoft.com/kb/894199/en-us

Dieser Artikel beschreibt zusätzlich zu den Security Hotfixes auch die nicht-Security relevanten Hotfixes.

Diese wichtigen Updates sind bis auf die unten genannten Ausnahmen bereits heute mit ihren KB-Artikeln aufgelistet.

Microsoft (USA), Trustworthy Computing, wird Mittwoch abend einen Webcast durchführen, um Kundenfragen zu diesem Bulletin zu beantworten.

Link zum Webcast (neu): http://technet.microsoft.com/de-de/security/dn756352 –> verweist auf:

[ggf. vorher testen] Trustworthy Computing Ustream channel

http://www.ustream.tv/channel/trustworthy-computing

Zum Termin: 10.9.2014, 11 Uhr Pacific Time (20 Uhr MESZ)

Weiterhin gibt es jeweils an diesem Mittwochmorgen um 11 Uhr (MESZ) eine Telefonkonferenz für Europa, an der Sie auch teilnehmen und Fragen stellen können.

Hierfür wählen Sie sich bei Bedarf bitte ein unter:

Telefon 089 – 3176 – 3500 (andere Einwahlnummern: https://join.microsoft.com/dialin)

Nötig für die Einwahl: Conference ID 9855950

Zugang über den Lync-Client: https://join.microsoft.com/meet/henkvanr/JWYMKCY0

Zugang über den Lync-Web-Client: https://join.microsoft.com/meet/henkvanr/JWYMKCY0?sl=1

(Der Web-Client unterstützt auch Mac-OS.)

Die ausführliche Version der Ankündigung neuer Security Bulletins für diesen Monat, finden Sie unter:

englisch: http://technet.microsoft.com/en-us/security/bulletin/ms14-sep

deutsch: http://technet.microsoft.com/de-de/security/bulletin/ms14-sep (derzeit wird dort lediglich auf die englischsprachige Version verwiesen) und unten in dieser Mail.

Die Archiv-Zusammenfassung inklusive Suchmöglichkeit (ab 06.1998) finden Sie über https://technet.microsoft.com/security/bulletin.

MBSA

Der MBSA 2.3 ist beschrieben in http://technet.microsoft.com/en-us/security/cc184924.aspx.

Windows RT wird lediglich durch Windows Update / Microsoft Update unterstützt.

Direkter Download des MBSA 2.3: via http://www.microsoft.com/download/details.aspx?id=7558

Security Bulletin Severity Rating System

Bei Fragen zur Einstufung von Security Hotfixes in critical, Important, moderate, low siehe

http://technet.microsoft.com/en-us/security/gg309177.aspx

Microsoft Ausnutzbarkeitsindex (Microsoft Exploitability Index):

Verwenden Sie diese Tabelle, um etwas über die Wahrscheinlichkeit zu erfahren, daß für die einzelnen Sicherheitsupdates, die Sie möglicherweise installieren müssen, funktionierender Angreifercode veröffentlicht wird. Sie sollten sich unter Berücksichtigung Ihrer konkreten Konfiguration jede der untenstehenden Bewertungen ansehen, um Prioritäten für Ihre Bereitstellung festzulegen.

Seit Oktober 2008 stellt Microsoft diese Tabelle für jedes Security Bulletin auf der jeweiligen Webseite zur Verfügung.

Weitere Informationen zur Bedeutung und Festlegung dieser Bewertungen finden Sie hier:

http://technet.microsoft.com/en-us/security/cc998259.aspx.

 

 

 

Sysinternals – DIE Tools im Windows Umfeld

Windows Sysinternals

Die Sysinternals-Website wurde 1996 von Mark Russinovich und Bryce Cogswell erstellt, um Dienstprogramme für Windows und technische Informationen zu hosten. Microsoft erwarb Sysinternals im Juli 2006. Ob IT-Professional oder Entwickler – bei Sysinternals finden Sie Tools, die Ihnen die Verwaltung, Problembehebung und Diagnose bei Windows-Systemen und -Anwendungen erleichtern. Hier gehts zum Sysinternals-Forum.

 

Quelle: http://technet.microsoft.com/de-de/sysinternals

Microsoft Virtual Academy – Kostenlose Microsoft-Schulungen durch Experten

Sie suchen aktuelle Schuldungen zu Microsoft Umgebungen und Lösungen ?

Willkommen bei der http://www.microsoftvirtualacademy.com

 

Neue Schulung begonnen :

Windows Performance Jump Start -> Hier gehts zur Schulung

Message Analyzer kann mehr als Wireshark — etl Netzwerktraces lesen.

Standardmäßig kann Wireshark keine etl Netzwerktraces lesen. Ein Export etl nach cap mittels  NetworkMonitor ist nicht möglich. Mit dem neuen Message Analyzer sieht das anders aus.

–> http://blogs.technet.com/b/yongrhee/archive/2013/08/16/so-you-want-to-use-wireshark-to-read-the-netsh-trace-output-etl.aspx

Microsoft – alle „Top Solutions“ aus den Technet Foren und anderen Blogs

Hallo,

Microsoft hat einen neuen Blog eingeführt, in dem alle „Top Solutions“ aus den Technet Foren und anderen Blogs zusammengetragen werden.

Soweit eigentlich recht interessant, ist sicherlich einen Favoriteneintrag wert.

http://blogs.technet.com/b/topsupportsolutions/

Gruß
Stefan