Microsoft tackles three zero-day exploits

Topic

New Reply

	PATCH WATCH Microsoft tackles three zero-day exploits
	By Susan Bradley PC security in October is already more trick than treat. Three zero-day exploits came to light — one apparently in use for years. As the so-called “Sandworm” threat shows, Windows vulnerabilities can be used to steal both personal information and state secrets.

---

The full text of this column is posted at windowssecrets.com/patch-watch/microsoft-tackles-three-zero-day-exploits/ (opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

On my system (Win7 64), KB 2949927 was deselected by default. All else was pre-checked as usual.
In the past, deselection has usually indicated problems…
Thoughts?

Reply | Quote

On my system (Win7 64), KB 2949927 was deselected by default. All else was pre-checked as usual.
In the past, deselection has usually indicated problems…
Thoughts?

V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. Microsoft recommends that customers experiencing issues uninstall this update. Microsoft is investigating behavior associated with this update, and will update the advisory when more information becomes available.

https://technet.microsoft.com/en-us/library/security/2949927

My crystal ball wasn’t good enough this time to see issues with this one. Bottom line, don’t install it if it hasn’t yet installed, if it has installed and you see no bad things happening, I would uninstall it just to be safe.

Reply | Quote

In Ms. Bradley’s latest message in Windows Secrets, the opening topic was
” MS14-058 (3000061)
“Two zero-day exploits already in the wild”

At the end of that topic, she wrote:
“What to do: Look for my updates on KB 3000061 (MS14-058) in the Windows Secret Lounge, using the link at the bottom of this article.”

I probably am being incredibly non-observant, but I cannot find her “link at the bottom of this article.”

I would very much appreciate learning where that link is.

R.N. (Roger) Folsom

Reply | Quote

In Ms. Bradley’s latest message in Windows Secrets, the opening topic was
” MS14-058 (3000061)
“Two zero-day exploits already in the wild”

At the end of that topic, she wrote:
“What to do: Look for my updates on KB 3000061 (MS14-058) in the Windows Secret Lounge, using the link at the bottom of this article.”

I probably am being incredibly non-observant, but I cannot find her “link at the bottom of this article.”

I would very much appreciate learning where that link is.

R.N. (Roger) Folsom

The link (to this thread) is in the box “Feedback welcome” after the Patch Watch chart.

Bruce

Reply | Quote

:confused:Fellow members,

Perhaps I missed them, but I was unable to find information on the following recent updates: kb2984976, kb2984981, and kb3001554.

Please comment on the advisability of installing these updates.

Thank you in advance for your opinion on these updates.

Charles

Genius is the ability to renew one’s emotions in daily experience.
Paul Cezanne

Reply | Quote

The link (to this thread) is in the box “Feedback welcome” after the Patch Watch chart.

Bruce

Bruce:

Thanks for the help. I ended up going to
Microsoft Security Bulletin MS14-057 – Critical, at MS14-058
https://technet.microsoft.com/en-us/library/security/ms14-057.aspx

where I was able to see, and copy, the list of Affected Software for my 64-bit Win7sp1 laptop.

R.N. (Roger) Folsom

Reply | Quote

Susan, In this week’s Patch Watch you mention KB 2977292, the SHA2 “advisory,” useful for VPN users. I do use a VPN and installed the “advisory.” OK so far. Then I looked at the linked support article and it was useless. In order to use more than one version of TLS you apparently have to OR DWORD values in the new registry key. After half an hour of searching I can’t find any information on how to do that. Some instructions on ORing DWORD values would have been helpful.

Reply | Quote

2984976 is related to 2984972 and is not even recommended by MS.
2984981 is also RDP, but for server 2008. No sign of it in patch watch.
3001554 is non-security, ignore.

cheers, Paul

Reply | Quote

2984976 is related to 2984972 and is not even recommended by MS.
2984981 is also RDP, but for server 2008. No sign of it in patch watch.
3001554 is non-security, ignore.

cheers, Paul

Paul,

Thanks for your reply.

I was unclear in my first posting. The reason I wrote first is that none of the updates appear in Patch Watch. The first two, KB 2984976 and KB2984981, appear in Windows Update and are listed under “important updates” as being “security updates.” When I checked earlier, there were a few reports of these causing problems.

The third, KB 3001554, also appears in Windows Update and is listed under “important updates” as being a “recommended” update that improves DVD playback. Since I’m not having problems with DVD playback, I thought I’d wait and see if problems develop playing DVDs. Also, there have been problems installing this third update. Your response confirmed my decision to wait a month or so on this one.

If you or other members can shed light on the first two updates, I’d appreciate hearing from you.

