Wednesday, August 14, 2019

Mozilla Firefox Version 68.0.2 Released with Security Update

Firefox

Mozilla sent Firefox Version 68.0.2 to the release channel today. The update included one (1) security update, rated moderate.

As of the last check, no update is available for ESR.

Moderate

Fixed
  • Fixed a bug causing some special characters to be cut off from the end of the search terms when searching from the URL bar (bug 1560228)
  • Allow fonts to be loaded via file:// URLs when opening a page locally (bug 1565942)
  • Printing emails from the Outlook web app no longer prints only the header and footer (bug 1567105)
  • Fixed a bug causing some images not to be displayed on reload, including on Google Maps (bug 1565542)
  • Fixed an error when starting external applications configured as URI handlers (bug 1567614)
Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, August 13, 2019

Adobe Flash Player Update


Adobe Flashplayer

Adobe has released Version 32.0.0.238 of Adobe Flash Player for Windows 7 and earlier, macOS, Linux and Chrome OS. The update addresses bug fixes described in the Release Notes as "Assorted functional fixes".

Note that because this is not a security update, Microsoft has not released updates to Adobe Flash Player for Microsoft Edge and Internet Explorer on 8.1/10.  The Flash Player for those browsers remains at Version 32.0.0.207, which was the security update released in June by Adobe.

Release date:  August 13, 2019
Vulnerability identifier: None
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:

*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Microsoft August 2019 Security Updates



    The August security updates have been released and consist of 93 CVEs and 2 advisories. Of these 93 CVEs, 29 are rated Critical, and 64 are rated Important in severity. None are listed as publicly known or as under active attack at the time of release but multiple bugs this month fall into the wormable category.

    The updates address Information Disclosure, Elevation of Privilege, Remote Code Execution, Denial of Service, Security Feature Bypass, Tampering and Spoofing. They apply to the following:  Microsoft Windows, Internet Explorer, Microsoft Edge, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Visual Studio, Online Services, Active Directory, Microsoft Dynamics.

    Known Issues:  See the Known Issues and accompanying work-around in the KB Articles:

    KB Article Applies To
    4511553 Windows 10, version 1809, Windows Server 2019
    4511872 Internet Explorer
    4512476 Windows Server 2008 SP2 (Monthly Rollup)
    4512482 Windows Server 2012 (Security-only update)
    4512486 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)
    4512488 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
    4512489 Windows 8.1, Windows Server 2012 R2 (Security-only update)
    4512491 Windows Server 2008 SP2 (Security-only Update)
    4512497 Windows 10
    4512501 Windows 10, version 1803, Windows Server version 1803
    4512506 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
    4512507 Windows 10, version 1703
    4512508 Windows 10, version 1903, Windows Server version 1903
    4512516 Windows 10, version 1709
    4512517 Windows 10, version 1607, Windows Server 2016
    4512518 Windows Server 2012 (Monthly Rollup)

    Recommended Reading:  

    See Dustin Childs review and analysis in Zero Day Initiative — The August 2019 Security Update Review.

    For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

    Additional Update Notes:

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
    • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
    • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
    • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
    • Windows Update History:

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...





    Adobe Acrobat DC and Reader DC Security Updates Released

    Adobe
    Adobe has released important security updates for Adobe Acrobat and Reader addressing 47 CVE's for Windows and macOS. Successful exploitation could lead to information disclosure and arbitrary code execution in the context of the current user.  

    Release date:  August 13, 2019
    Vulnerability identifier: APSB19-41
    Platform: Windows and MacOS

    Update or Complete Download

    Reader DC and Acrobat DC were updated to version 2019.012.20036. 

     Update checks can be manually activated by choosing Help/Check for Updates. 
    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


    References





    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...



    Friday, August 02, 2019

    Servicing Stack Updates (SSU)


    https://cdn.makeuseof.com/wp-content/uploads/2012/02/Windows-Update-Logo.png

    Servicing Stack Updates (SSU) seem to cause a lot of confusion.  Users see posts mentioning a SSU update but when viewing Update History, only the latest Cumulative Update is listed.  So, what is the Servicing Stack and why are the updates important?

    What is the Servicing Stack?

    Simply stated, the Servicing Stack is what actually installs Windows Updates.  However, it also contains the "component-based servicing stack" (CBS).  The CBS is key to DISM, SFC, as well as changing Windows features or roles, and repairing components.

    Why are the SSU Updates Important?

    The Microsoft Docs article referenced below explains the importance of SSU's as follows:
    "Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes."
    As an example of a SSU update, following are the issues addressed in the July 26, 2019 Servicing Stack Update for Windows 10, 1903 x64-based Systems:
    • Addresses an issue in which an update may not install with certain other updates and upon start up after installation of the other updates, will require a second scan of Windows Update and a second restart to complete installation.
    • Addresses an issue in which reserved disk space may not be returned to free space when installation of Language Packs or Features on Demand (FODs) fails or is canceled.  The disk space is returned to free space when Storage Sense is run.
    • Addresses an issue when Windows Update Check for updates is run during the installation or uninstallation of an update, Features on Demand (FODs) or Language packs, which may cause the installation to fail and may cause a restart to take up to an hour.
    Getting the SSU:

    When there is a Servicing Stack Update released with security or cumulative updates, the updates are automatically installed with Windows Update (you won't see the SSU offered in the list of updates available).  Because each Servicing Stack Update replaces the complete "stack" they do not require a restart.

    If you are unsure whether you have the latest Servicing Stack Updates installed, the list of SSU's is at https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001.  Locate the update for your operating system.  Clicking the KB number will take you to the update, which includes the date of the last update.  You can now find the date of the last update on your device in the link to "View installed updates" located in Programs and Features of the Control Panel.

    References:
    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...