Tuesday, February 25, 2014

WinPatrol 30.1.2014 Update Released


WinPatrol Scotty

WinPatrol 2014 has been updated to version 30.1.2014.   The update includes reported bug fixes along with requested improvements along with additional optimizations.

As outlined at WinPatrol/upgrade, the fixes and changes include the following:
International Date and Time Formats -- This version of WinPatrol handles formats as defined in the region control panel applet. 

SQLite - Cookies -- The only 3rd party software used by WinPatrol is an open-source public domain library named SQLite3.DLL. This file is used by Chrome and Mozilla to store their cookies. Files in the Hidden list that start with "etilqs_" indicate SQLite database files. WinPatrol uses this file to help you manage your cookies. To continue full cookie support this update includes the latest SQLite library. 

WinPatrol Installation -- The setup program has been improved to include more information on using WinPatrol effectively. 

Graphic Enhancements -- Graphics associated with WinPatrol lists have been updated. The graphic which represents real-time monitoring has been updated so PLUS users are provided a clear indication that monitoring is active. 

ActiveX Non-PLUS error -- There were some reports that indicate WinPatrol can get confused about being a PLUS version. The main symptom is having an update button appear in the list of ActiveX controls. 

Column Sorting -- One of the functions used by column sorting has been improved so sorting programs will be more consistent. In the process it was also found that the company was not being displayed correctly. 

Environment Variables -- This version fixes a big in the handling of the %SYSTEMROOT% environment variable. It also improves handling of 64 bit file redirection for other environment variables. 

WinPatrol runs on Windows XP, Vista, Windows 7 and Windows 8 including x64 versions. Download WinPatrol 30.1.2014 now!



Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Sunday, February 23, 2014

OneDrive + Office Online + Outlook.com

OneDrive + OfficeOnline

The Microsoft Outlook.com, OneDrive and Office teams were very busy last week.  Let's take a look at what happened.

Outlook.com

First came the celebration of the world-wide roll out of Outlook.com.  Having started with MSN Hotmail in 2001, I am more than pleased with the improvements of the email service since then.

What seemed to be a haven for spam those many years ago is now a clean, efficient mail system.  The junk mail filter along with Sweep and Rules work together to keep my Inbox clean and organized.

Now, with the integration of Office Online, it is hard to envision how Outlook.com could get any better, but we'll get to Office Online in a bit.

OneDrive

Although it has been known for some time that SkyDrive was being renamed OneDrive, the roll out of the change was nothing short of spectacular, with some lucky people adding 100 G free storage to their account for one year.

Even if you weren't fortunate enough to get the added bonus, the OneDrive team has provided other opportunities to add to your free space for current users.  Log into OneDrive.com and get up to an extra 8 GB by following the steps to enable your camera roll backup and by referring your friends.

If you sign into OneDrive as a new customer from this link, in addition to the 7 GB storage when you sign up, both of us will receive an extra 0.5 GB of free storage.  You can use OneDrive to store and share photos, videos, documents, and more.  Even more, you can use OneDrive on your PC, Mac, tablet, and mobile phone.

Office Online

Office Web Apps were renamed Office Online.  Along with the name change Office Online became more easily accessible than before.  If you use Office.com email, you can choose from Word, Excel, PowerPoint or OneNote right from the drop-down in the upper left-hand corner of your Outlook.com email account.  Alternatively, you can go directly to http://www.office.com/

The only prerequisite to using Office Online is a Microsoft Account, which can be set up with any email address.  If you don't already have a Microsoft Account, the sign-up page is here.

Learn more about the announcements and changes in the references below.

References




Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Thursday, February 20, 2014

Adobe Flash Player Security Update

Adobe Flashplayer

Adobe has released security updates for Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.336 and earlier versions for Linux.

These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild.
With today's Windows Update, Internet Explorer 10 and 11 in Windows 8 and Windows 8.1 will be updated.  Windows RT must obtain the update from Windows Update.  Google Chrome will be automatically updated.

Adobe is also changing the numbering format for updates.  Beginning with this release, Flash Player will become Flash Player 12. With each new major release, roughly every 3 months, that number will increase by one.  With the Q2 2014 release, the version number for Adobe AIR will be synchronized with the Flash Player version at 13.

