Tuesday, May 14, 2024

Microsoft May 2024 Security Updates

 

The Microsoft May 2024 security updates have been released and consist of 57 new patches to Microsoft products. In addition, 4 third-party CVEs are documented, bringing the total number of CVEs reported to 63.


Of the Microsoft CVEs released, 1 is rated critical,57 rated important and 1 is rated moderate in security. At the time of release, one of the CVEs is listed as being publicly known and under active attack.

The security updates apply to the following products, features and roles: Windows and Windows Components; Office and Office Components; .NET Framework and Visual Studio; Microsoft Dynamics 365; Power BI; DHCP Server; Microsoft Edge (Chromium-based); and Windows Mobile Broadband.

See the list of KBs at the bottom of the page at May 2024 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. For specific information on Windows 11, versions 23H2 and 22H2, see KB5037771.  For Windows 10, Version 22H2 see KB5037778.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The May 2024 Security Update Review.

Additional Update Notes:


 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by No comments:
Labels: , , ,

Adobe Acrobat/Reader Update with Security Updates

 

Adobe
Adobe is releasing an update with new features for Acrobat and security updates for Acrobat and Reader. 

The security updates provide mitigations for vulnerabilities described in the corresponding security bulletins for Reader and Acrobat.


Update or Complete Download

Adobe Acrobat and Reader were updated to version 24.002.20759 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Release Notes

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by No comments:
Labels: , , , ,

Mozilla Firefox Version 126.0 Released with Security Updates

 Mozilla sent Firefox Version 126.0 to the Release Channel. ESR was updated to Version 115.11.0.

The update includes sixteen security updates of which two (2) are rated high, nine (9) are rated moderate, and five (5) are rated low.

High

#CVE-2024-4764: Use-after-free when audio input connected with multiple consumers

#CVE-2024-4367: Arbitrary JavaScript execution in PDF.js


Moderate

#CVE-2024-4765: Web application manifests could have been overwritten via hash collision

#CVE-2024-4766: Fullscreen notification could have been obscured on Firefox for Android

#CVE-2024-4767: IndexedDB files retained in private browsing mode

#CVE-2024-4768: Potential permissions request bypass via clickjacking

#CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types

#CVE-2024-4770: Use-after-free could occur when printing to PDF

#CVE-2024-4771: Failed allocation could lead to use-after-free

#CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11

#CVE-2024-4778: Memory safety bugs fixed in Firefox 126


Low

#CVE-2024-4772: Use of insecure rand() function to generate nonce

#CVE-2024-4773: URL bar could be cleared after network error

#CVE-2024-4774: Undefined behavior in ShmemCharMapHashEntry()

#CVE-2024-4775: Invalid memory access in the built-in profiler

#CVE-2024-4776: Window may remain disabled after file dialog is shown in full-screen


New
  • The Copy Without Site Tracking option can now remove parameters from nested URLs. It also includes expanded support for blocking over 300 tracking parameters from copied links, including those from major shopping websites. Keep those trackers away when sharing links!
  • Catalan is now available in Firefox Translations.
  • Enabled AV1 hardware decode acceleration on macOS for M3 Macs.
  • Telemetry was added to create an aggregate count of searches by category to broadly inform search feature development. These categories are based on 20 high-level content types, such as "sports,” "business," and "travel". This data will not be associated with specific users and will be collected using OHTTP to remove IP addresses as potentially identifying metadata. No profiling will be performed, and no data will be shared with third parties.  (read more)
Changed
  • The URL Paste Suggestion feature added in Fx125 was temporarily disabled while the team investigates a potential performance issue. The feature will be re-enabled in a future release once the performance issue is addressed.
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by No comments:
Labels: ,
Subscribe to: Posts (Atom)