Tuesday, August 23, 2016

Cumulative Update KB 3176934 Released for Windows 10


Microsoft released Cumulative update KB3176934 for Windows 10 Version 1607, Build 14393.82 today.  The update replaces previously released KB3176931.

The purpose of the update is to provide quality improvements. Key changes provided in the Windows 10 Update History are the following:
  • Improved reliability of Network Controller, DNS server, gateways, Storage Spaces Direct, Group Managed Service Accounts, remote procedure calls (RPC), PowerShell, Internet Explorer 11, printer pairing and interoperability, the Windows kernel, Media Core, Windows Store, Connected Standby, Cluster Health service, the Hypervisor debugger and platform, and Active Directory.
  • Improved performance of Storage Spaces Direct with many nodes or disks, scrolling lists on Xbox One, DHCP address acquisition, Active Directory queries, and Cluster Health service.
  • Addressed issue that prevents external media from playing on Xbox One using Cast to Device.
  • Addressed issue with Mouse events not working correctly in Internet Explorer 11.
  • Addressed issue with the rendering and resizing of nested tables in Internet Explorer 11.
  • Addressed issue with the UI layout not updating correctly in Internet Explorer 11 quirks mode.
  • Addressed issue that was causing nodes to be disconnected from a Cluster service intermittently.
  • Addressed issue with the 3G and 4G options not appearing correctly in Windows 10 Mobile settings.
  • Addressed additional issues with mobile device management (MDM) enrollment for an Azure Active Directory tenant, software compatibility, rendering of Yu Gothic fonts, Cortana, slow connections to cluster shares, Xbox One unable to launch the Netflix app using the DIAL protocol, Xbox One volume and music playback, all video stops while audio plays in a TV app, incorrect scaling of Internet Explorer 11 first-run dialog, driver setup, Windows Update for Business, apps failing to install after resetting device, boot failure with Hyper-V and BitLocker enabled, Cache Manager, Cluster Health service, inability to change roles and features on a locked device, disk-to-enclosure mappings not working, PowerShell, missing lock screen image, fitness tracker not recognized as a mass storage device, synchronization not working between Intune and Azure Active Directory (AAD), Skype calls over Wi-Fi, streaming playback using progressive download, unable to cancel download from Windows, extensions for Microsoft Edge, incorrect lock screen UI after resuming from hibernate and sleep, and blocked installation of game bundles from the Windows Store.


References:

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, August 18, 2016

Mozilla Firefox Version 48.0.1 Released


FirefoxMozilla sent Firefox Version 48.0.1 to the release channel today.  The update includes a number of bug fixes.

The next scheduled release is September 13, 2016.

Fixed

  • Fix an audio regression impacting some major websites (bug 1295296)
  • Fix a top crash in the JavaScript engine (Bug 1290469)
  • Fix a startup crash issue caused by Websense (Bug 1291738)
  • Fix a different behavior with e10s / non-e10s on
  • Fix a top crash caused by plugin issues (Bug 1264530)
  • Fix an unsigned add-ons issue on Windows
  • Fix a shutdown issue (Bug 1276920)
  • Fix a crash in WebRTC

Update

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References

    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Wednesday, August 17, 2016

    ICYMI: Major Windows Update Change Coming for Windows 7/8.1

    Although the information provided in Further simplifying servicing models for Windows 7 and Windows 8.1 is from the Windows for IT Pros blog, the changes do, of course, apply to consumers.  Snippets quoted from the referenced article below:

    "Monthly Rollup

    From October 2016 onwards, Windows will release a single Monthly Rollup that addresses both security issues and reliability issues in a single update. The Monthly Rollup will be published to Windows Update (WU), WSUS, SCCM, and the Microsoft Update Catalog. Each month’s rollup will supersede the previous month’s rollup, so there will always be only one update required for your Windows PCs to get current. i.e. a Monthly Rollup in October 2016 will include all updates for October, while November 2016 will include October and November updates, and so on. Devices that have this rollup installed from Windows Update or WSUS will utilize express packages, keeping the monthly download size small."
    "Update documentation changes

    To bring consistency to the release notes model introduced with Windows 10, we will also be updating our down-level documentation to provide consolidated release notes with the Rollups for all supported versions of Windows. We’ll extend and provide release notes for monthly rollup updates and also the security-only updates that will be introduced from October 2016." 
    ".NET Framework Monthly Rollup

    The .NET Framework will also follow the Monthly Rollup model with a monthly release known as the .NET Framework Monthly Rollup. The monthly .NET Framework Monthly Rollup will deliver both security and reliability updates to all versions of the .NET Framework as a single monthly release, targeting the same timing and cadence as Windows. It is important to note that the rollup for the .NET Framework will only deliver security and quality updates to the .NET Framework versions currently installed on your machine. It will not automatically upgrade the base version of the .NET Framework that is installed.?

