Microsoft Support & Discussions
Free PC Help Forum microsoft products support and discussions. If you need help with Microsoft Windows, Windows Server software, Microsoft 365, Microsoft Azure or any other Microsoft product you can post here. If you want to discuss Microsoft and their line of products you can do that here also.
84,882 topics in this forum
-
Security Advisory 3009008 updated
by Guest MSRC Team- 0 replies
- 56 views
Today, we announced the availability of SSL 3.0 fallback warnings in Internet Explorer (IE) 11. For more information please visit the IE blog. We have also published an update on the status of the changes we have made to our Azure offerings in response to the SSL 3.0 vulnerability. For more information please visit the Azure blog. Tracey Pretorius Director, Response Communications UPDATE October 29, 2014: Today, we revised Security Advisory 3009008 to provide an easy, one-click Fix it for customers to disable SSL 3.0 in all supported versions of Internet Explorer (IE). We are committed to helping protect our customers and providing the be…
-
MS14-065 - Critical: Cumulative Security Update for Internet Explorer (3003057) - Version: 2.0
by Guest Microsoft Security- 0 replies
- 53 views
Severity Rating: Critical Revision Note: V2.0 (December 9, 2014): To address issues with Security Update 3003057, Microsoft re-released MS14-065 to comprehensively address CVE-2014-6353. Customers running Internet Explorer 8 on Windows 7 or Windows Server 2008 R2, or Internet Explorer 10 should either install the newly offered update or install the December Internet Explorer Cumulative Update (3008923). See Microsoft Knowledge Base Article 3003057 for more information. Summary: This security update resolves seventeen privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a speci…
-
MS14-083 - Important: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution...
by Guest Microsoft Security- 0 replies
- 48 views
Severity Rating: Important Revision Note: V1.0 (December 9, 2014): Bulletin published. Summary: This security update resolves two privately reported vulnerabilities in Microsoft Excel. The vulnerabilities could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Excel file in an affected version of Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.…
-
MS14-084 - Critical: Vulnerability in VBScript Scripting Engine Could Allow Remote Code...
by Guest Microsoft Security- 0 replies
- 74 views
Severity Rating: Critical Revision Note: V1.0 (December 9, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or creat…
-
MS14-081 - Critical: Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could...
by Guest Microsoft Security- 0 replies
- 70 views
Severity Rating: Critical Revision Note: V1.0 (December 9, 2014): Bulletin published. Summary: This security update resolves two privately reported vulnerabilities in Microsoft Word and Microsoft Office Web Apps. The vulnerabilities could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new acco…
-
MS14-085 - Important: Vulnerability in Microsoft Graphics Component Could Allow Information...
by Guest Microsoft Security- 0 replies
- 71 views
Severity Rating: Important Revision Note: V1.0 (December 9, 2014): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing specially crafted JPEG content. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system. The information disclosure vulnerability by itself does not allow arbitrary code execution. However, an attacker could use this information disclosure vulnerability in conjunction with another v…
-
MS14-066 - Critical: Vulnerability in Schannel Could Allow Remote Code Execution (2992611)...
by Guest Microsoft Security- 0 replies
- 52 views
Severity Rating: Critical Revision Note: V3.0 (December 9, 2014): Bulletin revised to announce the reoffering of the 2992611 update to systems running Windows Vista and Windows Server 2008. The reoffering addresses an issue in the original release. Customers running Windows Vista or Windows Server 2008 who installed the 2992611 update prior to the December 9 reoffering should reapply the update. See Microsoft Knowledge Base Article 2992611 for more information. Summary: This security update resolves a privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability could allow remote code execution if an attacke…
-
MS14-068 - Critical: Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)...
by Guest Microsoft Security- 0 replies
- 58 views
Severity Rating: Critical Revision Note: V1.0 (November 18, 2014): Bulletin published Summary: This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local acc…
-
MS14-071 - Important: Vulnerability in Windows Audio Service Could Allow Elevation of...
by Guest Microsoft Security- 0 replies
- 44 views
Severity Rating: Important Revision Note: V1.0 (November 11, 2014): Bulletin published Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an application uses the Microsoft Windows Audio service. The vulnerability by itself does not allow arbitrary code to be run. The vulnerability would have to be used in conjunction with another vulnerability that allowed remote code execution. Continue reading...
