Tuesday, December 09, 2014

Microsoft Security Bulletin Release for December, 2014


Microsoft released seven (7) bulletins.  Three (3) bulletins are identified as Critical and four (4) are rated Moderate in severity.

The updates address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange.

For those testing Windows 10 Technical Preview, please see the important information below.

Critical:
    • MS14-080 -- Cumulative Security Update for Internet Explorer (3008923)
    • MS14-081 -- Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301)
    • MS14-084 -- Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)
    Important:
    • MS14-075 -- Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)
    • MS14-082 -- Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)
    • MS14-083 -- Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
    • MS14-085 -- Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)

    The following two Security Bulletins were re-released:
    Information on non-security update information can be found in KB 894199.

    Windows 10 Technical Preview

    Updates to Windows 10 Technical Preview include three updates for 9879.  Two of the updates address security vulnerabilities and one update is for a HDD failure affecting some people.

    Microsoft Office on Windows 10 Technical Preview:
    Via https://twitter.com/GabeAul:  For those running Microsoft Office on the Windows 10 Technical Preview, the installer fails on 9879 if Office is installed.  The decision was made to publish as is rather than rolling a new fix which would result in the loss of several days in the process.  Unfortunately, the workaround is painful: uninstall Office, install the hotfix, reinstall Office.

    Before attempting the workaround to uninstall Office, try to install KB3022827 first. It will work for many, no harm if not.

    Additional Update Notes

    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  The updated version does not include new families but includes updates to several prevelant malware families.  Additional details ave available in the MMPC blog post.

    • Internet Explorer -- For additional information about the blocking of out-of-date ActiveX controls see the TechNet article, Out-of-date ActiveX control blocking.  Additional changes introduced this month include the blocking of outdated Silverlight.  Additional information is available in the IE Blog.

    • Windows 8.x -- Non-security new features and improvements for Windows 8.1. are now included with the second Tuesday of the month updates.  Additional information is available at August updates for Windows 8.1 and Windows Server 2012 R2.

    • Windows XP -- Although Microsoft has stopped providing Microsoft Security Essentials for Windows XP, definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.  The MSRT still works on Windows XP.


    The following additional information is provided in the Security Bulletin:

    References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...





      Adobe Reader and Acrobat Quarterly Security Update

      Adobe
      Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.09) and earlier versions for Windows and Macintosh.  The updates address vulnerabilities that could potentially allow an attacker to take over the affected system. 

      Release date: December 9, 2014
      Vulnerability identifier: APSB14-28
      CVE numbers: CVE-2014-9165, CVE-2014-8445, CVE-2014-9150, CVE-2014-8446, CVE-2014-8447, CVE-2014-8448, CVE-2014-8449, CVE-2014-8451, CVE-2014-8452, CVE-2014-8453, CVE-2014-8454, CVE-2014-8455, CVE-2014-8456, CVE-2014-8457, CVE-2014-8458, CVE-2014-8459, CVE-2014-8460, CVE-2014-8461, CVE-2014-9158, CVE-2014-9159
      Platform: Windows and Macintosh

      Update or Complete Download

      Update checks can be manually activated by choosing Help > Check for Updates.
        Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

        Windows XP

        If you are still using Windows XP and have Adobe Reader installed, please note that there will be no additional security updates for it.  I suggest uninstalling it and install an alternate reader.  Personally, I like Sumatra PDF.  It isn't a target and doesn't include unwanted extras with the install or updates.  (See Replacing Adobe Reader with Sumatra PDF.)  Adobe Reference:  End of support | Acrobat and Reader for Windows XP

        Enable "Protected View"

        Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

        To enable this setting, do the following:
        • Click Edit > Preferences > Security (Enhanced) menu. 
        • Change the "Off" setting to "All Files".
        • Ensure the "Enable Enhanced Security" box is checked. 

        Adobe Protected View
        Image via Sophos Naked Security Blog
        If you are looking for a replacement for Adobe Reader, consider Replacing Adobe Reader with Sumatra PDF.