Charles

PS
OS Win 7 Pro, 3 GB RAM, Intel Core 2 Duo 2.2 GHz

Reply | Quote

Paul,

Thanks for your reply.

I was unclear in my first posting. The reason I wrote first is that none of the updates appear in Patch Watch. The first two, KB 2984976 and KB2984981, appear in Windows Update and are listed under “important updates” as being “security updates.” When I checked earlier, there were a few reports of these causing problems.

The third, KB 3001554, also appears in Windows Update and is listed under “important updates” as being a “recommended” update that improves DVD playback. Since I’m not having problems with DVD playback, I thought I’d wait and see if problems develop playing DVDs. Also, there have been problems installing this third update. Your response confirmed my decision to wait a month or so on this one.

If you or other members can shed light on the first two updates, I’d appreciate hearing from you.

Charles

PS
OS Win 7 Pro, 3 GB RAM, Intel Core 2 Duo 2.2 GHz

The RDP updates only come into play in a domain and are only relevant in a domain. They really don’t provide any additional security if you are not in a domain and your admin hasn’t taken action. Right now I’m tracking issues with this updates causing issues with Terminal Servers and Remote Desktop Servers. For now hold back.

September 2014 update for DVD playback in Windows 7 SP1:
http://support2.microsoft.com/default.aspx?scid=kb;en-us;3001554
That one snuck in on me due to it’s release way at the fifth week of a month. I haven’t seen any side effects, it’s not mandatory, if you aren’t having issues, I’d say skip it.

Reply | Quote

”The first two, KB 2984976 and KB2984981, appear in Windows Update and are listed under “important updates” as being “security updates.”
Right now I’m tracking issues with this updates causing issues with Terminal Servers and Remote Desktop Servers. For now hold back.

What is the latest on this set of updates? I have 2984981 listed on my Windows 7 machine.

Reply | Quote

In Ms. Bradley’s latest Patch Watch Two zero-day exploits already in the wild section, her advice was “If you don’t open sent Office documents, you can delay installation until I have more information on possible side effects. But if you must work with documents sent to you by others, I would install this update as soon as possible.”
So when I ran Windows Updates — on my 64-bit Win7sp1 laptop — I did not install the following five items, the first four because I do not receive Office documents (I get emails).

I am posting the information about the first four security items below in case that it might be useful for others.
I am posting the fifth item in order get information about a non-security item.

I think it rather odd that Windows Updates wanted me to install Security Updates 1), 2), because to the best of my knowledge my laptop does not allow remote Desktop access, and 1) and 2) are about Remote Desktop Connection and Remote Desktop Protocol.

I investigated the Microsoft link for each of the five items (but I have eliminated some information details here, as indicated by . . . .), so feel free to use the MS link yourself.

1) Security Update for Windows 7 for x64-based Systems (KB2984972)
More information:
http://support.microsoft.com/kb/2984972
Update for RDC 7.1 to support restricted administration logons on Windows 7 and Windows Server 2008 R2
This Remote Desktop Protocol (RDP) 7.1 update ENABLES the Remote Desktop Connection client to perform restricted administration logons. It also ENABLES the Remote Desktop Service that is running on an RD host to perform restricted administration.

2) Security Update for Windows 7 for x64-based Systems (KB2984976)
More information:
http://support.microsoft.com/kb/2984976
RDP 8.0 update for restricted administration on Windows 7 or Windows Server 2008 R2
This Remote Desktop Protocol (RDP) 8.0 update ENABLES the Remote Desktop Connection client to perform restricted administration logons. It also ENABLES the Remote Desktop Service that is running the RDP 8.0 host to perform restricted administration. . . .

3) Security Update for Windows 7 for x64-based Systems (KB3000061)
More information:
http://support.microsoft.com/kb/3000061
Vulnerabilities in kernel-mode driver could allow remote code execution. . . .

4) Security Update for Windows 7 for x64-based Systems (KB3000869)
More information:
http://support.microsoft.com/kb/3000869
Vulnerability in Windows OLE [Object Linking and Embedding] could allow for remote code execution. . . .

Item 5 is not about security.
5) Update for Windows 7 for x64-based Systems (KB3001554)
More information:
http://support.microsoft.com/kb/3001554
Update for DVD playback in Windows 7 SP1
This update helps Microsoft improve customer experiences in DVD playback in Windows Media Player and Windows Media Center in Windows 7 Service Pack 1 (SP1). Check out the Prerequisites before you install this update, and see the “References” section about DVD playback.
Windows 7: If you’re running Windows 7 Home Basic or Windows 7 Starter, you can upgrade to Windows 7 Home Premium, Ultimate, or Enterprise to add full DVD capability or buy and install a compatible DVD movie player app.

