Thursday, March 30, 2017

Windows Vista Reaching End of Live (EoL)




Windows Vista, the operating system so many people learned to dislike. 

Personally, I enjoyed using Windows Vista during its prime but quickly learned to appreciate the many improvements in Windows 7 and, in particular, Windows 10.

The official RTM (Release to Manufacture) of Windows Vista was November 8, 2006.  Now, over ten years later, on Tuesday, April 11, 2017, the operating system is reaching EoL (End of Life).

Although there may be updates included for Windows Vista with the April 11 security updates, reaching EoL means that after that date the operating system will receive no additional
  • Security updates,
  • Non-security hot-fixes,
  • Free or paid assisted support options, or
  • Online technical content updates from Microsoft.
    Although computers running the Windows Vista will continue to work, without future security updates, there may well be an increase in risk of viruses and other security threats.  In addition, signature updates for Microsoft Security Essentials are only expected to be available for a limited time.



    References:
    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, March 28, 2017

    Coming Soon: Windows 10 Creators Update (Information and Suggestions)

    Windows 10 Creators Update


    The date that has been rumored for the global release of the Windows 10 Creators Update is April 11, 2017, just two weeks away.  Although no official announcement has been made or is expected from Microsoft, with the news today that ISO files are available for Build 15063 for both PCs and phones in the Fast Ring, PCs in the Slow Ring and those on the Xbox Insider Program, it appears the rumored date may indeed be correct.

    Update:   Windows 10 Creators Update coming April 11, Surface expands to more markets

    As with the Anniversary Update last year, it is expected that the initial roll-out of the Creators Update will be slow, gradually picking up over several months.  As Gregg Keizer wrote in Microsoft paces delivery of Windows 10 upgrades,
    "According to advertising network AdDuplex, 60 days after the Aug. 2, 2016, introduction of Windows 10 1607 -- aka Anniversary Update -- just 35% of measured Windows 10 PCs were running the upgrade. By the 90-day mark, however, that number had soared to 80%, showing that Microsoft, after a purposefully slow start, had stomped on the update accelerator."
    This was confirmed by John Cable, Microsoft Director of Program Management within the Windows Servicing and Delivery (WSD) team in Providing customers with more choice and control in the Creators Update.

    Important

    💥 Having installed each of the Insider Builds, I really like the improvements in that have been made along the way.  Although I have not had any failures installing the numerous Insider Builds on my 2008 device, hardware and drivers vary from device to device.  Thus, before proceeding with the installation of the Creators Update, be sure that, minimally, all important documents, irreplaceable pictures and other files are backed up prior to installing the new version.  Ideally, create a system image before installing the update.

    💥 In the event you have Windows 10 Pro and need to delay the update, it can be deferred for up to four months.  From Settings, navigate to Update & Security.  In Windows Update, select the link for "Advanced options" and check the box for "Defer feature updates".

    💥 The installation of the Creators Update is essentially replacing the entire operating system.  As a result, all previously created System Restore points are gone since they no longer apply.  It is important after the update has completed to enable System Restore.  To do this
    1. Navigate to Control Panel\All Control Panel Items\System
    2. Select "System protection"
    3. Click your system disk and note that it is shown as "off" 
    4. Click "Configure" and select "Turn on System Protection" 
    5. Ok the change and close the windows. 

    Windows 10
    Following is a small collection of articles by various journalists providing different perspectives of what to expect in the Creators Update.  Additional articles of interest are included below in the "References".

    References:


    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Mozilla Firefox Version 52.0.2 Released


    FirefoxMozilla sent Firefox Version 52.0.2 to the release channel. The update includes the fixes listed below.

    Fixes:

    • Use Nirmala UI as fallback font for additional Indic languages
    • Fix loading tab icons on session restore
    • Fix a crash on startup on Linux
    • Fix new installs erroneously not prompting to change the default browser setting

    Update

    To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...




      Friday, March 24, 2017

      Microsoft Released Replacement Cumulative Updates

      Microsoft Updates

      Microsoft released three replacement cumulative updates.