        References




        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...




        Adobe Flash Player Security Update

        Adobe Flashplayer

        Adobe has released security updates for Adobe Flash Player 15.0.0.242 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.424 and earlier versions for Linux.

        These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.  Adobe is aware of reports that an exploit for CVE-2014-9163 exists in the wild. The updates to Flash Player are rated Critical. 

        Note: Users who have been updated to version 15.0.0.246 are not affected by CVE-2014-9163.

        Update Information

        Release date: December 9, 2014
        Vulnerability identifier: APSB14-27
        CVE number: CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164
        Platform: All Platforms
        • Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.235.
        • Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.259.
        • Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.425.
        • Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to the current version.

        Flash Player Update Instructions

        Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras.

        It is recommended that you either use the auto-update mechanism within the product when prompted, or my preference, the direct download links.

          Notes:
          • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
          • Uncheck any toolbar offered with Adobe products if not wanted.
          • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
          • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
          • Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.259.
          Adobe Flash Player for Android

          The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.   

          Verify Installation

          To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

          Do this for each browser installed on your computer.

          To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

          References






          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...


          Thursday, December 04, 2014

          Microsoft Security Bulletin Advance Notice for December 2014

          Security Bulletin
          On Tuesday, December 9, 2014, Microsoft is planning to release seven (7) bulletins.  Three bulletins are identified as Critical and four as Important in severity.

          These updates will address vulnerabilities in Microsoft Windows, Internet Explorer (IE), Office and Exchange.

          As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

          References




            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...









            Tuesday, December 02, 2014

            Mozilla Firefox Version 34 Released with Critical Security Updates


            Firefox
            Mozilla sent Firefox Version 34.0.5 to the release channel.  The update includes eight (8) security updates, three (3) of which are Critical, three (3) High and two (2) moderate.

            Default Search Engine Changes

            Mozilla is including major changes in default search engines in the release of version 34, reportedly "Promoting Choice and Innovation". Looking deeper, perhaps the real reason is the flat revenue from Google-Firefox search deal.

            Regardless of the reason behind the change, the default search engine in North America has been changed to Yahoo!  According to the agreement, Yahoo! will support "do not track".  Google, Bing, DuckDuckGo, eBay, Amazon, Twitter and Wikipedia continue to be built-in as alternate search options.  After updating, there was no change to Bing as my choice for search engine.

            For search engine changes in other countries, see New Search Strategy for Firefox: Promoting Choice & Innovation.

            Fixed in Firefox 34

            • 2014-90 -- Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
            • 2014-89 -- Bad casting from the BasicThebesLayer to BasicContainerLayer
            • 2014-88 -- Buffer overflow while parsing media content
            • 2014-87 -- Use-after-free during HTML5 parsing
            • 2014-86 -- CSP leaks redirect data via violation reports
            • 2014-85 -- XMLHttpRequest crashes with some input streams
            • 2014-84 -- XBL bindings accessible via improper CSS declarations
            • 2014-83 -- Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)

            What’s New

            • New -- Default search engine changed to Yahoo! for North America
            • New -- Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales
            • New -- Improved search bar (en-US only)
            • New -- Firefox Hello real-time communication client
            • New -- Easily switch themes/personas directly in the Customizing mode
            • New -- Wikipedia search now uses HTTPS for secure searching (en-US only)
            • New -- Implementation of HTTP/2 (draft14) and ALPN
            • New -- Recover from a locked Firefox process in the "Firefox is already running" dialog on Windows
            • Changed -- Disabled SSLv3
            • Changed -- Proprietary window.crypto properties/functions re-enabled (to be removed in Firefox 35)
            • Changed -- Firefox signed by Apple OS X version 2 signature
            • Fixed -- CSS transitions start correctly when started at the same time as changes to display, position, overflow, and similar properties

            Update

            To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

            If you do not use the English language version, Fully Localized Versions are available for download.

