Jump to content

The File-Checker (HFSLIPFC) for HFSLIP


Mim0

Recommended Posts

  • 2 weeks later...

Microsoft Security Advisory (2916652)

Improperly Issued Digital Certificates Could Allow Spoofing

Published:
Monday, December 09, 2013
Version: 1.0
At this time, no update is available for customers running Windows XP or Windows Server 2003, or for customers who choose not to install the automatic updater of revoked certificates.


Microsoft security bulletin summary for December 2013

MS13-097 2898785 replace 2888505 in MS13-088
MS13-098 2893294 replace None
MS13-099 2892075 replace None
MS13-101 2893984 replace 2883150 in MS13-081
MS13-102 2898715 replace 2849470 in MS13-062

That's what we have for this month.

Link to comment
Share on other sites

My summary here:

December 2013 Patch Tuesday - 4 months before Windows XP and Office 2003 go EOL.

Windows XP

KB2898785 | MS13-097 | IE | 41458 41404 | replaces KB2888505 in MS13-088

KB2893294 | MS13-098 | imagehlp.dll | 41205 | none replaced, but KB2749655 + KB2893294 together replace KB2653956.

KB2892075 | MS13-099 | scrrun.dll (WSH 5.7) | 41253 | none replaced. (WinXP x64 comes with WSH 5.6 by default and should install KB2892076 instead.)

KB2893984 | MS13-101 | win32k.sys | 41260 | replaces KB2883150 in MS13-081

KB2898715 | MS13-102 | rpcrt4.dll | 41336 | replaces KB2849470 in MS13-062

KB2904266 | timezone | 41354 | replace KB2890882 and KB2863058. WGA validation required

(2013-12-14 Update:) KB2917500 | Advisory-2916652 | rvkroots.exe | 41542 | replaces KB2798897, WGA validation required

Malicious software removal tool

Flash Player 11.9.900.170 APSB13-28

Office 2003

KB2850047 | MS13-096 | GDIPLUS | 41426 | replaces KB2817480 in MS13-054

KB2863822 | OUTLFLTR | 41408

Since 2013-11-22+ 2850047 MS13-096 (2013-December)+ 2863822 outlfltr (2013-December)- 2817480 MS13-054 (replaced by 2850047)- 2849999 outlfltr (replaced by 2863822)
(Below are updates not needed for HFSLIP, but I will download them for myself.)

.NET framework

KB2894843 | Advisory-2905247 | ndp2.0sp2 | 41398 | replaces KB2656352 in MS11-100

Office 2007

KB2817641 | MS13-096 | ogl | 41513 | replaces KB2687309 in MS13-054, compatibility pack affected

KB2850022 | MS13-106 | mshelp | 41440 | none

KB2850085 | outlfltr | 41391

Update (2013-12-14): A new update, KB2917500 (rvkroots.exe), has been released on 2013-Dec-12. But unlike the old rvkroots.exe update, this one requires WGA validation.

Update (2014-01-15): The Security Advisory 2914486 has been resolved by the update in MS14-002.

Edited by Explorer09
Link to comment
Share on other sites

I'm about to publish and was cross checking my finding against what's been posted. You guys missed one.

KB2893294 does replace something. It replaces KB2653956. It does so in conjunction with KB2749655.

KB2653956 contains imagehlp.dll v5.1.2600.6198 and wintrust.dll v5.131.2600.6198.

KB2749655 contains wintrust.dll v5.131.2600.6285.

KB2893294 contains imagehlp.dll 5.1.2600.6479.

So using both it renders KB2653956 obsolete.

Here's my high-priority for December:

December 2013

+ WindowsXP-KB2892075-x86-ENU.exe
+ WindowsXP-KB2893294-x86-ENU.exe
+ WindowsXP-KB2893984-x86-ENU.exe
+ WindowsXP-KB2898715-x86-ENU.exe
+ IE8-WindowsXP-KB2898785-x86-ENU.exe
+ WindowsXP-KB2904266-x86-ENU.exe

- WindowsXP-KB2653956-x86-ENU.exe replaced by WindowsXP-KB2749655-x86-ENU.exe and WindowsXP-KB2893294-x86-ENU.exe
- WindowsXP-KB2849470-x86-ENU.exe replaced by WindowsXP-KB2898715-x86-ENU.exe
- WindowsXP-KB2863058-x86-ENU.exe replaced by WindowsXP-KB2904266-x86-ENU.exe
- WindowsXP-KB2883150-x86-ENU.exe replaced by WindowsXP-KB2893984-x86-ENU.exe
- IE8-WindowsXP-KB2888505-x86-ENU.exe replaced by IE8-WindowsXP-KB2898785-x86-ENU.exe
Edited by -X-
Link to comment
Share on other sites

I'm about to publish and was cross checking my finding against what's been posted. You guys missed one.