My questions about item 5) are:
5.1) What is a DVD playback?
5.2) Shouldn’t Windows Professional (which is what I am using) have been listed in the last item 5) sentence? If not, why not?
(Full disclosure: I have no idea whether my computer is currently equipped to use DVD Playback. I would appreciate learning how to find that information)

R.N. (Roger) Folsom

Reply | Quote

Roger,
DVD playback refers to the CD/DVD player playing CDs and DVDs. If I’m wrong, someone please correct me.

Since I’m not having problems with this, I’m following Susan’s advice and not installing KB 3001554.

Like you I’m running Win 7 Pro, and, also like you, I believe our version of Win 7 should have been mentioned in the sentence. If I should have problems playing DVDs and CDs, I am going to try VLC Media player before I buy another version of Windows 7.

The easiest way, Roger, to find out if you’re equipped to play DVDs is put one in your DVD player and see if it plays. If you enjoy Celtic music, inserting a DVD by Turlough O’Carolan would be an enjoyable way to test this. (O’Carolan was a blind 16th century Irish harpist and composer. His music was immensely popular, and he travelled from home to home in England and Ireland to entertain nobles and landed aristocrats.)

Reply | Quote

Susan,
Will you be notifying us whether the non-security updates for October are good to go here, or in a new post?
Just waiting on your advice.
Thank you,
Willie

Cheers!!
Willie McClure
“We are trying to build a gentler, kinder society, and if we all pitch in just a little bit, we are going to get there.” Alex Trebek

Reply | Quote

Susan,
Will you be notifying us whether the non-security updates for October are good to go here, or in a new post?
Just waiting on your advice.
Thank you,
Willie

The newsletter indicated the next newsletter:

Here’s the list of other October nonsecurity updates. …

– What to do: Wait until the next Patch Watch for my updated report on these nonsecurity patches.

Bruce

Reply | Quote

Win 8.1 Pro x64. For the past few days, Opera 12.17* has been crashing randomly, seemingly on graphics and video, and I’m starting to wonder if some part of last Tuesday’s MS update is the culprit. I installed everything MS offered. Going through what else has been installed since then, and doing some uninstalls, disables and system restores to try to isolate the problem, hasn’t turned up anything that makes sense. Here’s what I’ve installed since the MS update:
– FF33
– Adobe AIR plugin
– O&O Defrag Pro
– Java 8 Update 25 (32/64 bit) – disabled in Opera and other browsers
– Adobe Flash Player 15 update (15.0.189)
– AMD Catalyst Install Mgr w/ MS Visual C++ 2012 Redistributable (x64) 11.0.50727 – uninstalled, crashes cont’d, then reinstalled

The last crash occurred just now on the following page, well after it loaded:
http://gallatinvalleybicycleclub.org/?utm_source=GVBC+Newsletter+10.16.2014&utm_campaign=10.9.14&utm_medium=email

Another example was this afternoon, twice:
http://www.golfchannel.com/news/associated-press/baek-wins-three-way-playoff-hanabank-title/. At that time I had an FP beta installed. After replacing it with the latest public version, the video ran fine twice so I figured that was the problem. But another crash suggests otherwise. It’s been a long time since Opera has been crashing like this, if at all.

So I have to ask: does anyone see anything in the MS update that might be at issue? Thanks,

* Just to head off a reply about Opera versions, 12.17 is Opera’s only currently supported full-function browser. Opera 15+ (now 25) is explicitly a browser in development (e.g., bookmarks were only introduced two or three versions ago).

Reply | Quote

Hi Highstream,

I have been having sporatic crashes on Opera 12.17 for over a year now, since I went to W 8.0.0. Norway doesn’t really care about those of us that really like the old comprehensive browser or legacey community. They have publicly stated that bookmarks is not a priority or a “real concern” for them. I too have an extensive and comprehensive volume of bookmarks. I also like the IRC capability. The download manager was also very well written and head and shoulders above their Chrome based browser.

I need to find alternative Apps to take care of these functions that I care about but change sometimes comes slow for me. As far as browser is concerned, I need to try Firefox because I don’t care for “Chrome/based” browsers for a primary, and I can’t stand IE.

So there you have it, more advanced websites, often are more problematic.
Hope this helps,

Best Regards,

Crysta

--------------------------------------

1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB

SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
Graphics Radeon RX 580, RX 580 ONLY Over Clocked
More perishable

2xMonitors Asus DVI, Sony 55" UHD TV HDMI

1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
1xOS W8.1 Pro, NAS Dependent, Same Sony above.