Update Information

The newest versions are as follows*:
Windows and Macintosh:  12.0.0.70
Linux: 11.2.202.341
Adobe AIR 4.0.0.1628 SDK

Release date: February 20, 2014
Vulnerability identifier: APSB14-07
CVE number: CVE-2014-0498, CVE-2014-0499, CVE-2014-0502
Platform: All Platforms

Flash Player Update Instructions

Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras.

It is recommended that you either use the auto-update mechanism within the product when prompted, or my preference, the direct download links.

Notes:
  • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
  • Uncheck any toolbar offered with Adobe products if not wanted.
  • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
  • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
  • *As requested by a Security Garden reader, the update information for the "Extended Release of Flash Player 11.7" can be found here.
Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.   

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

References







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Wednesday, February 19, 2014

Microsoft Security Advisory 2934088

Security Advisory
Microsoft released Security Advisory 2934088 which impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are not affected.

Although Internet Explorer 9 is vulnerable, at this time, Microsoft is only aware of limited, targeted attacks against Internet Explorer 10. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.

Recommendations

Users of Internet Explorer 10 should update to IE11, available here.

If you use Internet Explorer 9 or 10 and are unable to update to Internet Explorer 11, it the below-linked Fix it solution is strongly advised.
 
Enable Fix itDisable Fix it


Another option is to install the Enhanced Mitigation Experience Toolkit (EMET), described in the "workarounds" section of the Tech Net Advisory as well as the Security Research and Defense Blog article.

References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Articles

Servicing Stack Updates (SSU)




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...




Thursday, February 13, 2014

Mozilla Firefox Version 27.0.1 Released



Firefox

Mozilla sent Firefox Version 27.0.1 to the release channel.  If you've been experiencing the same instability as I have with Version 27.0, hopefully the fix noted below will solve the problem. 

There is no indication at this time of security fixes.

Fixed in Firefox 27.0.1

  • FIXED -- 27.0.1 - Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval
  • FIXED -- 27.0.1 - JS math correctness issue (bug 941381)



Known Issues

  • Unresolved -- Moving Firefox to background while playing a flash video in full screen mode and bring it back to view will freeze the app (see 809055)
  • Unresolved -- Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1 has a workaround (see 812695)

Update

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

If you do not use the English language version, Fully Localized Versions are available for download.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, February 11, 2014

Adobe Shockwave Player Critical Security Update

Shockwave Player Adobe has released a critical security update for Adobe Shockwave Player 12.0.7.148 and earlier versions on the Windows and Macintosh operating systems.

This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.

Although I have yet to need Shockwave Player on this computer, there are still many people who use it.  If you have Shockwave Player installed, please update to the latest version.


Release date: February 11, 2014
Vulnerability identifier: APSB14-06
CVE number: CVE-2014-0500, CVE-2014-0501
Platform: Windows and Macintosh

The newest version 12.0.9.149 is available here: http://get.adobe.com/shockwave/.  As usual, watch for any pre-checked add-ons not needed for the update.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Microsoft Security Bulleting Release for February 2014


Microsoft updated the Advance Notice to include two additional critical bulletin, resulting in the release of seven (7) bulletins.  Four of the bulletins are identified as Critical with the remaining three as Important.

The security updates address 31 unique CVEs in Microsoft Windows, Internet Explorer, .NET Framework and Forefront Protection for Exchange.

In the event you have had problems with .NET in the past, it is suggested that the .NET update, MS14-009, be installed separately from the other updates with a shutdown/restart. 

Critical:

  • MS14-010 -- Cumulative Security Update for Internet Explorer (2909921)
  • MS14-011 -- Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
  • MS14-007 -- Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)
  • MS14-008 -- Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)

Important: 
  • MS14-009 -- Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)
  • MS14-005 -- Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)
  • MS14-006 -- Vulnerability in IPv6 Could Allow Denial of Service (2904659)

February Security Advisory Implementation

As described in Security Advisory 2862973, usage of the MD5 hash algorithm in certificates will be restricted. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

Prerequisite:  KB 2862966
Known Issues:  KB 286973

MSRT

Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  The target for February is Jenxcus, a worm coded in VBScript.

Windows XP End of Support

Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.

Also note that after April 8, 2014, technical assistance for Windows XP will no longer be available.  This includes automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download.  Note, however, that definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.


The following additional information is provided in the Security Bulletin:

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Safer Internet Day 2014

Safer Internet Day 2014

The theme of Safer Internet Day 2014 is “Let’s create a better internet together".