            References




            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...







            Tuesday, November 25, 2014

            Adobe Flash Player Out of Band Critical Security Update

            Adobe Flashplayer

            Adobe has released security updates for Adobe Flash Player.  The updates address a critical bug and includes security fixes, particularly improving the security mitigation that was introduced in the October 14th release of APSB14-22.

            Affected software versions


            • Adobe Flash Player 15.0.0.223 and earlier versions
            • Adobe Flash Player 13.0.0.252 and earlier 13.x versions
            • Adobe Flash Player 11.2.202.418 and earlier versions for Linux

            Update Information

            The newest versions are as follows:
            ActiveX for IE and Macintosh version:  15.0.0.239
            Plugin:  15.0.0.239
            Linux: 11.2.202.424
            Release date: November 25, 2014
            Vulnerability identifier: APSB14-26

            CVE number: CVE-2014-8439
            Platform: All Platforms

            Flash Player Update Instructions


            Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras.

            It is recommended that you either use the auto-update mechanism within the product when prompted, or my preference, the direct download links.

            Note:  At the time of this posting, the direct download links have not been updated!  The direct download links are now available.

              Notes:
              • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
              • Uncheck any toolbar offered with Adobe products if not wanted.
              • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
              • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
              • Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.252.
              Adobe Flash Player for Android

              The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.   

              Verify Installation

              To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

              Do this for each browser installed on your computer.

              To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

              References







              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...


              Thursday, November 20, 2014

              Fake Tech Support Scams

              Fake Tech Support Scam

              Although not all of the fake tech support callers misrepresent that they are calling on behalf of Microsoft, claiming to represent Microsoft or Windows is most commonly used in such calls.  Scammers also claim to represent other vendors such as Dell, McAfee and Norton.

              Two operations working out of the state of Florida have conned tens of thousands of consumers out of more than $120 million through their deceptions.  The FTC and state of Florida obtained a federal court orders to shut down those two operations for deceptively marketing computer software and tech support services. The court orders have additionally placed a temporary freeze on the defendants’ assets and have placed the businesses under the control of a court-appointed receiver.

              As welcome as the FTC action is, fake tech support scams have been harassing people since early in 2009 and this is not the end of it.  As I recommended over two years ago:
              Should you receive an unsolicited telephone all from someone purporting to be from Microsoft (or any other vendor), the best advice is to just hang up! Microsoft does not make this type telephone call.
              There are also people who try to keep these cybercriminals on the telephone in order to not only waste their time but also to keep them tied up so they are not calling someone else who may not realize the caller is a scammer.  Microsoft recently published an online form to Report a technical support scam.  By supplying as much of the information as possible requested on the form, you will be assisting both Microsoft and law enforcement agencies in stopping these cybercriminals.  

              References:


              Home
              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...


              Tuesday, November 18, 2014

              Microsoft Out-of-Band Critical Security Update


              One of the security updates that was delayed in the regular patch cycle last week has been released.

              MS14-068 is a critical update that addresses a vulnerability in Kerbeos that could allow elevation of privilege.  Microsoft is aware of limited, targeted attacks that attempt to exploit this vulnerability.

              As described in the security bulletin:
              "An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only."

              References:


              Home
              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...


              Friday, November 14, 2014

              Pale Moon Version 25.1.0 Released with Security Updaters

              Pale Moon
              Pale Moon has released version 25.1.0 to address current incompatibilities with websites.  The version includes security updates and introduces new features.

              Security fixes:
              • Fixed several memory security hazards CVE-2014-1574 and CVE-2014-1575
              • Fixed CVE-2014-1581.
              • Fixed bug 1069584: Bail if a cairo surface is in an invalid state.
              • Made sure to initialize surfaces for draw targets.
              • Fixed bug 1074280: Use AsContainerLayer() in order to avoid a bad cast.
              • Fixed several problems in the HTML parser (multiple vulnerabilities).
              • Improved security of XHR by filtering out types of requests that can potentially be abused.

