Archive

Archive for April, 2014

Update for Vulnerabilities in Adobe Flash Player in Internet Explorer – Version: 23.1

Revision Note: V23.1 (April 30, 2014): Revised advisory to clarify that the 2961887 update is not cumulative and requires that the 2942844 update be installed for affected systems to be offered the update.
Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11.

Categories: Uncategorized Tags:

Vulnerability in Internet Explorer Could Allow Remote Code Execution – Version: 1.1

Severity Rating:
Revision Note: V1.1 (April 29, 2014): Updated advisory to clarify workarounds to help prevent exploitation of the vulnerability described in this advisory. See Advisory FAQ for details.
Summary: Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.

Categories: Uncategorized Tags:

Guidance for Internet Explorer vulnerability

April 29th, 2014 No comments

On April 26, 2014, Microsoft notified customers of a vulnerability in Internet Explorer. To date, we are aware of limited, targeted attacks and are working on a fix.

UPDATE: Microsoft released a security update for this vulnerability on May 1. For more information, see Available now: Security update for Internet Explorer.

We encourage you to take steps that protect your PC such as enabling a firewall, applying all software updates, and installing antivirus and antispyware software.

In addition:

1. Exercise caution when visiting untrusted websites. Avoid clicking suspicious links or opening email messages from unfamiliar senders, which could send you to a malicious website that delivers malware to your computer.

2. Turn on “Enhanced Protected Mode” in Internet Explorer 10 and 11. Some versions of Internet Explorer have this setting on by default. To turn on Enhanced Protected Mode:

a. Click Tools in the Internet Explorer task bar and then Internet Options.

b. Click on the Advanced tab and then check the box next to Enhanced Protected Mode.

3. Download and install EMET 4.1, a Microsoft security tool, for an additional layer of protection.

As criminals become more sophisticated, it is important to keep current with software that has the latest security protections built in. Modern browsers and operating systems have greater security features than older operating systems.

Note: Microsoft no longer provides security updates for the Windows XP operating system and encourages upgrading to a modern operating system like Windows 8.

To learn more, visit How to boost your malware defense and protect your PC.

Windows Server 2012 R2/IIS8.5 – Automatic Rebind of Renewed Certificates

April 28th, 2014 No comments

Hello All, This is Wes Hammond with Premier Field Engineering back with follow up to a previous blog about automatic renewal of web site certificates.  The original blog can be found in the references below.

IIS 8.5 in Windows Server 2012 R2 includes a new option that allows certificates renewed via Auto Enrollment to rebind to a Web Site.

Step By Step Instructions:

1. Open IIS Manager and click on the server node. (the setting is a server only setting) 

2. Double click on Server Certificates

  

 

3. On the right navigation pane click on “Enable Automatic Rebind of Renewed Certificate” 

 

 

 

Technical References/Related Articles:

Renew Web Server (SSL) Certificates automatically
http://blogs.technet.com/b/pki/archive/2013/08/27/renew-web-server-ssl-certificates-automatically.aspx

Certificate Rebind in IIS 8.5
http://www.iis.net/learn/get-started/whats-new-in-iis-85/certificate-rebind-in-iis85

CA manager approval required for certificate re-enrollment
http://blogs.technet.com/b/pki/archive/2011/03/08/ca-manager-approval-required-for-certificate-re-enrollment.aspx

 


Categories: Uncategorized Tags:

Windows Server 2012 R2/IIS8.5 – Automatic Rebind of Renewed Certificates

April 28th, 2014 No comments

Hello All, This is Wes Hammond with Premier Field Engineering back with follow up to a previous blog about automatic renewal of web site certificates.  The original blog can be found in the references below.

IIS 8.5 in Windows Server 2012 R2 includes a new option that allows certificates renewed via Auto Enrollment to rebind to a Web Site.

