Thursday, June 20, 2019

Mozlla Firefox Version 67.0.4 Released With Another Security Update

Firefox

Rapidly following the critical security update two days ago addressing an actively-exploited vulnerability, Mozilla sent Firefox Version 67.0.4 to the release channel today. Also released was Firefox ESR Version 60.7.2.  Both version updates comprise one security update rated high.

High


      Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Tuesday, June 18, 2019

      Microsoft Cummulative Update for Windows 10 Version 1809



      Microsoft has released a cumulative update with non-security improvements and fixes for Windows 10 Version 1809.  The update includes a large number of quality improvements.  There are also several "known issues" in the update, with the one most helpful to know before updating as follows:
      Symptom:
      We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.
      Workaround:
      To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.
      We are working on a resolution and will provide an update in an upcoming release.

      To view the improvements and features and review the other known issues, see the following:  4501371 (OS Build 17763.592)

      To download and install this update, go to Settings > Update and Security Windows Update and select Check for updates.
      If you are using Windows Update, the latest SSU (KB4504369) will be offered to you automatically. However, to get the standalone package for the SSU update, go to the Microsoft Update Catalog website.


      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Mozilla Firefox Version 67.0.3 Released With Critical Security Update

      Firefox

      Mozilla sent Firefox Version 67.0.3 to the release channel today. Also released was Firefox ESR Version 60.7.1.  Both version updates comprise one critical security update.

      Critical


          Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

          References


          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...

          Friday, June 14, 2019

          Adobe Acrobat DC and Acrobat Reader DC Update for Windows

          Adobe

          Adobe has released an optional update for Acrobat DC and Acrobat Reader DC to version 2019.012.20035. The update is a hotfix patch for Windows only that addresses some important bug fixes.  

          From the Release Notes:
          • Forms 4276861: Acrobat Reader crashes on clicking “Enable All Features” button in Protected View mode while opening a Dynamic Form and windbg being set to default debugger.
          • Browser 4276070: Error 103.103 while opening files from the SAP application on Internet Explorer.
          • CEF Infra 4275980: Adobe Reader DC creates blob_storage folder on network location in certain cases.
          Update

          Update checks can be manually activated by choosing Help/Check for Update or download the installer from here
          Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

          References




          Home
          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...



          Tuesday, June 11, 2019

          Microsoft Security Updates for June, 2019



          The June security updates have been released and consist of 88 CVEs and 4 advisories. Of these 88 CVEs, 21 are rated Critical and 66 are rated Important and 1 Moderate in severity. Four are listed as publicly known and none are listed as under active attack at the time of release.

          The updates address Remote Code Execution, Information Disclosure, Spoofing, Elevation of Privilege, Denial of Service,  Security Feature Bypass, and Tampering.  They apply to the following:  Adobe Flash Player, Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Skype for Business and Microsoft Lync, Microsoft Exchange Server and Azure.


          Known Issues:  See the Known Issues and accompanying work-around in the KB Articles:

          KB Article Applies To
          4493730 Windows Server 2008 Service Pack 2 Servicing stack update
          4503027 Exchange Server 2019, Exchange Server 2016
          4503028 Exchange Server 2010 Service Pack 3, Exchange Server 2013
          4503263 Windows Server 2012 (Security-only update)
          4503267 Windows 10, version 1607, Windows Server 2016
          4503276 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
          4503279 Windows 10, version 1703
          4503284 Windows 10, version 1709
          4503285 Windows Server 2012 (Monthly Rollup)
          4503286 Windows 10, version 1803
          4503290 Windows 8.1 Windows Server 2012 R2 (Security-only update)
          4503291 Windows 10
          4503292 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)
          4503293 Windows 10, version 1903
          4503327 Windows 10, version 1809, Windows Server 2019

          Recommended Reading:  

          See Dustin Childs review and analysis in Zero Day Initiative — The June 2019 Security Update Review.

          For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

          Additional Update Notes:

          • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
          • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
          • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. 
          • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
          • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
          • Windows Update History:

          References


          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...





          Adobe Flash Player and AIR Critical Security Update Released


          Adobe Flashplayer

          Adobe has released Version 32.0.0.207 of Adobe Flash Player and AIR for Windows, macOS, Linux and Chrome OS. These updates address bug fixes as well as a critical vulnerability in Flash Player.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

          Release date:  June 11, 2019
          Vulnerability identifier: APSB19-30
          Platform:  Windows, Macintosh, Linux and Chrome OS

          Update:

          *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

            Verify Installation

            To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

            Do this for each browser installed on your computer.

            To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

            References



            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...









