Microsoft botches still more patches in latest Automatic Update

no,dragon is chrome based,but has nothing to do with google.plus it has security features built in from comodo.

 

Patch Tuesday is coming -- here's what Microsoft is NOT fixing

This week, November 12th to be precise, is that holiday we have come to call Patch Tuesday. It's the day when Microsoft rolls out fixes for bugs, both small and large, in its software, from Windows to Office and more. This month's releases are of particular interest, not because of what the company is fixing, but what it has chosen to leave unpatched.

November's update includes eight patches, three of which have been tagged as 'critical'. Microsoft even promises it "will host a webcast to address customer questions on the security bulletins on November 13, 2013, at 11:00 AM Pacific Time".

However, security researchers at Sophos point out a glaring hole in this month's security push. "The recent zero-day, which allows crooks to attack your computer using booby-trapped TIFF images, has created lot of confusion amongst users and administrators trying to work out which of their computers are at direct risk", states Paul Ducklin. The firm has inquired about a fix for this -- "the answer, I am sorry to have to tell you, is, no", Sophos claims.

Why has this flaw caused confusion? Well, because Microsoft has claimed the problem does not affect Windows XP, Windows 7 and Windows 8, but is a danger to Office versions ranging from 2003 to 2010. What happens when one of those suites is running on an "unaffected" operating system?

Microsoft has attempted to clear this up stating that Windows Server 2008 and Windows Vista are vulnerable regardless of software. Office 2003 and 2007 are a danger regardless of the OS they are running on. Finally, Office 2010 on XP is a problem as well.

As a stop-gap, the company has issued a Fix-it to help out users in the short-term.

http://betanews.com/2013/11/10/patc...n=Feed+-+bn+-+Betanews+Full+Content+Feed+-+BN

 

New IE zero-day attack reported

Summary: Security company FireEye has found a zero-day exploit in Internet Explorer hosted on a breached web site in the United States. EMET may be used to mitigate.



Researchers at network security company Fireeye have identified a zero-day exploit of Internet Explorer on a breached web site.

The specific exploit targets the English versions of Internet Explorer 7 and 8 on Windows XP and IE8 on Windows 7. FireEye says their analysis indicates that the vulnerability behind it affects IE 7, 8, 9 and 10.

FireEye does not say if IE10 on Windows 8 is affected or if they examined IE11.

There are two vulnerabilities involved in the attack: the first is an information disclosure vulnerability which the exploit uses to retrieve the timestamp from the PE headers of msvcrt.dll (part of the Microsoft Visual C++ runtime). The second is an IE out-of-bounds memory access vulnerability, used to achieve code execution.

Many versions of msvcrt.dll are in distribution, so the exploit sends the timestamp back to the attacker's server, which returns an out-of-bounds exploit specific to the user's version.

The exploit contains a "ROP chain" according to FireEye. ROP is Return-Oriented Programming, a technique generally blocked by Address Space Layout Randomization (ASLR), introduced in Windows Vista (a version of Windows unmentioned by FireEye). That the exploit works on Windows XP is no surprise, but for it to work on Windows 7 is more unusual.

The report doesn't say much about the payload, other than that it is large and multi-stage.

FireEye is in working with Microsoft on researching the attack. The report says that the vulnerability can be mitigated using Microsoft's Enhanced Mitigation Experience Toolkit (EMET) 4.0, presumably focusing on msvcrt.dll. Be careful, as you will likely have multiple copies of multiple versions of this DLL on your system.

http://www.zdnet.com/new-ie-zero-day-attack-reported-7000022998/

 

once again thanks for the heads up.

 

Internet Explorer users face drive-by attacks targeting new 0-day bug (Updated)
New exploits targeting IE are in addition to a separate 0day for Office.


Risk Assessment / Security & Hacktivism
Internet Explorer users face drive-by attacks targeting new 0-day bug (Updated)
New exploits targeting IE are in addition to a separate 0day for Office.

by Dan Goodin - Nov 10 2013, 3:09pm EST

Black Hat
Internet Crime

26
Knight Foundation

Researchers have uncovered new, currently unpatched vulnerabilities in multiple versions of Internet Explorer that criminals are actively exploiting to surreptitiously install unusually advanced malware on computers that visit booby-trapped websites.

The vulnerabilities in various configurations of IE versions 7, 8, 9, and 10 running on Windows XP and Windows 7 are separate from the Microsoft Windows and Office graphics flaw that's also under active exploit at the moment. According to researchers at security firm FireEye, the IE-targeted exploits arrive as a classic drive-by attack that's found on at least one breached website located in the US.

