January 2014

January 2014 Security Bulletin Webcast Q&A

Hosts:             William Peteroy, Security Program Manager
                        Dustin Childs, Group Manager, Response Communications

Website:         TechNet/Security
Chat Topic:     January 2014 Security Bulletin Release
Date:              
Wednesday, January 15, 2014

Q: Is the document preview feature in the Outlook preview pane affected by the Word issue from MS14-001?
A:
The preview pane uses different technologies for document rendering and is not affected by the issue addressed in MS14-001.

Q: Is the PDF Reader available from the Windows Store affected by the PDF issue connected to the Kernel issue?
A:
The issue addressed by MS14-002 was seen in conjunction with an issue that affected only Adobe Reader on Windows XP. An update to address that issue was released by Adobe in September, 2013.

Q: I noticed that it is the first month in a long while that there has not been an update to Internet Explorer - just curious as to why it was not updated
A:
The inflow of cases, priority, and complexity of fixes is not a predictable cycle - this release cycle did not include IE fixes; however, this should not be seen as a new trend.

Q: Have there been any issues reported with this month's patches so far?
A:
Although we do closely monitor a number of security and update-related forums, so far we have not received any reports of any quality issues with the new January bulletins. Customers who do encounter an issue with an update can check the Microsoft Answers forum for both trends, and answers to specific questions. Customers can also contact Microsoft using the different offerings found on www.support.microsoft.com.

Q: I'm still seeing people in the answers forum have issues with the revised 2862330. Can you state that issues with a security patch are a free call and what's the best phone number they should use to open a case?
A:
Microsoft makes it a priority to investigate any reports of issues with our releases. Customers who experience any problems should pursue support through their normal support channels. As mentioned in the previous QA there are multiple support avenues, additional information is available at support.microsoft.com. You can also dial 1-866-PC-SAFETY for support.

Q: Is the MS14-004 Dynamics AX update a Kernel update or an X++ code update?
A:
The issue provided by MS14-004 is a kernel rather than a X++ code update.

Q: How will the rerelease of MS13-081 be identified - deploying patches via BMC/Marimba?
A:
Microsoft cannot speak definitively to updates through third-party deployment solutions; however, the re-release of MS13-081 is a complete binary replacement for affected software. Customers deploying this re-release should note the supersedence chain to ensure appropriate sequencing of updates.

Q: Regarding Dynamics AX issue, do AX web services need to be running to exploit this issue?
A:
No, the AX web services do not need to be running to be affected by this issue.

Q: Concerning MS13-102, Vulnerability in LRPC Client Could Allow Elevation of Privilege: 1.) How do you make Windows XP an LRPC client? 2.) Is a default installation of Windows XP an LRPC client? 3.) How do you determine if Windows XP is running as an LRPC client?
A:
The LPC is a feature of Windows XP and implemented in the kernel. For more details on LPC, please refer to http://blogs.msdn.com/b/ntdebugging/archive/2007/07/26/lpc-local-procedure-calls-part-1-architecture.aspx.

Q: Apart from WSUS, another tool processes faster updates?
A:
System Center 2012 Configuration Manager can also be used to deploy updates in an efficient manner. For additional details about SCCM, please refer to the Technet library for SCCM.

Q: Is there a single source where one can determine if a security update can be uninstalled?
A:
The security bulletin is the best source to determine if an update in un-installable. There is not a consolidated source for all updates.

Q: Is the Dynamics AX Secuirty Alert for Dynamics AX R2, or also for previous versions?
A:
The updates provided by MS14-004 include all supported editions of Microsoft Dynamics AX 4.0, Microsoft Dynamics AX 2009, Microsoft Dynamics AX 2012, and Microsoft Dynamics AX 2012 R2.

Q: Is there any way to use Windows RT 8.1 to attend these webinars or do you need a traditional version of Windows?
A:
The webcast may be viewed using Live Meeting or by watching the replay once posted on http://blogs.microsoft.com/msrc.

Q: Any Microsoft Fixit's or MSRT planned to combat ransomware cryptolocker?
A:
The MMPC is constantly evaluating which malware families to add to the MSRT. See http://blogs.technet.com/b/mmpc/archive/2013/11/19/backup-the-best-defense-against-cri-locked-files.aspx for more information from the MMPC on Cryptolocker.

Q: When was the last change to MS13-081 made available?
A:
MS13-081 was re-released on January 14, 2014 to announce the reoffering of the 2862330 update to systems running Windows 7 or Windows Server 2008 R2.

Q: Regarding the move to the technet library - Do you know if the ones that have subscribe to Technet Notifications would we have to make any changes?
A:
This depends on how you are currently notified. The Security Notifications page at http://technet.microsoft.com/en-us/security/dd252948.aspx shows different methods of notification. The answer depends on how they are subscribing to the notifications.

Email – no change

The Exact Target system is an email based notification, and I don’t envision a change in this area as long as MSRC continues funding for Exact Target.

RSS – new URL

This will change to a new location.

Old locations to bulletin RSS feeds:
     http://technet.microsoft.com/en-us/security/rss/bulletin
     http://technet.microsoft.com/en-us/security/rss/comprehensive
     http://technet.microsoft.com/en-us/security/rss/advisory

Not changing:

http://blogs.technet.com/b/msrc/rss.aspx This won’t change as it’s based on the TechNet blog platform.