            Mozilla Firefox Version 67.0.2 Released

            Firefox

            Mozilla sent Firefox Version 67.0.2 to the release channel today. 

            Fixed

            • Fix JavaScript error ("TypeError: data is null in PrivacyFilter.jsm") in console which may significantly degrade sessionstore reliability and performance (bug 1553413)
            • Proxy authentication dialog box repeatedly pops up asking to authenticate after upgrading to Firefox 67 (bug 1548804)
            • Pearson MyCloud breaks if FIDO U2F is not Chrome's implementation (bug 1551282)
            • Starting in safe mode on Linux or macOS causes Firefox to think on the subsequent launch that the profile is too recent to be used with this version of Firefox (bug 1556612)
            • Linux distribution users can't easily install/use additional/different languages using the built-in preferences UI (bug 1554744)
            • Developer tools users can't copy the href/src content from various HTML tags via the context menu in the Inspector markup view (bug 1552275)
            • Custom home page is broken with clearing data on shutdown settings applied (bug 1554167)
            • Performance-regression for eclipse RAP based applications (bug 1555962)
            • macOS 10.15 crash fix (bug 1556076)
            • Can't start two downloads in parallel via anymore (bug 1542912)

            Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

            References


            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...

            Tuesday, June 04, 2019

            Pale Moon Bug Fix Update to Version 28.5.2

            Pale Moon
            Pale Moon has been updated to version 28.5.2.  This is a minor update to fix a breaking problem in 28.5.1.

            From the Release Notes:

            Changes/fixes:
            Fixed issues with image/texture allocation incorrectly being marked as insecure.
                 Download:

                Update

                To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




                Remember - "A day without laughter is a day wasted."
                May the wind sing to you and the sun rise in your heart...



                Pale Moon Version 28.5.1 Released


                Pale Moon
                Pale Moon has been updated to version 28.5.1.  This is a security and bugfix update.

                Update:

                "Correction to the release notes:

                The point "Fixed browser.link.open_newwindow functionality" was premature -- this wasn't uplifted to this point release and will be in the next major update (in July)."
                From the Release Notes:

                Changes/fixes:
                • Restored a global getBoolPref() function shortcut for extension compatibility with old extensions.
                  If you are currently using this global function, please change it to Services.prefs.getBoolPref()
                • Fixed an issue with the UI when the address bar was removed from the navigation toolbar.
                • Fixed an issue with scripting of the Help menu.
                • Fixed a crash resulting from non-standard manipulation of XML stylesheets by extensions.
                • Fixed browser.link.open_newwindow functionality.
                • Removed the default handler for webcal since the site doesn't seem to be properly maintained.
                • Prevented some ways smart places queries could be abused for social engineering attacks.
                • Ported an upstream Skia fix.
                • Improved the origin-clean algorithm for canvases.
                • Improved the efficiency of certain types of memory allocations in the JavaScript compiler.
                • Changed the way the application update checker code is hooked up so it will not require a user to go idle before being activated.
                  This solves the primary issue with application updates not notifying users as promptly as they should; more improvements are slated for the next major release.
                • Applicable security issues fixed: CVE-2019-7317, CVE-2019-11701, CVE-2019-11698, CVE-2019-9817 (DiD), CVE-2019-11700, CVE-2019-11696, CVE-2019-11693, and several potentially exploitable crashes and memory safety hazards that do not have a CVE number assigned to them.
                     Download:

                    Update

                    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...



                    Mozilla Firefox Version 67.0.1 Released


                    Firefox Mozilla sent Firefox Version 67.0.1 to the release channel today.  Users of Firefox are encouraged to create a Firefox account to get more privacy features as described in "Join Firefox".

                    New

                    • In this version, Firefox helps you get better acquainted with our family of products and services through a new experience that includes a set of web pages and in-browser notifications. All Firefox products and services have powerful privacy protection built in; joining Firefox provides users with additional features and capabilities. These experiences will highlight these benefits. The new experience will roll out for English (en-US, en-GB, en-CA), French (fr) and German (de) browser users today, expanding to other languages in the coming weeks.
                      • With the new experience, there will be an opportunity for users to opt in for test-driving upcoming products during registration.
                    • For new users, this release will come with Enhanced Tracking Protection (ETP), stronger privacy protections on by default as “Standard” in the Privacy & Security setting. Firefox Enhanced Tracking Protection will now automatically block third-party tracking cookies that appear on the Disconnect list. Firefox will continue to block third-party tracking loads in private windows, as it has done since version 42.
                      • For existing users, while ETP will be rolling out by default in the coming months, you can turn this feature on today under Preferences, select Privacy & Security to select the Custom menu, and under the Content Blocking section, mark the Cookies checkbox and choose “Third-party trackers” in the Cookies pull down menu.
                       