-
MS14-067 - Critical: Vulnerability in XML Core Services Could Allow Remote Code Execution...
by Guest Microsoft Security- 0 replies
- 50 views
Severity Rating: Critical Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a logged-on user visits a specially crafted website that is designed to invoke Microsoft XML Core Services (MSXML) through Internet Explorer. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger request that takes users to the attacker's webs…
-
MS14-064 - Critical: Vulnerabilities in Windows OLE Could Allow Remote Code Execution...
by Guest Microsoft Security- 0 replies
- 60 views
Severity Rating: Critical Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows Object Linking and Embedding (OLE). The vulnerabilities could allow remote code execution if a user opens a Microsoft Office file that contains a specially crafted OLE object. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers who…
-
Security Advisory 3010060 released
by Guest MSRC Team- 0 replies
- 57 views
Today, we released Security Advisory 3010060 to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file. As part of this Security Advisory, we have included an easy, one-click Fix it solution to address the known cyberattack. Please review the "Suggested Actions" section of the Security Advisory for additional guidance. Applying the Fix it does not require a reboot. We suggest customers apply this Fix it to help protect their sy…
-
October 2014 Updates
by Guest MSRC Team- 0 replies
- 42 views
Today, as part of Update Tuesday, we released eight security updates – three rated Critical and five rated Important - to address 24 Common Vulnerabilities & Exposures (CVEs) in Windows, Office, .NET Framework, .ASP.NET, and Internet Explorer (IE). We encourage you to apply all of these updates, but for those who need to prioritize deployment planning, we recommend focusing on the Critical updates first. Here’s an overview slide and video of the security updates released today: For more information about this month’s security updates, including the detailed view of the Exploit Index (XI) broken down by each CVE, visit the Microsoft Bulletin…
-
Advance Notification Service for the October 2014 Security Bulletin Release
by Guest MSRC Team- 0 replies
- 44 views
Today, we provide advance notification for the release of nine Security Bulletins. Three of these updates are rated Critical, five are rated as Important, and one is rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, .NET Framework, and ASP.NET. As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, October 14, 2014, at approximately 10 a.m. PDT. Revisit this blog then for analysis of the relative impact, as well as deployment guidance, together with a brief video overview of the month’s updates. Until then, please review the ANS summary page for more information to help …
-
September 2014 Security Bulletin Release Webcast and Q&A
by Guest Dustin C. Childs- 0 replies
- 53 views
Today we’re publishing the September 2014 Security Bulletin Webcast Questions & Answers page. We fielded four questions on various topics during the webcast, with specific bulletin questions focusing primarily on Internet Explorer (MS14-052) and a question about the Windows Update client. We invite you to join us for the next scheduled webcast on Wednesday, October 8, 2014, at 11 a.m. PDT (UTC -7), when we will go into detail about the October bulletin release and answer your bulletin deployment questions live on the air. Thanks, Dustin Childs Group Manager, Response Communications Microsoft Trustworthy Computing Continue reading...
-
The September 2014 Security Updates
by Guest Dustin C. Childs- 0 replies
- 59 views
Today, as a part of our regular Update Tuesday process, we released four security bulletins – one rated Critical and three rated Important in severity – to address 42 Common Vulnerabilities & Exposures (CVEs) in Microsoft Windows, Internet Explorer, .NET Framework, and Lync Server. We encourage you to apply all of these updates, but for those who need to prioritize, we recommend focusing on the Critical update first. Below is a graphical overview of this release and a brief video summarizing the updates released today: The top deployment priority for our customers this month is the update for Internet Explorer, which addresses 37 CVEs. In case you missed i…
-
MS14-073 - Important: Vulnerability in Microsoft SharePoint Foundation Could Allow...
by Guest Microsoft Security- 0 replies
- 44 views
Severity Rating: Important Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could run arbitrary script in the context of the user on the current SharePoint site. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit these vulnerabilities and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These webs…
-
MS14-074 - Important: Vulnerability in Remote Desktop Protocol Could Allow Security Feature...
by Guest Microsoft Security- 0 replies
- 50 views
Severity Rating: Important Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass when Remote Desktop Protocol (RDP) fails to properly log audit events. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. Continue reading...
