Tuesday, March 14, 2023

Microsoft March 2023 Security Updates

  

The Microsoft March 2023 security updates have been released and consist of 74 new CVEs.  Of these CVEs, 6 are rated critical and 67 are rated important and one rated moderate in severity.  At the time of release, one is listed as publicly known and two as being in the wild.

The security updates apply to the following products, features, and roles:  Azure, Client Server Run-time Subsystem (CSRSS), Internet Control Message Protocol (ICMP), Microsoft Bluetooth Driver, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office Excel, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft OneDrive, Microsoft PostScript Printer Driver, Microsoft Printer Drivers, Microsoft Windows Codecs Library, Office for Android, Remote Access Service Point-to-Point Tunneling Protocol, Role: DNS Server, Role: Windows Hyper-V, Service Fabric, Visual Studio, Windows Accounts Control, Windows Bluetooth Service, Windows Central Resource Manager, Windows Cryptographic Services, Windows Defender, Windows HTTP Protocol Stack, Windows HTTP.sys, Windows Internet Key Exchange (IKE) Protocol, Windows Kernel, Windows Partition Management Driver, Windows Point-to-Point Protocol over Ethernet (PPPoE), Windows Remote Procedure Call, Windows Remote Procedure Call Runtime, Windows Resilient File System (ReFS), Windows Secure Channel, Windows SmartScreen, Windows TPM, and Windows Win32K,

See the very long list of KBs at the bottom of the page at March 2023 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. 

Important:


After March 2023, there are no more optional, non-security preview releases for the supported editions of Windows 10, version 20H2 and Windows 10, version 21H2. Only cumulative monthly security updates (known as the "B" or Update Tuesday release) will continue for these versions. Windows 10, version 22H2 will continue to receive security and optional releases.


Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The March 2023 Security Update Review.

 

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 111.0 Released with Security Updates

 FirefoxMozilla sent Firefox Version 111.0 to the release channel today.  The update includes nineteen security updates of which seven (7) are rated high and six (6) rated moderate.

Firefox ESR was updated to Version 102.9.

High

#CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android

#CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android

#CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt

#CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode

#CVE-2023-25751: Incorrect code generation during JIT compilation

#CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9

#CVE-2023-28177: Memory safety bugs fixed in Firefox 111

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.


References:



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, March 08, 2023

Adobe Acrobat and Reader Update with New Features

  

Adobe
Adobe has released an update with new features for Acrobat and Acrobat Reader for Windows and Mac with some of the features being rolled out incrementally. 

New Features

The following new features are introduced in this release. See the Release Notes to know more about the features.
  • Introducing Acrobat Reader's new experience
  • Adobe Acrobat and Acrobat Reader version changes
  • Enhanced scrolling experience
  • Improvements in auto-adjust layout while editing PDFs
  • Back button to navigate to all tools in modern viewer
  • Third-party plugins support in modern viewer
  • New crop option in the right click context menu
  • Add custom page tool renamed to design a new page
  • Page size while adding a new custom page
  • Enable recipients to invite people using @mention
  • Promote sharing of files using @mention
  • Promote sharing of files tool usage after create and convert workflows
  • Promote edit tool usage
  • Promote export tool usage while using select all and take a snapshot option
  • Promote sign tools discovery
  • Acrobat cross surface discovery
Update or Complete Download

Adobe Acrobat and Reader were updated to version 23.001.20064 for Windows and .x20063 for Mac.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References
Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...