Wednesday, May 15, 2013

New SkyDrive Photo Timeline And More!


SkyDrive
SkyDrive was already a great application.  Recent additional improvements have made it even better.

The major change that was recently added is Photo Timeline.  Like me, you may have your photos saved in descriptive folders.  However, unless you look at the picture properties, it wasn't easy to locate pictures by date.  Problem solved with the new Sky Drive Photo Timeline!

Viewing the pictures I have saved to SkyDrive, I was surprised to discover that I have pictures from ten (and more) years ago saved.  The example below is of a close friend's cats.  Sadly, they have since crossed Rainbow Bridge but aren't forgotten and my friend now has two other cats.



Additional SkyDrive Improvements 

Photo Timeline isn't the only change to SkyDrive.  According to internal Microsoft tests, changes to both the Desktop SkyDrive app and the server code have resulted in an improvement in upload times for photos by two or three-fold!

Another nice addition is thumbnail view for your Word documents and PowerPoint presentations.  To change to thumbnail view, just click on the icon in the upper right corner.



Finally, full resolution uploads of photos and videos wherever Windows Phone 8 is now available.

See more details and image examples in the SkyDrive blog article linked below.


~   ~   ~   ~   ~   ~

As a SkyDrive Insider, I am excited to share information about SkyDrive.  If you have a question about this post, please leave a comment and I'll do my best to assist.

Learn more about the SkyDrive Insiders program here.

References



Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, May 14, 2013

Microsoft Security Updates for May 2013


Microsoft released ten (10) bulletins.  Two bulletins are identified as Critical with eight bulletins rated Important.

The bulletins address 33 vulnerabilities in Internet Explorer, Microsoft Windows, Microsoft Office, Server and Tools, and .NET Framework.

MS13-038 addresses the issues in Security Advisory 2847140.

Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.

Bulletin NumberBulletin TitleBulletin KB
MS13-037Cumulative Security Update for Internet Explorer 2829530
MS13-038Security Update for Internet Explorer 2847204
MS13-039Vulnerability in Microsoft Windows 2829254
MS13-040Vulnerabilities in .NET Framework* 2836440
MS13-041Vulnerability in Microsoft Lync 2834695
MS13-042Vulnerabilities in Microsoft Office 2830397
MS13-043Vulnerability in Microsoft Office 2830399
MS13-044Vulnerability in Microsoft Office 2834692
MS13-045Vulnerability in Microsoft Windows 2813707
MS13-046Vulnerabilities in Microsoft Windows 2840221

*If you have had problems with .NET Framework updates in the past, it is advised that you install MS13-040 separately including a shutdown/restart.

Support

The following additional information is provided in the Security Bulletin:

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Adobe Flash Player Security Update

Adobe Flashplayer

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
With today's Windows Update, Internet Explorer 10 in Windows 8 and Windows RT is also updated.

Update Information

The newest versions are as follows:
Windows and Macintosh:  11.7.700.202
Linux: 11.2.202.285
Adobe AIR 3.7.0.1860

Release date: May 14, 2013
Vulnerability identifier: APSB13-14
Priority: See table below
CVE number: CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335
Platform: All platforms

Flash Player Update Instructions

Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install Google Drive.

It is recommended that you either use the auto-update mechanism within the product when prompted, or my preference, the direct download links.

Notes:
  • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
  • Uncheck any toolbar offered with Adobe products if not wanted.
  • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
  • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.   

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

References







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Adobe Reader and Acrobat Critical Security Update

Adobe
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.02) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.4 and earlier 9.x versions for Linux.  These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.



