Tuesday, October 16, 2018

Oracle Java Critical Security Updates Released

java

Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  This Critical Patch Update contains 12 new security fixes for Oracle Java SE.  11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

Update

If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

Download Information

Java SE 8u191 -- Release Notes: http://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.html

Java SE 11.0.1  (x64-bit only) -- Release Notes: https://www.oracle.com/technetwork/java/javase/documentation/11u-relnotes-5093844.html 

Downloadhttps://www.oracle.com/technetwork/java/javase/downloads/index.html

Notes:
  • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
  • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
  • Verify your versionhttp://www.java.com/en/download/testjava.jsp.   Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

Critical Patch Updates

For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
  • 15 January 2019
  • 16 April 2019 
  • 16 July 2019 
  • 15 October 2019

Unwanted "Extras"

Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

Do the following to suppress the sponsor offers:
  1. Launch the Windows Start menu
  2. Click on Programs
  3. Find the Java program listing
  4. Click Configure Java to launch the Java Control Panel
  5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
  6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
Java suppress sponsor offers

Java Security Recommendations

1)  In the Java Control Panel, at minimum, set the security to high.
2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.
3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...




Tuesday, October 02, 2018

Mozilla Firefox Version 62.0.3 Released With Critical Security Updates


FirefoxMozilla sent Firefox Version 62.0.3 to the release channel today with two fixes and two critical security updates.
Firefox ESR was updated to version 60.2.2 to address the critical security vulnerabilities.

Critical:



Fixed
  • Fixed hangs on macOS Mojave (10.14) when various dialog windows (upload, download, print, etc) are activated (bug 1489785)
  • Fixed playback of some encrypted video streams on macOS (bug 1491940)

Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, October 01, 2018

Adobe Acrobat DC and Reader DC Critical Security Updates Released

Adobe

Originally announced for tomorrow in the PSIRT blog, Adobe has just released security updates for Adobe Reader DC and Adobe Acrobat DC for Windows and Macintosh.  These updates are rated as critical and important.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

Release date:  October 1, 2018
Vulnerability identifier: APSB18-30
Platform: Windows and Macintosh

Update or Complete Download

Reader DC and Acrobat DC were updated to version 2019.008.20071. Update checks can be manually activated by choosing Help > Check for Updates. 
Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


References





Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Friday, September 21, 2018

Mozilla Firefox Version 62.0.2 Released


FirefoxMozilla sent Firefox Version 62.0.2 to the release channel today.  According to the release notes, the update appears to be limited to fixes without changes or security updates.

Fixed
  • Unvisited bookmarks can once again be autofilled in the address bar (bug 1488879)
  • WebGL rendering issues (bug 1489099)
  • Updates from unpacked language packs no longer break the browser (bug 1488934)
  • Fix fallback on startup when a language pack is missing (bug 1492459)
  • Profile refresh from the Windows stub installer restarts the browser (bug 1491999)
  • Properly restore window size and position when restarting on Windows (bugs 1489214 and 1489852)
  • Avoid crash when sharing a profile with newer (as yet unreleased) versions of Firefox (bug 1490585)
  • Do not undo removal of search engines when using a language pack (bug 1489820)
  • Fixed rendering of some web sites (bug 1421885)
  • Restored compatibility with some sites using deprecated TLS settings (bug 1487517)
  • Fix screen share on MacOS when using multiple monitors (bug 1487419)

Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, September 20, 2018

Microsoft Cumulative Updates Released for Windows 10


Microsoft has released cumulative updates with non-security improvements and fixes for Windows 10 April 2018 Update (version 1803) and Windows 10 Fall Creators Update (version 1709).  The update for both versions 1803 and 179 includes quality improvements with no new operating system features introduced.
The updates are available from Windows Update or the Microsoft Update Catalog.

Update 27Sep2018Cumulative update KB4458469 for Windows 10 version 1803 has been re-released because of a missing solution. See https://support.microsoft.com/en-us/help/4458469/windows-10-update-kb4458469




Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 28.1.0 Released


Pale Moon
Pale Moon version 28.1.0 has been released.  This update is considered a major update, focused on performance and security as well as some regression and bug fixes.

