Wednesday, September 24, 2014

Mozilla Firefox Verson 32.0.3 Critical Security Update



Firefox

Mozilla sent Firefox Version 32.0.3 to the release channel in order to address a critical security vulnerability.

Fixed in Firefox 32.0.3

MFSA 2014-73 RSA Signature Forgery in NSS

Known Issues

  • unresolved -- Assistive technologies may cause performance issues on Windows XP

    Update

    To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

    If you do not use the English language version, Fully Localized Versions are available for download.

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Tuesday, September 23, 2014

    Adobe Flash Player Update for Internet Explorer

    Adobe Flashplayer

    Adobe has released an update for the ActiveX component of Adobe Flash Player version 15.0.0.152 for Internet Explorer.  The Plugin version remains unchanged.

    From the Release Notes:
    "Today's release resolves an issue in which some end users, when attempting to watch video from certain websites, experienced a failure to play the video, or an error message.  This release contains a fix that should significantly reduce the prevalence of video playback failure on sites where this problem previously occurred."

    Update Information

    The newest version is as follows:
    ActiveX for IE and Macintosh version:  15.0.0.167

    Flash Player Update Instructions 

    Manual updates for Windows 8.x versions are available from the following links:
     

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 





    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Thursday, September 18, 2014

    Mozilla Firefox Version 32.0.2 Released



    Firefox

    Mozilla sent Firefox Version 32.0.2 to the release channel in order to repair a critical bug:

    Bug 1063052 - Firefox 32+ startup crash in nsFrame::BoxReflow

    What’s New

    • Fixed -- 32.0.2 - Corrupt installations cause Firefox to crash on update

    Known Issues

    • unresolved -- Assistive technologies may cause performance issues on Windows XP

      Update

      To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

      If you do not use the English language version, Fully Localized Versions are available for download.

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...








      Tuesday, September 16, 2014

      Adobe Reader Critical Security Update

      Adobe
      Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.08) and earlier versions for Windows and 11.0.07 and earlier versions for Macintosh.  The update was delayed from last week to address issues identified during routine regression testing. 

      These updates address a vulnerability that could allow an attacker to circumvent sandbox protection on the Windows platform.  Adobe Reader and Acrobat for Apple's OS X are not affected.

      Release date: September 16, 2014
      Vulnerability identifier: APSB14-20
      CVE numbers: CVE-2014-0560, CVE-2014-0561, CVE-2014-0562, CVE-2014-0563, CVE-2014-0565, CVE-2014-0566, CVE-2014-0567, CVE-2014-0568
      Platform: Windows and Macintosh

      Update or Complete Download

      Update checks can be manually activated by choosing Help > Check for Updates.
        Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

        Windows XP


        If you are still using Windows XP and have Adobe Reader installed, please note that there will be no additional security updates for it.  I suggest uninstalling it and install an alternate reader.  Personally, I like Sumatra PDF.  It isn't a target and doesn't include unwanted extras with the install or updates.  (See Replacing Adobe Reader with Sumatra PDF.)  Adobe Reference:  End of support | Acrobat and Reader for Windows XP

          Enable "Protected View"

          Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

          To enable this setting, do the following:
          • Click Edit > Preferences > Security (Enhanced) menu. 
          • Change the "Off" setting to "All Files".
          • Ensure the "Enable Enhanced Security" box is checked. 

          Adobe Protected View
          Image via Sophos Naked Security Blog
          If you are looking for a replacement for Adobe Reader, consider Replacing Adobe Reader with Sumatra PDF.

          References




          Home
          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...




          Friday, September 12, 2014

          Mozilla Firefox Version 32.0.1 Released



          Firefox

          Mozilla sent Firefox Version 32.0.1 to the release channel, fixing several issues.

          What’s New

          • Fixed -- 32.0.1 - Stability issues for computers with multiple graphics cards
          • Fixed -- 32.0.1 - Mixed content icon may be incorrectly displayed instead of lock icon for SSL sites
          • Fixed -- 32.0.1 - WebRTC: setRemoteDescription() silently fails if no success callback is specified


          Known Issues

          • unresolved -- Assistive technologies may cause performance issues on Windows XP

            Update

            To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

            If you do not use the English language version, Fully Localized Versions are available for download.

            References




            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...







            Tuesday, September 09, 2014

            Microsoft Security Bulletin Release for September 2014


            Microsoft released four (4) bulletins.  One of the bulletins is identified as Critical with the remaining three as Important.

            The updates address 42 Common Vulnerabilities & Exposures (CVEs) in Microsoft Windows, Internet Explorer, .NET Framework, and Lync Server.  Reminder to those who have problems with .NET updates to install separately with a restart between other updates.

            Critical:

            • MS14-052 -- Cumulative Security Update for Internet Explorer (2977629)  
            Important:
            • MS14-053 -- Vulnerability in .NET Framework Could Allow Denial of Service (2990931)  
            • MS14-054  -- Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948)  
            • MS14-055  -- Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928) 
            Information on non-security update information can be found in KB 894199.