Because the vulnerabilities are being exploited in the wild in targeted attacks, it is recommended that users of Adobe Reader and Acrobat apply the update as soon as possible.  These updates address critical vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

Release date: May 14, 2013
Vulnerability identifier: APSB13-15
Priority: See Table Below
CVE number: CVE-2013-2549, CVE-2013-2550, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-2737, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3342
Platform: All

Update or Complete Download

Update checks can be manually activated by choosing Help > Check for Updates.
    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    Enable "Protected View"

    Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

    To enable this setting, do the following:
    • Click Edit > Preferences > Security (Enhanced) menu. 
    • Change the "Off" setting to "All Files".
    • Ensure the "Enable Enhanced Security" box is checked. 

    Adobe Protected View
    Image via Sophos Naked Security Blog
    If you are looking for a replacement for Adobe Reader, consider Replacing Adobe Reader with Sumatra PDF.

    References




    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Mozilla Firefox 21.0 Released



    Mozilla sent Firefox Version 21.0 to the release channel. The current update information does not indicate that security updates are included.  

    Update:  The security updates were posted after this was published.  The update includes eight (8) security updates, in which three are critical, four high and one moderate.  The security updates are listed below.  

    Fixed in Firefox 21

    MFSA 2013-48 Memory corruption found using Address Sanitizer
    MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
    MFSA 2013-46 Use-after-free with video and onresize event
    MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries
    MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
    MFSA 2013-43 File input control has access to full path
    MFSA 2013-42 Privileged access for content level constructor
    MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)

    What’s New

    • NEW -- The Social API now supports multiple providers
    • NEW -- Enhanced three-state UI for Do Not Track (DNT)
    • NEW -- Firefox will suggest how to improve your application startup time if needed
    • NEW -- Preliminary implementation of Firefox Health Report
    • CHANGED -- Ability to restore removed thumbnails on New Tab Page
    • CHANGED -- CSS -moz-user-select:none selection changed to improve compatibility with -webkit-user-select:none (bug 816298)
    • CHANGED -- Graphics related performance improvements (bug 809821)
    • CHANGED -- Removed E4X support from Spidermonkey
    • FIXED -- Some function keys may not work when pressed (833719)
    • FIXED -- Browsing and Download history clearing needs unification to avoid confusion on clearing download history (847627

    Known Issues

    • Unresolved-- If you try to start Firefox using a locked profile, it will crash (see 573369)
    • Unresolved-- Download statusbar add-on continues downloading files from Normal Browsing, when switching to Private Browsing (see 853463)

    Update

    To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

    If you do not use the English language version, Fully Localized Versions are available for download.

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Thursday, May 09, 2013

    Security Bulletin Advance Notice for May 2013

    Security Bulletin
    On Tuesday, May 14, 2013, Microsoft is planning to release ten (10) bulletins.  Two bulletins are identified as Critical with eight bulletins rated Important.

    The critical bulletins will address vulnerabilities in Microsoft Windows and Internet Explorer. The bulletins rated Important and will address issues in Microsoft Windows, Microsoft Office, Server and Tools, and .NET Framework. 

    Microsoft is also working to have the Internet Explorer Security Update address the issue for Internet Explorer 8 as described in Security Advisory 2847140.  This anticipated update will supplement the Fix it solution as detailed yesterday here:  Microsoft FixIt for Security Advisory 2847140.

    As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

    References



    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...



    Wednesday, May 08, 2013

    Microsoft FixIt for Security Advisory 2847140

    Security Advisory
    Microsoft released a Microsoft Fix it solution for Security Advisory 2847140, which relates to a vulnerability for IE8.

    Although it is anticipated that there will be an update included with next week's security updates, anyone with IE8 installed is advised to install the Fix it solution.  The Fix it uses the Windows application compatibility toolkit to make a small change at runtime to mshtml.dll every time IE is loaded. 

    Below are the links to both apply and uninstall the Fix it solution: 
     
    Apply Fix itUninstall Fix it

    Another option is to install the Enhanced Mitigation Experience Toolkit (EMET), described in the "workarounds" section of the Tech Net Advisory.

    If you have Windows Vista or Windows 7 installed, you should have updated to IE9 or IE10.  In the event you haven't, it is strongly advised that you update!

    References:



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...