From the Release Notes:

Changes/fixes:
  • Updated NSS to 3.38, removed TLS 1.3 draft version check since it's considered final.
  • Reinstated RC4 as an optional encryption cypher for non-standard environments (e.g. old routing/peripheral networked hardware on LAN). RC4 and 3DES are marked weak and disabled, and will never be used in the first handshake with a site, only as last-ditch fallback when specifically enabled (meaning they won't show up on ssllabs' test, for example).
  • Removed Telemetry accumulation calls, automatic timers and stopwatches. This removes a very noticeable performance sink for all operations on all platforms.
  • Fixed many occurrences of discouraged types of memory access for primarily GCC 8 compatibility. This improves overall code security as a defense-in-depth measure.
  • Re-implemented the pref-controlled custom background color for standalone images.
  • Updated session history handling for internal pages. about:logopage is no longer stored in history, and you can choose to store the QuickDial page in history by setting the pref browser.newtabpage.add_to_session_history to true. This is disabled by default (meaning you can't use the "Back" button to go back to the QuickDial page) as a defense-in-depth security measure.
  • Added ui.menu.allow_content_scroll to control whether content can be scrolled if a context menu is open.
  • Fixed incorrect code removal in ipc.
  • Removed support for TLS session caches in TLSServerSocket.
  • Added support for local-ref as SVG xlink:href values.
  • Changed the find bar to be a browser-global toolbar again (like in Pale Moon 27) instead of per-tab. For people who prefer search terms to be saved on a per-tab basis (like with the per-tab findbar previously), this is possible by setting findbar.termPerTab to true. This resolves a number of issues, including styling with lightweight themes not applying to the find bar, and status pop-ups overlapping the find bar.
  • Ported all relevant security fixes from Mozilla's Gecko/62 release, including CVE-2018-12377 and CVE-2018-12379.
  • Restored part of the searchplugin API that was removed by Mozilla, so extensions can provide and save edits to installed search engines.
  • Improved the speed of restoring browsing sessions upon startup.
  • Fixed the "Restore previous session" button sometimes being missing from about:home, while a restorable session would be present.
  • Fixed tab previews in the Windows taskbar (if enabled).
  • Fixed the setting of the new tab page being "My Home Page" so it'll pick up subsequent changes to the home page URL automatically.
  • Removed the Firefox Accounts migrator from Sync.
  • Fixed an issue with the enabled state of number controls if appearances changed.
  • Stopped building ffvpx on 32-bit platforms (except windows) to use the (faster) system-installed lib instead.
  • Re-added a horizontal scroll action option for mouse wheel. (regression)
  • Fixed handling of content language if the locale is changed.
  • Fixed document navigation with the F6 key.
  • Fixed toolbar styling in toolkit themes.
  • Fixed viewing the source of a selection.
    Download:

    Update

    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...



    Wednesday, September 19, 2018

    Adobe Reader DC and Adobe Acrobat DC Security Updates Released

    Adobe

    Adobe has released security updates for Adobe Reader DC and Adobe Acrobat DC for Windows and Macintosh.  These updates are rated as critical and important.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

    Release date:  September 19, 2018
    Vulnerability identifier: APSB18-34
    Platform: Windows and Macintosh

    Update or Complete Download

    Reader DC and Acrobat DC were updated to version 2018.011.20063. Update checks can be manually activated by choosing Help > Check for Updates. 
    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


    References





    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...







    Tuesday, September 11, 2018

    Microsoft Security Updates for September, 2018



    The September security updates consist of 61 CVEs, of which 17 are listed as Critical 43 are rated Important, and 1 is rated as Moderate in severity.  Four are listed as publicly known at the time of release and one of is reported as being actively exploited. 

    The release consists of security updates for the following:  Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player, .NET Framework, Microsoft.Data.OData, and ASP.NET


    The updates address Remote Code Execution, Elevation of Privilege, Security Feature Bypass, and Spoofing.