-----------------

Reply | Quote

Susan,

You stated “If you have Silverlight installed but don’t truly need it, remove it from your system. If you must have Microsoft’s interactive platform — it’s required for watching Netflix movies — check that you have KB 2977218 installed.”

It might be worth mentioning that Silverlight is not required to watch Netflix movies via Windows, so long as you use a browser with HTML5 capability, such as Mozilla or Chrome. HTML5 streaming is more efficient and will perform better than Silverlight format. I recommend not streaming Netflix using IE or it will fall back to using Silverlight.

Scott

Reply | Quote

Susan,

Thank you for your lucid and succinct response. I’m going to follow your advice and hold off on these three updates.

Charles:D

Reply | Quote

Crysta (PhotM), it looks like you’ve taken too big a swipe on this one…

It appears that the very recent Opera crashing problem started because for security reasons 10/15 Opera developers remotely reset SSL3 to off and TLS 1.1 and 1.2 to on with both Opera 25 and 12.xx. The fix, which Opera apparently won’t override and is so far reportedly stopping the crashes, is to reset those two TLS entries to off (TLS 1 on and SSL off are ok). I understand from the Opera write up that other browsers are also doing some fixes/resets.
http://blogs.opera.com/security/
https://forums.opera.com/discussion/…ntil-yesterday (Oct 21 – rseiler)

Reply | Quote

Hi Folks,

Does anybody know when the NEW Patch Watch forum is going to be opened up? I know Susan posted on the fifth week and all, but it has been a rough patch month for many! Thankfully though not for me. Touching MUCH WOOD!! 😀

Best Regards,

Crysta

It is now here!

--------------------------------------

1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB

SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
Graphics Radeon RX 580, RX 580 ONLY Over Clocked
More perishable

2xMonitors Asus DVI, Sony 55" UHD TV HDMI

1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
1xOS W8.1 Pro, NAS Dependent, Same Sony above.

-----------------

Reply | Quote

I agree Crysta. We’re invited on Patch Watch to offer feedback, but the link doesn’t work because there isn’t a thread yet. I can only assume that it has been over-looked.

I’d be particularly interested to know people’s experience with KB3000061 using Windows 7.

Reply | Quote

The link from the latest Patch Watch to this thread for feedback works fine. :confused:

Reply | Quote

It tells me I’m not eligible to access it. I’m logged in as a subscriber to read the whole Patch Watch in the first place.

Besides, this is the thread for the previous Patch Watch (16th October), not the latest one (30th October).

Reply | Quote

I see what you mean. I wasn’t even aware there had been a Patch Watch on 10/30. I get the same error on the feedback link.

Patch Watch is a mess. The “master” chart hasn’t been updated for four months.

It’s much simpler to blindly install everything Microsoft offers.

Bruce

Reply | Quote

Found it !

It is in Patch Watch Oct. 30, 2014:

Sorry, I dont know how to make just the link show but this is where it is.. 🙂

Betsy

Reply | Quote

I see what you mean. I wasn’t even aware there had been a Patch Watch on 10/30. I get the same error on the feedback link.

Patch Watch is a mess. The “master” chart hasn’t been updated for four months.

It’s much simpler to blindly install everything Microsoft offers.

Bruce

Bruce I respectfully disagree. With my level of computer literacy (moderate to good), and although Patch Watch is imperfect and time consuming, I would rather follow Susan’s guidelines than deal with the consequences of problem patches. My thanks to Susan for the continued effort, and for responding to our follow up questions as she is able.

Reply | Quote

I didn’t install KB 2977292; however, I did read about adding registry values and backing up the registry. Backing up the registry turned out to be straight forward, and now I know how to do it.

To add the registry values, I attempted to follow Microsoft’s instructions. Everything worked fine until “In the Value data box, use the following values for the various versions of TLS, and then click OK. No TLS versions appeared and no corresponding “DWORD” values.

How do I find the TLS versions and corresponding “DWORD” values? How do I use them? What is a “DWORD value”?

In step 7, the instructions state, “Any OR’ed combination of these values will enable the corresponding protocols. By default, TLS 1.0 is enabled. If any invalid value is configured, TLS 1.0 will be used.”

What is an “OR’ed combination of these values”? Does one enter these values? If so, where?

Thanks in advance for answering my questions.

Charles :confused:

Reply | Quote

Thanks Betsy, you’re right!

Reply | Quote

As they are both Remote Desktop Connection updates it is unlikely you will ever need them, so don’t install them yet (ever).

cheers, Paul

Reply | Quote

Seems the update disappeared off my system since my posting…so it doesn’t matter so much any more…

Reply | Quote