Friday, August 30, 2019

Windows 10 Cumulative Update and More News



Microsoft released cumulative update KB4512941 with non-security improvements and fixes for Windows 10 Version 1903 today.  A long list of non-security quality improvements is included in the update.  Highlights were listed as follows:
  • Updates an issue that prevents certain games from leveraging Spatial Audio capabilities. 
  • Updates an issue that fails to provide a cursor when you select a text input box using touch. 
  • Updates an issue that may cause the name of an unsupported application to appear as default text, such as “ms-resource:AppName/Text” in the Start menu after upgrading the operating system. 
  • Updates an issue with downloading copyrighted digital media (music, TV shows, movies, and so on) from certain websites using Microsoft Edge and Internet Explorer.
  • Improves the user experience and app compatibility so that more Win32 apps will work with Windows Mixed Reality. 
To download and install the update, go to Settings -> Update and Security ->  Windows Update and select Check for updates.

 ePub Support

 Included in the KB Article was the following announcement:

Adobe Flash Player

A separate announcement was made by Colleen Williams, Senior Program Manager, Microsoft Edge in Update on removing Flash from Microsoft Edge and Internet Explorer:
"In 2017, we published a roadmap to remove Adobe Flash from Microsoft Edge and Internet Explorer by 2020. Since that post, we announced our intent to build Microsoft Edge on the Chromium open source project. In this post, we will provide an update on what to expect for the Flash retirement in Microsoft browsers.

Here's what you can expect for each Microsoft browser:

In the next version of Microsoft Edge (built on Chromium), we will continue to retire Flash in the same timeframe as other Chromium based browsers. You can learn more of that timeline in this blog post. Flash will initially be disabled, and the user will need to re-enable Flash on a site-by-site basis; Flash will be completely removed from the browser towards the end of 2020. Group policies are available for enterprise admins and IT pros to change the Flash behavior prior to that date.

For both the in-market version of Microsoft Edge (built on EdgeHTML) and Internet Explorer 11, the current experience will continue as-is through 2019. We plan to fully remove Flash by December 2020."


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, August 29, 2019

Pale Moon Version 28.7.0 Released


Pale Moon
Pale Moon has been updated to version 28.7.0. 

From the Release Notes:

This is a major development update involving a partial JavaScript engine overhaul and improvement, implementing several website-impacting changes. It should be noted that these changes follow some revisions of specifications (also adopted by mainstream browsers) that are not necessarily backwards compatible for web content as some scripting behavior has changed. If you are targeting Pale Moon specifically (e.g. through ua sniffing) please check and verify the behavior is still as expected.

Changes/fixes:
  • Landed a large JavaScript parser tune-up, which as a targeted goal brings our ES6 stringification fully in line with the ES2018 revision for classes, and implements rest/spread parameters for object literals. (Cheers to Luke!)
  • Fixed a crash with the tuned-up parser code when certain error messages were triggered.
  • Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
  • Improved performance dealing with frame properties.
  • Improved performance for handling html5 strings.
  • Improved performance of image content loading.
  • Fixed potential type confusion in array joins.
  • Fixed an issue on some pages causing high CPU usage when wrongly specifying plugin content.
  • Fixed an issue with the add-ons manager "discover" pane if no network connection is present.
  • Fixed an issue with bookmark/history search results offering context menu options that would be invalid without a selection.
  • Fixed the devtools JSON viewer and enabled it by default.
  • Fixed searching from about:home not working for search plugins using the POST method.
  • Fixed an issue with the checkboxes for location bar preferences.
  • Fixed SVG alignment issues if SVG-containing elements fall on odd pixel sizes, causing blurry display of especially small SVGs like icons/glyphs.
    SVGs will now always be pixel-snapped to provide expected crisp display.
  • Fixed precompilation of Sync client modules when packaging. This also removes the redundant services.sync.enabled pref.
  • Added support for matroska containers and h264-based webm video formats.
  • Added support for AAC audio in matroska and webm video formats.
  • Added support for spaces in the Mac package and application name.
  • Added an exception to the unique file origin policy for font types.
  • Added native file picker support for xdg on Linux.
  • Updated the default bookmark icons.
  • Updated the SQLite lib to 3.29.0.
  • Removed e10s information from about:troubleshooting.
  • Removed hotfix leftovers.
  • Removed the WebIDE developer tool.
  • Removed conditional build-time disabling of the Pale Moon status bar code.
  • Removed "Delete this page" and "Forget about this site" links from live bookmarks (since they make no sense on feeds).
  • Removed the Financial Times' polyfill user-agent override since they updated their detection to work with Pale Moon.

UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Friday, August 23, 2019

Adobe Acrobat DC and Reader DC Optional Updates Released

Adobe
Adobe has released optional updates for Adobe Acrobat and Reader addressing specific functionality issues.

Release date:  August 22, 2019
Vulnerability identifier: None
Platform: Windows and MacOS

Bug fixes

Rendering
  • 4282242: Error “Cannot extract embedded font. Some characters may not display or print correctly” thrown on opening pdf files containing certain fonts
Forms-XFA
  • 4282237: xfa.host.response js method returning null on XFA forms
  • 4282234: Unable to generate/read QR code data via Smartform in Acrobat / Reader
Scan
  • 4282212: Only one page can be scanned and inserted to an existing PDF from scanner
Distiller
  • 4282192: [Mac] [Non-English]: Distiller Output and Input folders name changed on non-english locales

Update or Complete Download

Reader DC and Acrobat DC were updated to version 2019.012.20040. 

