Security Garden

Thursday, October 23, 2014

App Launcher Added to Outlook

Tweet This

In another step to create consistency between Microsoft products, Outlook.com now includes the App Launcher that is part of Office 365.  One click on the App Launcher opens the view shown below.  Merely click the destination and it launches!

The App Launcher makes it easy to toggle between your calendar, OneDrive and the Office Online applications.  If you are using the free Outlook.com email service (@outlook.com, @hotmail.com, @live.com, or @msn.com), see how easy it is to use. 

App Launcher

If you click the App Launcher and change your mind about leaving the service you are currently, merely click in another spot on the page or click the Launcher again to close it.

Read the complete announcement at the Office Blog, Toggle between Outlook.com, OneDrive and Office Online with the new app launcher.



Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, October 21, 2014

Microsoft Security Advisory 3010060 with Fixit Solution

Tweet This

Security Advisory
Microsoft released Security Advisory 3010060 which relates to a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003.

The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. Microsoft is aware of limited, targeted attacks. 

Recommendations

Microsoft has made available a Fix it solution "OLE packager shim workaround" which prevents execution of the vulnerability.  Below are direct links to both enable and disable the Fix it solution.



NoteThe Fix it solution is not at this time for 64-bit editions of PowerPoint on x64-based editions of Windows 8 and Windows 8.1. 
 
Enable Fix itDisable Fix it


Another option is to install the Enhanced Mitigation Experience Toolkit (EMET), described in the "workarounds" section of the Tech Net Advisory.

References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, October 15, 2014

Pale Moon 25.0.1 Released with Critical Security Update

Tweet This

Pale Moon
Pale Moon has released version 25.0.1 to address an important Jetpack extension compatibility issue. 

The update also includes a number of security fixes.

Security fixes:

  • Fix for VP9 decoder vulnerability
  • Fix for direct access to raw connection sockets in http 
  • Fix for unsafe conversion to JSON of data through the alarm dom element 
  • Update of NSS to 3.16.2.2-RTM 
    Other Changes
    • Update of the add-on SDK to add missing "PaleMoon" engine entries to lists in some modules. This should fix extension compatibility issues for things like Self-destructing cookies, Privacybadger and other Jetpack add-ons that should otherwise already work with the new GUID.
    • About box release notes link corrected

    Minimum system Requirements (Windows):
    • Windows Vista/Windows 7/Windows 8/Server 2008 or later
    • A processor with SSE2 support
    • 256 MB of free RAM (512 MB or more recommended)
    • At least 150 MB of free (uncompressed) disk space
    Pale Moon includes both 32- and 64-bit versions:

    Update

    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.


    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...