      There is one update each for Windows 10 version 1607 (Anniversary Update) and version 1511.  The update includes quality improvements with no new operating system features introduced.

      The third update is for Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1 and is applicable if experiencing the symptom described below.

      • Windows 10, 1607, OS Build 14393.970: KB4016635
        • Addressed a known issue with KB4013429 that caused form display issues with CRM 2011 on Internet Explorer 11. 
        • Addressed the issue with KB4013429 that prevents users from updating apps from Windows Store with 0x80070216 error.
        • To get the stand-alone package for this update, go to the Microsoft Update Catalog

      • Windows 10, 1511, OS Build 10586.842: KB4016636
        • Addressed a known issue with KB4013198 that caused form display issues with CRM 2011 on Internet Explorer 11.
        • To get the stand-alone package for this update, go to the Microsoft Update Catalog.

      • Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1: KB4016446
        • This update is only needed if you are experiencing an issue with forms in Microsoft Dynamics CRM 2011 not displayed correctly after KB 4013073 is installed on a Windows system that is running Internet Explorer 11.
        • To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
      If you installed earlier updates, only the new fixes contained in the respective package will be downloaded and installed.

      The updates are also available from Windows Update.




      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Pale Moon Version 27.2.1 Released


      Pale Moon
      Pale Moon has been updated to Version 27.2.1.  The update fixes some stability and usability issues.

      Details from the Release Notes:

          Changes/fixes:

          • Fixed an issue with planar alpha handling (transparency) when drawing JXR images.
          • Fixed a crash related to a change JavaScript array handling introduced in 27.2.0.
            This became apparent with the pentadactyl extension, but could happen in other situations as well.
          • Fixed a crash when opening ridiculously large images with HQ scaling enabled (default).
            Pale Moon will now only apply HQ scaling for images within reasonable limits (64 Mpix or smaller). Images larger than that may not display properly when zooming in, or may not display at all, even scaled down (e.g. >256 Mpix large) and show a "broken image" placeholder instead; please use dedicated image viewer applications for those kinds of images; it is outside the scope of a web browser to handle such large images.
          • Changed the way URL hashes are handled, and will no longer %-decode anchor hash identifiers by default.
            Note that this is against RFC 3986, which states that any part of the URL scheme that isn't data should be decoded.
            This is required for web compatibility because several sites use hash links to pass actual data to web applications (Please don't do this! Hashes ar part of the URL address, should only consist of "safe" characters, and aren't suited to pass arbitrary data) and the most common browsers no longer follow the RFC in that respect.
            If you want RFC compliance, switch dom.url.getters_decode_hash to true
          • Restored 2 RSA Camellia cipher suites that were missing: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA and TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
          • Fixed an issue with custom toolbars getting deleted during upgrade from 27.0/27.1 to 27.2

            Minimum system Requirements (Windows):
            • Windows Vista/Windows 7/8/10/Server 2008 or later
            • Windows Platform Update (Vista/7) strongly recommended
            • A processor with SSE2 instruction support
            • 256 MB of free RAM (512 MB or more recommended)
            • At least 150 MB of free (uncompressed) disk space
            Pale Moon includes both 32- and 64-bit versions for Windows:

            Update

            To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...


            Monday, March 20, 2017

            Microsoft Released Replacement Cumulative Update



            Microsoft released a new cumulative update for PCs running the "Anniversary Update, Version 1607.  KB4015438 replaces KB4013429 and is a quality improvement update and does not include any new features.

            Key changes include:
            • Addressed a known issue with KB4013429 that caused Windows DVD Player (and 3rd party apps that use Microsoft MPEG-2 handling libraries) to crash.

            • Addressed a known issue with KB4013429, that some customers using Windows Server 2016 and Windows 10 1607 Client with Switch Embedded Teaming (SET) enabled might experience a deadlock or when changing the physical adapter’s link speed property. This issue is most commonly seen as a DPC_WATCHDOG_VIOLATION or when verifier is enabled a VRF_STACKPTR_ERROR is seen in the Memory dump.
            If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed.