                    • With this release, a number of our products and services are expanding their capabilities. Coupled with our browser, and with a Firefox account, they extend your online privacy and security and increase convenience, giving you peace of mind.
                      • Facebook Container version 2.0 expands functionality to prevent Facebook from tracking you on other websites that embed Facebook Likes, Shares and comments in their pages, greatly limiting Facebook’s ability to track your activities across the web.
                      • Firefox Lockwise (formerly Lockbox), with its new name, look and feel, is now fully cross-platform with the introduction of the Lockwise desktop extension in this release. With the Android and iOS apps, and now with the desktop extension, Lockwise allows you to take your passwords across all devices and safely auto-fill login details as you need on any browser or app once logged in with a Firefox account.
                      • Firefox Monitor 2.0 expands its capabilities to allow users with a Firefox account to monitor multiple email addresses and receive email alerts when any of them are involved in a known breach. A dashboard also helps to show the total number of known breaches in which your email addresses have been involved.
                      • Firefox Send allows you to send files up to 1GB with end-to-end encryption and a link that automatically expires; with a Firefox account, the size limit becomes 2.5GB with additional controls for number of downloads or days, and the ability to password protect the file.
                    Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                    References


                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...

                    Wednesday, May 29, 2019

                    Microsoft Cumulative Update for WIndows 10 Version 1903



                    Windows 10 Version 1903 is continuing to be rolled out slowly.  However, Microsoft has released a cumulative update with non-security improvements and fixes for this newly-released version.  In addition to addressing a number of issues, the update addresses "Windows Update blocked because of drive reassignment", described in KB 4500988.


                    To view the improvements and features, see the following:  KB4497935 (OS Build 18362.145)

                    To download and install this update, go to Settings > Update and Security Windows Update and select Check for updates.
                    If you are using Windows Update, the latest SSU (KB4498523) will be offered to you automatically. However, to get the standalone package for the SSU update, go to the Microsoft Update Catalog website.


                    Home
                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...

                    Tuesday, May 28, 2019

                    Microsoft Cumulative Update Released for Windows 10 1709 and 1703


                    Microsoft has released cumulative updates with non-security improvements and fixes for Windows 10 Versions 1709 and 1703.  As shown in their respective KB articles, the issues addressed are almost the same for both versions as is the sole known issue.
                    Windows 10 Version 1709:   KB4499147 (OS Build 16299.1182), Microsoft Update Catalog

                    Windows 10 Version 1703:   KB4499162 (OS Build 15063.1839), Microsoft Update Catalog
                    To download and install this update, go to Settings > Update and Security Windows Update and select Check for updates.

                    The standalone packages are available for both versions from the Microsoft Update Catalog, linked above. Note, however, if you use the Update Catalog, it will be necessary to manually check for any needed Servicing stack updates (SSU).  Using Windows Update, any needed Servicing stack updates will be offered automatically.



                    Home
                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...

                    Monday, May 27, 2019

                    A Day of Remembrance

                    Vietnam Memorial Wall
                    April 30, 2005
                    Photograph by Luigi Masu

                    In honor of those who gave their all in the service of their country. 


                    Memorial Day History


                    Home
                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...

                    Thursday, May 23, 2019

                    Microsoft Cumulative Update Released for Windows 8.1 and Windows 7

                    Microsoft has released a cumulative update for both Windows 7 SP1 and Windows 8.1. There is a known issue for both operating systems for users of Mcfee:
                    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.


                    Microsoft has released a cumulative update with non-security improvements and fixes for Windows 8.1. This update includes improvements and fixes with no new operating system features introduced.

                    See KB4499182 for the list of improvements and fixes as well as the various know issues and accompanying workarounds.  To get the standalone package for this update, go to the Microsoft Update Catalog website.





                    Microsoft has also released a cumulative update with non-security improvements and fixes for Windows 7 SP1. This update includes improvements and fixes with no new operating system features introduced.

                    See KB4499178 for the list of improvements and fixes as well as the various know issues and accompanying workarounds.  As indicated previously, starting with KB4493472 Monthly Rollup updates will no longer include PciClearStaleCache.exe. This installation utility addressees inconsistencies in the internal PCI cache. This can cause the symptoms documented in the KB article.

                    If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.  To get the standalone package for this update, go to the Microsoft Update Catalog website.



                    Home
                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...
                     


                    Tuesday, May 21, 2019

                    Windows 10 Version 1903, May 2019 Update Released!