Edit Note: Because it's not a security fix, the download is NOT available at the usual locations... rather, the hotfix installer is at 19.012.20040 Optional update, August 22, 2019 — Release Notes for Acrobat DC Products. (H/T ky331)

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


References





Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Wednesday, August 14, 2019

Mozilla Firefox Version 68.0.2 Released with Security Update

Firefox

Mozilla sent Firefox Version 68.0.2 to the release channel today. The update included one (1) security update, rated moderate.

As of the last check, no update is available for ESR.

Moderate

Fixed
  • Fixed a bug causing some special characters to be cut off from the end of the search terms when searching from the URL bar (bug 1560228)
  • Allow fonts to be loaded via file:// URLs when opening a page locally (bug 1565942)
  • Printing emails from the Outlook web app no longer prints only the header and footer (bug 1567105)
  • Fixed a bug causing some images not to be displayed on reload, including on Google Maps (bug 1565542)
  • Fixed an error when starting external applications configured as URI handlers (bug 1567614)
Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, August 13, 2019

Adobe Flash Player Update


Adobe Flashplayer

Adobe has released Version 32.0.0.238 of Adobe Flash Player for Windows 7 and earlier, macOS, Linux and Chrome OS. The update addresses bug fixes described in the Release Notes as "Assorted functional fixes".

Note that because this is not a security update, Microsoft has not released updates to Adobe Flash Player for Microsoft Edge and Internet Explorer on 8.1/10.  The Flash Player for those browsers remains at Version 32.0.0.207, which was the security update released in June by Adobe.

Release date:  August 13, 2019
Vulnerability identifier: None
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:

*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Microsoft August 2019 Security Updates



    The August security updates have been released and consist of 93 CVEs and 2 advisories. Of these 93 CVEs, 29 are rated Critical, and 64 are rated Important in severity. None are listed as publicly known or as under active attack at the time of release but multiple bugs this month fall into the wormable category.

    The updates address Information Disclosure, Elevation of Privilege, Remote Code Execution, Denial of Service, Security Feature Bypass, Tampering and Spoofing. They apply to the following:  Microsoft Windows, Internet Explorer, Microsoft Edge, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Visual Studio, Online Services, Active Directory, Microsoft Dynamics.

    Known Issues:  See the Known Issues and accompanying work-around in the KB Articles:

    KB Article Applies To
    4511553 Windows 10, version 1809, Windows Server 2019
    4511872 Internet Explorer
    4512476 Windows Server 2008 SP2 (Monthly Rollup)
    4512482 Windows Server 2012 (Security-only update)
    4512486 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)
    4512488 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
    4512489 Windows 8.1, Windows Server 2012 R2 (Security-only update)
    4512491 Windows Server 2008 SP2 (Security-only Update)
    4512497 Windows 10
    4512501 Windows 10, version 1803, Windows Server version 1803
    4512506 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
    4512507 Windows 10, version 1703
    4512508 Windows 10, version 1903, Windows Server version 1903
    4512516 Windows 10, version 1709
    4512517 Windows 10, version 1607, Windows Server 2016
    4512518 Windows Server 2012 (Monthly Rollup)

    Recommended Reading:  

    See Dustin Childs review and analysis in Zero Day Initiative — The August 2019 Security Update Review.

    For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

    Additional Update Notes:

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
    • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
    • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
    • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
    • Windows Update History:

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...





    Adobe Acrobat DC and Reader DC Security Updates Released

    Adobe
    Adobe has released important security updates for Adobe Acrobat and Reader addressing 47 CVE's for Windows and macOS. Successful exploitation could lead to information disclosure and arbitrary code execution in the context of the current user.  

    Release date:  August 13, 2019
    Vulnerability identifier: APSB19-41
    Platform: Windows and MacOS

    Update or Complete Download

    Reader DC and Acrobat DC were updated to version 2019.012.20036. 

     Update checks can be manually activated by choosing Help/Check for Updates. 
    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


    References





    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...



    Friday, August 02, 2019

    Servicing Stack Updates (SSU)


    Servicing Stack Updates (SSU) seem to cause a lot of confusion.  Users see posts mentioning a SSU update but when viewing Update History, only the latest Cumulative Update is listed.  So, what is the Servicing Stack and why are the updates important?

    What is the Servicing Stack?

    Simply stated, the Servicing Stack is what actually installs Windows Updates.  However, it also contains the "component-based servicing stack" (CBS).  The CBS is key to DISM, SFC, as well as changing Windows features or roles, and repairing components.

    Why are the SSU Updates Important?

    The Microsoft Docs article referenced below explains the importance of SSU's as follows:
    "Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes."
    As an example of a SSU update, following are the issues addressed in the July 26, 2019 Servicing Stack Update for Windows 10, 1903 x64-based Systems:
    • Addresses an issue in which an update may not install with certain other updates and upon start up after installation of the other updates, will require a second scan of Windows Update and a second restart to complete installation.
    • Addresses an issue in which reserved disk space may not be returned to free space when installation of Language Packs or Features on Demand (FODs) fails or is canceled.  The disk space is returned to free space when Storage Sense is run.
    • Addresses an issue when Windows Update Check for updates is run during the installation or uninstallation of an update, Features on Demand (FODs) or Language packs, which may cause the installation to fail and may cause a restart to take up to an hour.
    Getting the SSU:

    When there is a Servicing Stack Update released with security or cumulative updates, the updates are automatically installed with Windows Update (you won't see the SSU offered in the list of updates available).  Because each Servicing Stack Update replaces the complete "stack" they do not require a restart.

    If you are unsure whether you have the latest Servicing Stack Updates installed, the list of SSU's is at https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001.  Locate the update for your operating system.  Clicking the KB number will take you to the update, which includes the date of the last update.  You can now find the date of the last update on your device in the link to "View installed updates" located in Programs and Features of the Control Panel.

    References:
    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...