שם משתמש: סיסמא:
הרשמה לאג'נדה



אבטחה : עדכוני מיקרוסופט לינואר,מה היה לנו


אבטחה : עדכוני מיקרוסופט לינואר,מה היה לנו
פורסם לפני 2570 ימים     מאת alexander     סה"כ תגובות: 37     תגובה אחרונה לפני: 2528 ימים

היה לא מעט. לוינדוס, ל IE10, פירמוור לוינדוס RT.. מה לא היה ? עדכונן באג 0-day ל-IE6,7,8 כאשר ה fix it הארעי שמיקרוסופט הוציאה נעקף בקלות. אפשר היה לחשוב שחור האבטחה אינו מנוצל לרעה, אך לא כך הוא. מאות אירגונים נפגעו ויפגעו מניצול חור האבטחה ע"י האקרים.



Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10

Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
Windows RT

http://technet.microsoft.com/en-us/security/advisory/2755801


Windows RT firmware updates :

The January update, which will be available later today, includes a few improvements for Surface with Windows RT.
This update provides System Firmware (UEFI) improvements including:
Improvements to audio playback when in Connected Standby
Additional capabilities for handling firmware updates during low battery situations.

To check for updates:
Open PC Settings, by swiping in from right edge (or, if using a mouse, point to upper-right corner of screen)
Tap or click Settings
Tap or click Change PC settings
Under PC settings, tap or click Windows Update
Tap or click Check for Updates

http://answers.microsoft.com/en-us/surface/forum/surfwinrt-surfupdate/what-is-in-the-january-update-182013/506e79dd-7b77-47b6-8ca6-c9222a1b031d


Patch Tuesday :

MS13-001/KB2769369 – Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (Windows 7 and Windows 7 SP1, all editions of Server 2008 R2 including Core installation). This critical update addresses one vulnerability present in Windows 7 and Server 2008 R2 that could be exploited to allow an attack to remotely execute code on the computer by sending a specially crafted print job to a print server. It does not affect other versions of Windows. If you’re running Server 2008 R2 in Server Core installation and the Printing-ServerCore-Role setting is not enabled, you won’t be offered this update. Proper firewall configuration can help mitigate this vulnerability. This update requires you to restart the system.

MS13-002/KB2756145 – Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (Windows XP SP3, Windows XP Pro x64 SP2, all editions of Windows Server 2003, Vista SP2, all editions of Server 2008, Windows 7 and Windows 7 SP1, all editions of Server 2008 R2 including Core installation, Windows 8, Server 2012 including Core installation, Windows RT, Microsoft Office 2003 SP3, 2007 SP2 and 2007 SP3, Microsoft Word Viewer, Microsoft Office Compatibility Pack SP 2 and SP3, Microsoft Expression Web SP 1 and SP2, all editions of Microsoft SharePoint Server 2007 SP2 and SP3, Microsoft Groove Server 2007 SP 2 and SP3). This critical update addresses two vulnerabilities in Microsoft XML Core Services. The list of affected software is long and complicated; there are a number of combinations of XML Core Services 3.0 and operating system versions and application or server software that are not affected (see the full security bulletin for this list). Further, the impact ranges from moderate to critical, depending on the OS/software affected. If exploited, the vulnerability could enable an attacker to remotely execute code on the computer, but the user would have to use IE to visit the attacker’s specially crafted website, so proper security precautions (e.g., not clicking links in email or instant messages) will help mitigate this vulnerability. This update may require you to restart the system.

MS13-003/KB2748552 – Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (Microsoft System Center Operations Manager 2007 SP 1, SCOM 2007 R2). This update addresses two vulnerabilities that are confined to SCOM 2007. SCOM 2012 is not affected. The vulnerabilities could be exploited to allow an attacker to obtain elevated privileges if a user could be convinced to visit a specially crafted web site. As above, the risk is reduced by proper security practices. The update for SCOM 2007 R2 is available from the Microsoft Download Center; the update for SCOM 2007 SP1 is not yet available but is expected to be released when testing is completed. This update does not require you to restart the system.

MS13-004/KB2769324 – Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (Windows XP SP3, Windows XP Pro x64 SP2, all editions of Windows Server 2003, Vista SP2, all editions of Server 2008, Windows 7 and Windows 7 SP1, all editions of Server 2008 R2 including Core installation, Windows 8, Server 2012 including Core installation, Windows RT). This important update affects virtually all currently supported editions of Windows and addresses four vulnerabilities in all versions of the .NET Framework, including an elevation of privilege issue and a vulnerability that allows bypass of Code Access Security restrictions. This update may require you to restart the system.