                    The long-awaited Windows 10 Version 1903 "Spring" Update has been released.  Although the release will take a "measured and throttled approach" and may not be available in all areas yet, if you have Windows 10, version 1803 or version 1809 and have the May 21, 2019 (or later) update installed you can try to get the update now.

                    The May 21, 2019 update is a cumulative update (linked below) which provides the functionality change shown below.  The change allows the user to decide when to install a feature update by doing the following:
                    • Open Windows Update settings and select Update, Windows and Security, Windows Update, Check for updates.
                    • After the installation of the May 21 cumulative update, if the Windows 10 Version 1903 update is available, select Download and install now.  
                    It is important to note that the installation of the cumulative update won't necessarily be the catalyst for installing Windows 10 Version 1903 if you are not ready to do so.  Rather, as explained by Windows Corporate Vice President Mike Fortin in Improving the Windows 10 update experience with control, quality and transparency, the option is provided to download and install now rather than waiting.  However, you can still wait until the update is offered as well as pause updates.

                    Before attempting the update, however, it is advisable to check whether an of the Known issues and notifications will be a problem for your device.  Also note that the minimum storage requirement for Windows 10 version 1903 is 32GB for both 32-bit and 64-bit Windows. Although an older article, see Andre Da Costa's suggestions on 7 Ways to Maximize Storage Space on Low Capacity Windows 10 Devices.

                    To see what new Windows 10 features and changes to Windows apps have been tested by Windows Insiders prior to the release, scroll through the "What's new" links in the References below.

                    References:




                    Home
                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...

                    Microsoft Cumulative Update Released for Windows 10 Versions 1803 and 1809



                    Microsoft has released cumulative updates with non-security improvements and fixes for Windows 10 Versions 1803 and 1809.  In addition to the numerous improvements and fixes, the update provides the following functionality change which allows the user to decide when to install a feature update:
                    "we are introducing functionality that allows you to decide when to install a feature update. You control when you get a feature update while simultaneously keeping your devices up to date. Feature updates that are available for eligible devices will appear in a separate module on the Windows Update page (Settings > Update & Security > Windows Update). If you would like to get an available update right away, select Download and install now. To find out more about this feature, please go to this blog."
                    To view the improvements and features, see the following:


                    To download and install this update, go to Settings > Update and Security Windows Update and select Check for updates.
                    To get the standalone package for this update, go to the Microsoft Update Catalog website.



                    Home
                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...

                    Mozilla Firefox Version 67.0 Released With Security Updates


                    Firefox Mozilla sent Firefox Version 67.0 to the release channel today.  The update included twenty-two (22) security updates of which two (2) are critical, twelve (12) are high, six (6) moderate and two (2) are rated low.

                    Firefox  ESR was updated to version 60.7.

                    Critical

                    High

                    Moderate

                    Low

                    New

                    • Enhanced tracking protection: Simplified content blocking settings give users standard, strict, and custom options to control online trackers. A redesigned content blocking section in the site information panel (viewed by expanding the small “i” icon i
                    • Firefox 67 demonstrates improved performance thanks to a number of changes such as:
                      • Lowering priority of setTimeout during page load
                      • Delayed component initialization until after start up
                      • Painting sooner during page load but less often
                      • Suspending unused tabs
                      Learn more about our approach to performance in 67 in the Mozilla blog.
                    • Users can block known cryptominers and fingerprinters in the Custom settings of their Content Blocking preferences.
                    • Keyboard accessibility has improved in the latest version of Firefox. Toolbar and toolbar overflow menu are both fully keyboard accessible: keyboard users can now access add-ons, the downloads panel, the overflow, Page actions and Firefox menus, and much more.
                    • Private Browsing sees both usability and security improvements:
                      • Save passwords in private browsing mode
                      • Choose which extensions to exclude from private tabs
                    • A myriad of new features help make Firefox easier to use:
                      • We’ve added a toolbar menu for your Firefox Account to provide more transparency for when you are synced, sharing data across devices and with Firefox. Personalize the appearance of the menu with your own avatar
                      • Tabs can now be pinned from the Page Actions menu in the address bar
                      • Firefox will highlight useful features (like Pin Tabs) when users are most likely to benefit from them.
                      • Easier access to your list of saved logins from the main menu and login autocomplete. Learn about all the ways you can manage your passwords in Firefox.
                      • The Import Data from Another Browser feature is now also available from the File menu
                      • Users will be able to run different Firefox installs side by side by default so that you can run the beta and release versions simultaneously
                    • Firefox will now protect you against running older versions of the browser which can lead to data corruption and stability issues
                    • Firefox is upgrading to the newer, higher performance, AV1 decoder known as ‘dav1d’
                    • WebRender is gradually enabled by default on Windows 10 desktops with NVIDIA graphics cards
                    • Mozilla’s highest performing JavaScript compiler now supports ARM64 Windows devices.
                    • Enable FIDO U2F API, and permit registrations for Google Accounts
                    • Some users will see experiments with an improved Pocket experience in Firefox Home with different layouts and more topical content.

