Updates 8/12/14: "Microsoft+Adobe" Tuesday, SAS, CryptoPrevent

The following 2 updates are rated CRITICAL:

MS14-043 Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742)

MS14-051 Cumulative Security Update for Internet Explorer (2976627)            

=========================================================

The following 7 updates are rated IMPORTANT:

MS14-044 Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340)

MS14-045 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2984615)

MS14-046 Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)

MS14-047 Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)

MS14-048 Vulnerability in OneNote Could Allow Remote Code Execution (2977201)

MS14-049 Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490)

MS14-050 Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202)

Adobe READER  has been updated to version 11.0.0.8

These updates address a vulnerability that could allow an attacker to circumvent sandbox protection on the Windows platform.  [Adobe Reader and Acrobat for Apple's OS X are not affected.]

Sequential Update for Windows, provided you have an installed-base of 11.0.0.7:  http://www.adobe.com/support/downloads/detail.jsp?ftpID=5828

FULL installer (U.S. - English):  ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/11.0.08/en_US/AdbeRdr11008_en_US.exe

Documentation:   http://helpx.adobe.com/security/products/reader/apsb14-19.html

=======================

Remark:  Adobe's official policy toward XP:   Adobe will no longer develop versions of Acrobat or Reader for Windows XP. Also, Adobe will no longer test releases or patches on Windows XP or fix bugs specific to Windows XP.  http://helpx.adobe.com/acrobat/kb/end-of-support-acrobat-reader-on-winxp.html

Having said that, I attempted to install the sequential update to x.08 on a WinXP system, and it appears to have successfully installed:  no errors were generated, the updater announced the update was successful, and Reader is now acknowledging that its current version is x.08.   Of course, this does not preclude running into a problem in the future, should the program call on any "XP-untested" components.   Anyone (myself included) who does so is proceeding at their own risk!

EDIT:   And on a second XP system, Reader's internal updater located, downloaded, and installed x.08.

Malicious Software Removal Tool (MSRT, MRT) for August, version 5.15  

http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx 

Reminder:   Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].

================================================================

This month's MSRT adds detection/removal of:  

Win32/Lecpetex - a "malware family [that] can steal your sensitive information, such as your user names and passwords.

They can also use your PC to mine for Litecoins, install other malware, and use your Facebook account to send spam messages that include links to malware".

For additional information, see http://blogs.technet.com/b/mmpc/archive/2014/08/12/msrt-august-lecpetex.aspx

=================================================================

Remark:  It would appear that the MSRT still runs under WinXP.

Adobe Flash Player 14 has been updated to 14.0.0.176 for IE (x.179 for plug-in)

These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.

Direct downloads (no bundled junk) for Windows 7 and earlier :emotion-30::

Internet Explorer - http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_14_active_x.exe

Plugin-based browsers (Firefox etc) - http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_14_plugin.exe

Uninstaller (if needed) : http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe

Documentation : http://helpx.adobe.com/security/products/flash-player/apsb14-18.html

=====================================================================

( :emotion-30: Note:  Users of IE10/11 on Win8/8.1 will receive a proprietary Flash update directly from Microsoft.   These will be documented as https://support.microsoft.com/kb/2982794 )

Adobe AIR (for those who have/use AIR) has been updated to 14.0.0.178

http://get.adobe.com/air/

CryptoPrevent has been updated to version 7.  Documented separately in the CryptoPrevent thread:  http://en.community.dell.com/support-forums/virus-spyware/f/3522/p/19530796/20666719.aspx#20666719

Just to let people know, that Avast went "nutty" with EVO-gen False Positives on (one of) the DOT NET updates... will relay more info when/if I get any...

Update:   Lots of people reporting this issue at the Avast forum https://forum.avast.com/index.php?topic=153395.0

UPDATE:  Avast users are now reporting that the issue has been fixed with the release of definition update 14-08-12-2

I'm confused - nothing new there...

I was offered 17 important updates for Win 7 Pro today, including one named Windows 7 Service Pack 1 (KB976932) that's described in the updater as:

"...collection of updates and improvements to Windows that are combined into a single installable update. ...A typical installation will take about 30 minutes...

But I already have  SP1 installed on this PC.  I did a clean install of Win 7 Pro with SP1 when I updated from XP a few months back and I see .cat files related to this KB number on my HDD. So why is it offering me SP1 now and should I install today's KB976932?

Am I missing something...?

EDIT: Just looked at Microsoft Answers and somebody over there asked the exact same questions. And curiously the SP1 update being offered today is only 2MB but I'm pretty sure SP1 was a whole lot bigger than that.

SAS (SUPER AntiSpyware) 6.0.1130 was finally "pushed" via the internal updater today.