    Known Issues

      Recommended Reading: 

      See Dustin Childs excellent review and recommendations
      in Zero Day Initiative — The September 2018 Security Update Review where he provides additional information on the CVC reported as actively exploited and more.


      More:  For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

      Additional Update Notes

      • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
      • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].

      References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...





      Adobe Flash Player and AIR Updates

      Adobe Flashplayer

      Adobe has released Version 31.0.0.108 of Adobe Flash Player and AIR.  The update addresses both security and functional issues in Flash Player.  The update to AIR fixes issues and introduces new features, as indicated in the Release Notes.

      Release date:  September 11, 2018
      Vulnerability identifier: APSB18-31
      Platform:  Windows, Macintosh, Linux and Chrome OS

      Fixed Issues

      Flash Player
      • Assorted security and functional fixes
      AIR
      • Incorrect path on macOS using File.browseForSave() if target file already exists (AIR-4198652)
      • ETC2 Non Alpha ATF are not rendered in ADL
      • Swiping iPhone bottom\up opens system tray instead small arrow (AIR-4198602)

      Vulnerability details

      Vulnerability Category Vulnerability Impact Severity CVE Number
      Privilege Escalation Information Disclosure Important CVE-2018-15967

      Update:

      *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

        Verify Installation

        To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

        Do this for each browser installed on your computer.

        To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

        References



        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...









        Wednesday, September 05, 2018

        Mozilla Firefox Version 62.0 Released


        FirefoxMozilla sent Firefox Version 62.0 to the release channel today.

        Update:  As usual, Mozilla published the information about the security updates long after releasing the update.  The update included nine (9) security updates of which one (1) is critical, three (3) are high, two (2) moderate and three (3) are rated low.  The updates apply to both  newly released Firefox Version 62.0 as well as earlier released Firefox ESR 60.2.

        Critical
        High
        Moderate
        Low

        New

        • Firefox Home (the default New Tab) now allows users to display up to 4 rows of top sites, Pocket stories, and highlights
        • “Reopen in Container” tab menu option appears for users with Containers that lets them choose to reopen a tab in a different container
        • In advance of removing all trust for Symantec-issued certificates in Firefox 63, a preference was added that allows users to distrust certificates issued by Symantec. To use this preference, go to about:config in the address bar and set the preference "security.pki.distrust_ca_policy" to 2.
        • Added FreeBSD support for WebAuthn
        • Improved graphics rendering for Windows users without accelerated hardware using Parallel-Off-Main-Thread Painting
        • Support for CSS Shapes, allowing for richer web page layouts. This goes hand in hand with a brand new Shape Path Editor in the CSS inspector.
        • CSS Variable Fonts (OpenType Font Variations) support, which makes it possible to create beautiful typography with a single font file
        • Updates for enterprise environments:
          • AutoConfig is sandboxed to the documented API by default. You
            can disable the sandbox by setting the preference
            general.config.sandbox_enabled to false. Our long term plan is to
            remove the ability to turn off the sandboxing. If you need to
            continue to use more complex AutoConfig scripts, you will need to use
            Firefox Extended Support Release (ESR).
        • Added Canadian English (en-CA) locale

        Changed

        • Removed the description field for bookmarks. Users who have stored descriptions using the field may wish to export these descriptions as html or json files, as they will be removed in a future release.
        • Dark theme is automatically enabled in macOS 10.14 dark mode
        • Changed the default setting to Enforce (3) for the security.pki.name_matching_mode preference
        • Adobe Flash applets now run in a more secure mode using process sandboxing on macOS. Learn how this may affect features here.
        • Users disconnecting from Sync are now offered the option to wipe their Firefox profile data (including bookmarks, passwords, history, cookies, and site data) from their desktop computer
        • Changed how WebRTC handles screen sharing: When screen-sharing a window, the window will be brought to front
        Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

        References




        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...

        Friday, August 31, 2018

        Microsoft Cumulative Updates Released for Windows 10


        Microsoft has released cumulative updates with non-security improvements and fixes for Windows 10 April 2018 Update (version 1803) and Windows 10 Fall Creators Update (version 1709).
        The updates are available from Windows Update or the Microsoft Update Catalog.