                    Changed:

                    • Firefox no longer supports handling webcal: links with 30boxes.com
                    • Change to extensions in Private Windows: Any new extensions you add to the browser won’t work in Private Windows unless you allow this in the settings.
                    • Users will no longer be able to upload and share screenshots through the Firefox Screenshots server. Users who want to keep existing screenshots need to export them before the server shuts down in the coming months.
                    • Included Twemoji Mozilla font updated to support Emoji 11.0
                    • Font and date adjustments to accommodate the new Reiwa era in Japan


                    Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                    References


                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...

                    Sunday, May 19, 2019

                    Microsoft Cummulative Update Released for ALL Windows 10 Versions!


                    Microsoft has released a cumulative updates with non-security improvements and fixes for each of the released Windows 10 versions.   This update addresses an issue that may prevent access to some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) when using Internet Explorer 11 or Microsoft Edge.

                    See the KB articles listed below for your specific version of Windows 10:
                    1903 support.microsoft.com/help/4505057
                    1809 support.microsoft.com/help/4505056
                    1803 support.microsoft.com/help/4505064
                    1709 support.microsoft.com/help/4505062 
                    1703 support.microsoft.com/help/4505055 
                    1607 support.microsoft.com/help/4505052 
                    1507 support.microsoft.com/help/4505051 .

                    To download and install this update, go to Settings > Update and Security Windows Update and select Check for updates.
                    To get the standalone package for this update, go to the Microsoft Update Catalog website.



                    Home
                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...

                    Tuesday, May 14, 2019

                    Microsoft May 2019 Security Updates



                    The May security updates have been released and consist of 79 CVEs along with two advisories. Of these 79 CVEs, 22 are rated Critical and 57 are rated Important in severity. Two of these bugs are listed as publicly known and one is listed as under active attack at the time of release.

                    The updates address Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Information Disclosure, Denial of Service, Spoofing, and Security Feature Bypass and apply to the following:  The updates cover Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, .NET Framework and ASP.NET, Skype for Android, Azure DevOps Server, and the NuGet Package Manager.

                    Edit Note:  Due to the severity of CVE-2019-0708, Microsoft also released KB 4500331 for versions of Windows that no longer receive mainstream support:  Windows XP SP3 x86, Windows XP Professional X64 SP2, Windows XP Embedded SP3 x86 as well as Windows Server 2003.

                    Known Issues:  See the Known Issues and accompanying work-around in the KB Articles for your version of Windows 10:
                    Recommended Reading:  

                    See Dustin Childs review and analysis in Zero Day Initiative — The May 2019 Security Update Review.

                    For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

                    Additional Update Notes:

                    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
                    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
                    • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. 
                    • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
                    • Windows 8.1 Update History 
                    • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
                    • Windows 7 SP1 Update Histolry
                    • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.

                    References


                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...





                    Adobe Acrobat DC and Reader DC Security Updates Released

                    Adobe
                    Adobe has released critical and important security updates for Adobe Acrobat and Reader for Windows and macOS. Successful exploitation could lead to arbitrary code execution in the context of the current user.  

                    Release date:  May 14, 2019
                    Vulnerability identifier: APSB19-18
                    Platform: Windows and MacOS

                    Update or Complete Download

                    Reader DC and Acrobat DC were updated to version 2019.012.20034. Update checks can be manually activated by choosing Help/Check for Updates. 
                    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


                    References





                    Home
                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...



                    Adobe Flash Player and AIR Critical Security Update Released


                    Adobe Flashplayer

                    Adobe has released Version 32.0.0.192 of Adobe Flash Player and AIR for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Flash Player.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

                    Release date:  May 14, 2019
                    Vulnerability identifier: APSB19-19
                    Platform:  Windows, Macintosh, Linux and Chrome OS

                    Update:

                    *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

                      Verify Installation

                      To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                      Do this for each browser installed on your computer.

                      To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

                      References



                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...









                      Tuesday, May 07, 2019

                      Firefox Version 66.0.5 Released to Fix Master Password Issue


                      Firefox Mozilla sent Firefox Version 66.0.5 to the release channel today to solve the web extension issue for those using a master password resulting from the expired certificate.  At this point Firefox ESR remains at Version 60.6.2.

                        Fixed


                        Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                        References


                        Remember - "A day without laughter is a day wasted."
                        May the wind sing to you and the sun rise in your heart...