              New Features and Improvements:

              • New feature: multi-line flexbox support.
                Pale Moon now supports more advanced multi-line and multi-column flex elements. This will allow websites to use these elements for easier responsive design of web pages and ordering/layout of multiple elements. This should address layout issues on several recently-updated websites (e.g. the MSN home page).
              • New feature: added support for collapsed flex element items.
                Previously, flex elements that would be "collapsed" through CSS would be hidden, but still take up their flex space.
              • Enhanced feature: Content Security Policy (CSP)
                Pale Moon now fully supports the CSP 1.0 specification allowing websites to set restrictions on content to prevent XSS (Cross-site scripting) attacks. Previously, the implementation in Pale Moon was partial, and did not support a number of features, resulting in some websites not rendering properly because Pale Moon was being too strict in enforcing the policy. This should address issues on websites enforcing CSP (e.g. the Dropbox web interface and FaceBook galleries).
              • New feature: added support for iframes with inline content.
                This added HTML5 feature makes it possible for web designers to specify the content of iframes in-line, instead of having to link to an external source. This allows for more dynamic use of iframe elements.
              • Updated the Firefox Compatibility mode version to 31.9.
                With the improvements in rendering, HTML5 support and overall feature set in this version, the Firefox Compatibility mode (as presented in the UserAgent string) has been bumped to prevent websites from complaining about "using a too old/unsupported version of Firefox" (e.g. Google websites) while offering those sites a Firefox Compatibility version that is in line with the "expected" feature set of the browser. You may still run into some websites that don't like Pale Moon's user agent and require a manual override as outlined in the FAQ.
              • Pale Moon no longer builds the so-called "media navigator" by default.
                This module provides access to the user's webcam and microphone. Although it can be used for other purposes, in practice this is only used for WebRTC and, in fact, its support (GetUserMedia) is often mistaken for actually supporting WebRTC in a browser (causing errors since Pale Moon does not support WebRTC). No longer including these features reduces input complexity and overhead for a feature not actively used. This also circumvents privacy concerns/confusion like CVE-2014-1586.
              • Improved tab handling on lightweight themes (personas) some more to enhance contrast on certain themes and to make the tab hover effect slightly more distinct.
               Additional Fixes are documented in the Release Notes.

              Minimum system Requirements (Windows):
              • Windows Vista/Windows 7/Windows 8/Server 2008 or later
              • A processor with SSE2 support
              • 256 MB of free RAM (512 MB or more recommended)
              • At least 150 MB of free (uncompressed) disk space
              Pale Moon includes both 32- and 64-bit versions:

              Update

              To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.


              Home
              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...






              Home
              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...


              Tuesday, November 11, 2014

              Microsoft Security Bulletin Release for November 2014


              Microsoft released fourteen (14) bulletins*.  Four (4) bulletins are identified as Critical, eight (8) as Important, and two (2) are rated Moderate in severity.

              The updates address 33 Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD). 

              Anyone who frequently experiences issues with .NET Framework updates should install those updates separately with a shutdown/restart between other updates.

              Critical:
              • MS14-064 -- Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
              • MS14-065 -- Cumulative Security Update for Internet Explorer (3003057)
              • MS14-066 -- Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
              • MS14-067 --Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958)

              Important:
              • MS14-069 -- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710)
              • MS14-070 -- Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)
              • MS14-071 -- Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)
              • MS14-072 -- Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)
              • MS14-073 -- Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431)
              • MS14-074 -- Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)
              • MS14-076 -- Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998)
              • MS14-077 -- Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381) 

              Moderate:
              • MS14-078 -- Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (3005210)
              • MS14-079 -- Vulnerability in Kernel Mode Driver Could Allow Denial of Service (3002885)

              *Note: MS14-068 and MS14-075 are shown as "Release date to be determined".

