Tuesday, December 24, 2013

Merry Christmas -- Khristos Razhdayetsya


We celebrate Christmas Eve following Ukrainian traditions.
In what ever traditions you and your family celebrate,
I extend warmest wishes to each of you and your family.

Merry Christmas!


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, December 10, 2013

Microsoft Security Updates for December 2013


Microsoft released eleven (11) bulletins.  Five of the bulletins are identified as Critical with the remaining six bulletins rated Important.

The security updates address twenty-four (24) unique CVEs in Microsoft Windows, Internet Explorer, Office and Exchange.

Critical:
  • MS13-096 -- Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution (2908005) 
  • MS13-097 -- Cumulative Security Update for Internet Explorer (2898785) 
  • MS13-098 -- Vulnerability in Windows Could Allow Remote Code Execution (2893294)
  • MS13-099 -- Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)
  • MS13-105 -- Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)
     
Important: 
  • MS13-100 -- Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244)
  • MS13-101 -- Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430) 
  • MS13-102 -- Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715) 
  • MS13-103 -- Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)
  • MS13-104 -- Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)
  • MS13-106 -- Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass
    (2905238) 

December Security Advisories

MSRT

Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Support

Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.


The following additional information is provided in the Security Bulletin:

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Adobe Flash Player, AIR and Shockwave Player Security Updates

Adobe Flashplayer

Adobe has released bug and security updates for Adobe Flash Player, Adobe AIR and Shockwave Player for Windows, Macintosh and Linux. 
With today's Windows Update, Internet Explorer 10 and 11 in Windows 8 and Windows 8.1 are also updated.  Windows RT must obtain the update from Windows Update.  Google Chrome will be automatically updated.


Release date: December 10, 2013
Vulnerability identifier: APSB13-28
CVE number: CVE-2013-5331, CVE-2013-5332
Platform: All Platforms

Update Information

The newest versions are as follows:
Windows and Macintosh:  11.9.900.170
Linux: 11.2.202.332

Adobe AIR:  3.9.0.1380

Flash Player Update Instructions

Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras.

It is recommended that you either use the auto-update mechanism within the product when prompted, or my preference, the direct download links.

Notes:
  • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
  • Uncheck any toolbar offered with Adobe products if not wanted.
  • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
  • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.   

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

Adobe Shockwave Player

Shockwave Player
Adobe has released a security update for Adobe Shockwave Player 12.0.2.122 and earlier versions on the Windows and Macintosh operating systems.

This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.

Although I have yet to need Shockwave Player on this computer, there are still many people who use it.  If you have Shockwave Player installed, please update to the latest version.


Release date:  December 10, 2013
Vulnerability identifier: APSB13-29

CVE number: CVE-2013-5333, CVE-2013-5334
Platform: Windows and Macintosh

The newest version 12.0.7.148 is available here: http://get.adobe.com/shockwave/.  As usual, watch for any pre-checked add-ons not needed for the update.

References







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Mozilla Firefox Version 26.0 Released



Firefox

Mozilla sent Firefox Version 26.0 to the release channel.  At the time of this posting, no security fixes for this version have been listed in the Security Advisories page.  However, the default for Java plug-ins to "click to play" is a welcome change as is script-generated password fields.

Update:  The security updates have now been posted.  Version 26.0 includes five (5) critical, three (3) high, three (3) moderate, and three (3) low security updates.

Fixed in Firefox 26

  • MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
  • MFSA 2013-116 JPEG information leak
  • MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
  • MFSA 2013-114 Use-after-free in synthetic mouse movement
  • MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
  • MFSA 2013-112 Linux clipboard information disclosure though selection paste
  • MFSA 2013-111 Segmentation violation when replacing ordered list elements
  • MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
  • MFSA 2013-109 Use-after-free during Table Editing
  • MFSA 2013-108 Use-after-free in event listeners
  • MFSA 2013-107 Sandbox restrictions not applied to nested object elements
  • MFSA 2013-106 Character encoding cross-origin XSS attack
  • MFSA 2013-105 Application Installation doorhanger persists on navigation
  • MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)

What’s New

  • NEW -- All Java plug-ins are defaulted to 'click to play'
  • NEW -- Password manager now supports script-generated password fields
  • NEW -- Updates can now be performed by Windows users without write permissions to Firefox install directory (requires Mozilla Maintenance Service)
  • NEW -- Support for H.264 on Linux if the appropriate gstreamer plug-ins are installed
  • CHANGED -- Support for MP3 decoding on Windows XP, completing MP3 support across Windows OS versions
  • CHANGED -- CSP implementation now supports multiple policies, including the case of both an enforced and Report-Only policy, per the spec


