Monday, May 30, 2016

Memorial Day 2016

In honor of those who gave their all . . .

Vietnam Memorial Wall
April 30, 2005
Photograph by Luigi Masu

Memorial Day is a day set aside to remember those who have died in the service of their country. 
"Memorial Day was officially proclaimed on 5 May 1868 by General John Logan, national commander of the Grand Army of the Republic, in his General Order No. 11, and was first observed on 30 May 1868, when flowers were placed on the graves of Union and Confederate soldiers at Arlington National Cemetery. The first state to officially recognize the holiday was New York in 1873. By 1890 it was recognized by all of the northern states. The South refused to acknowledge the day, honoring their dead on separate days until after World War I (when the holiday changed from honoring just those who died fighting in the Civil War to honoring Americans who died fighting in any war). For more history of Memorial Day visit Memorial Day History."*
*From the last blog post by a special friend.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...




Thursday, May 12, 2016

Adobe Flash Player and AIR Critical Security Update

Adobe Flashplayer

Adobe has released Version 21.0.0.242 of Adobe Flash Player for Microsoft Windows and Macintosh and Version 11.2.202.616 for Linux.  The Extended Support Release for Windows and Macintosh was updated to Version 18.0.0.352.  Adobe AIR SDK has been updated to Version 21.0.0.215.

The updates are to address critical vulnerabilities that are being actively exploited.  

Release date: May 12, 2016
Vulnerability identifier: APSB16-15
CVE number: CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117
Platform: Windows, Macintosh, Linux and ChromeOS

Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras. 

    Notes:
    • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
    • Uncheck any toolbar offered with Adobe products if not wanted.
    • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
    • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...








    Tuesday, May 10, 2016

    Microsoft Security Bulletin Update for May, 2016


    Microsoft released sixteen (16) bulletins.  Eight (8) bulletins are identified as Critical and the remaining eight (8) are rated Important in severity

    There are 37 CVE's addressed in the security updates, of which one is under active attack.  Both MS16-015 and MS16-053 are needed to mitigate the vulnerability.

    The updates address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office Services and Web Apps, Microsoft Office,  Microsoft .NET Framework.

    Information about the update for Windows 10 is available at Windows 10 update history.

    Critical:

    • MS16-051 Cumulative Security Update for Internet Explorer (3155533)
    • MS16-052  Cumulative Security Update for Microsoft Edge (3155538)
    • MS16-053  Cumulative Security Update for JScript and VBScript (3156764)
    • MS16-054  Security Update for Microsoft Office (3155544)
    • MS16-055  Security Update for Microsoft Graphics Component (3156754)
    • MS16-056  Security Update for Windows Journal (3156761)
    • MS16-057  Security Update for Windows Shell (3156987)
    • MS16-064 Security Update for Adobe Flash Player (3157993)    

    Important:
    • MS16-058 Security Update for Windows IIS (3141083)
    • MS16-059 Security Update for Windows Media Center (3150220)
    • MS16-060 Security Update for Windows Kernel (3154846)
    • MS16-061 Security Update for Microsoft RPC (3155520)
    • MS16-062 Security Update for Windows Kernel-Mode Drivers (3158222) 
    • MS16-065 Security Update for .NET Framework (3156757)
    • MS16-066 Security Update for Virtual Secure Mode (3155451)
    • MS16-067 Security Update for Volume Manager Driver (3155784)

    Additional Update Notes

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows 10 Version 1511, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
    • Windows 8.x and Windows 10 -- Non-security new features and improvements for Windows 8.1 and Windows 10 are included with the updates.
    • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

    References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...




      Adobe Reader and Acrobat Security Updates

      Adobe
      Adobe has security updates for Adobe Reader and Acrobat XI for Windows and Macintosh. This update provides new features, security mitigations, feature enhancements, and bug fixes.


      Release date: May 5, 2016
      Last Updated: May 10,2016
      Vulnerability identifier: APSB16-14
      Priority: 2
      CVE Numbers: CVE-2016-1037, CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1043, CVE-2016-1044, CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1062, CVE-2016-1063, CVE-2016-1064, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1075, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1079, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1087, CVE-2016-1088, CVE-2016-1090, CVE-2016-1092, CVE-2016-1093, CVE-2016-1094, CVE-2016-1095, CVE-2016-1112, CVE-2016-1116, CVE-2016-1117, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1121, CVE-2016-1122, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4091, CVE-2016-4092, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4102, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105, CVE-2016-4106, CVE-2016-4107
      Platform: Windows and Macintosh

      Update or Complete Download

      Update checks can be manually activated by choosing Help > Check for Updates.
        Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

        End of Support:  Adobe Acrobat X and Adobe Reader 

        Adobe Acrobat X and Adobe Reader X are no longer supported (see here). Adobe recommends Adobe Acrobat DC (FAQ) and Adobe Acrobat Reader DC (FAQ).  However, another alternate is available to replace Adobe Reader 

        If you are still using Windows XP and have Adobe Reader installed, please note that there will be no additional security updates for it.  I suggest uninstalling it and install an alternate reader.  Personally, I like Sumatra PDF.  It isn't a target and doesn't include unwanted extras with the install or updates.  

        Enable "Protected View"

        Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

        To enable this setting, do the following:
        • Click Edit > Preferences > Security (Enhanced) menu. 
        • Change the "Off" setting to "All Files".
        • Ensure the "Enable Enhanced Security" box is checked. 

        Adobe Protected View
        Image via Sophos Naked Security Blog

        References



        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...







        Pale Moon Updated to Version 26.2.2 With Security Updates


        Pale Moon
        Pale Moon has been updated to Version 26.2.2.  In addition, the Android version was updated to Version 25.9.2.

        This is mainly a security update.  Details from the Release Notes:

        Changes/fixes:

        • Added a detection routine for dark window colors on Windows 8 and later (system themes using dark window frames) to better adapt to dark system colors. Theme developers can take advantage of this by checking for darkwindowframe="true" on #main-window in CSS selectors.
        • CSS classes prefixed with "--" no longer stop parsing of the selectors.
        • Several crash fixes.
        Security fixes:
        • Made GC suppression more aggressive to prevent issues when actually out of memory.
        • Fixed a memory safety hazard in jpeg decoding.
        • Fixed a potentially exploitable crash when using bi-directional text.
        • Updated NSS to 3.19.4.2-PM, fixing CVE-2016-1938 among other things.

         Minimum system Requirements (Windows):
        • Windows Vista/Windows 7/Windows 8/Server 2008 or later
        • A processor with SSE2 support
        • 256 MB of free RAM (512 MB or more recommended)
        • At least 150 MB of free (uncompressed) disk space
        Pale Moon includes both 32- and 64-bit versions for Windows:
        Other versions:

          Update

          To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.





          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...