              Information on non-security update information can be found in KB 894199.

              Notes



              The following additional information is provided in the Security Bulletin:

              References




                Remember - "A day without laughter is a day wasted."
                May the wind sing to you and the sun rise in your heart...




                Adobe Flash Player Security Update

                Adobe Flashplayer

                Adobe has released security updates for Adobe Flash Player 15.0.0.223 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.418 and earlier versions for Linux.

                These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.  The updates to Flash Player are rated Critical.

                Internet Explorer in Windows 8x systems will be updated via Windows Update.  Windows RT must obtain the update from Windows Update.  Google Chrome will be automatically updated.

                Update Information

                Release date: November 11, 2014
                Vulnerability identifier: APSB14-24

                CVE number: CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0583, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8437, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441, CVE-2014-8442
                Platform: All Platforms

                Users of Adobe AIR 15.0.0.293 and earlier versions for Windows and Macintosh should update to the Adobe AIR 15.0.0.356.


                Flash Player Update Instructions

                Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras.

                It is recommended that you either use the auto-update mechanism within the product when prompted, or my preference, the direct download links.

                  Notes:
                  • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
                  • Uncheck any toolbar offered with Adobe products if not wanted.
                  • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
                  • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
                  • Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.252.
                  Adobe Flash Player for Android

                  The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.   

                  Verify Installation

                  To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                  Do this for each browser installed on your computer.

                  To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                  References







                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...


                  Lest We Forget

                  Whether you call it Veteran's Day, Armistice Day or Remembrance Day, November 11th is a time to put aside politics and pay tribute to all who served their country.   

                  As in previous years, I am republishing my friend Canuk's last tribute and dedicating this post to my friends "Phantom Phixer" and "Ghost".  (This year, I have scheduled this to be published at 11/11/14 11:11 AM.)
                  "I too "will remember your friends who never had a full life", while thanking you and your comrades who have served with pride, honesty and honour.
                  LEST WE FORGET




                   
                   
                  We Shall Keep the Faith by Moira Michael, November 1918
                  Oh! you who sleep in Flanders Fields, Sleep sweet - to rise anew! We caught the torch you threw And holding high, we keep the Faith With All who died. We cherish, too, the poppy red That grows on fields where valor led; It seems to signal to the skies That blood of heroes never dies, But lends a lustre to the red Of the flower that blooms above the dead In Flanders Fields. And now the Torch and Poppy Red We wear in honor of our dead. Fear not that ye have died for naught; We'll teach the lesson that ye wrought In Flanders Fields.










                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...

                  Monday, November 10, 2014

                  Updates to Internet Explorer ActiveX Blocking

                  Internet Explorer 11


                  Blocking of out-of-date ActiveX controls was added to Internet Explorer versions 9 through 11 in October.  
                  With the update being released in November (11NOV2014), Microsoft is adding additional changes to out-of-date AxtiveX control blocking. 

                  To be included will be updates to currently supported operating system and browser combinations.  This is a welcome addition for users of Windows Vista.  Another addition to ActiveX blocking will include blocking out-of-date Silverlight.

                  Note:  After January 12, 2016, only the following configurations will be supported:


                  Windows operating system Internet Explorer version
                  Windows Vista SP2 Internet Explorer 9
                  Windows Server 2008 SP2 Internet Explorer 9
                  Windows 7 SP1 Internet Explorer 11
                  Windows Server 2008 R2 SP1 Internet Explorer 11
                  Windows 8.1 Internet Explorer 11
                  Windows Server 2012 Internet Explorer 10
                  Windows Server 2012 R2 Internet Explorer 11


                  References:

                  Home
                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...


                  Another Mozilla Firefox Update, Version 33.1 Released



                  Firefox

                  Mozilla sent Firefox Version 33.1 to the release channel.  The update includes a number of new items and lists several known issues.