Known Issues

  • Unresolved -- Moving Firefox to background while playing a flash video in full screen mode and bring it back to view will freeze the app (see 809055)

Update

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

If you do not use the English language version, Fully Localized Versions are available for download.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Friday, December 06, 2013

Security Bulletin Advance Notice for December 2013

Security Bulletin
On Tuesday, December 10, 2013, Microsoft is planning to release eleven (11) bulletins.  Five of the bulletins are identified as Critical with the remaining six bulletins rated Important.

The Critical updates address vulnerabilities in Internet Explorer, Windows, Microsoft Exchange and GDI+. The Important updates will be directed to issues in Microsoft Office, Microsoft Server Software, Microsoft Windows and Microsoft Developer Tools.

The Critical update for GDI+ fully addresses the publicly disclosed issue described in Security Advisory 2896666. Microsoft is still working to develop a security update for Security Advisory 2914486 and will release it when ready.

Reminder

Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Risk of Running Windows XP After Support Ends April 2014.

As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Friday, November 29, 2013

Malwarebytes Pro Limited Time Special Price


Malwarebytes

If you have not yet upgraded to Malwarebytes Anti-Malware Pro or need a special gift for a friend, now is the time to act.  Malwarebytes is having a limited-time sale that is just too good to pass up.

Today through December 2, 2013, a lifetime license of Malwarebytes Anti-Malware Pro is only $14.95 USD for a lifetime license!  That is a 40 percent discount off the regular price of $24.95, which is already a bargain for a lifetime license.

Reminder:  Malwarebytes is an anti-malware software program so you still need an antivirus software. 

Malwarebytes Anti-Malware PRO Features

  • Detects, blocks and quarantines spyware, adware and other threats in true real time
  • Protection from malicious links, harmful websites and malware servers
  • Kills browser hijackers, removes rootkits, prevents botnet attacks
  • On-demand & automatic malware scanning
  • Updates automatically for optimal protection
  • FREE unlimited customer support via email
  • Support for XP Service Pack 2, Vista, Windows 7, and Windows 8 (32-bit and 64-bit)
  • Compatible with leading Antivirus software


 
Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Wednesday, November 27, 2013

Happy Thanksgiving


http://morellconsolidated.files.wordpress.com/2011/10/happythanksgiving1.jpg

Warmest wishes to family and friends for a Happy Thanksgiving!

If you are planning on shopping online to take advantage of the Black Friday and Cyber Monday sales, be sure to shop safely.  

The Safety Tips for Online Shopping written a couple of years ago are still applicable.  Be sure to check the "Tips" section for money-saving tips that may result in additional savings when you shop online.
 
Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Friday, November 15, 2013

Mozilla Firefox Version 25.0.1 Released



Firefox

Mozilla sent Firefox Version 25.0.1 to the release channel.  Although the Release Notes indicate that the update includes security fixes, the Security Advisories page has yet to be updated.

What’s New

  • FIXED -- 25.0.1: New security fixes can be found here
  • FIXED -- 25.0.1: Pages sometimes wouldn't load without first moving the cursor
The changes made in Version 25.0 can be found here:  Mozilla Firefox 25.0 Released.

Update

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

If you do not use the English language version, Fully Localized Versions are available for download.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, November 12, 2013

Adobe Flash Player and AIR Security Update

Adobe Flashplayer

Adobe has released bug and security updates for Adobe Flash Player for Windows, Macintosh and Linux. 
With today's Windows Update, Internet Explorer 10 and 11 in Windows 8 and Windows 8.1 are also updated.  Windows RT must obtain the update from Windows Update.  Google Chrome will be automatically updated.


Release date: November 12, 2013
Vulnerability identifier: APSB13-26
CVE number: CVE-2013-5329, CVE-2013-5330
Platform: All Platforms

Update Information

The newest versions are as follows:
Windows and Macintosh:  11.9.900.152
Linux: 11.2.202.327

Adobe AIR:  3.9.0.1210

Flash Player Update Instructions

Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install Google Drive.

It is recommended that you either use the auto-update mechanism within the product when prompted, or my preference, the direct download links.

Notes:
  • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
  • Uncheck any toolbar offered with Adobe products if not wanted.
  • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
  • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.   