Microsoft Safer Online is challenging everyone to do one thing to create a better internet.  This is my challenge:
    Do One Thing
  • Change your passwords -- everywhere.
  • Use a different password everywhere -- email, bank, credit card company, online shopping sites, social media (Facebook, Twitter, Instagram, etc.)
  • Ensure you have a strong password.
  • Don't use dictionary words in your passwords.
  • Avoid repeating letters, numbers or other keyboard characters.
  • Test your password with a password checker.

 

References: 


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Thursday, February 06, 2014

Security Bulletin Advance Notice for February 2014

Security Bulletin
Update:  February 10, 2014

Microsoft has completed testing and added two Critical updates to the release schedule, raising the total to seven (7) bulletins.  The two added updates address vulnerabilities in Internet Explorer and VBScript.

 ~~~~~~~~~~~~~

On Tuesday, February 11, 2014, Microsoft is planning to release five (5) bulletins.  Two of the bulletins are identified as Critical with the other three as Important.

The Critical updates address vulnerabilities in Microsoft Windows and Security Software while the Important updates address issues in Windows and the .NET Framework.

With .NET Framework included with the updates, for those people who have had problems with .NET in the past, it is suggested that the .NET update be installed separately from the other updates with a shutdown/restart.

Reminder

Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Risk of Running Windows XP After Support Ends April 2014. Note also that Microsoft Security Essentials will no longer be available for download for Windows XP.

As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, February 04, 2014

Adobe Flash Player Critical Security Update Released

Adobe Flashplayer

Adobe has released security updates for Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux.

These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.
With today's Windows Update, Internet Explorer 10 and 11 in Windows 8 and Windows 8.1 will be updated.  Windows RT must obtain the update from Windows Update.  Google Chrome will be automatically updated.


Release date: February 4, 2014
Vulnerability identifier: APSB14-04

CVE number: CVE-2014-0497
Platform: All Platforms

Flash Player Update Instructions

Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras.

It is recommended that you either use the auto-update mechanism within the product when prompted, or my preference, the direct download links.

Notes:
  • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
  • Uncheck any toolbar offered with Adobe products if not wanted.
  • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
  • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.   

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

References







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Mozilla Firefox Version 27.0 Released



Firefox

Mozilla sent Firefox Version 27.0 to the release channel.  Although the link in provided in the Release Notes, at the time of this posting, the update for Security Fixes has not been updated.  An update will be provided here when the information is updated.

Update:  The security fixes in Version 27.0 include four (4) critical, four (4) high, four (4) moderate and one (1) low security update.

An important security change in Version 27.0 is the default setting to enable both TLS 1.1 and TLS 1.2 by default.  Additional information is available in Mozillazine at Security.tls.version.

Fixed in Firefox 27

  • MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
  • MFSA 2014-12 NSS ticket handling issues
  • MFSA 2014-11 Crash when using web workers with asm.js
  • MFSA 2014-10 Firefox default start page UI content invokable by script
  • MFSA 2014-09 Cross-origin information leak through web workers
  • MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
  • MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
  • MFSA 2014-06 Profile path leaks to Android system log
  • MFSA 2014-05 Information disclosure with *FromPoint on iframes
  • MFSA 2014-04 Incorrect use of discarded images by RasterImage
  • MFSA 2014-03 UI selection timeout missing on download prompts
  • MFSA 2014-02 Clone protected content with XBL scopes
  • MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)


What’s New

  • NEW -- You can now run more than one service at a time with Firefox SocialAPI, allowing you to receive notifications, chat and more from multiple integrated services
  • CHANGED -- Enabled TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246) by default
  • CHANGED -- Added support for SPDY 3.1 protocol 
  • FIXED -- Get Azure/Skia content rendering working on Linux (see 740200)
  • FIXED -- 27.0: Security fixes can be found here




Known Issues

  • Unresolved -- crash in gfxContext::PushClipsToDT with Direct2D 1.1 (d3d11.dll 6.2 or 6.3) (see 805406)
  • Unresolved -- Moving Firefox to background while playing a flash video in full screen mode and bring it back to view will freeze the app (see 809055)
  • Unresolved -- Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1 has a workaround (see 812695)

Update

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

If you do not use the English language version, Fully Localized Versions are available for download.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...