The attacks are able to bypass security protections Microsoft engineers have gradually added to later versions of their software. The exploits appear to circumvent the measures, at least in part, by exploiting at least two separate flaws. One flaw allows attackers to access and control computer memory, and another leaks system information needed to capitalize on the first bug.
"The memory access vulnerability is designed to work on Windows XP with IE 7 and 8 and on Windows 7," FireEye researchers Xiaobo Chen and Dan Caselden wrote in a post published Friday. "The exploit targets the English version of Internet Explorer, but we believe the exploit can be easily changed to leverage other languages. Based on our analysis, the vulnerability affects IE 7, 8, 9 and 10."

Early analysis suggests the two vulnerabilities work only against machines running IE 8 on XP and IE 9 running on Windows 7. The research into the attacks is in extremely early stages, so it wouldn't be surprising for the range of vulnerable systems to be wider once more analysis has been done.
An "exceptionally accomplished and elusive" attack

Update: Shortly after Ars published an earlier version of this article on Sunday, FireEye posted a newer analysis of the attack indicating it's part of an unusually sophisticated advanced persistent threat (APT). The attackers embedded the exploit code directly "into a strategically important website, known to draw visitors that are likely interested in national and international security policy," the researchers wrote. The attacks rely on some of the same command and control servers used in a previous APT campaign known as Operation DeputyDog.

Also setting the newly discovered attacks apart from other malware campaigns is the malicious payload that gets installed. Although it's a variant of the previously seen trojan alternately dubbed Hydraq, McRat or Trojan.APT.9002, the new payload runs solely in memory. It doesn't ever write itself to disk, a trait that leaves few to no artifacts for security defenders or forensic investigators to identify infected computers.

"Specifically, the payload is shellcode, which is decoded and directly injected into memory after successful exploitation via a series of steps," the FireEye researchers wrote in the latest post. They went on to write: "By utilizing strategic Web compromises along with in-memory payload delivery tactics and multiple nested methods of obfuscation, this campaign has proven to be exceptionally accomplished and elusive."

As is often the case, the attacks can be blocked by installing the latest version of Microsoft EMET, short for the Enhanced Mitigation Exploitation Toolkit.

===========================
===========================
The Enhanced Mitigation Experience Toolkit
http://support.microsoft.com/kb/2458544
============================
============================

Members of Microsoft's security response team have not yet commented on the report, although they are likely to do so soon. Microsoft representatives contacted by Ars said members of the company's security team are still looking in to the report.

FireEye didn't elaborate on the US-based website that was hosting the drive-by exploit, except to describe it as "breached," meaning the attackers were able to take control of it and cause it to attack people who visited it. Based on the description of the exploit and its ability to bypass defenses Microsoft engineers have built into newer versions of IE and Windows, there's reason to believe the attackers put a fair amount of time and skill into their work. Among other things, the attack code exploits a "new information leakage vulnerability and an IE out-of-bounds memory access vulnerability" so it can force computers to execute malicious code.

"The information leak uses a very interesting vulnerability to retrieve the timestamp from the [program executable] headers of msvcrt.dll," the FireEye researchers explained. "The timestamp is sent back to the attacker's server to choose the exploit with a ROP chain specific to that version of msvcrt.dll. This vulnerability affects Windows XP with IE 8 and Windows 7 with IE 9."

ROP is short for "return oriented programming," a technique that repackages benevolent code found in an exploited application in a way that gives it new, malicious capabilities. Attackers use ROP chains to bypass data execution prevention, a security mitigation added to most Microsoft applications in the past seven or so years. It prevents most data loaded into memory from being executed.

With the active circulation of at least two attacks that successfully exploit unpatched or only temporarily patched vulnerabilities in widely used Microsoft software titles, readers would do well to remain on guard. Those who haven't already installed the temporary fix for the earlier-reported TIFF image rendering bug should do so immediately.


Microsoft Security Advisory: Vulnerability in Microsoft graphics component could allow remote code execution

=========================
=========================
installed the temporary fix
https://support.microsoft.com/kb/2896666
==========================
==========================

Users should also upgrade to versions 7 or 8 of Windows and run version 11 of IE. EMET is also a worthwhile mitigation, as is using a browser other than IE whenever possible until more is known about the scope of the attacks.

http://arstechnica.com/security/201...face-drive-by-attacks-targeting-new-0day-bug/

 

Botched Black Tuesday patch KB 2887069 freezes, fails to configure, triggers a BSoD, and/or zaps sound drivers
KB 2887069 patch went down the Automatic Update chute last week with an array of problems, but there are workarounds

If you've been trying to install last Tuesday's MS13-101/KB 2887069 patch and are having problems, you aren't alone. It seems that this "important" solution to five separately identified security holes in every version of Windows (and Server and RT) since XP is having all sorts of issues, with the majority reported on Windows 7.