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

References







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Microsoft Security Updates for November 2013


Microsoft released eight (8) bulletins.  Three of the bulletins are identified as Critical with the remaining five bulletins rated Important.

The updates address vulnerabilities in Internet Explorer and Microsoft Windows.  Please refer to the MSRC Blog post, Authenticity and the November 2013 Security Updates, for additional information about the updates, including the update to EMET and a new policy for CA's (Certificate Authorities).

The update in MS13-090 addresses CVE-2013-3918 which affects an Internet Explorer ActiveX Control which was publicly disclosed.

Critical:
  • MS13-088 -- Cumulative Security Update for Internet Explorer (2888505) 
  • MS13-089 -- Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)  
  • MS13-090 -- Cumulative Security Update of ActiveX Kill Bits (2900986) 
Important: 
  • MS13-091 -- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
  • MS13-092 -- Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986) 
  • MS13-094 -- Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514) 
  • MS13-095 -- Vulnerability in Digital Signatures Could Allow Denial of Service (2868626) 

MSRT

Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Two families targeted by the Malicious Software Removal Tool (MSRT) this month are Win32/Napolar and the bitcoin mining family Win32/Deminnix.

Support

Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.


The following additional information is provided in the Security Bulletin:

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Sunday, November 10, 2013

Lest We Forget

Whether you call it Veteran's Day, Armistice Day or Remembrance Day, November 11th is a time to put aside politics and pay tribute to all who died for their country.  It is also a perfect time to thank the Veterans in whatever country you live in. 

As in previous years, I am republishing my friend Canuk's last tribute and adding special thanks to my friends "Phantom Phixer" and "Ghost". The comment he posted provides one example of why he was a special person:
"I too "will remember your friends who never had a full life", while thanking you and your comrades who have served with pride, honesty and honour.

Despite anyone's thoughts of the current conflict in Iraq - opposition or agreement, we must always remember that these brave young men and women are fighting for a cause they also may or may not agree with. The huge difference between them and us is that they are putting their lives on the line 24/7 while we sit in our homes in comfort, using the freedom of speech previous warriors won for us, and for that they deserve our love, respect, and support."
LEST WE FORGET




We Shall Keep the Faith by Moira Michael, November 1918
Oh! you who sleep in Flanders Fields, Sleep sweet - to rise anew! We caught the torch you threw And holding high, we keep the Faith With All who died. We cherish, too, the poppy red That grows on fields where valor led; It seems to signal to the skies That blood of heroes never dies, But lends a lustre to the red Of the flower that blooms above the dead In Flanders Fields. And now the Torch and Poppy Red We wear in honor of our dead. Fear not that ye have died for naught; We'll teach the lesson that ye wrought In Flanders Fields. Flags courtesy of3DFlags.com








Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, November 08, 2013

New Microsoft Office Web App Features



OfficeThe Microsoft Office team has been busy adding new features and improvements to the Microsoft Office Web Apps.  Listed below are the changes being made to the Office Web Apps since my April 2013 article, Using Microsoft Office Web Apps

Word App
:
 
A significant improvement is the added ability to find and replace words and phrases.  You will now also be able to apply styles and formatting to tables and insert headers and footers. 
Excel Web App: 
Additions to the Excel Web App include the new ability to drag and drop cells and reorder sheets.   A quick analysis of a range of data in the status bar (including sum, count, and average of a selected range of cells) has been added.  In addition, there is support for more workbook types online. 
PowerPoint Web App:
New picture cropping functionality has been added to the PowerPoint Web App and the name of your files can now be changed not only within the editing window of the PowerPoint Web App but also across the other Office Web Apps.  
Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Thursday, November 07, 2013

Security Bulletin Advance Notice for November 2013

Security Bulletin
On Tuesday, November 12, 2013, Microsoft is planning to release eight (8) bulletins.  Three of the bulletins are identified as Critical with the remaining five bulletins rated Important.

The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows. The Important updates will be directed to issues in Windows and Office and most of the updates will require a restart.