                  It appears that this update is to celebrate 10 years of Firefox.  It seems a rather artificial celebration since evolution of the name to Firefox was based on a trademark dispute and brand confusion.  (Yes, I started with Phoenix (2002), renamed Firebird (2003) and finally Firefox (2004).  Having become disenchanted with the "Rapid Release Program", I have changed to Pale Moon as my primary browser.)


                  What’s New

                  Known Issues

                  • unresolved -- PDF.js: With some images, wrong colors could show up. Affects a very small number of PDF
                  • unresolved -- Windows: Interface may be slow when typing or selecting text (1089183)
                  • unresolved -- Windows: On some combination of hardware and drivers, some flickering can happen

                  Update

                  To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

                  If you do not use the English language version, Fully Localized Versions are available for download.

                  References




                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...










                  Friday, November 07, 2014

                  Mozilla Firefox Released Another Update, Version 33.0.3



                  Firefox

                  Mozilla sent Firefox Version 33.0.3 to the release channel.  The update includes additional fixes for drivers and startup crashes with some hardware/driver combinations.

                  Isn't it time Mozilla took a closer look at their "Rapid Release Program"?   Three updates in 24 days, all relating to hardware and driver issues caused by the updates.

                  1.  Version 33.0 released:  October 13, 2014

                  2.  Version 33.0.1 released:  October 24, 2014
                  • 33.0.1: Firefox displays a black screen at start-up with certain graphics drivers
                  3.  Version 33.0.2 released:  October 28, 2014
                  • 33.0.2: Fix a startup crash with some combination of hardware and drivers
                  4.  Version 33.0.3 released:  November 6, 2014
                  • 33.0.3: Blacklisted graphics drivers that were causing black screens with OMTC enabled (1093863)
                  • 33.0.3 Fix two startup crashes with some combination of hardware and drivers (1064107 and 1021265)

                  Update

                  To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

                  If you do not use the English language version, Fully Localized Versions are available for download.

                  References




                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...









                  Thursday, November 06, 2014

                  Microsoft Security Bulletin Advance Notice for November 2014

                  Security Bulletin
                  On Tuesday, November 11, 2014, Microsoft is planning to release sixteen (16) bulletins.  Five bulletins are identified as Critical, nine as Important, and two are rated Moderate in severity.

                  These updates will address vulnerabilities in Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD).

                  As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

                  References




                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...








                    Tuesday, October 28, 2014

                    Mozilla Firefox 33.0.2 Released



                    Firefox

                    Mozilla sent Firefox Version 33.0.2 to the release channel.  The update includes a fix for a startup crash that has affected some users.  Released earlier was yet another fix affecting drivers.



                    What’s New

                    • Fixed -- 33.0.2: Fix a startup crash with some combination of hardware and drivers
                    • Fixed -- 33.0.1: Firefox displays a black screen at start-up with certain graphics drivers

                    Update

                    To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

                    If you do not use the English language version, Fully Localized Versions are available for download.

                    References




                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...








                    Friday, October 24, 2014

                    Pale Moon Version 25.0.2 Released

                    Pale Moon
                    Pale Moon has released version 25.0.2 to address a number of "teething problems" with the new milestone release.


                    As explained by the Pale Moon developer, Moonchild, one of the changes impacting the milestone release in version 25.0 was the removal of the "Firefox" portion from Pale Moon's user agent. 

                    Because the Pale Moon User Agent string is not universally recognized, this has resulted in poor user experiences, including being presented with mobile site layouts, broken pages, or even being flat-out refused service.  As a result, the update to Pale Moon version 25.0.2 includes the following change:

                    • Added a "Firefox compatibility mode" selection in Options -> Advanced.   This mode is enabled by default.

                    Security fix:

                    • Disabled SSL 3.0 by default (to put a muzzle on the POODLE).

