Tuesday, June 12, 2018

Microsoft Security Updates for June, 2018



The June security release consists of 50 CVEs, of which 11 are listed as Critical and 39 are rated Important.  One is listed as being publicly known at the time of release, and none are listed as under active attack.

The updates address Security Feature Bypass, Information Disclosure, Remote Code Execution, Elevation of Privilege and Denial of Service.  The release consists of security updates for the following software:
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • Adobe Flash Player (although Adobe released Flash Player updates last week)
In addition, Microsoft is releasing the following advisory:  Microsoft Security Advisory 4338110, "Guidance to mitigate speculative execution side-channel vulnerabilities".

Known Issues: 4284880, 4284819, 4284835, 4284826, 4284867

As usual, Dustin Childs has provided a closer look at some of the patches for this month.in this month's Zero Day Initiative — The June 2018 Security Update Review.

More:  For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

Additional Update Notes

  • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
  • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
  • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...





Pale Moon Version 27.9.3 Released with Security Updates


Pale Moon
Pale Moon has been updated to version 27.9.3.  This is a security update.  From the Release Notes:

Changes/fixes:
  • (CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to that report, the libopus maintainers state they don't believe remote code execution was possible, so this was not a critical patch.
  • Fixed an issue with task counting in JS GC.
  • Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks to Berk Cem Göksel for reporting).
  • Portable only: Included the previously omitted registry helper. This may in some cases help with file/type associations.
       Minimum system Requirements (Windows):
      • Windows 7/8/10/Server 2008 or later
      • A processor with SSE2 instruction support
      • 256 MB of free RAM (512 MB or more recommended)
      • At least 150 MB of free (uncompressed) disk space
      Pale Moon includes both 32- and 64-bit versions for Windows:

      Update

      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Thursday, June 07, 2018

      Adobe Flash Player Critical Security Update

      Adobe Flashplayer

      Adobe has released Version 30.0.0.113 of Adobe Flash Player.  The update address critical vulnerabilities that could lead to remote code execution affecting version 29.0.0.171 and earlier.

      Release date:  June 7, 2018
      Vulnerability identifier: APSB18-19
      Platform:  Windows, Macintosh, Linux and Chrome OS
       

      Vulnerability details


      Vulnerability Category Vulnerability Impact Severity CVE Number
      Type Confusion Arbitrary Code Execution Critical CVE-2018-4945
      Integer Overflow Information Disclosure Important CVE-2018-5000
      Out-of-bounds read Information Disclosure Important CVE-2018-5001
      Stack-based buffer overflow Arbitrary Code Execution Critical CVE-2018-5002

      Note that exploit for CVE-2018-5002 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash Player content distributed via email.  

      Note:  Microsoft has issued an out-of-band update for the critical Adobe Flash Player vulnerabilities:  Security update for Adobe Flash Player: June 7, 2018

      Update:

      *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

        Verify Installation

        To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

        Do this for each browser installed on your computer.

        To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

        References



        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...









        Wednesday, June 06, 2018

        Mozlla Firefox Version 60.0.2 Released


        FirefoxMozilla sent Firefox Version 60.0.2 to the release channel today.  The update includes developer and MacOS fixes.

        It wasn't listed in the Release Notes when I originally posted but, come to find out not only was Firefox ESR updated both ESR and Version 60.0.2 included two security fixes, one rated critical and one rated high.  Firefox ESR is now Version 52.8.1.

        Fixed
        • Fix missing nodes in the developer tools Inspector panel (bug 1460223)
        • Fix font rendering when using third-party font managers on OS X 10.11 and earlier (bug 1460917)


        Changed
        • Updated to NSS 3.36.4 from 3.36.1:
          • Connecting to a server that was recently upgraded to TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error (bug 1462303)
          • Fix crash on macOS related to authentication tokens, e.g. PK11 or WebAuthn (bug 1461731)
          See release notes for NSS 3.36.2 and 3.36.4

          Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

          References




          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...

          Sunday, May 27, 2018

          Remembering Those Who Gave Their All

          Vietnam Memorial Wall
          April 30, 2005
          Photograph by Luigi Masu

          In honor of those who gave their all in the service of their country. 


          Memorial Day History


          Home
          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...

          Friday, May 25, 2018

          More GDPR





          If you are like me, you have likely seen more notices about privacy policy updates during recent days and weeks than the entire time you have been on the Internet.  Although, I must admit that I particularly enjoyed the "First message from deep space", that I saw on Twitter via Marcin Kleczynski.