Security Advisory 2896666

The issues in Security Advisory 2896666 will not be included in the scheduled updates.  Although Microsoft has only detected only aware of targeted attacks against Office 2007 on Windows XP, the following additional guidance was provided regarding the affected installations by Dustin Childs in the below-linked MSRC post:

"For Office:
  • Office 2003 and Office 2007 are affected regardless of the installed operating system. Currently, we are only aware of targeted attacks against Office 2007 users.
  • Office 2010 is affected only if installed on Windows XP or Windows Server 2003.  Office 2010 is not affected when installed on Windows Vista or newer systems.
  • Office 2013 is not affected, regardless of OS platform.
For Windows:
  • Supported versions of Windows Vista and Windows Server 2008 ship with the affected component but are not known to be under active attack.
  • Other versions of Windows are not directly impacted. Customers who use these systems are only impacted if they have an affected version of Office or Lync.
For Lync clients:
  • All supported versions of Lync client are affected but are not known to be under active attack."
Users of Windows Vista, Windows Server 2008, Lync or the above-described installations of Office are advised to enable the Fix it solution, available from my post here

Reminder

Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Risk of Running Windows XP After Support Ends April 2014.

As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, November 05, 2013

Microsoft Security Advisory 2896666 with Fix it

Security Advisory
Microsoft released Security Advisory 2896666 which relates to a vulnerability in the Microsoft Graphics component that affects Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync.

Microsoft is aware of targeted attacks primarily in the Middle East and South Asia that attempt to exploit this vulnerability in Microsoft Office products.  

The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images.  The vulnerability is exploited either through previewing or opening a specially crafted email message or file.  It is also exploited by browsing similarly web content.  The attacker could gain the same user rights as the current user.

Recommendations

Microsoft has made available a Fix it solution which will disable the TIFF codec. Below are the links to both enable and disable the Fix it solution. 
 
Enable Fix itDisable Fix it


Another option is to install the Enhanced Mitigation Experience Toolkit (EMET), described in the "workarounds" section of the Tech Net Advisory.

References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 29, 2013

Mozilla Firefox 25.0 Released



Firefox

Mozilla sent Firefox Version 25.0 to the release channel.  The update is a stability and feature update with five (5) critical three (3) high and two (3) moderate security updates.

Fixed in Firefox 25

  • MFSA 2013-102 Use-after-free in HTML document templates
  • MFSA 2013-101 Memory corruption in workers
  • MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
  • MFSA 2013-99 Security bypass of PDF.js checks using iframes
  • MFSA 2013-98 Use-after-free when updating offline cache
  • MFSA 2013-97 Writing to cycle collected object during image decoding
  • MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
  • MFSA 2013-95 Access violation with XSLT and uninitialized data
  • MFSA 2013-94 Spoofing addressbar though SELECT element
  • MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)

One "new" feature that I do not like is that the "find bar" is no longer shared between tabs.  As a result, if searching for text on multiple tabs, it is necessary to open it on each tab.  As a result, it is necessary to open the find bar manually when searching multiple tabs.

The keyboard shortcut Ctrl + F opens the find bar.  Another option is to install an extension that enhances search options. There are two extensions that I am aware of that include the search all tabs function along with additional functionality:

 What’s New

  • NEW -- Web Audio support
  • NEW -- The find bar is no longer shared between tabs
  • CHANGED -- If away from Firefox for months, you now will be offered the option to migrate another browser's history and settings
  • CHANGED -- Resetting Firefox no longer clears your browsing session
  • DEVELOPER -- CSS3 background-attachment:local support to control background scrolling
  • DEVELOPER -- Many new ES6 functions implemented
  • HTML5 -- iframe document content can now be specified inline
  • FIXED -- Blank or missing page thumbnails when opening a new tab
  • FIXED -- 24.0: Security fixes can be found here

Update

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

If you do not use the English language version, Fully Localized Versions are available for download.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Saturday, October 19, 2013

WinPatrol™2013 v29.0

WinPatrol 2013

WinPatrol 29.0.2013.0 was released as a "Power to the People" update, incorporating suggestions by users of WinPatrol.

Clickable Links on Alert Screens

WinPatrol v29 has added new clickable links on the alert screens.  As shown in the image below, in addition to the usual options, the alert screen now includes the ability to immediately disable the program from startup, check properties or open the folder.  For stubborn programs that continually add re-add to startup at each update, this is particularly welcome.

WinPatrol Alert Screen

Suppress Continuous Alerts

If, like me, you want to know what changes are made to your computer when installing a new program or Microsoft Updates, you've kept the option to be alerted when changes are made.  However, when faced with multiple alerts for the same update, there is a lot of clicking involved to approve the changes.

WinPatrol 29 now includes the default option to suppress additional alerts after your first response.