    What does this change mean to consumers with Windows 7 and/or Windows 8.1 devices?  Following is information I have gathered from various sources:

    1.  All security and non-security fixes (reliability updates) will be in one cumulative update -- no choices!
    2.  It won't be possible to uninstall one troublesome update, rather the entire cumulative update will need to be removed.
    3.  Updates for the Microsoft Office, Servicing Stack and Adobe Flash won't be included in the rollups.
    4.  Each monthly rollup will supersede the previous month's rollup.  (Thus a computer not powered on in October will get the October updates included in the November update.)
    5.  As illustrated in the Windows 10 update history, documentation will be consolidated release notes with the rollups for all supported versions of Windows.

    Comments:

    1.  Without a doubt, be more proactive in maintaining system backups.
    2.  Ensure you have a recent System Restore point.
    3.  No, do NOT disable Windows Update as missing critical security updates could indeed have serious repercussions.  That said, at this point, it is unknown what changes may be made to WU options or whether the option to "Download updates, but let me choose whether or not to install them" option will be available if you wish to delay updates a couple of days beyond the first Tuesday of the month.
    4.  I personally prefer to obtain device drivers directly from the manufacturer.  To change the driver update setting, see How to stop Windows 7 automatically installing drivers which also works on Windows 8.1.

    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Pale Moon Version 26.4.0 Released with Security Updates


    Pale Moon
    Pale Moon has been updated to Version 26.4.0. In addition to security updates, the new version includes the removal from the Pale Moon start portal of Google Search as a bundled search provider.  See Changes/fixes below as well as the Announcement.

    Details from the Release Notes:

    Security fixes:
    • (CVE-2016-5251)Potential URL spoofing in the address bar.
    • (CVE-2016-0718) Context-dependent crash in expat 2.1.0.
    • (CVE-2016-5266) Outgoing dataTransfer items are not properly filtered.
    • Fixed potentially exploitable crash in the array splice implementation.
    • Fixed potentially exploitable crash caused by badly formatted ICO files.
    • (CVE-2016-5254) Heap-use-after-free in nsXULPopupManager::KeyDown
    Changes/fixes:
    • Removed Google Search as a bundled search provider. If desired, you can manually install it (or other search engines) after the update by following the steps in the Manage Search Engines topic.
    • Fixed the URL API to allow "stringification" of the object per specification. This should make a number of websites happy.
    • Added the ES6 string .includes() function in addition to the pre-existing .contains() function for checking if a string contains another string. The .contains() function is retained for compatibility with web and extension scripts that adhere to the ES6 pre-release specification up to and including RC3.
    • Fixed the calculation of standalone SVG embeds width and height, which should solve some reported issues with html5 graphs being displayed incorrectly.
    • Linux: improved memory allocation.
    • Updated the graphite font library to 1.3.9.
    • Added a blocking rule for F-Secure's 64-bit deepguard library to prevent crashes.
    • Updated the SQLite library to 3.13.0.
    • Download= properties of links are now honored from the context menu "Save" option.
    • Fixed a crash in the XSS filter.
    • Fixed a crash in the DOM error module.
    • Worked around a crash on Linux
    • Linux: Improved optimization and GCC6 compatibility (Note: compiling with GCC 6 is still not recommended and it may or may not work, depending on your environment)
    Minimum system Requirements (Windows):
    • Windows Vista/Windows 7/Windows 8/Server 2008 or later
    • A processor with SSE2 support
    • 256 MB of free RAM (512 MB or more recommended)
    • At least 150 MB of free (uncompressed) disk space
    Pale Moon includes both 32- and 64-bit versions for Windows:
    Other versions:

    Update

    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Tuesday, August 09, 2016

    Microsoft Security Bulletin Release for August, 2016


    Microsoft released nine (9) bulletins.  Five (5) bulletins are identified as Critical and the remaining four (4) are rated Important in severity

    The updates address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Microsoft Office Services and Web Apps and Microsoft Communications Platforms and Software.

    Addressed in the updates are Remote Code Execution, Elevation of Privilege, Information Disclosure and Security Feature Bypass.

    Information about the update for Windows 10 is available at Windows 10 update history.