Step By Step Instructions:

1. Open IIS Manager and click on the server node. (the setting is a server only setting) 

2. Double click on Server Certificates

  

 

3. On the right navigation pane click on “Enable Automatic Rebind of Renewed Certificate” 

 

 

 

Technical References/Related Articles:

Renew Web Server (SSL) Certificates automatically
http://blogs.technet.com/b/pki/archive/2013/08/27/renew-web-server-ssl-certificates-automatically.aspx

Certificate Rebind in IIS 8.5
http://www.iis.net/learn/get-started/whats-new-in-iis-85/certificate-rebind-in-iis85

CA manager approval required for certificate re-enrollment
http://blogs.technet.com/b/pki/archive/2011/03/08/ca-manager-approval-required-for-certificate-re-enrollment.aspx

 


Categories: Uncategorized Tags:

Windows Server 2012 R2/IIS8.5 – Automatic Rebind of Renewed Certificates

April 28th, 2014 No comments

Hello All, This is Wes Hammond with Premier Field Engineering back with follow up to a previous blog about automatic renewal of web site certificates.  The original blog can be found in the references below.

IIS 8.5 in Windows Server 2012 R2 includes a new option that allows certificates renewed via Auto Enrollment to rebind to a Web Site.

Step By Step Instructions:

1. Open IIS Manager and click on the server node. (the setting is a server only setting) 

2. Double click on Server Certificates

  

 

3. On the right navigation pane click on “Enable Automatic Rebind of Renewed Certificate” 

 

 

 

Technical References/Related Articles:

Renew Web Server (SSL) Certificates automatically
http://blogs.technet.com/b/pki/archive/2013/08/27/renew-web-server-ssl-certificates-automatically.aspx

Certificate Rebind in IIS 8.5
http://www.iis.net/learn/get-started/whats-new-in-iis-85/certificate-rebind-in-iis85

CA manager approval required for certificate re-enrollment
http://blogs.technet.com/b/pki/archive/2011/03/08/ca-manager-approval-required-for-certificate-re-enrollment.aspx

 


Categories: Uncategorized Tags:

Update for Vulnerabilities in Adobe Flash Player in Internet Explorer – Version: 23.0

Severity Rating:
Revision Note: V23.0 (April 28, 2014): Added the 2961887 update to the Current Update section.
Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11.

Categories: Uncategorized Tags:

Microsoft releases Security Advisory 2963983

April 27th, 2014 No comments

Today, we released Security Advisory 2963983 regarding an issue that impacts Internet Explorer. At this time, we are only aware of limited, targeted attacks. This issue allows remote code execution if users visit a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.

Our initial investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in Internet Explorer 10 and Internet Explorer 11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, will help protect against this potential risk. We also encourage you to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additionally, we encourage everyone to exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders. Additional information can be found at www.microsoft.com/protect.

We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect customers.

Thank you,

Dustin Childs
Group Manager, Response Communications
Trustworthy Computing

Vulnerability in Internet Explorer Could Allow Remote Code Execution – Version: 1.0

Severity Rating:
Revision Note: V1.0 (April 26, 2014): Advisory published.
Summary: Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 10. Only Internet Explorer 9 and Internet Explorer 10 are affected by this vulnerability. Other supported versions of Internet Explorer are not affected. Applying the Microsoft Fix it solution, “MSHTML Shim Workaround,” prevents the exploitation of this issue. See the Suggested Actions section of this advisory for more information.

Categories: Uncategorized Tags:

Get the latest version of Internet Explorer

April 24th, 2014 No comments

Microsoft released an updated version of Internet Explorer this month, and it’s available as a free download on Windows 8.1, Windows 7, and Windows Phone 8.1. To increase your security and privacy, it’s important that you use the latest version of any software, but especially your web browser. This new version of Internet Explorer also includes new features that make it easier to browse the web on a variety of devices.

Learn more at the Internet Explorer blog.

If you have automatic updating turned on, you already have the latest version of Internet Explorer.

Learn how to get updates like this one, as well as security updates for all your Microsoft software automatically.

Get the latest version of Internet Explorer

April 24th, 2014 No comments

Microsoft released an updated version of Internet Explorer this month, and it’s available as a free download on Windows 8.1, Windows 7, and Windows Phone 8.1. To increase your security and privacy, it’s important that you use the latest version of any software, but especially your web browser. This new version of Internet Explorer also includes new features that make it easier to browse the web on a variety of devices.

Learn more at the Internet Explorer blog.

If you have automatic updating turned on, you already have the latest version of Internet Explorer.

Learn how to get updates like this one, as well as security updates for all your Microsoft software automatically.