            The update is available from Windows Update.  The standalone package is available in the Microsoft Update Catalog.




            Home
            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...

            Saturday, March 18, 2017

            Pale Moon Version 27.2 Released with Security Updates


            Pale Moon
            Pale Moon has been updated to Version 27.2.  The update focuses on back-end improvements and security. Included in the updates are DiD* patches.
            *DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
            Details from the Release Notes:

            Security and Privacy Changes:
            • Added support for 256-bit AES-GCM encryption.
            • Added support for ChaCha20-Poly1305 encryption.
            • Removed support for Camellia-GCM since nobody seems interested in it.
              (Camellia in 128/256-bit CBC block mode is still fully supported).
            • Added support for SHA-224, SHA-256, SHA-384 and SHA-512 to Crypto utils.
            • Improved status handling of secure sites to be less sensitive to "insecure" items that are local.
            • Fixed print preview hijacking. (CVE-2017-5421)
            • Fixed a potentially exploitable crash in OnStartRequest. (CVE-2017-5416)
            • Fixed potential cross-origin content-stealing through a timing attack. (CVE-2017-5407) DiD
            • Fixed a denial-of-service problem with view-source. (CVE-2017-5422)
            • Fixed crash in directional controls. (CVE-2017-5413)
            • Fixed a perceived problem with chrome manifests. (CVE-2017-5427)
            • Fixed the use of an uninitialized value. (CVE-2017-5405)
            • Fixed a buffer overflow. (CVE-2017-5412)
            • Fixed a UAF situation. (CVE-2017-5403)
            • Fixed a potential spoofing issue with the address bar. (CVE-2017-5417)
            • Fixed a potential issue in libvpx. (CVE-2017-5402) DiD
            • Fixed a potential issue with HTTP auth. (CVE-2017-5418)
            • Fixed several memory safety hazards and potentially exploitable crashes. DiD
                Changes/fixes:
                • Updated the ICU lib to 58.2 to fix a number of issues.
                • Added proper control for the user for offline storage for web applications.
                • Added a check to prevent auto-filled URLs from copying the auto-filled selection to clipboard/primary.
                • Added the feature to pass a URL to open in a private window from the command-line.
                • Improved the display of the downloads indicator on the button in bright-text situations.
                • DOM storage now honors the "3rd party cookie" setting in that it will not allow 3rd party data to be stored if 3rd party cookies are disallowed.
                • Allowed toolbar button badges to be properly styled.
                • Updated the hunspell spellchecking library to 1.6.0 to fix a number of issues.
                • Fixed desktop notifications being off-screen if fired in rapid succession.
                • Added Element.insertAdjacentElement and Element.insertAdjacentText DOM functions.
                • Added support for JPEG-XR images.
                  This makes Pale Moon have the broadest support for image formats of all web browsers.
                  (enabled by default; you can disable this with media.jxr.enabled).
                • Completely removed the use of GStreamer on Linux.
                • Added support for element.innerText.
                • Custom toolbars should now properly remember their state.
                • Fixed some more playback issues with MP4/MSE videos.
                  Please be aware that we are still working on further improving MSE video handling.
                • Changed media processing to reduce dangerous processing asynchronicity.
                  This should also make media elements and playback more responsive.
                • Fixed a useragent string regression always displaying the minor Goanna version as .0
                • Updated NSPR to 4.13.1.
                • Updated NSS to 3.28.3-RTM.
                • Fixed unrestricted icon sizes in PMkit buttons.
                • Fixed unresponsive buttons on support page when not building the updater.
                • Fixed the use of "View image" and "Save image as" on extremely large images.
                • Changed the way "View Image" and "Save image as" work on canvas elements.
                • Made checking for dangerously large resolution PNG images smarter.
                  It will now accept larger "strip"-aspect ratio images while reducing unsupported large image resolutions.
                  This will e.g. fix Gmail's "emoji" window that uses a ridiculously long but very narrow single image to store all the emoticon pictures.
                • Converted several hard-coded URLs to preferences.
                • Updated the google.com override so it would not cripple services based on UA sniffing.
                • Added Inner and Outer Window ID administration.
                • Fixed the add-on discovery pane detection.
                • Added support for canvas ellipse.
                • Improved drawing of certain MathML elements at problematic zoom levels.
                • No longer building gamepad support.
                • Updated Harfbuzz font shaper to 1.4.3 to fix a number of issues.
                • Fixed a number of crashes (layout, plugins, uncommon navigation, bad URLs).
                • Aligned SVG specular filters with the spec.
                Minimum system Requirements (Windows):
                • Windows Vista/Windows 7/8/10/Server 2008 or later
                • Windows Platform Update (Vista/7) strongly recommended
                • A processor with SSE2 instruction support
                • 256 MB of free RAM (512 MB or more recommended)
                • At least 150 MB of free (uncompressed) disk space
                Pale Moon includes both 32- and 64-bit versions for Windows:

