Wednesday, October 31, 2018

Mozilla Firefox Version 63.0.1 Released


FirefoxMozilla sent Firefox Version 63.0.1 to the release channel today.  There is no indication of any security updates or updates for Firefox ESR.

Fixed

  • Snippets are not loaded due to missing element (bug 1503047)
  • Print preview always shows 30% scale when it is actually Shrink To Fit (bug 1501952)
  • Dialog displayed when closing multiple windows shows unreplaced %1$S placeholder in Japanese and potentially other locales (bug 1500823)


Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, October 25, 2018

Microsoft Cumulative Update for Windows 10 Version 1803


Microsoft has released cumulative update KB4462993 with non-security improvements and fixes for Windows 10 April 2018 Update (version 1803). Microsoft is not currently aware of any issues with this update.

Key changes include the following copied from the referenced KB Article:
  • Addresses an issue that sometimes prevents documents from appearing in the Microsoft Edge DevTools debugger. 
  • Addresses an issue that sometimes prevents Microsoft Edge extension scripts from appearing in Microsoft Edge DevTools. 
  • Addresses the redenomination of local currency that the Central Bank of Venezuela implemented to enter the Bolivar Soberano into circulation. 
  • Addresses additional issues with updated time zone information. 
  • Addresses an issue that causes sysprep /generalize to fail in audit mode because of a race condition while deleting certain registry keys. 
  • Addresses an issue with legacy Bluetooth® Basic Rate (BR) device inbound pairing. 
  • Addresses an issue that causes the audio service to stop working or become unresponsive while using call control, controlling volume, and streaming music to Bluetooth audio devices. Error messages that appear include:
    • Exception error 0x8000000e in btagservice.dll.
    • Exception error 0xc0000005 or 0xc0000409 in bthavctpsvc.dll.
    • Stop 0xD1 BSOD error in btha2dp.sys.
  • Addresses an issue that causes the OS to stop working when a Bluetooth device is accidently removed. 
  • Addresses an issue that causes the Event Log service to stop responding and degrades reliability in various areas of the operating system until you restart. This occurs when the Event Log is full and you selected Do not overwrite events (Clear logs manually) in Log Properties–System > When maximum event log size is reached:
  • Addresses an issue to support Microsoft Office events in the “Limit Enhanced” Group Policy setting list. 
  • Addresses an issue that makes it impossible to disable TLS 1.0 and TLS 1.1 when the Federal Information Processing Standard (FIPS) mode is enabled. 
  • Addresses an issue in which applications on systems with more than 4 GB of memory receive Access Denied error code “0x5” when calling CreateProcessWithLogonW()
  • Addresses an issue in which the AccountName in the Event Log entry for the Microsoft-Windows-Kerberos-Key-Distribution-Center source and Event ID 7 sometimes appears corrupted. 
  • Addresses an issue in which applications have handle leaks when using client authentication certificates with the TLS protocol. This issue occurs when the FreeCredentialsHandle call occurs before the DeleteSecurityContext call in the application code. 
  • Addresses an issue that might cause TCP connections opened for an application running on Windows Container to fail sporadically. This occurs when the container runs on a Network Address Translation (NAT) Network provided by Windows Network Address Translation (WinNAT). A SYN timeout occurs after reaching the maximum SYN Retransmit count. 
  • Addresses an issue with a warning message that appears when using Microsoft Edge to print some PDFs. 
  • Addresses an issue that causes the printing of PDF files from SharePoint Online to fail with the error, “Couldn't open PDF”.
  • Addresses an issue that can cause App-V packages to fail because of a missing file or DLL error. 
  • Addresses an issue that may cause container snapshot restoration to fail because of a missing file error. 
  • Addresses an issue that prevents the deletion of Immediate Tasks when their deletion timer occurs, such as when you configure Group Policy preferences for Immediate Task actions. 
  • Addresses an issue that causes Scheduled Tasks to remain in a queue and not execute until the first user logs on to a Windows 10, version 1803 device. Some affected scenarios include:
    • Scheduled Tasks that are defined in the last phase of setup won’t execute.
    • “Auto-enroll” computer certificates and “root and intermediate” certificates are missing. 
  • Addresses an issue that prevented the launch of Windows Defender Application Guard (WDAG) on Windows 10N (Europe) devices after servicing.
  • Addresses an issue that incorrectly implies that user policies have not been applied after configuring a user rights Group Policy setting. Reporting tools, such as RSOP.MSC or Gpresult.exe /h, do not show the user rights policies or display a red “X” instead.
  • Addresses an issue in which connection group folders are not properly merged.
  • Addresses an issue in which Scheduled Tasks configured to run on a specific day of the week don't execute at the expected time.
  • Addresses an issue that prevents the clock and date flyout from appearing when the region format is Spanish (Spain) and the sorting method is Traditional.
  • Addresses an issue in which the System.Security.Cryptography.Algorithms reference was not correctly loaded on .NET Framework 4.7.1 after the July 10, 2018 and August 14, 2018 patches.
  • Addresses an issue that may cause the system to stop working during the shutdown of some Windows Presentation Foundation (WPF) apps because of TaskCanceledException. Apps that are vulnerable to this issue perform work involving weak events or data binding after the Application.Run() function returns values.
  • Addresses a race condition in temporary files and some antivirus scanners that causes .NET Framework applications to stop working. The error message is, "The process cannot access the file ".
  • Updates the .NET Framework's support for the formatting of Japanese dates for the first year in the eras. When the format pattern is “y年”, the year format will use the symbol 元 and not use year number 1. Additionally, the .NET Framework will support dates that include 元. For more information, see KB4469068.
  • Updates Venezuela currency information. This will affect the culture of “es-VE” as follows:
    • The currency symbol is “Bs.S”.
    • The English currency name is “Bolívar Soberano”.
    • The local currency name is “bolívar soberano”.
    • The International Currency Code is “VES”.
  • Addresses an issue that may cause an application that has a child window to stop processing mouse inputs. This issue occurs when a precision touchpad triggers a WM_MOUSEWHEEL event.
  • Addresses an issue that may cause some applications to stop working after unplugging a tablet.
  • Addresses an issue in which application titles that were unexpectedly long were not predictably displayed using ellipses (…). In some cases, the text truncations that appear may confuse users.
  • Addresses an issue that causes the Windows 8.1 app to stop working when it calls the ProjectionManager.StartProjectingAsync API. The error code is 0x80070057.
  • Addresses an issue with Windows Text Input Framework. A layout request may cause some application text input elements to stop responding.
  • Addresses an issue in which users cannot enter East Asian text when prompted to create password hints during the upgrade process.
  • Addresses a multi-monitor issue that may incorrectly render an application that is in full-screen mode after changing the display mode.
  • Addresses an issue with leaks of window-related Graphics Device Interface (GDI) objects during window destruction.
  • Addresses an issue that occurs when typing in a text box of a Windows Presentation Foundation (WPF) application using the on-screen keyboard. If you select one of the predictive text suggestions, that word appears to be entered, but will disappear when you select a different control.
  • Addresses an issue that prevents applications from displaying a pop-up window or dialog box when the applications are in full-screen mode. For example, in a full-screen game, attempting to alter settings such as Multisampling Antialiasing (MSAA) will fail because the confirmation dialog does not appear. The dialog is hidden behind the application.
  • Addresses an issue that causes navigation across eras to stop working in the Japanese Calendar view. For more information, see KB4469068.
  • Addresses an issue related to the date format for the Japanese era calendar. For more information, see KB4469068.
  • Addresses an issue that causes the GetCalendarInfo function to return a wrong value for the Japanese era. For more information, see KB4469068.