Categories: Internet Explorer, Windows Phone Tags:

HOW TO: Recycle your old computers and devices for Earth Day

April 22nd, 2014 No comments

Today is Earth Day. Show your love for the globe by getting rid of your old technology in the most environmentally friendly way possible.

Step 1: Back up files or data you want to keep

Use the backup utilities that are built into Windows XP, Windows Vista, and Windows 7 to transfer files from your old computer to your new one.

If you’re getting rid of a computer that is running Windows 8, use File History.

Step 2: Remove personal information from your computer or device

If you use a Microsoft Certified Refurbisher, they will help you remove your data and help you donate your equipment to people in need around the world.

If you decide to remove the personal information yourself, wipe your hard drive by using specialized software that is designed to government standards and will overwrite your information (Active@ KillDisk and Softpedia DP Wiper are free downloads). 

Step 3: Find a reputable recycler

If you’ve already used a Microsoft Certified Refurbisher, they can help you find the right place for your old computers and devices. If you’re doing it yourself, you can find a list of Microsoft-sponsored recycling opportunities in your area.

Many places will offer rewards for your recycled technology. If you’re getting rid of old Xbox or Playstation games, you might be able to exchange them for a gift card to buy new games.

For more information, see How to more safely dispose of computers and other devices. If you just want to upgrade your operating system, find out if your current computer can run Windows 8.1 and you might not even need to get rid of it.

Protection metrics trends – First quarter 2014 results

April 17th, 2014 No comments

​It's been a few months since our last post on our metrics. I wanted to give you an update on families that are declining, new ones that are moving in, and on the way we're calculating our protection metrics to make them more accurate.

Overall, our infection impact (0.29% for January to March) has remained consistently low since December. A few families have declined, but others have moved into their place. Our incorrect detections have stayed under 0.001% and our performance metrics remain fairly consistent.

Declining families

The "Sefnit trio", mentioned in several of our prior blog posts, have declined significantly (although Sefnit itself has picked up in March through exploring new distribution methods). At the peak in October 2013, these families were contributing to nearly one-fifth of the customer infections we saw that month. Now they are down to 7%.

New families

Spacekito and Clikug are recent additions. Spacekito is distributed through a software bundler and claims to be a "browser protector." It exfiltrates data about the system upon which it's installed, serves ads, and aggressively reinstalls itself, so it's difficult for our customers to remove if they don't want it anymore.

Clikug uses your computer for click-fraud, which happens in the background. You may simply notice that your computer is sluggish.

Zbot isn't new, but since late last year it has been aggressively distributed by Upatre (through spam), which is another family that is edging up the ranks in our top 20 list impacting our customers.

Wysotot, which we first mentioned in our Nov results, is also still a top player in terms of customer impact. Wysotot is typically installed on your computer through software bundlers that advertise free software or games.

Protection metrics update

You may notice a few changes on the Evaluating our protection performance and capabilities page: we've updated the way we calculate our infection and incorrect detection impact. In the past, we counted the number of computers that downloaded an update for one of our real-time protection products. Although most of our customers opt in to report threat telemetry to us, some don't.

In the past, our products weren't instrumented to give us accurate counts of people that opted to share their telemetry, and thus the potential population that could report a threat wasn't easy to discern – we had to rely on our update numbers.

In 2013, we shipped a new feature to alleviate this. Essentially, on regular intervals, computers running Microsoft antimalware that have opted to provide this information will send a signal that lets us know they're still protected and helps us count the true number of computers that could report a threat to us.

The feature was deployed to all of our customers starting in July, so our new trends on the Evaluating our protection performance and capabilities page start in Aug 2013. This new denominator provides a much more accurate figure for our infection and incorrect detection impact.

In our upcoming Security Intelligence Report (SIRv16), we'll also be using this same denominator to report the malware encounter rate.

I hope this post provides you with insight into how we're measuring our protection and performance for our customers that choose us for protection. We truly strive to be transparent in how we measure ourselves, and also to provide our customers with an optimal balance of protection and performance.

