Thursday, October 26, 2017

Mozilla Firefox Version 56.0.2 Released


FirefoxMozilla sent Firefox Version 56.0.2 to the release channel today.  The update includes several bug fixes.  There is no mention of the previously listed unresolved issues.

Firefox ESR remains at version 52.4.0.

Fixed

      Previous Listed Unresolved Issues

      • Due to a bug in Mac OS X High Sierra, fullscreen mode has some issues
      • Startup crash with RelevantKnowledge adware installed. Firefox Support has helpful instructions to remove it.
      • Startup crashes with 64-bit Firefox on Windows 7, for users of Lenovo's "OneKey Theater" software for IdeaPad laptops. To fix this crash, please re-install 32-bit Firefox.
      • Users running Firefox for Windows over a Remote Desktop Connection (RDP) may find that audio playback is disabled due to increased security restrictions. Learn how to mitigate this issue until it is corrected in an upcoming release

      Update:

      To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Wednesday, October 25, 2017

      Another Adobe Flash Player Update

      Adobe Flashplayer

      Adobe has released Version 27.0.0.183 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

      The update does not include any security fixes.  Rather, it is to correct an important functional fix impacting Flex content.  If impacted, it is recommend the update be installed.  For those who have the option to 'Allow Adobe to install updates', the update will be automatic. 

      Update:

      *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

        Verify Installation

        To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

        Do this for each browser installed on your computer.

        To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

        References



        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...









        Saturday, October 21, 2017

        Adobe Reader XI and Acrobat XI -- End-of-Life

        Adobe

        Adobe provides product support from the general availability date of Adobe Acrobat and Adobe Reader for five years.  The five-year date was October 15, 2017, meaning Adobe Reader XI and Acrobat XI have reached end-of-life.  As a result, Adobe will no longer be providing technical support for those products.  This also includes both product and, more importantly, security updates.

        If either or both of these programs are installed on your computer it is strongly advised that you uninstall them as soon as possible.  If you wish to stay with Adobe products, the Adobe Acrobat Reader DC can be downloaded from here.
        Note: UNcheck any pre-checked additional options presented with the download. They are not part of the software and are completely optional.
        If you use Windows 10, Microsoft Edge works great to read PDF documents.  In addition, new features are included in the Windows 10 Fall Creators Update.   See How Microsoft Edge will beat Chrome as the best PDF reader with the Fall Creators Update for additional information.

        Another alternative is Sumatra PDF:
        "Sumatra PDF is a free PDF, eBook (ePub, Mobi), XPS, DjVu, CHM, Comic Book (CBZ and CBR) reader for Windows.
        Sumatra PDF is powerful, small, portable and starts up very fast.
        Simplicity of the user interface has a high priority."

        h/t ky331

        References

        Adobe Acrobat XI and Adobe Reader XI End of Support
        Adobe Support Lifecycle Policy,


        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...







        Wednesday, October 18, 2017

        Oracle Java Critical Security Updates Released

        java

        Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  The update contains 22 new security fixes for Oracle Java SE.  Twenty-two (22) of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.  

        Update

        If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

        Download Information

        Java SE 8u151/ 8u152
        Java™ SE Development Kit 8, Update 151 Release Notes
        Java™ SE Development Kit 8, Update 152 Release Notes
        Java SE Runtime Environment 8 - Downloads

        Java SE 9.0.1  (x64-bit only)
        Java™ SE Development Kit 9.0.1 Release Notes
        Java SE Runtime Environment 9 - Downloads
        Notes:
        • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
        • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
        • Verify your versionhttp://www.java.com/en/download/testjava.jsp.   Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

        Critical Patch Updates

        For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
        • 16 January 2018
        • 17 April 2018
        • 17 July 2018
        • 16 October 2018

        Unwanted "Extras"

        Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

        Do the following to suppress the sponsor offers:
        1. Launch the Windows Start menu
        2. Click on Programs
        3. Find the Java program listing
        4. Click Configure Java to launch the Java Control Panel
        5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
        6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
        Java suppress sponsor offers

        Java Security Recommendations

        1)  In the Java Control Panel, at minimum, set the security to high.
        2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

        3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

        References




        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...




        Monday, October 16, 2017

        Adobe Flash Player Out-of-Band Critical Security Update

        Adobe Flashplayer

        Adobe has released Version 27.0.0.170 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

        The critical update addresses a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows.

        Release date:  October 16, 2017
        Vulnerability identifier: APSB17-32
        CVE Numbers:   CVE-2017-11292
        Platform: Windows, Macintosh, Linux and Chrome OS

        Update:

        *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

          Verify Installation

          To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

          Do this for each browser installed on your computer.

          To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

          References



          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...









          Tuesday, October 10, 2017

          Microsoft Security Updates for October, 2017



          The October security release consists of 62 security updates for the following software in which 27 are listed as Critical and 35 are rated Important. In particular, note that one CVE in Microsoft Office is listed as under active attack, and two other CVEs are listed as publically known prior to release.
          • Internet Explorer
          • Microsoft Edge
          • Microsoft Windows
          • Microsoft Office and Microsoft Office Services and Web Apps
          • Skype for Business and Lync
          • Chakra Core

            Known Issues
            The updates address Remote Code Execution, Information Disclosure, "Defense in Depth",Security Feature Bypass and Elevation of Privilege. Note:  "Defense-in-Depth" is a fix that does not apply to an actively exploitable vulnerability but prevents future vulnerabilities caused by the same code when surrounding code changes expose the problem.  In addition, Windows 10 1511 support ends today.