Technology Changes

• All NEW Version 6.0!
• New User Interface - Simplified interface for easier navigation to the most commonly used features, and touch screen capable.
• System Investigator - Shows what's running on your PC in a new and exciting way. Customers and technicians can use this tool to quickly determine if a file on the system is potentially malware.
• Faster scan speeds, smaller foot print, enhanced program stability and an expanded Help Menu to improve ease of use.
• Pro Feature: E-mail alerts - Receive scheduled scan results through the new e-mail alert system.
• High-contrast color theme - An easy-to-read (visually impaired friendly) black color theme can be configured by those who prefer using a high-contrast mode.
• Right-click scanning - Right-click scanning now works without SUPERAntiSpyware running, and the right-click menu options have been cleaned up to minimize clutter.
• Includes bug fixes and enhancements from version 6.0.1094 to present

The Adobe READER (and ACROBAT) patch is now considered URGENT, as current attacks on this flaw (bypassing the sandbox) are now being observed.

http://blog.lumension.com/9286/urgent-adobe-users-told-to-patch-reader-and-acrobat-against-zero-day-attacks/

http://www.theregister.co.uk/2014/08/13/youve_got_three_days_to_patch_adobe_flash_air_reader/

It seems there have been reports of various problems after installing security update 2982791 [part of MS14-045].   Some are font-related (some fonts can't be modified and/or do not render correctly).  More seriously, some systems may crash with a 0x50 Stop error message (bugcheck), which may be persistent and may prevent the system from starting correctly.  

Accordingly, Microsoft recommends that customers uninstall this update.

As an added precaution, Microsoft has removed the download links to these updates while these issues are being investigated, and will update this bulletin when more information becomes available.

Remark:   It's a bit unclear whether Microsoft is advising ALL users to uninstall this update... or only those users that are actually impacted by one [or both] of the issues.

https://technet.microsoft.com/library/security/ms14-045   [see: Update FAQ]

http://support.microsoft.com/kb/2982791  [see:  More information - Known Issues]

==============================

EDIT:   Additional articles/links:

http://www.infoworld.com/t/microsoft-windows/blue-screen-stop-0x050-error-reported-systems-installing-kb2976897-kb2982791-and-kb2970228-248363 

http://myonlinesecurity.co.uk/problems-windows-updates-august-2014-kb2982791-kb2970228-kb2975719-kb2975331/  which asserts:  "Microsoft is recommending that EVERYBODY do this regardless of whether you have a current problem or not. There is a strong possibility that ANYBODY could experience the problem and be unable to boot windows at any time with these updates installed, or have display issues. With the increased use on websites of dynamic fonts that are loaded as and when needed to display on a website, that do not use the default installed fonts, the problems can affect anybody and cause an IE crash on almost any site."   [Remark:   This blog is authored by Derek Knight (Microsoft MVP http://mvp.microsoft.com/en-us/MVP/Derek%20Knight-33431 ) ]

http://news.softpedia.com/news/KB2976897-KB2982791-and-KB2970228-Patches-Causing-BSODs-on-Windows-7-455065.shtml 

http://m.windowsitpro.com/windows/microsoft-pulls-kb298271-after-4-days-blue-screens

The crash issue in Windows 7 64-bit appears to affect only those machines with Open Type Font (.OTF) shortcuts in the Windows Fonts directory (%WINDIR%\Fonts). Such shortcuts may be created by Adobe apps (e.g., Photoshop Elements 11), Bitstream Font Navigator, and others.

And here's another one:

"After you apply the MS14-037  or MS14-051  cumulative security update for Internet Explorer, web applications that implement consecutive modal dialog boxes may cause Internet Explorer to become slow and unresponsive over time. This issue occurs in Internet Explorer versions 7 through 11.

To resolve this issue, we have released updates for Internet Explorer versions 7 through 11."

https://support.microsoft.com/kb/2991509 

Remark:   Again, it is unclear whether ALL users should apply this "hotfix", or whether only users who are actually experiencing the issue should do so.

As my system seems to be working normally at the moment, I take the view "If it ain't broke, don't fix it" --- meaning I intend to take no action unless/until I actually experience the issue.
 

Here's another article summarizing what's happening with the [first] bad Microsoft Update KB2982791.  

http://nakedsecurity.sophos.com/2014/08/18/microsoft-pulls-patch-tuesday-kernel-update-ms14-045-can-cause-blue-screen-of-death/ 

Please consider the following:

1) It notes that the BSOD "only happens under rather specific circumstances:   having OpenType Font (OTF) files, installed in non-standard font directories, that are recorded in the registry with fully-qualified filenames".

2) For those actually experiencing the BSOD, he indicates a NINE (9) step procedure to follow, which "involves a fair amount of fiddling" [including editing one's registry].  In other words, it's a lot more than simply uninstalling just one update.

[However, for those NOT actually impacted by the BSOD, then yes, it would seem that a simple "uninstall" is the only step.]

--------

We also have, separately, the opinion of another Microsoft MVP,  Robear Dyer (aka:  PA Bear) ( http://mvp.microsoft.com/en-us/MVP/Robear%20Dyer-8031 ), that

"If a user has NOT encountered any issues, there's no need to uninstall [the update(s)]" http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/blue-screen-stop-0x50-after-applying-update/6da4d264-02d8-458e-89e2-a78fe68766fd?page=35&tm=1408325002359 

--------

So... especially given the complexity of the complete fix... it's still a "toss-up" which advice to follow.   For the time being, I'm following "PA Bear", and doing nothing... unless/until I see an actual need to start tampering with things that are currently working.

When I first heard of this update snafu, I uninstalled it, even though I hadn't had any problems with a BSOD.

Probably not necessary. I've always trusted PA Bear's advice.