 

-Holly Stewart
MMPC

Categories: Uncategorized Tags:

MS14-018 – Critical: Cumulative Security Update for Internet Explorer (2950467) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (April 17, 2014): Revised bulletin to help clarify that although Internet Explorer 10 is not affected by the vulnerabilities described in this bulletin, an update is available for Internet Explorer 10 that includes non-security updates. See the Update FAQ for details.
Summary: This security update resolves six privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Categories: Uncategorized Tags:

MS14-018 – Critical: Cumulative Security Update for Internet Explorer – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (April 17, 2014): Revised bulletin to help clarify that although Internet Explorer 10 is not affected by the vulnerabilities described in this bulletin, an update is available for Internet Explorer 10 that includes non-security updates. See the Update FAQ for details.
Summary: This security update resolves six privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Categories: Uncategorized Tags:

Cumulative Security Update for Internet Explorer – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (April 17, 2014): Revised bulletin to help clarify that although Internet Explorer 10 is not affected by the vulnerabilities described in this bulletin, an update is available for Internet Explorer 10 that includes non-security updates. See the Update FAQ for details.
Summary: This security update resolves six privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Categories: Uncategorized Tags:

Microsoft Security Bulletin MS14-018 – Critical: Cumulative Security Update for Internet Explorer (2950467) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (April 17, 2014): Revised bulletin to help clarify that although Internet Explorer 10 is not affected by the vulnerabilities described in this bulletin, an update is available for Internet Explorer 10 that includes non-security updates. See the Update FAQ for details.
Summary: This security update resolves six privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Categories: Uncategorized Tags:

Security improvements in Windows 8

April 15th, 2014 No comments

Support ended for Windows XP last week. That means technical assistance for Windows XP is no longer available.

To stay protected, you can upgrade your current computer or buy a new one. Windows 8.1 Update runs on a wider variety of devices, so you’ll have more to choose from, including budget-friendly laptops and tablets.

Windows 8 security and safety features

Windows Update installs important updates as they become available. Windows 8 turns on automatic updating as part of the initial setup process. Keep in mind that Windows Update won’t add any applications to your computer without asking for your permission. Get more answers to your Windows Update questions.

Help keep your family safer. With Windows 8, you can monitor your children’s Internet use, choose which games or apps they can access, and block or allow access to certain websites. Keep track of your kids online.

Antivirus protection is now included for your PC. Windows Defender, which is built in to Windows 8, replaces Microsoft Security Essentials. It runs in the background and notifies you when you need to take specific action.

Learn about other ways to keep your PC safer from viruses with Windows 8

Buying a new PC? Save $100 when you buy any Surface Pro 2 or select PCs over $599

April 2014 Security Bulletin Webcast and Q&A

April 11th, 2014 No comments

Today we published the April 2013 Security Bulletin Webcast Questions & Answers page. We answered 13 questions in total, with the majority focusing on the update for Internet Explorer (MS14-018) and the Windows 8.1 Update (KB2919355). Two questions that were not answered on air have been included on the Q&A page.

Here is the video replay.

For those of you following the ongoing investigation around the industry-wide issue known as “Heartbleed,” please refer to this post on the Microsoft Security Blog for the status of our investigation.

We invite you to join us for the next scheduled webcast on Wednesday, May 14, 2014, at 11 a.m. PDT (UTC -7), when we will go into detail about the May bulletin release and answer your bulletin deployment questions live on the air.

You can register to attend the webcast at the link below:

Date: Wednesday, May 14, 2014
Time: 11:00 a.m. PDT (UTC -7)
Register:
Attendee Registration

I look forward to seeing you next month.

Thanks,
Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

Heartbleed: What you need to know

April 10th, 2014 No comments

On April 8, 2014, security researchers announced a flaw in the software that is used to protect your information on the web. The vulnerability, known as “Heartbleed,” could potentially allow a cyberattacker to access personal information.

After a thorough investigation, Microsoft determined that Microsoft Account, Microsoft Azure, Office 365, Yammer, and Skype, along with most Microsoft Services, are not impacted by the “Heartbleed” vulnerability. A few services continue to be reviewed and updated with further protections.

We encourage you to be careful what information you provide to websites and help protect the security of your online accounts by using different passwords for different websites, changing your passwords often, and making your passwords as complex as possible.

For more information, see Microsoft Services unaffected by Open SSL “Heartbleed” vulnerability.