          Even after all the privacy policy notices I have seen, I was surprised when opening my blog account this morning to find the the information below that Google placed in my account:



          Following the "Learn more" link which redirects to Cookies notification in European Union countries - Blogger Help, I discovered that visitors to Security Garden from the EU should be seeing the following notice:

          Google Added Cookie Notice

           "LEARN MORE" from the notice leads to How Google uses cookies – Privacy & Terms – Google.

           Since I have confirmed that the notice works and displays, do not use AdSense and am not aware of any functionality from other providers, I gather that GDR requirements have been fulfilled with respect to this blog.  However, that may not be the case with Google as indicated in Google and Facebook accused of breaking GDPR laws - BBC News and Facebook and Google hit with $8.8 billion in GDPR lawsuits - The Verge.



          Home
          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...

          Friday, May 18, 2018

          Pale Moon Version 27.9.2 Released


          Pale Moon
          Pale Moon has been updated to version 27.9.2.  This is a security and stability update.  From the Release Notes:

          Changes/fixes:
          • We changed the language strings for softblocked items so people will cry less when we do our job.
          • (CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10.
          • (CVE-2018-5173) Fixed an issue in the Downloads panel improperly rendering some Unicode characters, allowing for the file name to be spoofed. This could be used to obscure the file extension of potentially executable files from user view in the panel.
          • (CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a buffer overflow and crash if it occurs.
          • (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia library resulting in possible out-of-bounds writes.
          • (CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating attributes during SVG animations with clip paths.
          • (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable extension in order to occur.
          • Fixed several stability issues (crashes) and memory safety hazards.
               Minimum system Requirements (Windows):
              • Windows 7/8/10/Server 2008 or later
              • A processor with SSE2 instruction support
              • 256 MB of free RAM (512 MB or more recommended)
              • At least 150 MB of free (uncompressed) disk space
              Pale Moon includes both 32- and 64-bit versions for Windows:

              Update

              To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...


              Wednesday, May 16, 2018

              Mozilla Firefox Version 60.0.1 Released


              FirefoxMozilla sent Firefox Version 60.0.1 to the release channel today.  The update includes a number of fixes to the recently released version 60.

              Firefox ESR remains at version 52.8.

              Fixed
              • Avoid overly long cycle collector pauses with some add-ons installed (Bug 1449033)
              • Stop displaying "Sponsored content" on the New Tab page immediately after the "Sponsored Stories" option is disabled (Bug 1458906)
              • On touchscreen devices, fixed momentum scrolling on non-zoomable pages (Bug 1457743)
              • Fixed black map on Google Maps with updated Nvidia Web Drivers on macOS (Bug 1458553)
              • Use the right default background when opening tabs or windows in high contrast mode (Bug 1458956)
              • The Firefox uninstaller on Windows is now translated again (Bug 1436662)
              • Restored translations of the Preferences panels when using a language pack (Bug 1461590)

              Changed
              • WebVR has been disabled by default on macOS (Bug 1459362)

                Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                References




                Remember - "A day without laughter is a day wasted."
                May the wind sing to you and the sun rise in your heart...

                Monday, May 14, 2018

                Adobe Reader DC and Acrobat DC Critical Security Updates Released

                Adobe

                Adobe has released security updates for Adobe Reader DC and Adobe Acrobat DC for Windows and Macintosh.  These updates are rated as six (6) critical and five (5) rated important, addressing Arbitrary Code Execution, Information Disclosure and Security Bypass.  Also see this KB article for more information on mitigating CVE-2018-4993.

                Release date:  May 14, 2018
                Vulnerability identifier: APSB18-09
                Platform: Windows and Macintosh

                Update or Complete Download

                Update checks can be manually activated by choosing Help > Check for Updates.  Reader DC and Acrobat DC were updated to 2018.011.20040.   
                Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


                References





                Home
                Remember - "A day without laughter is a day wasted."
                May the wind sing to you and the sun rise in your heart...







                Wednesday, May 09, 2018

                Mozilla Firefox Version 60.0 Released with Security Updates


                FirefoxMozilla sent Firefox Version 60.0 to the release channel today.  The update includes twenty-six (26) security fixes of which two (2) are rated critical, six (6) high, fourteen (14) moderate, and four (4) low.

                Firefox ESR has been updated to version 52.8.