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 23, 2018

Mozilla FIrefox Version 63.0 Released


FirefoxMozilla sent Firefox Version 63.0 to the release channel today.  Information about the "Enhanced Tracking Protection" and other new features in this release is available in the Mozilla Blog at Latest Firefox Rolls Out Enhanced Tracking Protection.

Update:  Mozilla failed to include in the Release Notes that the the update includes critical security fixes. 

Updates for Firefox Version 63.0 include fourteen (14) security updates in which 2 are rated Critical, 3 High, 4 Moderate and 5 Low. 

Updates for Firefox ESR Version 60.3 include eight (8) security updates in which 1 is rated Critical, 3 High, 3 Moderate and 1 Low.

New
    • Performance and visual improvements for Windows users
      • Moved the build infrastructure of Firefox on Windows to the Clang toolchain, bringing important performance gains
      • Firefox theme now matches the Windows 10 OS Dark and Light modes
    • Performance improvements for macOS users
      • Improved reactivity
      • Faster tab switching
      • WebGL power preferences allow non-performance-critical applications and applets to request the low-power GPU instead of the high-power GPU in multi-GPU systems
    • Added content blocking, a collection of Firefox settings that offer users greater control over technology that can track them around the web. In 63, users can opt to block third-party tracking cookies or block all trackers and create exceptions for trusted sites that don’t work correctly with content blocking enabled.
    • WebExtensions now run in their own process on Linux
    • Firefox now warns about having multiple windows and tabs open when quitting from the main menu
    • Firefox now recognizes the operating system accessibility setting for reducing animation
    • Added search shortcuts for Top Sites: Amazon and Google appear as Top Sites tiles on the Firefox Home (New Tab) page. When selected these tiles will change focus to the address bar to initiate a search. Currently in US only.