        Note that there is a known issue for both versions if you use Microsoft Edge using the New Application Guard Window.  If you’ve experienced the issue and already installed the update, there is a work-around for Version 1803 in the referenced KB article.  For Version 1709, Microsoft is working on a resolution and will provide an update in an upcoming release for that as well as an  additional known issue that affects some non-English platforms. 


        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...

        Pale Moon Version 28.0.1 Released


        Pale Moon
        Pale Moon version 28.0.1 has been released.  This is a bugfix point release to address serious performance bottlenecks and general run-time issues, particularly impacting 32-bit operating systems.

        From the Release Notes:

        Changes/fixes:
        • Backed out a Mozilla upstream patch causing issues with IPC and texture allocation for the compositor.
        • Backed out a Mozilla upstream patch causing issues with Javascript memory buffer allocation.
        Linux versions will follow shortly.
          Download:

          Update

          To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...



          Tuesday, August 28, 2018

          Pale Moon Version 28.0.0.1 Released


          Pale Moon
          Pale Moon version 28.0.0.1 has been released. 

          From the Release Notes:

          "This is a Windows-only update to address some stability/performance issues that have popped up with the new milestone release on especially 32-bit systems.

          The cause seems to be a compiler bug in Visual Studio 2015 with certain optimizations. Although 64-bit does not seem to be directly affected, we are still applying more cautious optimizations there too from this point forward until we can figure out exactly what the cause is and which (more aggressive) optimizations are safe to use."

                 Minimum system Requirements (Windows):
                • Windows 7/8/10/Server 2008 R2 or later
                • A processor with SSE2 instruction support
                • 1 GB of RAM
                • At least 200 MB of free (uncompressed) disk space

                  Download:

                  Update

                  To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...



                  Thursday, August 16, 2018

                  Pale Moon Version 28.0.0 Released


                  Pale Moon
                  Pale Moon version 28.0.0 has been released.  This release is a new major milestone in Pale Moon's release history.

                  From the Release Notes, the most pertinent changes since the release of version 27.0.0:
                  • SpiderMonkey update: The JavaScript engine has received a major upgrade and now supports all landmark features from the ECMAScript standards as carried by mainstream browsers. This should put an end to the increasing JavaScript issues we've seen due to web frameworks not being browser-agnostic in that respect, or the browser not supporting what websites expect.
                  • Goanna update: The layout and rendering engine (Goanna) has been updated to its 4th generation (version 4.*) which brings with it improved compatibility with "trendy" CSS styling techniques that build on a few very specific features (e.g. CSS Grid). Goanna continues to build on tried-and-tested software fallbacks in case hardware acceleration can't be used, and Linux remote desktop users can continue to leverage xrender for speedy remote screen updates in Pale Moon.
                  • DOM enhancements: Enhancements in the Document Object Model provides websites with updated APIs to perform their tasks. (e.g. Fetch, WebAnimations, WebCrypto, HTML Input Element Extensions, etc.)
                  • Media enhancements: Our media back-end update is, for all intents and purposes, complete. MSE media streaming (for MP4) should be compatible with all major players on the market now. MSE for WebM is still disabled by default due to some compatibility issues that need to be examined, but you may enable this in preferences to e.g. allow 4k video playback on some sites that only offer UHD in WebM format. We now also support playback of FLAC-encoded audio.
                  • New: WebGL2 support! Pale Moon now supports the WebGL2 standard for enhanced graphical experiences in 2D and 3D.
                  • Devtools have been given a refresh. Just in case you thought they weren't extensive enough yet, some new categories have been added to inspect and manipulate all aspects of web content.
                  • Updates to the login manager: Login credentials can now be stored specifically with or without a user name, and selected individually. This is a behavior change from previous, and clicking a password field can now pop-up a selection list of user names for which passwords are stored (if multiple credentials are saved). Clicking the appropriate login name (or date-stamped version if no name is present) will fill in the accompanying password.
                  Also note what has not changed:
                  • We continue to support NPAPI plugins.
                  • We continue to support complete themes as well as lightweight themes.
                  • We continue to offer a fully customizable interface like before. Australis (like seen in Basilisk) is not used.
                  • We continue to support XUL overlay, bootstrapped and (deprecated) Jetpack extensions (collectively called "legacy extensions" by Mozilla).
                         Minimum system Requirements (Windows):
                        • Windows 7/8/10/Server 2008 R2 or later
                        • A processor with SSE2 instruction support
                        • 1 GB of RAM
                        • At least 200 MB of free (uncompressed) disk space