                Security Fixes

                Critical:
                High:
                Moderate:
                Low:
                New

                • Added a policy engine that allows customized Firefox deployments in enterprise environments, using Windows Group Policy or a cross-platform JSON file
                • Enhancements to New Tab / Firefox Home
                  • Responsive layout that shows more content for users with wide-screen displays
                  • Highlights section includes web sites saved to Pocket
                  • More options to reorder sections and content on the page
                  • Pocket Sponsored Stories will appear for a percentage of users in the US. Read about our privacy-conscious approach to sponsored content
                • Redesigned Cookies and Site Storage section in Preferences for greater clarity and control of first- and third-party cookies
                • Applied Quantum CSS to render browser UI
                • Added support for Web Authentication API, which allows USB tokens for website authentication
                • Enhanced camera privacy indicators: Firefox now turns off your camera and the camera's light when you disable video recording, and turns the camera and light on when you resume recording
                • Added an option for Linux users to show or hide page titles in a bar at the top of the browser. You’ll find the Title Bar option in the Customize panel available from the main browser menu.
                • Improved WebRTC audio performance and playback for Linux users
                • Locale added: Occitan (oc)
                Changed
                • Changed the Windows shortcut for entering Reader View to F9, for better compatibility with keyboard layouts that use AltGr
                • Bookmarks no longer support multiple keywords for the same URL unless the request has different POST data
                • TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted by Firefox
                • Updated the Skia graphics library to milestone 66
                Developer
                Unresolved
                • After disabling Sponsored Stories from the New Tab page settings, the next opened tab may still show a sponsored tile (bug 1458906)
                • WebVR does not work on macOS with Vive headsets (bug 1454204)

                Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                References




                Remember - "A day without laughter is a day wasted."
                May the wind sing to you and the sun rise in your heart...

                Tuesday, May 08, 2018

                Microsoft May, 2018 Security Updates



                The May security release consists of 68 CVEs, of which 21 are listed as Critical, 45 are rated Important, and two listed as Low in severity.  Two are listed as being under active attack, and two more are listed as publicly known at the time of release.

                The updates address Remote Code Execution, Denial of Service, Denial of Service, Information Disclosure, Elevation of Privilege, and Security Feature Bypass.  The release consists of security updates for the following software:

                  • Internet Explorer
                  • Microsoft Edge
                  • Microsoft Windows
                  • Microsoft Office and Microsoft Office Services and Web Apps
                  • ChakraCore
                  • Adobe Flash Player
                  • .NET Framework
                  • Microsoft Exchange Server
                  • Windows Host Compute Service Shim


                    Known Issues: 4103723, 4103727, 4103718, and 4103712.


                    As usual, Dustin Childs has provided a closer look at some of the patches for this month.in this month's Zero Day Initiative — The May 2018 Security Update Review.

                    More:  For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

                    Additional Update Notes

                    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
                    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
                    • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

                    References


                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...





                    Adobe Flash Player Critical Security Update Released

                    Adobe Flashplayer

                    Adobe has released Version 29.0.0.171 of Adobe Flash Player.  The update address critical vulnerabilities that could lead to remote code execution affecting version 29.0.0.140 and earlier.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

                    Release date:  May 8, 2018
                    Vulnerability identifier: APSB18-16
                    Platform:  Windows, Macintosh, Linux and Chrome OS

                    Fixed Issues

                    • Gradients in static SWFs shows "Movie Not Loaded" in Flash Player (FP-4198806)

                    Update:

                    *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

                      Verify Installation

                      To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                      Do this for each browser installed on your computer.

                      To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                      References



                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...









                      Monday, May 07, 2018

                      Pale Moon Version 27.9.1 Released


                      Pale Moon
                      Pale Moon has been updated to version 27.9.1.  This is a maintenance release.  From the Release Notes:

                      Changes/fixes:
                      • Removed the unused/incomplete places protocol handler.
                      • Worked around an issue with MSE media without a Track ID. This should help with the playability of some live streams.
                      • Ported across jemalloc improvements from UXP.
                      • Ported across cairo mutex improvements from UXP.
                      • Added support for FFmpeg 4.0/libavcodec 58.
                      • Added a fix for Windows 10's "isAlpha()" not being what one would expect in v1803.
                           Minimum system Requirements (Windows):
                          • Windows 7/8/10/Server 2008 or later
                          • A processor with SSE2 instruction support
                          • 256 MB of free RAM (512 MB or more recommended)
                          • At least 150 MB of free (uncompressed) disk space
                          Pale Moon includes both 32- and 64-bit versions for Windows:

                          Update

                          To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                          Remember - "A day without laughter is a day wasted."
                          May the wind sing to you and the sun rise in your heart...