    Fixed

    • Resolved an issue that prevented the address bar from autofilling bookmarked URLs in certain cases

    Changed

    • In the Library, the Open in Sidebar feature for individual bookmarks was removed
    • The option to Never check for updates was removed from about:preferences. You can use the DisableAppUpdate enterprise policy as a substitute.
    • The Ctrl+Tab shortcut now displays thumbnail previews of your tabs and cycles through tabs in recently used order. This new default behavior is activated only in new profiles and can be changed in preferences.

    Developer

    • Refreshed visual style of Developer Tools menus to improve navigation and consistency
    • The Dev Tools accessibility inspector is now enabled by default. This tool surfaces information exposed to assistive technologies on the current page, allowing you to check what’s missing or otherwise needs attention.
    • Added support for Web Components custom elements and shadow DOM
    • The inspector now ships with a Font Editor that allows you to control non-variable as well as variable fonts

    unresolved

    • Quick Heal internet security software might crash 32-bit Firefox on Windows. A workaround is documented from this support article until a fixed version of Quick Heal is available.

    Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Thursday, October 18, 2018

    A Windows Insider MVP Visit to Microsoft Headquarters!

    Microsoft Visitor Center

    You read the title correctly.  I finally got to visit Microsoft headquarters!  Year after year of being awarded Microsoft MVP and now Windows Insider MVP, fellow MVPs have asked if I was going to the MVP Summit. I almost made it one year but the dates of a project at work changed and I had to cancel.

    All that changed last month when I received an email inviting me to join the Insiders2Campus contest winners at Microsoft Headquarters.  It was like a dream come true, a once-in-a-lifetime opportunity.  Of course I accepted!

    Insiders2Campus  

    I was a bit anxious about meeting the other people I would be joining because, out of the group, I am the only one not an IT Pro.  Rather, I am dedicated to working with/helping consumers.  Within minutes of meeting them, I quickly discovered that there was no need for concern.  Aside from each of us being Windows Insiders, we meshed.  After checking into the hotel, we had an impromptu gathering in the hotel lobby to get acquainted. 

    Here we were, far from home, complete strangers, the majority from different countries with completely varied backgrounds.  I discovered quickly that our backgrounds didn't matter.  We immediately connected.  Just as we witnessed at Microsoft at the various venues we visited and the people we met, we also exemplified diversity, inclusiveness and respect for one another. 

    Who we are:

    From left to right:  @robert_haluska, @lunaturk, @SamueleDassatti, @MustafaGeo, Windows Insider MVP @simonallisonuk, Microsoft MVP @ThomasMaurer, Windows Insider MVP (me 🌹 ) @SecurityGarden), @SimonHess and (@danielschbarros

    The Schedule:  Our days were packed from start to finish.  Although much of what we talked about was covered by NDA (Non-Disclosure Agreement), you can find general information about many of the places we visited in fellow Windows Insider MVP Simon Allison's article at Windows Insiders are welcomed to Microsoft HQ.  Following are a few specific highlights from the trip that I can share. 

    Wednesday, October 10, 2018


    As Dona Sarkar tweeted:
    The most Insider thing ever: we have 10 #WindowsInsiders on campus this week who are the winners of the bug bash contest. We were to do a session with them today...but of course, we set the building on fire and had to evacuate
    The hike down the stairs when the fire alarm sounded and back up was well worth it when we finally sat in on Dona's talk to the Microsoft Shell Team.  If you've heard about or read her book, "Spin Your Tale: The Fiction Writer's Guide to Your Personal Brand", you have an idea of what it was about.  As Dona said, "Your brand is your professional reputation.  It's what you're known for.  It's what you're an expert at. It's why people call on you."  The book provides steps on how to "Spin Your Tale".  It is a workbook going through the steps to ensure your brand reflects who you are.