                Update

                To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                Remember - "A day without laughter is a day wasted."
                May the wind sing to you and the sun rise in your heart...


                Mozilla Firefox Version 52.0.1 Released with One Critical Security Update


                FirefoxMozilla sent Firefox Version 52.0.1 to the release channel. The update includes one (1) Critical security update.

                Security Fix:



                Critical

                  Update

                  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                    References




                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...




                    Tuesday, March 14, 2017

                    Adobe Shockware Player Security Update

                    Shockwave Player Adobe has released a critical security update for Adobe Shockwave Player which update address an important vulnerability that could potentially lead to escalation of privilege.

                    Although I have yet to need Shockwave Player on this computer, there are still many people who use it.  If you have Shockwave Player installed, please update to the latest version.

                    Release date: March 14, 2017
                    Vulnerability identifier: APSB17-08

                    CVE number: CVE-2017-2983
                    Platform: Windows

                    The newest version 12.2.8.198 is available here: http://get.adobe.com/shockwave/.  As usual, watch for any pre-checked add-ons not needed for the update.

                    References


                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...


                    Microsoft Security Updates for March, 2017


                    After the last minute issue that resulted in the postponement of the February updates, security updates have been released for March.

                    Although this was to be the start of replacing security bulletins with the new Security Updates Guide, security bulletins were also published this month to provide extra time to prepare for the transition. The new guide includes the ability to view and search security vulnerability information in a single online database. The guide is described as a "portal" by the MSRC Team in Furthering our commitment to security updates.

                    March Security Update Details:

                    Microsoft released seventeen (17) bulletins.  Nine (9) bulletins are identified as Critical and eight (8) rated Important in severity

                    The updates address vulnerabilities in Microsoft Windows, Microsoft Edge, Internet Explorer, Microsoft Office, Skype for Business, Microsoft Lync, Microsoft Silverlight, Microsoft Server Software, Microsoft Communications Platforms and Software, Microsoft Exchange and Adobe Flash Player for Windows 8.1 and above. 

                    Addressed in the updates are Remote Code Execution, Information Disclosure and Elevation of Privilege.

                    Information about the update for Windows 10 is available at Windows 10 update history.
                     
                    Critical:
                    • MS17-006 -- Cumulative Security Update for Internet Explorer (4013073)
                    • MS17-007 -- Cumulative Security Update for Microsoft Edge (4013071)
                    • MS17-008 -- Security Update for Windows Hyper-V (4013082)
                    • MS17-009 -- Security Update for Microsoft Windows PDF Library (4010319)
                    • MS17-010 -- Security Update for Microsoft Windows SMB Server (4013389)
                    • MS17-011 -- Security Update for Microsoft Uniscribe (4013076) 
                    • MS17-012 -- Security Update for Microsoft Windows (4013078)
                    • MS17-013 -- Security Update for Microsoft Graphics Component (4013075)
                    • MS17-023 -- Security Update for Adobe Flash Player (4014329) 
                    Important:
                    • MS17-014 -- Security Update for Microsoft Office (4013241)
                    • MS17-015 -- Security Update for Microsoft Exchange Server (4013242) 
                    • MS17-017 -- Security Update for Windows Kernel (4013081)
                    • MS17-018 -- Security Update for Windows Kernel-Mode Drivers (4013083)
                    • MS17-019 -- Security Update for Active Directory Federation Services (4010320)
                    • MS17-020 -- Security Update for Windows DVD Maker (3208223)
                    • MS17-021 -- Security Update for Windows DirectShow (4010318)
                    • MS17-022 -- Security Update for Microsoft XML Core Services (4010321)      