-
MS14-072 - Important: Vulnerability in .NET Framework Could Allow Elevation of Privilege...
by Guest Microsoft Security- 0 replies
- 55 views
Severity Rating: Important Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow elevation of privilege if an attacker sends specially crafted data to an affected workstation or server that uses .NET Remoting. .NET Remoting is not widely used by applications; only custom applications that have been specifically designed to use .NET Remoting would expose a system to the vulnerability. Continue reading...
-
MS14-069 - Important: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution...
by Guest Microsoft Security- 0 replies
- 52 views
Severity Rating: Important Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves three privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected edition of Microsoft Office 2007. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Continue reading...
-
MS14-070 - Important: Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)...
by Guest Microsoft Security- 0 replies
- 55 views
Severity Rating: Important Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves a publically reported vulnerability in TCP/IP that occurs during input/output control (IOCTL) processing. This vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process. If this process runs with administrator privileges, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Continue reading...
-
Space epic 'Rebel Galaxy' coming to Mac later this year
by Guest Dan Thorp-Lancaster- 0 replies
- 31 views
There's some good news for space adventure fans on OS X today. Double Damage Games has just announced that its space epic Rebel Galaxy, which was initially announced for PC and Playstation 4, will be coming to Macs this year as well. If you're unfamiliar with Rebel Galaxy, here's a quick description of the game: Rebel Galaxy is an action-packed, swashbuckling space opera. You'll battle pirates, explore anomalies, befriend aliens, scavenge battle wreckage, mine asteroids, and discover artifacts. Choose your path as a roguish do-gooder, crafty space-trader or power-hungry privateer - or maybe a little of each! Buy larger and more powerful craft with your hard-ear…
-
How to get good audio while shooting video on your iPhone
by Guest Serenity Caldwell- 0 replies
- 30 views
It's easy to take and edit quick videos on the iPhone, but getting great audio isn't always as simple as pointing and shooting. The iPhone microphone isn't too shabby at close distances, but when you're trying to film in a crowded room, it's not quite enough. Here are a few of my favorite ways to avoid tinny or terrible sound when shooting iPhone video. Get closer to your subject when in a noisy environment One of the biggest audio mistakes beginning videographers make is trying to film someone speaking from across a room when there's no way to clearly hear their audio. Background noise, room echoes, and outdoor sounds can all contribute to poor quality here. Inst…
-
Get free calls, text, and data while slashing your phone bill by $1000s [sponsored]
by Guest FreedomPop- 0 replies
- 27 views
You can save thousands of bucks every year on your mobile phone bill by switching to FreedomPop. Learn more about how it's possible to get 100% free talk, text and 4G LTE data every month here. FreedomPop is offering over 65% off the certified pre-owned HTC Evo 4G LTE (here is the Android Central review of the HTC Evo 4G LTE), which works out to just $99.99, plus free shipping. Other top-notch handsets from Samsung, HTC, and LG are also discounted and offer the same access to free talk, text, and data services from FreedomPop. The icing on the cake is an unlimited talk and text trial for your first month. Continue reading...
-
This is reportedly the Apple Watch Companion app
by Guest John Callaham- 0 replies
- 44 views
When the Apple Watch ships this spring it'll come with an app currently called the Apple Watch Companion. The Apple Watch Companion will let you manage the Apple Watch's Home screen layout (similar to how iTunes on the desktop can manage the iPhone's Home screen layout) and change various settings. Initially made public by some code found in iOS 8.2 beta 4, some apparent screenshots of the app have now also been published, providing additional information. According to 9to5Mac, highlights include: A new clock face feature called Monogram has been added as a complication (a background detail you can choose to enable or disable). Like a real monogram, this feature will …