                          Download:

                          Update

                          To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                          Remember - "A day without laughter is a day wasted."
                          May the wind sing to you and the sun rise in your heart...



                          Tuesday, August 14, 2018

                          Microsoft Security Bulletin Release for August, 2018



                          The August security release consists of 60 CVEs, of which 19 are listed as Critical and 39 are rated Important, 1 is rated as Moderate and 1 is rated as Low in severity.  In particular, note that CVE-2018-8373, Internet Explorer Memory Corruption Vulnerability and CVE-2018-8414, Windows Shell Remote Code Execution Vulnerability are listed as publicly known and exploited.

                          The release consists of security updates for the following: Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player, .NET Framework, Microsoft Exchange Server, Microsoft SQL Server and Visual Studio.

                          The updates address Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Information Disclosure, Defense in Depth, Tampering and Spoofing.
                            Recommended Reading: 

                            See Dustin Childs excellent review and recommendations
                            in Zero Day Initiative — The August 2018 Security Update Review.  


                            More:  For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

                            Additional Update Notes

                            • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
                            • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].

                            References


                            Remember - "A day without laughter is a day wasted."
                            May the wind sing to you and the sun rise in your heart...





                            Adobe Flash Player Security Update Released

                            Adobe Flashplayer

                            Adobe has released Version 30.0.0.154 of Adobe Flash Player.  The update addresses both security and functional issues.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

                            Release date:  August 14, 2018
                            Vulnerability identifier: APSB18-25
                            Platform:  Windows, Macintosh, Linux and Chrome OS
                             

                            Vulnerability details

                            Vulnerability Category Vulnerability Impact Severity CVE Number
                            Out-of-bounds read Information Disclosure Important CVE-2018-12824
                            Security Feature bypass Information Disclosure Important CVE-2018-12825
                            Out-of-bounds read Information Disclosure Important CVE-2018-12826
                            Out-of-bounds read Information Disclosure Important CVE-2018-12827
                            Privilege Escalation Remote Code Execution Important CVE-2018-12828

                            Update:

                            *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

                              Verify Installation

                              To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                              Do this for each browser installed on your computer.

                              To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                              References



                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...









                              Adobe Acrobat DC and Reader DC Critical Security Updates Released

                              Adobe

                              Adobe has released security updates for Adobe Reader DC and Adobe Acrobat DC for Windows and Macintosh.  These updates are rated as critical and important.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

                              Release date:  August 14, 2018
                              Vulnerability identifier: APSB18-29
                              Platform: Windows and Macintosh

                              Update or Complete Download

                              Reader DC and Acrobat DC were updated to version 2018.011.20058. Update checks can be manually activated by choosing Help > Check for Updates. 
                              Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


                              References





                              Home
                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...







                              Wednesday, August 08, 2018

                              Mozilla Firefox Version 61.0.2 Released


                              FirefoxMozilla sent Firefox Version 61.0.2 to the release channel today.  At the time of this posting, it does not appear that Firefox ESR has been updated or that it includes any security updates.

                              New
                              • Adds support for automatically restoring your Firefox session after Windows restarts. Currently, this feature is not enabled by default for most users, but will be gradually enabled over the coming weeks.
                              Fixed
                              • Improved website rendering with the Retained Display List feature enabled (Bug 1474402)
                              • Fixed broken DevTools panels with certain extensions installed (Bug 1474379)
                              • Fixed a crash for users with some accessibility tools enabled (Bug 1474007)


                              Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                              References




                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...