KB2893294 does replace something. It replaces KB2653956. It does so in conjunction with KB2749655.

Yes, and I've already edited my post to reflect this. Thanks.

Link to comment
Share on other sites

My summary here:

Malicious software removal tool

Security advisories with no updates for WinXP (yet):

Advisory-2916652: Improperly Issued Digital Certificates Could Allow Spoofing

Solution:

http://www.microsoft.com/download/details.aspx?id=41542 (for download)

http://support.microsoft.com/kb/2917500 replaces Security Advisory 2798897: Certificates Revocation

Malicious software removal tool link ;)

Link to comment
Share on other sites

Hey guys, thanks for the infos. I'm starting to update the lists for December... CU later...

new file-checker for XP:

2013-12-18- Added: KB2898785 (MS13-097: Internet Explorer)- Added: KB2893294 (MS13-098: Windows)- Added: KB2892075 (MS13-099: Microsoft Scripting Runtime Object Library )- Added: KB2893984 (MS13-101: Windows Kernel-Mode Drivers)- Added: KB2898715 (MS13-102: LRPC Client)- Added: KB2917500 (Security Advisory 2916652: Digital Certificates)- Added: KB2904266 (Cumulative Time Zone Update)- Added: KB890830 (Malicious Software Removal Tool 5.7.9701.0)- Added: Adobe Flash Player 11.9.900.170- Removed: KB2888505 (MS13-088: Internet Explorer, replaced by KB2898785)- Removed: KB2883150 (MS13-081: Windows Kernel-Mode Drivers, Win32k.sys, replaced by KB2893984)- Removed: KB2849470 (MS13-062: Remote Procedure Call, replaced by KB2898715)- Removed: KB2798897 (Security Advisory 2798897: Certificates Revocation, replaced by KB2917500)- Removed: KB2863058 (Cumulative Time Zone Update, replaced by KB2904266)- Removed: KB2890882 (Time Zone Update (Fiji), replaced by KB2904266)- Removed: KB890830 (Malicious Software Removal Tool 5.6.9603.0)- Removed: Adobe Flash Player 11.9.900.152- Added also the following replacment info:   - KB2893294 (MS13-098: Windows) together with KB2749655 (Security Advisory 2749655: Digital    Certificates) replaces KB2653956 (MS12-024: Windows Authenticode Signature Verification)  - KB2892734 (Windows Firewall service crashes when multiple FTP operations are running)    replaces KB951830 (DNS-Resolving)

Download: http://mimo.zxq.net/hfslip/hfslipfc-130206-xp131218.zip

Edited by Mim0
Link to comment
Share on other sites

  • 4 weeks later...

Not counting the MSRT, just one new update for XP.

January 2014

+ WindowsXP-KB2914368-x86-ENU.exe
- WindowsXP-KB2440591-x86-ENU.exe replaced by WindowsXP-KB2914368-x86-ENU.exe

Don't forget to patch your Java and Flash that were updated today too.

MS is funny. They issued a security advisory in November and just sat on the update. Look at the file dates in the KB bulletin http://support.microsoft.com/kb/2914368/. 27-Nov-2013.

Edited by -X-
Link to comment
Share on other sites

Now here's my part:

January 2014 Patch Tuesday - 3 months before Windows XP and Office 2003 go EOL.

Windows XP

KB2914368 | MS14-002 | ndproxy.sys | 41590 | replaces KB2440591 in MS10-099

Malicious software removal tool

Flash Player 12.0.0.38 (for IE) and 12.0.0.43 (for other browsers) APSB14-02

Office 2003

KB2863866 | MS14-001 | WINWORD | 41609 | replaces KB2826020 in MS13-086

No OUTLFLTR update for now.

Since 2013-11-22+ 2850047 MS13-096 (2013-December)+ 2863866 MS14-001 (2014-January)+ 2863822 outlfltr (2013-December)- 2817480 MS13-054 (replaced by 2850047)- 2826020 MS13-086 (replaced by 2863866)- 2849999 outlfltr (replaced by 2863822)
(For reference, I've uploaded my own Office 2003 update list. Just rename the attached text file to .csv and then you can open it with MS Excel.)

office2003-update-list-zh-TW.csv.txt

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...