Thursday, June 27, 2019

Microsoft Windows 10 Cumulative Updates



Microsoft released cumulative updates with non-security improvements and fixes for Windows 10 Version 1903 today and Versions 1703, 1709, 1803 and 1809 yesterday.  Also included in the Windows 10 Version 1903 update is KB4502584, a cumulative update for .NET Famework 3.5, 4.8.

To view the improvements and features as well as known issues with accompanying work-around, see the following KB articles for your version of Windows 10:

To download and install the update, go to Settings > Update and Security Windows Update and select Check for updates. If you are using Windows Update, the latest SSU (Service Stack Update) will be offered to you automatically. However, to get the standalone package for the SSU update, go to the KB article for your version of Windows 10 to obtain the link to the Microsoft Update Catalog website.


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, June 20, 2019

Mozlla Firefox Version 67.0.4 Released With Another Security Update

Firefox

Rapidly following the critical security update two days ago addressing an actively-exploited vulnerability, Mozilla sent Firefox Version 67.0.4 to the release channel today. Also released was Firefox ESR Version 60.7.2.  Both version updates comprise one security update rated high.

High


      Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Tuesday, June 18, 2019

      Microsoft Cumulative Update for Windows 10 Version 1809



      Microsoft has released a cumulative update with non-security improvements and fixes for Windows 10 Version 1809.  The update includes a large number of quality improvements.  There are also several "known issues" in the update, with the one most helpful to know before updating as follows:
      Symptom:
      We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.
      Workaround:
      To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.
      We are working on a resolution and will provide an update in an upcoming release.

      To view the improvements and features and review the other known issues, see the following:  4501371 (OS Build 17763.592)

      To download and install this update, go to Settings > Update and Security Windows Update and select Check for updates.
      If you are using Windows Update, the latest SSU (KB4504369) will be offered to you automatically. However, to get the standalone package for the SSU update, go to the Microsoft Update Catalog website.


      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Mozilla Firefox Version 67.0.3 Released With Critical Security Update

      Firefox

      Mozilla sent Firefox Version 67.0.3 to the release channel today. Also released was Firefox ESR Version 60.7.1.  Both version updates comprise one critical security update.

      Critical


          Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

          References


          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...

          Friday, June 14, 2019

          Adobe Acrobat DC and Acrobat Reader DC Update for Windows

          Adobe

          Adobe has released an optional update for Acrobat DC and Acrobat Reader DC to version 2019.012.20035. The update is a hotfix patch for Windows only that addresses some important bug fixes.  

          From the Release Notes:
          • Forms 4276861: Acrobat Reader crashes on clicking “Enable All Features” button in Protected View mode while opening a Dynamic Form and windbg being set to default debugger.
          • Browser 4276070: Error 103.103 while opening files from the SAP application on Internet Explorer.
          • CEF Infra 4275980: Adobe Reader DC creates blob_storage folder on network location in certain cases.
          Update

          Update checks can be manually activated by choosing Help/Check for Update or download the installer from here
          Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

          References




          Home
          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...



          Tuesday, June 11, 2019

          Microsoft Security Updates for June, 2019



          The June security updates have been released and consist of 88 CVEs and 4 advisories. Of these 88 CVEs, 21 are rated Critical and 66 are rated Important and 1 Moderate in severity. Four are listed as publicly known and none are listed as under active attack at the time of release.

          The updates address Remote Code Execution, Information Disclosure, Spoofing, Elevation of Privilege, Denial of Service,  Security Feature Bypass, and Tampering.  They apply to the following:  Adobe Flash Player, Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Skype for Business and Microsoft Lync, Microsoft Exchange Server and Azure.


          Known Issues:  See the Known Issues and accompanying work-around in the KB Articles:

          KB Article Applies To
          4493730 Windows Server 2008 Service Pack 2 Servicing stack update
          4503027 Exchange Server 2019, Exchange Server 2016
          4503028 Exchange Server 2010 Service Pack 3, Exchange Server 2013
          4503263 Windows Server 2012 (Security-only update)
          4503267 Windows 10, version 1607, Windows Server 2016
          4503276 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
          4503279 Windows 10, version 1703
          4503284 Windows 10, version 1709
          4503285 Windows Server 2012 (Monthly Rollup)
          4503286 Windows 10, version 1803
          4503290 Windows 8.1 Windows Server 2012 R2 (Security-only update)
          4503291 Windows 10
          4503292 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)
          4503293 Windows 10, version 1903
          4503327 Windows 10, version 1809, Windows Server 2019

          Recommended Reading:  

          See Dustin Childs review and analysis in Zero Day Initiative — The June 2019 Security Update Review.

          For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

          Additional Update Notes:

          • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
          • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
          • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. 
          • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
          • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
          • Windows Update History:

          References


          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...





          Adobe Flash Player and AIR Critical Security Update Released


          Adobe Flashplayer

          Adobe has released Version 32.0.0.207 of Adobe Flash Player and AIR for Windows, macOS, Linux and Chrome OS. These updates address bug fixes as well as a critical vulnerability in Flash Player.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

          Release date:  June 11, 2019
          Vulnerability identifier: APSB19-30
          Platform:  Windows, Macintosh, Linux and Chrome OS

          Update:

          *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

            Verify Installation

            To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

            Do this for each browser installed on your computer.

            To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

            References



            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...









            Mozilla Firefox Version 67.0.2 Released

            Firefox

            Mozilla sent Firefox Version 67.0.2 to the release channel today. 

