Tuesday, November 27, 2018

Windows 10 and Windows 7 Cumulative Updates Released


Microsoft has released cumulative updates with non-security improvements and fixes for Windows 10 versions 1803 and 1709 as well as for Windows 7.  The update for both versions 1803 and 1709 and Windows 7 (Preview of Monthly Rollup) includes quality improvements with no new operating system features introduced.

The updates are available from Windows Update or the Microsoft Update Catalog.  See the referenced links below for the changes.  
Note:  Among other Known Issues, please note the following which applies to all systems:
"After installing this update, users may not be able to use the Seek Bar in Windows Media Player when playing specific files."
Microsoft is working on a resolution for the Seek Bar issue and will provide an update in an upcoming release.




Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, November 20, 2018

Adobe Flash Player Critical Security Update Released


Adobe Flashplayer

Adobe has released Version 31.0.0.153 of Adobe Flash Player and AIR for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player 31.0.0.148 and earlier versions.  Successful exploitation could lead to arbitrary code execution in the context of the current user.
Technical details about this vulnerability are publicly available. 

Release date:  November 20, 2018
Vulnerability identifier: APSB18-44
Platform:  Windows, Macintosh, Linux and Chrome OS

Vulnerability details

Vulnerability Category Vulnerability Impact Severity CVE Number
Type Confusion Arbitrary code execution Critical CVE-2018-15981


Update:
*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Friday, November 16, 2018

    Pale Moon Version 28.2.1 Released


    Pale Moon
    Pale Moon has been updated to version 28.2.1.

    The purpose of the update is to address a critical usability issue in the history and bookmarks window.

    The Linux versions will follow.

    Download:

    Update

    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...



    Thursday, November 15, 2018

    Mozilla Firefox Version 63.0.3 Released


    FirefoxMozilla sent Firefox Version 63.0.3 to the release channel today, apparently skipping over releasing version  63.0.2.  There is no indication of any security updates or updates for Firefox ESR which remains at version 60.3.0.

    Fixed

    • Games using WebGL (created in Unity) get stucks after very short time of gameplay (bug 1502748)
    • Slow page loading for some users with specific proxy configurations (bug 1495024)
    • Disable HTTP response throttling by default for causing bugs with videos in background tabs (bug 1503354)
    • Opening magnet links no longer works (bug 1498934)
    • Crash fixes (bug 1498510, bug 1503424)


    Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, November 13, 2018

    Microsoft Security Updates for November 2018



    The November security updates have been released and consists of security updates for the following:  Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, .NET Core, Skype for Business, Azure App Service on Azure Stack, Team Foundation Server and Microsoft Dynamics 365 (on-premises) version 8.

    The updates address Remote Code Execution, Defense in Depth, Information Disclosure, Tampering, Security Feature Bypass, Elevation of Privilege, Denial of Service and Spoofing.

    Important Note:  Windows 10 Version 1809 has been re-released:
    "While the April Update had the fastest Windows 10 update rollout velocity, we are taking a more measured approach with the October Update, slowing our rollout to more carefully study device health data. We will offer the October Update to users via Windows Update when data shows your device is ready and you will have a great experience. If we detect that your device may have an issue, such as an application incompatibility, we will not install the update until that issue is resolved, even if you “Check for updates,” so you avoid encountering any known problems. For those advanced users seeking to install the update early by manually using “Check for updates” in settings, know that we are slowly throttling up this availability, while we carefully monitor data and feedback."
    More at the Windows Experience Blog at Resuming the rollout of the Windows 10 October 2018 Update.


    Known Issues In the November Update:
          Recommended Reading: 

          Note:  Since Dustin Childs is in Tokyo for PawnToOwn, his  review and recommendations
          in  Zero Day Initiative will be delayed due to the time difference.  An update will be provided following his review.
            Update with Dustin Child's analysisZero Day Initiative — The November 2018 Security Update Review.
           
          More:  For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

          Additional Update Notes

          • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
          • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].

          References


          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...





          Adobe Flash Player Security Updates Released


          Adobe Flashplayer

          Adobe has released Version 31.0.0.148 of Adobe Flash Player and AIR for Windows, macOS, Linux and Chrome OS. These updates address an important vulnerability in Adobe Flash Player 31.0.0.122 and earlier versions.  Successful exploitation could lead to information disclosure.

          Release date:  November 13, 2018
          Vulnerability identifier: APSB18-39
          Platform:  Windows, Macintosh, Linux and Chrome OS

          Fixed Issues

          Flash Player
          • IE quits unexpectedly on opening multiple tabs with Flash Content (FP-4198903)
          • Assorted security and functional fixes

          Vulnerability details

          Vulnerability Category Vulnerability Impact Severity CVE Number
          Out-of-bounds Read Information Disclosure Important CVE-2018-15978

          Update:

          *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

            Verify Installation

            To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

            Do this for each browser installed on your computer.

            To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

            References



            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...









            Adobe Acrobat DC and Reader DC Security Updates Released

            Adobe

            Adobe has released security updates for Adobe Acrobat and Reader for Windows to resolve an important vulnerability.  Successful exploitation could lead to an inadvertent leak of the user’s hashed NTLM password.  Proof-of-concept code for CVE-2018-15979 is publicly available. 


