Thursday, February 26, 2015

WinPatrol Version 33.1.2015.0 Released

WinPatrol Scotty



The long-awaited WinPatrol update for 2015 has been released with numerous fixes, improvements and additions to a favorite system monitoring tool.

Of particular note for BitDefender 2015 customers is the added code that should enable the use of AutoPilot without receiving repeated alerts.


Fixes:
  • Fixed bug in History Restore functionality that cause restore to fail on many occasions.
  • Fixed upgrade bug that results in two versions of WinPatrol running for some customers.
  • Fixed sorting on date columns.
  • Fixed a bug Registry Monitoring that resulted in some keys not being monitored as they should have been.
Improvements:
  • Improved History processing now includes history of any items restored. For example, when a file is removed from the Startup tab it displays “START_Remove”. If the file is restored, an entry is added “START_Restored” to give confirmation and so you can track what has been done.
  • Improved automatic clean-up and removal of files no longer on your computer from the WinPatrol database.
  • Updated alert processing to help eliminate repeat alerts.
  • Program description now displays in WinPatrol Explorer footer when highlighting a program.
Additions:
  • Added code so that users of BitDefender 2015 should be able to use AutoPilot without receiving repeated alerts.
  • Added “First Detected” column to the Delayed Start Tab.
  • Added “Status” column to the Startup Programs Tab. Currently we do not recognize when 64-bit programs are running, we will have a full 64-bit version of WinPatrol available later this year.
  • Program description now displays in WinPatrol Explorer footer when highlighting a program.
  • Added note to Cookies tab that recommends closing any open browsers prior to editing cookies. We also added improved processing to handle if a browser is open so that you do not lose your changes. But we still recommend closing a browser before editing it’s associated cookies because the major browsers all keep a cache of their cookies and will automatically restore anything they have not themselves removed.

Direct Download Link: WinPatrol Version 33.1.2015.0


You can find the WinPatrol forum at LandzDown here: WinPatrol Help & Information.




Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Tuesday, February 24, 2015

Mozilla Firefox Version 36.0 Released With Security Updates


Firefox
Mozilla sent Firefox Version 36.0 to the release channel, with Firefox ESR updated to 31.5. The update includes eight (8) security updates, of which three (3) are identified as critical, two (2) high, two (2) moderate and one (1) low.

A security feature finally incorporated in version 36.0 is full HTTP/2 support.  Additional information this change is available in the Mozilla Security Blog, Phase 2: Phasing out Certificates with 1024-bit RSA Keys | Mozilla Security Blog.

Fixed in Firefox 36

  • 2015-18 Double-free when using non-default memory allocators with a zero-length XHR
  • 2015-17 Buffer overflow in libstagefright during MP4 video playback
  • 2015-16 Use-after-free in IndexedDB
  • 2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
  • 2015-14 Malicious WebGL content crash when writing strings
  • 2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
  • 2015-12 Invoking Mozilla updater will load locally stored DLL files
  • 2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)


What’s New

  • New Pinned tiles on the new tab page can be synced
  • New Support for the full HTTP/2 protocol. HTTP/2 enables a faster, more scalable, and more responsive web.
  • New Locale added: Uzbek (uz)
  • Changed -remote option removed
  • Changed No longer accept insecure RC4 ciphers whenever possible
  • Changed Phasing out Certificates with 1024-bit RSA Keys
  • Changed Shut down hangs will now show the crash reporter before exiting the program
  • Changed Add-on Compatibility
  • HTML5 Support for the ECMAScript 6 Symbol data type added
  • HTML5 unicode-range CSS descriptor implemented
  • HTML5 CSSOM-View scroll behavior implemented allowing smooth scrolling of content without custom libraries
  • HTML5 object-fit and object-position implemented.
    Defines how and where the content of a replaced element is displayed
  • HTML5 isolation CSS property implemented.
    Create a new stacking context to isolate groups of boxes to control which blend together
  • HTML5 CSS3 will-change property implemented.
    Hints the browser of elements that will be modified. The browser will perform some performance optimization for these
  • HTML5 Changed JavaScript 'const' semantics to conform better to the ES6 specification.
    The const declaration is now block-scoped and requires an initializer. It also can not be redeclared anymore.
  • HTML5 Improved ES6 generators for better performance
  • Developer Eval sources now appear in the Debugger
    Debug JavaScript code that is evaluated dynamically, either as a string passed to eval() or as a string passed to the Function constructor
  • Developer DOM Promises inspection
  • Developer Inspector: More paste options in markup view
  • Fixed CSS gradients work on premultiplied colors
  • Fixed Fix some unexpected logout from Facebook or Google after restart
  • Fixed Various security fixes

Known Issues

  • unresolved Style Editor: Extra white space appearing above the editor for a sourcemapped scss file (1128747)

Update

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

Remember - "A day without laughter is a day wasted." May the wind sing to you and the sun rise in your heart...