            Fixed

            • Fix JavaScript error ("TypeError: data is null in PrivacyFilter.jsm") in console which may significantly degrade sessionstore reliability and performance (bug 1553413)
            • Proxy authentication dialog box repeatedly pops up asking to authenticate after upgrading to Firefox 67 (bug 1548804)
            • Pearson MyCloud breaks if FIDO U2F is not Chrome's implementation (bug 1551282)
            • Starting in safe mode on Linux or macOS causes Firefox to think on the subsequent launch that the profile is too recent to be used with this version of Firefox (bug 1556612)
            • Linux distribution users can't easily install/use additional/different languages using the built-in preferences UI (bug 1554744)
            • Developer tools users can't copy the href/src content from various HTML tags via the context menu in the Inspector markup view (bug 1552275)
            • Custom home page is broken with clearing data on shutdown settings applied (bug 1554167)
            • Performance-regression for eclipse RAP based applications (bug 1555962)
            • macOS 10.15 crash fix (bug 1556076)
            • Can't start two downloads in parallel via anymore (bug 1542912)

            Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

            References


            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...

            Tuesday, June 04, 2019

            Pale Moon Bug Fix Update to Version 28.5.2

            Pale Moon
            Pale Moon has been updated to version 28.5.2.  This is a minor update to fix a breaking problem in 28.5.1.

            From the Release Notes:

            Changes/fixes:
            Fixed issues with image/texture allocation incorrectly being marked as insecure.
                 Download:

                Update

                To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




                Remember - "A day without laughter is a day wasted."
                May the wind sing to you and the sun rise in your heart...



                Pale Moon Version 28.5.1 Released


                Pale Moon
                Pale Moon has been updated to version 28.5.1.  This is a security and bugfix update.

                Update:

                "Correction to the release notes:

                The point "Fixed browser.link.open_newwindow functionality" was premature -- this wasn't uplifted to this point release and will be in the next major update (in July)."
                From the Release Notes:

                Changes/fixes:
                • Restored a global getBoolPref() function shortcut for extension compatibility with old extensions.
                  If you are currently using this global function, please change it to Services.prefs.getBoolPref()
                • Fixed an issue with the UI when the address bar was removed from the navigation toolbar.
                • Fixed an issue with scripting of the Help menu.
                • Fixed a crash resulting from non-standard manipulation of XML stylesheets by extensions.
                • Fixed browser.link.open_newwindow functionality.
                • Removed the default handler for webcal since the site doesn't seem to be properly maintained.
                • Prevented some ways smart places queries could be abused for social engineering attacks.
                • Ported an upstream Skia fix.
                • Improved the origin-clean algorithm for canvases.
                • Improved the efficiency of certain types of memory allocations in the JavaScript compiler.
                • Changed the way the application update checker code is hooked up so it will not require a user to go idle before being activated.
                  This solves the primary issue with application updates not notifying users as promptly as they should; more improvements are slated for the next major release.
                • Applicable security issues fixed: CVE-2019-7317, CVE-2019-11701, CVE-2019-11698, CVE-2019-9817 (DiD), CVE-2019-11700, CVE-2019-11696, CVE-2019-11693, and several potentially exploitable crashes and memory safety hazards that do not have a CVE number assigned to them.
                     Download:

                    Update

                    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...



                    Mozilla Firefox Version 67.0.1 Released


                    Firefox Mozilla sent Firefox Version 67.0.1 to the release channel today.  Users of Firefox are encouraged to create a Firefox account to get more privacy features as described in "Join Firefox".

                    New

                    • In this version, Firefox helps you get better acquainted with our family of products and services through a new experience that includes a set of web pages and in-browser notifications. All Firefox products and services have powerful privacy protection built in; joining Firefox provides users with additional features and capabilities. These experiences will highlight these benefits. The new experience will roll out for English (en-US, en-GB, en-CA), French (fr) and German (de) browser users today, expanding to other languages in the coming weeks.
                      • With the new experience, there will be an opportunity for users to opt in for test-driving upcoming products during registration.
                    • For new users, this release will come with Enhanced Tracking Protection (ETP), stronger privacy protections on by default as “Standard” in the Privacy & Security setting. Firefox Enhanced Tracking Protection will now automatically block third-party tracking cookies that appear on the Disconnect list. Firefox will continue to block third-party tracking loads in private windows, as it has done since version 42.
                      • For existing users, while ETP will be rolling out by default in the coming months, you can turn this feature on today under Preferences, select Privacy & Security to select the Custom menu, and under the Content Blocking section, mark the Cookies checkbox and choose “Third-party trackers” in the Cookies pull down menu.
                       
                    • With this release, a number of our products and services are expanding their capabilities. Coupled with our browser, and with a Firefox account, they extend your online privacy and security and increase convenience, giving you peace of mind.
                      • Facebook Container version 2.0 expands functionality to prevent Facebook from tracking you on other websites that embed Facebook Likes, Shares and comments in their pages, greatly limiting Facebook’s ability to track your activities across the web.
                      • Firefox Lockwise (formerly Lockbox), with its new name, look and feel, is now fully cross-platform with the introduction of the Lockwise desktop extension in this release. With the Android and iOS apps, and now with the desktop extension, Lockwise allows you to take your passwords across all devices and safely auto-fill login details as you need on any browser or app once logged in with a Firefox account.
                      • Firefox Monitor 2.0 expands its capabilities to allow users with a Firefox account to monitor multiple email addresses and receive email alerts when any of them are involved in a known breach. A dashboard also helps to show the total number of known breaches in which your email addresses have been involved.
                      • Firefox Send allows you to send files up to 1GB with end-to-end encryption and a link that automatically expires; with a Firefox account, the size limit becomes 2.5GB with additional controls for number of downloads or days, and the ability to password protect the file.
                    Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                    References


                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...