Tell me if you've heard this one before: Almost a week after the patches were pushed to Automatic Update customers, Microsoft hasn't acknowledged the problems, provided a workaround, or said when a fix will be available. The patch is currently being offered to Windows 7 and Windows 8.1 machines.

The SANS Internet Storm Center says there are no known exploits for the patched security holes.

There's a six-page thread on the Microsoft Answers forum that discusses the problems people are having. Depending on how lucky you are, according to the thread, the installer may hang at 7 percent or 12 percent; it may reboot twice, dish up a message that says it "Failed to Configure" followed by a rollback; or it may result in BSoDs. There are also reports in a separate Answers forum thread of messed-up sound drivers: audio output won't work and/or the microphone won't work.

GO HERE TO READ MORE
http://answers.microsoft.com/en-us/...gs-at-12/b1ae1909-cf28-442f-a44f-f3824f6c1af3

What to do?

If you've been following my years-long tirade about botched Microsoft Automatic Update patches, you know that my first recommendation is to turn off the bloody Automatic Update. Manually check for updates later in the month -- after the masses get used as cannon fodder -- when the coast is clear.

If you're seeing BSoDs and need to get your system back, apparently running System Restore from Safe Mode will make it bootable again. Heaven help ya if you have Windows 8 or 8.1, which are notorious for not creating restore points.

Here's a short list of what you can do if you really, really, really want to get this patch installed:

If you're running AVG, turn it off, install the patch manually, reboot, and turn AVG back on.
Right-click on your C drive, choose Properties, and run Disk Cleanup to clear out your Temp folder. Try installing the patch again.
Uninstall all your Nvidia software -- sound drivers, video drivers, whatever. Manually install the patch. Reboot. Re-install the drivers.

None of those fixes work in every case. Microsoft hasn't figured out what's wrong. I have no idea why it's still offering the patch.

Let's hear it for another botched Automatic Update patch. Somebody tell me how long it's going to take Microsoft to fix its seriously broken patching mechanism. The very least Microsoft could do, as a stopgap, is to implement Patch Mondays. But I won't hold my breath.

t/h SB

This story, "Botched Black Tuesday patch KB 2887069 freezes, fails to configure, triggers a BSoD, and/or zaps sound drivers," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.
http://images.infoworld.com/t/micro...ound-drivers-232?source=rss_microsoft_windows

 

Guess I’m a “Lucky Dog”, haven’t had any trouble with MS (Micro-Slug) Updates in several years.

• I always install updates manually.
• Keep my updates set to “Check for updates but let me choose whether to download and install them”
• Have a daily backup of system drive via Acronis.
• Create a Restore point and Registry backup before installing via Tweaking.com.
• Don’t use AVG.
• Don’t use Nvidia software or drivers.
• Have a Task schedule that runs Ccleaner /auto each hour of the day to clean Temp files.

I do wish Micro-Slug would get their shit together so I wouldn’t have to listen to all the bitching from the customer base… Just kidding.

 

yep,i got mine set to manual as well.if i dont like it i dont install it.thanks so much to Ireland for these heads up.

 

Thanks for these updates. My Windows XP has been running on so slow. I am wincing at the thought of a total reformat if this is to go on for long.

 

FIX: When you run Windows Update to scan for updates that use Windows Installer, including Office updates, you may experience a memory leak, or you may receive an error message for the Svchost process

\

Installer, including Office updates, you may experience a memory leak, or you may receive an error message for the Svchost process



When you run Microsoft Windows Update to scan for updates or to apply updates to any applications that use Microsoft Windows Installer (MSI) 3.1 together with Windows Update, you may receive the following error message in Event Viewer on a Windows XP-based computer:

Application popup: svchost.exe - Application Error : The instruction at "0x745f2780" referenced memory at "0x00000070". The memory could not be "read".
Additionally, a memory leak may occur when Windows Update scans for updates that use Windows Installer.