                              Tuesday, July 24, 2018

                              Cumulative Updates Released for Windows 10


                              Cumulative updates have been released by Microsoft for Windows 10 April 2018 Update (version 1803), Windows 10 Fall Creators Update (version 1709), and Windows 10 Creators Update (version 1703).

                              See the update appropriate for your version of Windows 10 for the Improvements and fixes as well as Known Issues.


                              Home
                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...

                              Wednesday, July 18, 2018

                              Oracle Java Critical Security Update

                              java

                              Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  The critical patch update contains 8 new security fixes for Oracle Java SE.  All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.  

                              Update

                              If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

                              Download Information

                              Java SE 8u181
                              http://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.html
                              http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

                              Java SE 10.0.2  (x64-bit only)
                              http://www.oracle.com/technetwork/java/javase/10-0-2-relnotes-4477557.html
                              http://www.oracle.com/technetwork/java/javase/downloads/jre10-downloads-4417026.html
                              Notes:
                              • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
                              • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
                              • Verify your versionhttp://www.java.com/en/download/testjava.jsp.   Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

                              Critical Patch Updates

                              For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
                              • 16 October 2018
                              • 15 January 2019
                              • 16 April 2019 
                              • 16 July 2019

                              Unwanted "Extras"

                              Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

                              Do the following to suppress the sponsor offers:
                              1. Launch the Windows Start menu
                              2. Click on Programs
                              3. Find the Java program listing
                              4. Click Configure Java to launch the Java Control Panel
                              5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
                              6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
                              Java suppress sponsor offers

                              Java Security Recommendations

                              1)  In the Java Control Panel, at minimum, set the security to high.
                              2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.
                              3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

                              References




                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...




                              Tuesday, July 17, 2018

                              Windows 10 Cumulative Updates Released


                              Microsoft released new cumulative updates for the Windows 10 Version 1703 and Version 1803 to introduce a series of quality improvements.  No new operating system features are being introduced in this update. A restart is needed to install the update.

                              Version 1803: July 16, 2018—KB4345421 (OS Build 17134.167)
                              Version 1703: July 16, 2018—KB4345420 (OS Build 16299.550)




                              Home
                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...

                              Pale Moon Version 27.9.4 Released


                              Pale Moon
                              Pale Moon has been updated to version 27.9.4. The release includes DiD ("Defense-in-Depth") changes.  This means that a fix does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

                              From the Release Notes:

                              Changes/fixes:
                              • Updated the useragent for addons.mozilla.org to work around their "Only with Firefox" discrimination preventing users from downloading themes, old versions of extensions, and other files with Pale Moon.
                              • Restricted web access to the moz-icon:// scheme that could potentially be abused to infringe the user's privacy.
                              • Prevented various location-based threats. DiD
                              • Fixed a potential vulnerability with plugins being redirected to different origins (CVE-2018-12364).
                              • Improved the security check for launching executable files (by association) on Windows from the browser. For users who have (most likely accidentally) granted a system-wide waiver for opening these kinds of files without being prompted, this permission has been reset.
                              • Fixed an issue with invalid qcms transforms (CVE-2018-12366).
                              • Fixed a buffer overflow using the computed size of canvas elements (CVE-2018-12359).
                              • Fixed a use-after-free when using focus() (CVE-2018-12360).
                              • Added some sanity checks on nsMozIconURI. DiD
                              • Fixed an issue in the case the preferences file in the profile would not be writable (e.g. temporary permission issues due to backup, virus scanning or similar external processes).
                                     Minimum system Requirements (Windows):
                                    • Windows 7/8/10/Server 2008 or later
                                    • A processor with SSE2 instruction support
                                    • 256 MB of free RAM (512 MB or more recommended)
                                    • At least 150 MB of free (uncompressed) disk space
                                    Pale Moon includes both 32- and 64-bit versions for Windows:

                                    Update

                                    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                                    Remember - "A day without laughter is a day wasted."
                                    May the wind sing to you and the sun rise in your heart...