                          Monday, April 30, 2018

                          Mozilla Firefox Version 59.0.3 Update to Fix Issue Affecting Windows 10 Spring Update


                          FirefoxMozilla sent Firefox Version 59.0.3 to the release channel today.  The update fixes a syntax error that affects Windows 10 Spring Update, Version 1803 but not earlier builds.  It affects all Firefox versions at least as far back as ESR52.

                          ESR has been updated to version 52.7.4.

                          Fixed

                          • Fix for compatibility with Windows 10 April 2018 update (Bug 1452619)

                          Update:
                          To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                          References




                          Remember - "A day without laughter is a day wasted."
                          May the wind sing to you and the sun rise in your heart...

                          Wednesday, April 18, 2018

                          Oracle Java SE Critical Security Update

                          java

                          Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  The Critical Patch Update contains 14 new security fixes for Oracle Java SE.  Twelve (12) of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 

                          Update

                          If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

                          Download Information

                          Java SE 8u171/ 8u172
                          http://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html
                          http://www.oracle.com/technetwork/java/javase/8u172-relnotes-4308893.html
                          http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

                          Java SE 10.0.1  (x64-bit only)
                          http://www.oracle.com/technetwork/java/javase/10-0-1-relnotes-4308875.html
                          http://www.oracle.com/technetwork/java/javase/downloads/jre10-downloads-4417026.html
                          Notes:
                          • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
                          • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
                          • Verify your versionhttp://www.java.com/en/download/testjava.jsp.   Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

                          Critical Patch Updates

                          For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
                          • 17 July 2018
                          • 16 October 2018
                          • 15 January 2019
                          • 16 April 2019

                          Unwanted "Extras"

                          Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

                          Do the following to suppress the sponsor offers:
                          1. Launch the Windows Start menu
                          2. Click on Programs
                          3. Find the Java program listing
                          4. Click Configure Java to launch the Java Control Panel
                          5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
                          6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
                          Java suppress sponsor offers

                          Java Security Recommendations

                          1)  In the Java Control Panel, at minimum, set the security to high.
                          2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

                          3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

                          References




                          Remember - "A day without laughter is a day wasted."
                          May the wind sing to you and the sun rise in your heart...




                          Tuesday, April 17, 2018

                          Pale Moon Version 27.9.0 Released


                          Pale Moon
                          Pale Moon has been updated to version 27.9.0. 

                          Note:  This is the last major development update for the v27 milestone (codenamed "Tycho").  After this, the focus will be for new features entirely on UXP and the new v28 milestone building on it. Version 27.9 will continue to be supported with security and stability updates for a while, but no major new features will be added from this point forward.

                          From the Release Notes:

                          Changes/fixes:

                          • Fixed a number of spec compliance issues in our media subsystem.
                          • Added a trailing slash to referrers when policy is set to fix some web compatibility issues.
                          • Fixed the property order in Object.getOwnPropertyNames(string) and others for web compatibility.
                          • Updated RegExp(RegExp object, flags) to the ES6 standard specification.
                          • Changed the embedded font from the no longer free EmojiOne to the open-licensed Twemoji (with additional fixes). This also further extends unicode support to Unicode 10 emoji(s). Please note that as a result, color emoji(s) will look different than before.
                          • Adjusted some things in our memory allocator code to provide, among other things, better allocation alignment on Windows.
                          • Made the attempt to migrate people from the old sync server domain name to the current one more aggressive. We will be retiring the old pmsync.palemoon.net Sync server address shortly to remove the need for us to maintain a security certificate for it; this preference migration should automatically put everyone on the correct server address (pmsync.palemoon.org) when upgrading.
                          • Made reading of the sessionstore synchronous, to speed up startup and prevent the homepage from being loaded when restoring a session.
                          • Added a fix to switch to the correct window/tab when a web notification is clicked.
                          • Changed the placeholder text to not include "Search" when all search functions from the address bar are disabled.
                          • Enabled the use of Skia for canvas on Linux and OSX.
                          • Worked around a potential cause for some non-standard bitmapped fonts ending up with incorrect line heights (I'm looking at you, Noto fonts!).
                          • Added a workaround for incorrectly-encoded JPEG-XR images with planar alpha. Ultimately, the jxrlib reference implementation should be fixed to encode according to spec.
                          • Aligned XCTO:nosniff allowed script MIME types with the updated spec.
                          • Improved the logic for storing vector images in the surface cache.
                          • Fixed character set handling for XMLHttpRequests.
                               Minimum system Requirements (Windows):
                              • Windows Vista/Windows 7/8/10/Server 2008 or later
                              • Windows Platform Update (Vista/7) strongly recommended
                              • A processor with SSE2 instruction support
                              • 256 MB of free RAM (512 MB or more recommended)
                              • At least 150 MB of free (uncompressed) disk space
                              Pale Moon includes both 32- and 64-bit versions for Windows:

                              Update

                              To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...