              Notes



              The following additional information is provided in the Security Bulletin:

              References




                Remember - "A day without laughter is a day wasted."
                May the wind sing to you and the sun rise in your heart...



                Adobe Flash Player Critical Security Update

                Adobe Flashplayer

                Adobe has released security updates for Adobe Flash Player 14.0.0.176 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.400 and earlier versions for Linux.

                These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.  The updates to Flash Player are rated Critical.

                Internet Explorer in Windows 8x systems will be updated via Windows Update.  Windows RT must obtain the update from Windows Update.  Google Chrome will be automatically updated.

                Note:  For those expecting Adobe Reader to be updated today, the update has been delayed.  See the PSIRT blog post.

                Update Information

                The newest versions are as follows:
                ActiveX for IE and Macintosh version:  15.0.0.152
                Plugin:  15.0.0.152
                Linux: 11.2.202.406
                Users of Adobe AIR 14.0.0.178 and earlier versions for Windows and Macintosh should update to the Adobe AIR 15.0.0.252.

                Release date: September 9, 2014
                Vulnerability identifier: APSB14-21
                CVE number: CVE-2014-0547, CVE-2014-0548, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0553, CVE-2014-0554, CVE-2014-0555, CVE-2014-0556, CVE-2014-0557, CVE-2014-0559
                Platform: All Platforms

                Flash Player Update Instructions

                Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras.

                It is recommended that you either use the auto-update mechanism within the product when prompted, or my preference, the direct download links.

                  Notes:
                  • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
                  • Uncheck any toolbar offered with Adobe products if not wanted.
                  • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
                  • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
                  • Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.244.
                  Adobe Flash Player for Android

                  The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.   

                  Verify Installation

                  To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                  Do this for each browser installed on your computer.

                  To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                  References







                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...


                  Thursday, September 04, 2014

                  Microsoft Security Bulletin Advance Notice for September, 2014

                  Security Bulletin
                  On Tuesday, September 9, 2014, Microsoft is planning to release four (4) bulletins.  One bulletin is identified as Critical with the remaining three as Important.

                  The updates address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework and Lync.

                  Outdated ActiveX Controls

                  It is expected that the postponed addition to Internet Explorer in which outdated ActiveX controls will be blocked will be included in the update.  Unfortunately, this will not apply to IE on Windows Vista, so those people with Oracle Java installed will need to continue carefully monitoring the Java install on their computer.

                  The supported configurations in which the out-of-date ActiveX control blocking feature will work with are the following:
                  • Windows 7 SP1, Internet Explorer 8 through Internet Explorer 11
                  • Windows 8 and up, Internet Explorer for the desktop
                  • All Security Zones—such as the Internet Zone—but not the Local Intranet Zone and the Trusted Sites Zone
                  Additional details are available in the IE Blog post referenced below.

                  Reminder

                  As has been widely publicized, support ended for Windows XP and Office 2003 on April 8, 2014.  See Tim Rains article, The Risk of Running Windows XP After Support Ends April 2014. Note also that Microsoft Security Essentials will no longer be available for download for Windows XP.

                  As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

                  References




                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...







                    Tuesday, September 02, 2014

                    Mozilla Firefox 32.0 Released



                    Firefox

                    Mozilla sent Firefox Version 32.0 to the release channel.  The update includes three (3) Critical, one (1) High and one (1) Moderate security updates.

                    Finally fixed is the text rendering issue that was introduced with version 29.1.  Information about the addition of Public Key Pining is available in this Mozilla post, Firefox 32 supports Public Key Pinning.

                    Fixed in Firefox 32

                    • MFSA 2014-72 Use-after-free setting text directionality
                    • MFSA 2014-71 Profile directory file access through file: protocol
                    • MFSA2014-70 Out-of-bounds read in Web Audio audio timeline
                    • MFSA 2014-69 Uninitialized memory use during GIF rendering
                    • MFSA 2014-68 Use-after-free during DOM interactions with SVG
                    • MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24


                    What’s New

                    • New -- New HTTP cache provides improved performance including crash recovery
                    • New -- Integration of generational garbage collection
                    • New -- Public key pinning support enabled
                    • New -- Display the number of found items in the find toolbar
                    • New -- Lower Sorbian [dsb] locale added
                    • New -- Easier back, forward, reload, and bookmarking through the context menu
                    • New -- View historical use information for logins stored in password manager
                    • Changed -- Removed and turned off trust bit for some 1024-bit root certificates
                    • Changed -- Performance improvements to Password Manager and Add-on Manager
                    • Fixed -- Mac OS X: cmd-L does not open a new window when no window is available
                    • Fixed -- Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1



                    Known Issues

                    • unresolved -- Assistive technologies may cause performance issues on Windows XP

                      Update

                      To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

                      If you do not use the English language version, Fully Localized Versions are available for download.

                      References




                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...