                      Additional Update Notes

                      • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
                      • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
                      • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

                      References


                        Remember - "A day without laughter is a day wasted."
                        May the wind sing to you and the sun rise in your heart...





                        Adobe Flash Player Critical Security Update

                        Adobe Flashplayer

                        Adobe has released Version 25.0.0.127 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

                        These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. 

                        Release date: March 14, 2017
                        Vulnerability identifier: APSB17-07
                        CVE number: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
                        Platform: Windows, Macintosh, Linux and Chrome OS

                        Update:

                        Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

                          Verify Installation

                          To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                          Do this for each browser installed on your computer.

                          To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                          References



                          Remember - "A day without laughter is a day wasted."
                          May the wind sing to you and the sun rise in your heart...








                          Tuesday, March 07, 2017

                          Mozilla Firefox Version 52.0 Released with Security Updates


                          FirefoxMozilla sent Firefox Version 52.0 to the release channel today.  The update includes six (6) Critical, four (4) High, eleven (11) Moderate updates and six (6) low security updates.  Firefox ESR was updated to version 45.8.0.

                          Note in particular the removal of support for Netscape Plugin API (NPAPI) plugins other than Flash.  Silverlight, Java, Acrobat and the like are no longer supported.  See Why do Java, Silverlight, Adobe Acrobat and other plugins no longer work? for Mozilla's explanation.

                          Additionally, Firefox users on Windows XP (EoL, End of Life, April 8, 2014) and Windows Vista (EoL April 11, 2017) have been migrated to the extended support release (ESR) version of Firefox. 

                          The next scheduled release is April 18,  2017 (5 week cycle with release for critical fixes as needed).

                          Security Fixes:

                          Critical

                          High

                          Moderate

                          Low

                          New

                          Added support for WebAssembly, an emerging standard that brings near-native performance to Web-based games, apps, and software libraries without the use of plugins.
                          • Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the "secure" attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing "secure" cookie from the same base domain.
                          • Added user warnings for non-secure HTTP pages with logins. Firefox now displays a “This connection is not secure” message when users click into the username and password fields on pages that don’t use HTTPS.
                          • Enabled multi-process Firefox for Windows users with touch screens
                          • Enhanced Sync to allow users to send and open tabs from one device to another.

                          Fixed

                          • Improved text input for third-party keyboard layouts on Windows. This will address some keyboard layouts that
                            • have chained dead keys
                            • input two or more characters with a non-printable key or a dead key sequence
                            • input a character even when a dead key sequence failed to compose a character

                          Changed

                          • Removed support for Netscape Plugin API (NPAPI) plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported.
                          • Display (but allow users to override) an “Untrusted Connection” error when encountering SHA-1 certificates that chain up to a root certificate included in Mozilla’s CA Certificate Program. (Note: Firefox continues to permit SHA-1 certificates that chain to manually imported root certificates.) Read more about the Mozilla Security Team’s plans to deprecate SHA-1
                          • Improved experience for downloads:
                            • Notification in the toolbar when a download fails
                            • Quick access to five most recent downloads rather than three
                            • Larger buttons for canceling and restarting downloads
                          • Removed Battery Status API to reduce fingerprinting of users by trackers
                          • When not using Direct2D on Windows, Skia is used for content rendering
                          • Migrated Firefox users on Windows XP and Windows Vista operating systems to the extended support release (ESR) version of Firefox. 
                          Update:

                          To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                            References




                            Remember - "A day without laughter is a day wasted."
                            May the wind sing to you and the sun rise in your heart...