                              Tuesday, April 10, 2018

                              Microsoft Security Updates, April 2018



                              The April security release consists of 67 CVEs, of which 24 are listed as Critical, 42 are rated Important and 1 is rated Moderate in severity. One is listed as being publicly known and none are listed as being under active attack.  

                              The updates address Remote Code Execution, Information Disclosure, Denial of Service and Security Feature Bypass.  The release consists of security updates for the following software:
                              • Internet Explorer
                              • Microsoft Edge
                              • Microsoft Windows
                              • Microsoft Office and Microsoft Office Services and Web Apps
                              • ChakraCore
                              • Adobe Flash Player
                              • Microsoft Malware Protection Engine
                              • Microsoft Visual Studio
                              • Microsoft Azure IoT SDK

                              Known Issues: 4093112 4093118 4093108

                              Note:  KB4100375 (OS Build 17133.73) has been released to Windows Insiders running Build 17133 in the Fast, Slow, and Release Preview rings. This update includes the following quality improvements (no new OS features):
                              • Addresses a PDF security issue in Microsoft Edge.
                              • Addresses an issue that, in some instances, prevents Internet Explorer from identifying custom controls.
                              • Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows kernel, Microsoft graphics component, Windows Server, Windows cryptography, and Windows datacenter networking.

                              As usual, Dustin Childs has provided a closer look at some of the patches for this month.in this month's Zero Day Initiative — The April 2018 Security Update Review.

                              More:  For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

                              Additional Update Notes

                              • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
                              • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
                              • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

                              References


                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...





                              Adobe Flash Player Security Update Released

                              Adobe Flashplayer

                              Adobe has released Version 29.0.0.140 of Adobe Flash Player.  These updates address critical vulnerabilities that could lead to remote code execution affecting version 29.0.0.113 and earlier.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

                              Release date:  April 10, 2018
                              Vulnerability identifier: APSB18--08
                              Platform:  Windows, Macintosh, Linux and Chrome OS

                              Fixed Issues

                              • [Mac]RTMPS Error NetConnection.Connect.CertificatePrincipalMismatch (FP-4198784)
                              • [Edge] FP settings panel 'close' button stops responding on zoom.
                              • Multiple security and functional fixes

                              Update:

                              *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

                                Verify Installation

                                To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                                Do this for each browser installed on your computer.

                                To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                                References



                                Remember - "A day without laughter is a day wasted."
                                May the wind sing to you and the sun rise in your heart...









                                Sunday, April 01, 2018

                                Happy Easter! "Khrystos Voskres!"



                                "Khrystos Voskres!"

                                (Christ is Risen!)






                                "Voistyno Voskres!"

                                (He is Truly Risen!)







                                Home
                                Remember - "A day without laughter is a day wasted."
                                May the wind sing to you and the sun rise in your heart...

                                Monday, March 26, 2018

                                Mozilla FIrefox Version 59.0.2 Released with Security Update


                                FirefoxMozilla sent Firefox Version 59.0.2 to the release channel today.  The update has one security update identified as high and numerous fixes.

                                ESR has been updated to version 52.7.3.

                                Security Fixes

                                Fixed

                                • Invalid page rendering with hardware acceleration enabled (Bug 1435472)
                                • Windows 7 users with touch screens or certain 3rd party desktop applications which interact with Firefox through accessibility services may experience random browser crashes. Known 3rd party applicatioins with issues: StickyPassword, Windows 7 touch screen. (Bug 1424505)
                                • Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites that use those keys with resistFingerprinting enabled (Bug 1433592)
                                • High CPU / memory churn caused by third-party software on some computers (Bug 1446280)
                                • Users who have configured an "automatic proxy configuration URL" and want to reload their proxy settings from the URL will find the Reload button disabled in the Connection Settings dialog when they select Preferences/Options > Network Proxy > Settings... (Bug 1445991)
                                • URL Fragment Identifiers Break Service Worker Responses (Bug 1443850)
                                • User's trying to cancel a print around the time it completes will continue to get intermittent crashes (Bug 1441598)
                                • Broken getUserMedia (audio) on DragonFly, FreeBSD, NetBSD, OpenBSD. Video chat apps either wouldn't work or be always muted (Bug 1444074)

                                Update:
                                To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                                References




                                Remember - "A day without laughter is a day wasted."
                                May the wind sing to you and the sun rise in your heart...