            Release date:  November 13, 2018
            Vulnerability identifier: APSB18-40
            Platform: Windows

            Update or Complete Download

            Reader DC and Acrobat DC were updated to version 2019.008.20081. Update checks can be manually activated by choosing Help & Check for Updates. 
            Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


            References





            Home
            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...



            Pale Moon Version 28.2.0 Released with Security Updates


            Pale Moon
            Pale Moon has been updated to version 28.2.0, a major development release addressing performance, web compatibility, bugfixes, regressions and security vulnerabilities.  In particular, security fixes have been implemented for CVE-2018-12381, CVE-2017-7797, a better fix for CVE-2018-12386 (DiD), CVE-2018-12401 (DiD), CVE-2018-12398, CVE-2018-12392, several Skia bugs, and several crashes and memory safety hazards that do not have a CVE number.

            From the Release Notes:

            Changes/fixes:
            • Fixed a major performance issue with web workers.
            • Fixed a rare crash on local networks with HTTP basic auth and unsupported cipher suites.
            • Fixed a performance/timer issue when leaving the browser idle.
            • Fixed an issue causing an empty dialog when launching executable files from the browser.
            • Fixed an issue preventing making entries to disallow sites to store data for off-line use.
            • Removed code to prevent extensions with binary components.
            • Fixed an issue with common dialogs being sized incorrectly for their content.
            • Fixed an issue with event handling on the tab bar that would cause frustrating behavior when trying to open/close tabs in rapid succession.
            • Switched default behavior for scrolling when a context or pop-up menu is open to allow scrolling, like in v27. This also affects scrolling in very long menus, e.g. bookmarks.
            • Added experimental Asynchronous Panning and Zooming (APZ) for desktop use.
            • Re-enabled the use and parsing of ICC v4 color profiles.
            • Removed telemetry code from the caching subsystem.
            • Improved full-screen detection for suppressing status messages.
            • Made all arguments passed to Init*Event() optional except the first for parity with other browsers.
            • Cleaned up some internal installer code.
            • Fixed making caret width configurable when dealing with CJK characters (regression).
            • Fixed drawing of table borders consistently when zooming a page (regression).
            • Exposed the "Save download location per site" pref in about:config.
            • Improved media handling (ongoing).
            • Added experimental support for AV1 in WebM videos (disabled by default).
              Note: this is for WebM only for now, so MP4 and MSE AV1 streams (e.g. YouTube) will not (yet) play.
            • Removed the (defunct and incomplete) in-browser translation code.
            • Fixed an issue with CSS Grid layouts unnecessarily shrinking element blocks.
            • Fixed notification settings menu entry (opes about:permissions with relevant data now).
            • Fixed the launching of an undesirable background content process for capturing page thumbnails.
            • Fixed a focus issue in the bookmark properties dialog.
            • Changed the setting for reporting CSS errors to the console to false by default, to prevent unnecessary performance loss for recording this data.
            • Added control mechanisms for Opportunistic Encryption (both for alternative services and upgrade-insecure-requests) in preferences, and disabled this by default due to potential security and privacy issues with this transitional technology.
            • Updated the default reported Firefox version in Firefox Compatibility Mode to prevent "too old Firefox" complaints on websites.
            • Updated libnestegg, ffvpx, reader view components and several other modules from upstream.
            • Implemented security fixes for CVE-2018-12381, CVE-2017-7797, a better fix for CVE-2018-12386 (DiD), CVE-2018-12401 (DiD), CVE-2018-12398, CVE-2018-12392, several Skia bugs, and several crashes and memory safety hazards that do not have a CVE number.
              Download:

              Update

              To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...



              Sunday, November 11, 2018

              Lest We Forget

              Whether you call it Veteran's Day, Armistice Day or Remembrance Day, November 11th is a time to put aside politics and pay tribute to all who died for their country.  It is also a perfect time to thank the Veterans in whatever country you live in. 

              As in previous years, I am republishing my friend Canuk's last tribute and, once again, adding a special thank you to my friends "Phantom Phixer" and "Ghost".

              The comment Canuk posted provides one example of why he was a special person:
              "I too "will remember your friends who never had a full life", while thanking you and your comrades who have served with pride, honesty and honour.

              Despite anyone's thoughts of the current conflict in Iraq - opposition or agreement, we must always remember that these brave young men and women are fighting for a cause they also may or may not agree with. The huge difference between them and us is that they are putting their lives on the line 24/7 while we sit in our homes in comfort, using the freedom of speech previous warriors won for us, and for that they deserve our love, respect, and support."
              LEST WE FORGET




              We Shall Keep the Faith by Moira Michael, November 1918
              Oh! you who sleep in Flanders Fields, Sleep sweet - to rise anew! We caught the torch you threw And holding high, we keep the Faith With All who died. We cherish, too, the poppy red That grows on fields where valor led; It seems to signal to the skies That blood of heroes never dies, But lends a lustre to the red Of the flower that blooms above the dead In Flanders Fields. And now the Torch and Poppy Red We wear in honor of our dead. Fear not that ye have died for naught; We'll teach the lesson that ye wrought In Flanders Fields. Flags courtesy of3DFlags.com









              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...