    Critical:
    • MS16-095 -- Cumulative Security Update for Internet Explorer (3177356)
    • MS16-096 -- Cumulative Security Update for Microsoft Edge (3177358)
    • MS16-097 -- Security Update for Microsoft Graphics Component (3177393)
    • MS16-099 -- Security Update for Microsoft Office (3177451)
    • MS16-102 -- Security Update for Microsoft Windows PDF Library (3182248)
    Important:
    • MS16-098 -- Security Update for Windows Kernel-Mode Drivers (3178466)
    • MS16-100 -- Security Update for Secure Boot (3179577)
    • MS16-101 -- Security Update for Windows Authentication Methods (3178465)
    • MS16-103 -- Security Update for ActiveSyncProvider (3182332)

    Additional Update Notes

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows 10 Version 1511, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
    • Windows 8.x and Windows 10 -- Non-security new features and improvements for Windows 8.1 and Windows 10 are included with the updates.
    • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

    References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...





      Tuesday, August 02, 2016

      Mozilla Firefox Version 48.0 Released with Security Updates


      FirefoxMozilla sent Firefox Version 48.0.0 to the release channel today.  The update is a major release and includes three (3) critical, seven (7) high, eleven (11) moderate and two (2) low security updates.


      The next scheduled release is September 13, 2016.

      Firefox ESR will continue to ship point releases on the same day that Firefox ships and can be downloaded from here and has been updated to Version 45.3.0.

      Fixed in Firefox 48

      • 2016-84 Information disclosure through Resource Timing API during page navigation
      • 2016-83 Spoofing attack through text injection into internal error pages
      • 2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android
      • 2016-81 Information disclosure and local file manipulation through drag and drop
      • 2016-80 Same-origin policy violation using local HTML file and saved shortcut file
      • 2016-79 Use-after-free when applying SVG effects
      • 2016-78 Type confusion in display transformation
      • 2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
      • 2016-76 Scripts on marquee tag can execute in sandboxed iframes
      • 2016-75 Integer overflow in WebSockets during data buffering
      • 2016-74 Form input type change from password to text can store plain text password in session restore file
      • 2016-73 Use-after-free in service workers with nested sync events
      • 2016-72 Use-after-free in DTLS during WebRTC session shutdown
      • 2016-71 Crash in incremental garbage collection in JavaScript
      • 2016-70 Use-after-free when using alt key and toplevel menus /li>
      • 2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter
      • 2016-68 Out-of-bounds read during XML parsing in Expat library
      • 2016-67 Stack underflow during 2D graphics rendering
      • 2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes
      • 2016-65 Cairo rendering crash due to memory allocation issue with FFMpeg 0.10
      • 2016-64 Buffer overflow rendering SVG with bidirectional content
      • 2016-63 Favicon network connection can persist when page is closed
      • 2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)

      New

      • Roar for moar protection against harmful downloads! We've got your back.  Thanks to Google’s expansion of their Safe Browsing service, Firefox 48 now extends our existing protection to include two additional kinds of downloads: potentially unwanted software and uncommon downloads.
      • Process separation (e10s) is enabled for some of you. Like it? Let us know and we'll roll it out to more.
      • Add-ons that have not been verified and signed by Mozilla will not load
      • GNU/Linux fans: Get better Canvas performance with speedy Skia support. Try saying that three times fast
      • WebRTC embetterments:
        • Delay-agnostic AEC enabled
        • Full duplex for GNU/Linux enabled
        • ICE Restart & Update is supported
        • Cloning of MediaStream and MediaStreamTrack is now supported
      • Searching for something already in your bookmarks or open tabs? We added super smart icons to let you know
      • Windows folks: Tab (move buttons) and Shift+F10 (pop-up menus) now behave as they should in Firefox customization mode
      • The media parser has been redeveloped using the Rust programming language

      Changed

      • So long to support for 10.6, 10.7 and 10.8. Now we can focus on where most Mac users are: 10.9. Don't forget to upgrade!
      • After version 48, SSE2 CPU extensions are going to be required on Windows
      • Au revoir to Windows Remote Access Service modem Autodial

      Fixed

      • Heyo, Jabra & Logitech C920 webcam users. We fixed those pesky WebRTC bugs causing frequency distortions. Buh-bye, squeaky voice!
      • Improved step debugging on last line of functions

      Known Issues

        • On some websites using an important number of cookies, under certain conditions, this can cause the user to be logged out (1264192)

        Update

        To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

          References

          Remember - "A day without laughter is a day wasted." May the wind sing to you and the sun rise in your heart...