    The surprise to me was that I was included in the presentation!  Yes, Dona had used information from the Windows Insider MVP interview of me last year, including the very, very old picture that the interviewer selected. 🙂


    Thursday, October 11, 2018


    Among the highlights on Thursday was a visit to the Microsoft Garage.  Again, as described in Dona's tweet:
    Our #Insiders2Campus toured the @MSFTGarage today. Did you know that the #windowsInsiders fave #MicrosoftLauncher started as a Garage project? We loved hearing from @_jeff_ramos about some of the behind the scenes wins and "learns" from prev projects #MicrosoftLife







    I have to be honest, as great as it is, Microsoft Launcher wasn't what caught my attention.  Rather I was very excited to see two other things on the "Wall of Fame".  The first was Mouse Without Borders which I had blogged when it was released in 2011.  Screen Capture from the Garage:


    Since consumer security is the area I have concentrated in throughout the years, the other thing I was excited to discover on the "Wall of Fame" was MSRT (Malicious Software Removal Tool) .  The knowledge that the developers of MSRT used personal time to create a tool to benefit Windows users makes it all the more special now when an updated version is delivered each month with the security updates. 

    Friday, October 12, 2018


    Friday opened with a Question and Answer session, described by Dona:
    Today the visiting #Insiders2Campus had a open Q&A with our upper management on Feedback, Flighting, the future of #WindowsInsiders, the future of dev'ing on Windows and a lot more. "Microsoft Insiders is definitely something we are doing--and yes, there will be a MVP program"
    The Question and Answer session was more than that.  There was no doubt throughout the session (and, in fact, each session we attended) that management was truly interested in what we had to say, in our feedback, where we saw issues, where we saw need for improvement. Windows Insider feedback truly is appreciated, wanted, respected and needed.

    Session with management

    Windows Insider Mixer


    Windows Insiders are familiar with the monthly Windows Insider Mixer webcasts where we have the opportunity to learn more about upcoming features, discuss preview builds and so much more.  The mixer this month was a bit different -- we were the ones sitting around the tables instead of Microsoft employees!  It is an hour long and the recording is available here:   https://mixer.com/WindowsInsider?vod=60068475.


    Thank you! 


    Hopefully, you have a small idea about how much this experience meant to me.  The trip organizers left no stone unturned.  Each and every detail was covered.  Our escorts were amazing and each and every presenter at the various sessions provided not only interesting information to us but were also interested in our feedback.  Members of the Windows Insider Team and other product groups joined us at various hosted lunches and dinners. Their honest interest in our input was evident.

    To fellow Insiders to Campus members, it was wonderful getting to know each and every one of you and sharing the wonderful experience with you.


    References:




    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, October 16, 2018

    Oracle Java Critical Security Updates Released

    java

    Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  This Critical Patch Update contains 12 new security fixes for Oracle Java SE.  11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

    Update

    If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

    Download Information

    Java SE 8u191 or 8u192
    Java SE 11.0.1  (x64-bit only)

    Notes:
    • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
    • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
    • Verify your versionhttp://www.java.com/en/download/testjava.jsp.   Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

    Critical Patch Updates

    For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
    • 15 January 2019
    • 16 April 2019 
    • 16 July 2019 
    • 15 October 2019

    Unwanted "Extras"

    Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

    Do the following to suppress the sponsor offers:
    1. Launch the Windows Start menu
    2. Click on Programs
    3. Find the Java program listing
    4. Click Configure Java to launch the Java Control Panel
    5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
    6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
    Java suppress sponsor offers

    Java Security Recommendations

    1)  In the Java Control Panel, at minimum, set the security to high.
    2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.
    3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...




    Tuesday, October 02, 2018

    Mozilla Firefox Version 62.0.3 Released With Critical Security Updates


    FirefoxMozilla sent Firefox Version 62.0.3 to the release channel today with two fixes and two critical security updates.
    Firefox ESR was updated to version 60.2.2 to address the critical security vulnerabilities.

    Critical:



    Fixed
    • Fixed hangs on macOS Mojave (10.14) when various dialog windows (upload, download, print, etc) are activated (bug 1489785)
    • Fixed playback of some encrypted video streams on macOS (bug 1491940)

    Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Monday, October 01, 2018

    Adobe Acrobat DC and Reader DC Critical Security Updates Released

    Adobe

    Originally announced for tomorrow in the PSIRT blog, Adobe has just released security updates for Adobe Reader DC and Adobe Acrobat DC for Windows and Macintosh.  These updates are rated as critical and important.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

    Release date:  October 1, 2018
    Vulnerability identifier: APSB18-30
    Platform: Windows and Macintosh

    Update or Complete Download

    Reader DC and Acrobat DC were updated to version 2019.008.20071. Update checks can be manually activated by choosing Help > Check for Updates. 
    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


    References





    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...