WinPatrol Options

New Features to Start, IE Helper and Service Alerts

  • Added Properties information directly from Windows
  • Added Open Folder launching Windows File Explorer to allow user direct access to new file.
  • Added Exit Windows emergency exit in case new users are confused or had WinPatrol installed without their knowledge.
  • Include Disable feature to new Startup Program alert message. This tells WinPatrol to keep track of this file and always remove it anytime it is put back into the startup list.

Enhancements and Bug Fixes

  • Reduce font size for dialogs that display long path names.
  • Confirm MS Shell Dlg font is used to support international system fonts
  • Adjust fonts to provide better handling when resizing main interface
  • Change default position of alert message to upper right corner to be less obstuctive
  • Detect signature file updates without warning McAfee users every day.
  • Confirm all types of changes are checked at the same time when any single change occurs.
  • Allow suppression of multiple alerts during Real-time Infiltration Detection

WinPatrol runs on Windows XP, Windows Vista, Windows 7 and Windows 8, including x64 versions, and can be installed directly over your current WinPatrol.  There is no need to remove your previous version or reactivate WinPatrol PLUS.

Download WinPatrol 29.0.2013.0


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Wednesday, October 16, 2013

Critical Oracle Java Security Update

java


Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.

This is a Critical Patch Update that contains 51 new security fixes for Oracle Java SE.  Oracle indicated that fifty (50) of the Java SE vulnerabilities fixed in this Critical patch Update are remotely exploitable without authentication.

Additional details about the update are available in the Oracle Quality Assurance Blog post, referenced below.  If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

For those people who have desktop applications that require Java and cannot uninstall it, Java can now be disabled in Internet Explorer.  See Microsoft Fix it to Disable Java in Internet Explorer.

Java Security Recommendations

1)  In the Java Control Panel, at minimum, set the security to high.
2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

Java ControlPanel
(Image via Sophos Naked Security Blog)

3)  If you use Firefox, install NoScript and only allow Java on those sites where it is required.

Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

Download Information

Download link:  Java Version 7 Update 45

Verify your version:  http://www.java.com/en/download/testjava.jsp

Notes:
  • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.
  • Starting with Java SE 7 Update 21 in April 2013, all Java Applets and Web Start Applications should be signed with a trusted certificate.  It is not recommended to run untrusted/unsigned Certificates.  See How to protect your computer against dangerous Java Applets

Critical Patch Updates

For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
  • 14 January 2014
  • 15 April 2014
  • 15 July 2014
  • 14 October 2014

References





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, October 14, 2013

Improvement to Windows 7 SP1 Disk Cleanup


Included with Microsoft Updates on the last Patch Tuesday was KB 2852386, an optional update.  This update changes the Disk Cleanup wizard to provide the ability to delete superseded Windows updates in Windows 7 SP1, reducing the space used by the WinSxS ("Windows Side by Side") folder.

Normally, superseded Windows updates can be removed with the installation of a Service Pack.  However, since Windows 7 SP1 was released over two years ago, the size of the C:\Windows\Winsxs folder has grown significantly since SP1. 

As seen in the image copy of WinSxS Properties on my Windows 7 computer, before running Disk Cleanup, it is a very large folder at over 17 GB with over 73,000 files and 18,000 folders.

WinSxS Properties
Before Disk Cleanup

Important Notes

  1. Disk Cleanup needs to be run as Administrator.
  2. Windows Update Cleanup is checked by default under Clean up system files.  If you have had problems with Windows Updates in the past, you may not want to include the Windows Update Cleanup option when running Disk Cleanup.
  3. If you do not see the option for Windows Update Cleanup under Clean up system files, either the wizard did not detect Windows updates that are not needed on the computer or KB 285238 has not been installed yet.
  4. After running the Disk Cleanup wizard, you may not be able to roll back to a superseded update.  In that situation, it will be necessary to manually install the superseded update.
  5. The superseded update files will not be removed until the computer is restarted.  Windows will configure Windows updates on shutdown and Cleanup on startup.  Do not turn off your computer during that process. 

Results

Results will vary depending on the Microsoft programs installed on your computer.  In my case, with a lot of Microsoft programs installed and fully updated, there is a significant difference.  Comparing the before image of WinSxS Properties from my computer with the results after running Disk Cleanup:  14,684 files and 3,507 folders have been superseded since installing SP1.  Net gain:  6.9 GB!

WinSxS Properties
After Disk Cleanup


Illustrated screen images of the step-by-step process are available in the TechNet article referenced below.

References: 



Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...