            For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

            CVEs addressed by Microsoft this month that deserve extra attention are discussed in Zero Day Initiative — The October 2017 Security Update Review by Dustin Childs.

              Additional Update Notes

              • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
              • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
                Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
              • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

              References


                Remember - "A day without laughter is a day wasted."
                May the wind sing to you and the sun rise in your heart...





                Adobe Flash Player Updates

                Adobe Flashplayer

                Adobe has released Version 27.0.0.159 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

                These updates address functionality bugs.

                Release date:  October 10, 2017
                Vulnerability identifier: APSB17-31
                CVE Numbers:   None
                Platform: Windows, Macintosh, Linux and Chrome OS

                Update:

                *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

                  Verify Installation

                  To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                  Do this for each browser installed on your computer.

                  To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                  References



                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...









                  Pale Moon 27.5.1 Released


                  Pale Moon
                  Pale Moon has been updated to Version 27.5.1. This is a security and stability update.

                  The security updates include DiD ("Defense-in-Depth") fixes.  This means that it is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

                  Details from the Release Notes:

                  Changes/fixes:
                  • Changed the default Windows 10 styling when no accent color is aplied to black-on-white.
                  • Changed the theme styling on Windows 10 when the system window frame is used (menu bar enabled) to use the window manager background directly, preventing visual lag updating the window color when it changes.
                  • Updated user agent overrides for DropBox, YouTube and Yahoo to work around user agent sniffing issues.
                  • Fixed a crash in the media subsystem.
                  • Fixed a regression where video playback hardware acceleration was disabled incorrectly on some systems.
                   Security fixes:
                  • Updated libhyphen to the latest upstream code to fix a security issue.
                  • Updated NSPR to 4.16-RTM with a patch to un-bust building on win64.
                  • Updated NSS to 3.32.1-RTM.
                  • Worked around some more issues with Mac fonts (CVE-2017-7825).
                  • Fixed a potential rooting hazard in NPAPI plugin code. DiD
                  • Fixed a potential reference issue in JavaScript arrays. DiD
                  Minimum system Requirements (Windows):
                  • Windows Vista/Windows 7/8/10/Server 2008 or later
                  • Windows Platform Update (Vista/7) strongly recommended
                  • A processor with SSE2 instruction support
                  • 256 MB of free RAM (512 MB or more recommended)
                  • At least 150 MB of free (uncompressed) disk space
                  Pale Moon includes both 32- and 64-bit versions for Windows:

                  Update

                  To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...


                  Monday, October 09, 2017

                  Mozlla Firefox Version 56.0.1 Released


                  FirefoxMozilla sent Firefox Version 56.0.1 to the release channel today.  The update includes one fix and the migration to 64-bit Firefox for users of the 32-bit version.  Note the unresolved issues!

                  Firefox ESR remains at version 52.4.0.

                  Fixed

                  • Block D3D11 when using Intel drivers on Windows 7 systems with partial AVX support (bug 1403353)

                  Changed

                  • Users of 32-bit Firefox on 64-bit Windows are migrated to 64-bit Firefox for increased stability and security.

                  Unresolved

                  • Due to a bug in Mac OS X High Sierra, fullscreen mode has some issues
                  • Startup crash with RelevantKnowledge adware installed. Firefox Support has helpful instructions to remove it.
                  • Startup crashes with 64-bit Firefox on Windows 7, for users of Lenovo's "OneKey Theater" software for IdeaPad laptops. To fix this crash, please re-install 32-bit Firefox.
                  • Users running Firefox for Windows over a Remote Desktop Connection (RDP) may find that audio playback is disabled due to increased security restrictions. Learn how to mitigate this issue until it is corrected in an upcoming release

                  Update:

                  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                  References




                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...

                  Tuesday, October 03, 2017

                  Cycber Security Awareness Month


                  October is National Cyber Security Awareness Month (NCSAM).  The 2017 Cyber Security Awareness Month marks the seventh anniversary of the campaign.  It is also European Cyber Security Awareness Month (ECSM) https://cybersecuritymonth.eu/  and in Canada, https://www.getcybersafe.gc.ca/index-eng.aspx 

                    Stop | Think | Connect

                  With that in mind, consider the following suggestions not only during Cyber Security Awareness month but every day:

                      Stop:  Before you click that formatted link in your email, search results or social media account, mouse over the link to ensure the URL matches the description.

                      Think:  Whether it is email, Facebook, Twitter, an online forum or other online media, instead of spouting off the first reply that comes to mind when you disagree, think before you click the send button.  Remember that your online reputation can follow you in "real life".

                      Connect:  When you connect to the Internet, ensure your device software as well as any apps or third-party software are up to date.

                  Each week, Malwarebytes Labs will focus on a theme and provide helpful articles, useful tips, and valuable analysis so that you can increase awareness and spread the word. This week’s theme: simple steps to online safety. The first:  National cybersecurity awareness month: simple steps to online safety | Malwarebytes Labs


                  Home
                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...