                      Please note that this may cause issues with some poorly configured web servers (usually ones with a hopelessly broken security setup that do not support TLS 1.2 or secure (re)negotiation of the protocol).
                      Additional Fixes/changes:
                      • Improved active tab display on particularly dark personas.
                        People using "black" personas/lightweight themes should now have a lot less difficulty distinguishing the active tab.
                      • Fixed add-on update issue (that was preventing update checking through addons.palemoon.org).
                      • Fixed the redundant redundancy in asking redundantly if the browser would be allowed to ask to install an extension when not on addons.mozilla.org.
                      • Fixed the internal UA-sniffing insanity that broke devtools in a few different and colorful ways.

                      Minimum system Requirements (Windows):
                      • Windows Vista/Windows 7/Windows 8/Server 2008 or later
                      • A processor with SSE2 support
                      • 256 MB of free RAM (512 MB or more recommended)
                      • At least 150 MB of free (uncompressed) disk space
                      Pale Moon includes both 32- and 64-bit versions:

                      Update

                      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

                      Pale Moon:  Release Notes

                      Home
                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...






                      Home
                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...


                      Thursday, October 23, 2014

                      App Launcher Added to Outlook

                      In another step to create consistency between Microsoft products, Outlook.com now includes the App Launcher that is part of Office 365.  One click on the App Launcher opens the view shown below.  Merely click the destination and it launches!

                      The App Launcher makes it easy to toggle between your calendar, OneDrive and the Office Online applications.  If you are using the free Outlook.com email service (@outlook.com, @hotmail.com, @live.com, or @msn.com), see how easy it is to use. 

                      App Launcher

                      If you click the App Launcher and change your mind about leaving the service you are currently, merely click in another spot on the page or click the Launcher again to close it.

                      Read the complete announcement at the Office Blog, Toggle between Outlook.com, OneDrive and Office Online with the new app launcher.



                      Home
                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...


                      Tuesday, October 21, 2014

                      Microsoft Security Advisory 3010060 with Fixit Solution

                      Security Advisory
                      Microsoft released Security Advisory 3010060 which relates to a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003.

                      The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. Microsoft is aware of limited, targeted attacks. 

                      Recommendations

                      Microsoft has made available a Fix it solution "OLE packager shim workaround" which prevents execution of the vulnerability.  Below are direct links to both enable and disable the Fix it solution.



                      NoteThe Fix it solution is not at this time for 64-bit editions of PowerPoint on x64-based editions of Windows 8 and Windows 8.1. 
                       
                      Enable Fix itDisable Fix it


                      Another option is to install the Enhanced Mitigation Experience Toolkit (EMET), described in the "workarounds" section of the Tech Net Advisory.

                      References:




                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...

                      Wednesday, October 15, 2014

                      Pale Moon 25.0.1 Released with Critical Security Update

                      Pale Moon
                      Pale Moon has released version 25.0.1 to address an important Jetpack extension compatibility issue. 

                      The update also includes a number of security fixes.

                      Security fixes:

                      • Fix for VP9 decoder vulnerability
                      • Fix for direct access to raw connection sockets in http 
                      • Fix for unsafe conversion to JSON of data through the alarm dom element 
                      • Update of NSS to 3.16.2.2-RTM 
                        Other Changes
                        • Update of the add-on SDK to add missing "PaleMoon" engine entries to lists in some modules. This should fix extension compatibility issues for things like Self-destructing cookies, Privacybadger and other Jetpack add-ons that should otherwise already work with the new GUID.
                        • About box release notes link corrected

                        Minimum system Requirements (Windows):
                        • Windows Vista/Windows 7/Windows 8/Server 2008 or later
                        • A processor with SSE2 support
                        • 256 MB of free RAM (512 MB or more recommended)
                        • At least 150 MB of free (uncompressed) disk space
                        Pale Moon includes both 32- and 64-bit versions:

                        Update

                        To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.


                        Home
                        Remember - "A day without laughter is a day wasted."
                        May the wind sing to you and the sun rise in your heart...