Tuesday, February 10, 2015

Safer Internet Day 2015

Safer Internet Day 2015

As it was last year, the theme of Safer Internet Day 2015 is “Let’s create a better internet together".

What can you do to help create a better Internet?  Following the guidelines below will go a long way:
  1. Think before you post
  2. Connect with respect
  3. Promote the positive online
Additional information and resources are available on the Safer Internet Day website.

Consider also the tips provided by Jacqueline Beauchere, Chief Online Safety Officer at Microsoft, at Safer Internet Day 2015: Keep a positive online reputation.


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Microsoft Security Bulletin Release for February 2015


Microsoft released nine (9) bulletins.  Three (3) bulletins are identified as Critical and the remaining six (6) are rated Important in severity.

The updates address 56 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software.  Details about the CVEs can be found in the below-referenced TechNet Security Bulletin.

Also of note:

Edit Note:  Fast response!  The update has been pulled.  [There are numerous reports of KB3001652, Update rollup for Visual Studio 2010 Tools for Office Runtime, taking a very long time to install. This has been reported on both Windows 7 and Windows 8x, 32- and 64-bit.]
 

Security Advisory 3009008 has been updated.  Internet Explorer 11 will prevent insecure fallback to SSL 3.0 for Protected Mode sites.  Additional information about this update is available in the IE Blog.

MS14-083 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution was re-released.

Security Advisory 3004375, Update for Windows Command Line Auditing, was released.

Updates:

Critical:
  • MS15-009 -- Security Update for Internet Explorer (3034682)
  • MS15-010 -- Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
  • MS15-011 -- Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)

Important:
  • MS15-012 -- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)
  • MS15-013 -- Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
  • MS15-014 -- Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)
  • MS15-015 -- Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
  • MS15-016 -- Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)
  • MS15-016 -- Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)

Additional Update Notes

  • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 

    The updated version includes the Win32/Escad, Win32/Jinupd and Win32/NukeSped malware families.  Additional details ave available in the MMPC blog post.

  • Internet Explorer -- For additional information about the blocking of out-of-date ActiveX controls see the TechNet article, Out-of-date ActiveX control blocking.  Additional changes introduced this month include the blocking of outdated Silverlight.  Additional information is available in the IE Blog.

  • Windows 8.x -- Non-security new features and improvements for Windows 8.1 are now included with the second Tuesday of the month updates.  Additional information about this change is available here.

  • Windows XP -- Although Microsoft has stopped providing Microsoft Security Essentials for Windows XP, definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.  The MSRT still works on Windows XP.

References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...






    Wednesday, February 04, 2015

    Third Out-of-Band Critical Adobe Flash Player Update

    Adobe Flashplayer

    Critical vulnerability (CVE-2015-0313) exists in Adobe Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh and Adobe Flash Player 13.0.0.264 and earlier 13.x versions.

    Released today for those who have enabled auto-update for the Flash Player desktop runtime is version 16.0.0.305.  The manual download is expected to be available tomorrow, February 5.  In addition, Adobe is working to make the update available in Google Chrome and Internet Explorer 10 and 11.

    The update settings for Flash Player versions 10.3 and above can found in the Advanced tab of the Flash Player Settings Manager.  The locations are as follows:
    • Windows: click Start > Settings > Control Panel > Flash Player
    • Macintosh: System Preferences (under Other) click Flash Player
    • Linux Gnome: System > Preferences > Adobe Flash Player
    • Linux KDE: System Settings > Adobe Flash Player
    Also note that the Flash Player Settings Manager is where to manage local settings.


    Update Information:

    Release date: February 2, 2015
    Last updated: February 4, 2015
    Vulnerability identifier: APSB15-02
    CVE number: CVE-2015-0313

    If you do not use the auto-update mechanism, the direct download links should be available some time either tomorrow or the next day.

      Notes:
      • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
      • Uncheck any toolbar offered with Adobe products if not wanted.
      • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
      • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
      • Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.259.
      Adobe Flash Player for Android

      The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.   

      Verify Installation

      To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

      Do this for each browser installed on your computer.

      To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

      References






      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...