These problems may occur when you try to scan for Microsoft Office updates. You may also experience these problems when you use any one of the following update mechanisms:


go here to read it all
http://support.microsoft.com/kb/916089

 

I use this when having trouble with updates on XP, sometimes helps:

Repair MSI (Windows Installer)
http://www.tweaking.com/content/page/repair_msi_windows_installer.html


If you are Advanced or Geek then this lookup tool is helpful:

Tweaking.com - svchost.exe Lookup Tool
http://www.tweaking.com/content/page/tweaking_com_svchost_exe_lookup_tool.html

2oG

 

Is Windows Update Broken? 5 Broken Updates Microsoft Released In 2013

What happened to Windows Update in 2013? Quality control seems to be suffering as Microsoft scrambles to update their software faster than ever. They’ve released quite a few buggy and broken Windows Updates this year.

Microsoft capped off a year of shaky quality control by releasing a broken firmware update for their Surface Pro 2 hardware and promptly going on vacation, leaving the problem unfixed for over a month. It’s been a rough year.
Surface Pro 2 December Firmware Update

On December 10, 2013, Microsoft released a firmware update for their Surface Pro 2 PC. Microsoft releases such firmware updates on a monthly basis. These firmware updates arrive via Windows Update, so they’re often installed automatically as part of the standard Windows Update process.

The firmware update’s notes indicated that it should fix some problems with battery life and power saving, but it actually did the opposite. Many Surface Pro 2 users began reporting that it dramatically lowered their device’s battery life and broke the sleep function. Because this is a UEFI firmware update — similar to a BIOS update — and not a standard driver update, there was no way to uninstall the update and get back to normal.

Microsoft pulled the update on December 18, over a week later. They explained they did so to “ensure the best experience for our customers during the holiday season.” They said they were “working to release an alternative update package after the holidays.” Microsoft didn’t want new Surface Pro 2 users to deal with these problems, but they left their existing Surface Pro 2 customers to suffer through the holidays without any form of fix.

They’re now saying that a firmware update will ship on January 14, 2014. That’s over a month from the time the buggy firmware update first shipped. Why the long delay? It looks like Microsoft employees decided to take the holidays off. Some people consider Microsoft’s monthly firmware updates an example of how well-supported Surface hardware is. This incident seems to suggest the opposite — there’s a reason most PC manufacturers don’t release such frequent firmware updates.

Luckily, for many people, the firmware update just silently failed to install. Bypassing this error requires another complicated workaround involving stopping a Windows service and deleting a system file.

==============================================
Windows 8.1 Gaming Mouse Lag

KB2823324 Causes Blue Screens of Death

KB2803821 Breaks WMV Support, Steam Games

KB2821895 Breaks System File Checker, Causes High CPU Usage

So, Should You Trust Windows Update?
===============================================

GO HERE TO READ IT ALL
http://www.howtogeek.com/179629/is-...-5-broken-updates-microsoft-released-in-2013/

 

When Windows Update Fails, This Is How You Fix It

YOU MUST GO HERE--
http://www.makeuseof.com/tag/windows-update-fails-fix/


By Tina Sieber on 17th August, 2014 | Windows | 20 Comments
The recent Windows 8.1 August Update blindsided many users with issues. Some experienced BSODs or black screens, while others found themselves stuck in an infinite reboot loop.
If you’ve been negatively affected by a Windows Update, here’s a quick list of troubleshooting steps that will help you restore Windows to a functional state.
Windows Crashes With A Blue Screen Of Death
A BSOD typically hints to a hardware problem or faulty drivers, but can also be caused by third-party software. We have previously shown you how to troubleshoot a BSOD in Windows 8.

The August Update BSOD
After applying the Windows August Update, many Windows 7 and 8 users experienced BSOD crashes with a 0×50 Stop error message. According to Microsoft Community member xformer, KB2982791 is the culprit. This update causes Win32k.sys to crash when the font cache is not correctly maintained.
According to Microsoft, August Update BSOD crashes are caused by the following updates, which subsequently have been disabled:
KB2982791, a security update for kernel-mode drivers.
KB2970228, the update introducing support for the Russion Ruble currency symbol.
KB2975719, the August Update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2.
KB2975331, the August Update rollup for Windows RT, Windows 8, and Windows Server 2012.
How To Fix It
A workaround proposed by Microsoft Community member rvuerinckx recommends to boot from a recovery disk and remove the following file:
C:\Windows\System32\FNTCACHE.DAT
In a response, community member Laurens (NLD) posted a step-by-step explanation on how to remove the file via the command prompt. Briefly, insert your Windows 7 or 8 installation or recovery disk and boot from the disk. In Windows 7, go to restore options, choose repair tools, and select command prompt. In Windows 8, go to troubleshoot and advanced options, and select command prompt from here.
Type the following command:
del %windir%\system32\fntcache.dat
When the file is gone, you should be able to boot into Windows. Microsoft Support says this is only a temporary fix and they explain how to remove a registry key for a permanent solution. Please see the mitigations for known issue 3 for details. After removing the offending updates (see below), you can restore the registry file, the support page explains how this is done.
I Can’t Boot Into Windows Anymore
When a Windows Update is so bad that you can no longer boot the system, try booting into Safe Mode to remove it.
To boot into Safe Mode in Windows 7, hit the F8 key while the computer is booting up and before the Windows logo can be seen. You know you hit the right moment, when you see the advanced boot options screen.