MS13-005/KB2778930 – Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privileges (Vista SP2, all editions of Windows Server 2008 including Core installation, Windows 7 and Windows 7 SP1, all editions of Server 2008 R2 including Core installation, Windows 8, Server 2012 including Core installation, Windows RT). This important update addresses one vulnerability in virtually all supported versions of Windows with the exception of Windows XP SP3 and Server 2003 SP2. The vulnerability is related to the way the Windows kernel-mode driver handles window broadcast messages and could be used to gain elevated privileges by an attacker who runs a specially crafted application. This update requires you to restart the system.

MS13-006/KB2785220 – Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (Vista SP2, all editions of Windows Server 2008 including Core installation, Windows 7 and Windows 7 SP1, all editions of Server 2008 R2 including Core installation, Windows 8, Server 2012 including Core installation, Windows RT). This important update addresses one vulnerability in SSL/TLS in virtually all supported versions of Windows with the exception of Windows XP SP3 and Server 2003 SP2. An exploit could result in the attacker bypassing security after intercepting encrypted web traffic handshakes. The update requires you to restart the system.

MS13-007/KB2769327 – Vulnerability in Open Data Protocol Could Allow Denial of Service (Windows XP SP3, Windows XP Pro x64 SP2, all editions of Windows Server 2003, Vista SP2, all editions of Server 2008, Windows 7 and Windows 7 SP1, all editions of Server 2008 R2 including Core installation, Windows 8, Server 2012 including Core installation). This important update affects the .NET Framework and all currently supported versions of Windows with the exception of Windows RT. It addresses one vulnerability in the Open Data protocol (OData) that could enable an attacker to create a DoS attack by sending a special HTTP request to an affected site. The vulnerability is mitigated by proper firewall configuration. This update may require you to restart the system.

Other Updates/Releases
This is a fairly heavy month for non-security updates, with twelve updates – but light in comparison to the eighteen updates we had in December.

KB2796096 – Update for Internet Explorer Flash Player for Windows 8, Windows RT, and Windows Server 2012. Although listed in the “Non-security updates” on Microsoft’s web site, this update addresses security vulnerabilities in Adobe Flash Player in IE 10, which are described in Adobe’s Security Bulletin APSB13-01.

KB2726535 – Update for Windows 7, Windows Server 2008 R2, and Windows Server 2008. This update adds the Republic of South Sudan to the list of countries in the named operating systems.

KB2750147 – Update for Microsoft .NET Framework 4.5 on Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista. This update fixes some reliability, compatibility, performance and stability issues in .NET Framework 4.5 for the named operating systems.

KB2750149 – Update for Windows 8, Windows RT, and Windows Server 2012. Like the update above, this fixes some reliability, compatibility, performance and stability issues in .NET Framework 4.5 for the named operating systems.

KB2763674 – Update for Windows Server 2008 and Windows Vista. This update fixes an issue where you cannot run an application that is signed with a SHA-256 certificate on a computer running the named operating systems.

KB2770445 – Update for Microsoft .NET Framework 4.5 on Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista). This update resolves an issue in the Microsoft .NET Framework 4.5 (different from the above update) that causes digital signatures on files produced and signed by Microsoft to expire prematurely.

KB2770446 – Update for Microsoft .NET Framework 4.5 Language Packs for x64-based Systems. This update is like the one above that addresses prematurely expiring signatures, for x64-based systems.

KB2773072 – Update for Windows 7. This update makes Windows 7 compliant with game ratings issued by various countries and adds new rating systems in Australia, Brazil, South Africa and New Zealand.

KB2785094 – Update for Windows 8, Windows RT, and Windows Server 2012. This is a cumulative update for the named operating systems that resolves performance and reliability issues related to video playback quality when streaming from Windows Media Center to Xbox consoles, Bluetooth audio playback quality and an issue that prevents you from installing a Windows Store app update if the app is installed to multiple accounts.

KB2786081 – Update for Windows 7 and Windows Server 2008 R2. This update fixes an issue wherein IE 10 doesn’t save credentials for a website after you log off or restart a computer running the named operating systems.

KB2786400 – Update for Windows 7 and Windows Server 2008 R2. This update changes the default settings of the shaping behavior for Arabic text rendering in the named operating systems.

KB890830 – Windows Malicious Software Removal Tool – January 2013 and Windows Malicious Software Removal Tool – January 2013 Internet Explorer Version. This is the monthly update to the MSRT.

Updates since the last Patch Tuesday
There was only one update issued between the December and January patch Tuesday releases:

KB2798897 (January 3) – Update for Windows. This update was an out-of-band advisory that revokes the trust of fraudulent digital certificates.




אהבת את הפוסט? סמן לייק:
הגדרות תצוגה
הודעה מחבר שעה תאריך




*
המלצה לעמוד הראשי קהילת תמיכה טכנית מנהלי קהילות הסכם שימוש באתר צור קשר השוואת מחירים בתי מלון בחו"ל Copyright ©2007-2009, אג'נדה

(0.1094)