When Windows 8 or 8.1 crashes repetitively, it should at some point boot into Automatic Repair. Select Advanced options to access Safe Mode.

You can manually boot into Safe Mode by pressing the SHIFT key while clicking Restart and subsequently click Restart under Sartup Settings, found under Troubleshoot and Advanced options.
Once you are in Safe Mode, you can navigate to Windows Update via the Control Panel and remove the most recent updates, see instructions below.
Uninstall Windows Updates In Windows
Uninstalling updates from within Windows is very simple. Briefly, navigate to Installed Updates (View installed updates under Windows Update or Programs and Features) in the Control Panel, select the problematic update, and click the Uninstall button or right-click it and select Uninstall.

Uninstall Windows Update Via Command Prompt
When an issue with a Windows Update prevents your computer from booting, not even into Safe Mode, things get tricky. You will need a Windows boot or recovery disk to launch into repair tools (Windows 7) or advanced options (Windows 8), from where you can access the command prompt.
Assuming your system drive is C, type the following command to find the package names of the offending updates:
dism /image:C:\ /get-packages
Search the results for the update that needs to be removed and note down the package name. Then use the following command:
dism /image:C:\ /remove-package/PackageNameackage_for_insert_exact_package_name_here
Example: dism /image:C:\ /remove-package/PackageNameackage_for_KB2976897~31bf3856ad364e35~amd64~~6.1.1.0
After removing the update, try to reboot and fingers crossed all will be well.
Hide Windows Updates
Sometimes, updates are known to cause problems before you apply them. Or maybe you don’t accidentally want to re-install an update that made your computer crash. Navigate to Windows Update in the Control panel, right-click the troublesome update, and select Hide update.

To restore a hidden update, click the respective link in the Windows Update sidebar.
For a full walkthrough with screenshots of the process, see Windows SevenForums.
None Of The Above Works
The issues you’re experiencing may go deeper than a Windows Update bug. Please consult our guide on troubleshooting Windows 8 crashes. Windows 8 boot issues can be easy to resolve, but an infinite reboot loop may require a system recovery. If you’re able to boot into Windows 8 Advanced Startup Options, you can try to repair, restore, refresh, or reset your PC.

Has Windows Update Caused You Pain?
Have you ever had to resolve issues caused by a Windows Update in the past? How did you do it?
Let’s hear your experiences in the comments!


YOU MUST GO HERE
http://www.makeuseof.com/tag/windows-update-fails-fix/

 

How to Roll Back or Uninstall a Problematic Windows Update

Barely a month had passed after we told you to let Windows Update automatically keep your PC updated before Microsoft decided to make us look bad by releasing a couple of really bad updates that broke people’s computers. So today we’re going to show you how to roll things back should an update break everything.

We’re not backing off our opinion that keeping Windows updated automatically is the best policy, and it’s still very unlikely that you’re going to be affected by another bad update, but since lightning sometimes does strike twice, it’s better to know how to recover just in case.

The First Step: Boot into Safe Mode


Whenever you are making system changes to fix a problem, you’ll need to get into Safe Mode to make those changes happen. This is a special mode of Windows that doesn’t load anything extra other than what Windows needs to boot.

Normally you can just use the F8 key to get into the boot menu and switch to Safe Mode, but Windows 8 and 10 make this more difficult, so you’ll need to hold the Shift key while clicking Restart to get to the boot menu, and then go through a bunch of other steps.

Uninstalling Windows Updates


GO HERE TO READ MORE

http://www.howtogeek.com/206271/how-to-roll-back-or-uninstall-a-problematic-windows-update/

 

@pete
yes after v12 & so is firefox tho can't remember the version they started using it,not sure about waterfox.Tho i think you drawing a long bow considering how long i've been using ff & chrome,you can always use the portable versions

 

seriously i think on thread microsoft should be officially named microbotch

 

Yes, you right about this...

 

you might want to look at how old that thread is.just so you can trash talk the right windows version.lol