Thursday, September 12, 2019

Malwarebytes Browser Guard

Malwarebytes

Malwarebytes introduces Browser Guard.  From Malwarebytes Press Center - News & Events | Free Malwarebytes Browser Guard Combats Privacy Abuses, Tracking, Clickbait, Unwanted Ads and Tech Support Scammers:
"Malwarebytes’ innovative browser extension safeguards consumers from scammers, enabling them to browse the web up to four times faster, without interruption. The free tool blocks tech support scams in addition to annoying and sometimes malicious pop-ups, and prevents browser hijacking and browser lockers, all known scare tactics used to trap consumers into purchasing unnecessary, expensive technical support and exposing them to unwanted content."

To install on Google Chrome go to https://chrome.google.com/webstore/ and search for Malwarebytes Browserguard
To install on Firefox go to https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ 

Note:  Although Browser Guard is indicated as free for use on Chrome and Firefox browsers, it also works on Microsoft Edge Chromium, Dev and Beta versions.  To use it on those versions of Microsoft Edge:
  • Go to edge://extensions/
  • Click "Allow extensions from other stores" and "Allow" to the pop-up.
  • Go to https://chrome.google.com/webstore/ and search for Malwarebytes Browserguard
  • Click "Add to Chrome"
Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 28.7.1 Released with Security Updates


Pale Moon
Pale Moon has been updated to version 28.7.1. 

From the Release Notes:

This is a security and bug-fix update.

Changes/fixes:

  • Fixed an issue where saving a webpage to disk would sometimes drop tags from the document.
  • Fixed an issue with click-to-play plugin content throwing up a blank notification.
  • Fixed an issue in the renderer where region intersections would sometimes return the wrong result.
    This fixes a regression caused by the fix for CVE-2016-5252.
  • Fixed security issues: CVE-2019-11744, CVE-2019-11752, CVE-2019-11737, CVE-2019-11746, CVE-2019-11750, CVE-2019-11747 and CVE-2019-11738.
  • Unified XUL Platform Mozilla Security Patch Summary: 7 fixed, 1 DiD, 1 already covered, 22 not applicable.

UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Tuesday, September 10, 2019

Microsoft September 2019 Security Updates



The Microsoft September security updates have been released and consist of  80 CVEs and 2 advisories. Of these 80 CVEs, 17 are rated Critical, 62 are rated Important and 1 is rated Moderate in severity. Two are listed as publicly known and two others are listed as under active attack at the time of release.

The updates address Elevation of Privilege, Remote Code Execution, Information Disclosure, Denial of Service, Spoofing and Security Feature Bypass. They apply to the following:  Microsoft Windows, Internet Explorer, Microsoft Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Adobe Flash Player, Microsoft Lync, Visual Studio, Microsoft Exchange Server, .NET Framework, Microsoft Yammer, .NET Core, ASP.NET, Team Foundation Serverk and Project Rome.

Known Issues:  See the Known Issues and accompanying work-around in the KB Articles:

KB Article Applies To
4512578 Windows 10, version 1809, Windows Server 2019
4513696 Visual Studio 2015
4515384 Windows 10, version 1903, Windows Server version 1903
4515832 Microsoft Exchange Server 2019 and Exchange Server 2016
4516044 Windows 10, version 1607, Windows Server 2016
4516046 Internet Explorer
4516055 Windows Server 2012 (Monthly Rollup)
4516058 Windows 10, version 1803, Windows Server version 1803
4516062 Windows Server 2012 (Security-only update)
4516064 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4516065 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
4516066 Windows 10, version 1709
4516067 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4516068 Windows 10, version 1703
4516070 Windows 10

Recommended Reading:  

See Dustin Childs review and analysis in Zero Day Initiative — The September 2019 Security Update Review.

For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

Additional Update Notes:

  • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
  • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
  • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • Windows Update History:

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...





Adobe Flash Player Critical Security Update Released


Adobe Flashplayer

Adobe has released Version 32.0.0.255 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user..

Release date:  September 10, 2019
Vulnerability identifier: APSB 19-46
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:

*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Tuesday, September 03, 2019

    Mozilla Firefox Version 69.0 Released with Security Updates

    Firefox

    Mozilla sent Firefox Version 69.0 to the release channel today.  The update included seventeen (17) security updates of which one (1) is critical, eight (8) are high, five (5) moderate and three (3) are rated low.

    Of particular interest in Version 69.0 are the new Enhanced Tracking Protection, the option to block video autoplay and Flash content requires user permission before activating content on a website.

    Also released were Firefox ESR Version 60.9 (Security vulnerabilities fixed in Firefox ESR 60.9) and Version 68.1 (Security vulnerabilities fixed in Firefox ESR 68.1).

    Critical

      High

      Moderate

      Low

      New

      • Enhanced Tracking Protection (ETP) rolls out stronger privacy protections:
        • The default standard setting for this feature now blocks third-party tracking cookies and cryptominers.
        • The optional strict setting blocks fingerprinters as well as the items blocked in the standard setting.
      • The Block Autoplay feature is enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound.
      • For our users in the US or using the en-US browser, we are shipping a new “New Tab” page experience that connects you to the best of Pocket’s content.
      • Support for the Web Authentication HmacSecret extension via Windows Hello now comes with this release, for versions of Windows 10 May 2019 or newer, enabling more passwordless experiences on the web.
      • Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients.
      • For our users on Windows 10, you’ll see performance and UI improvements:
        • Firefox will give Windows hints to appropriately set content process priority levels, meaning more processor time spent on the tasks you're actively working on, and less processor time spent on things in the background (with the exception of video and audio playback).
        • For our existing Windows 10 users, you can easily find and launch Firefox from a shortcut on the Win10 taskbar.
      • For our users on macOS, battery life and download UI are both improved:
        • macOS users on dual-graphics-card machines (like MacBook Pro) will switch back to the low-power GPU more aggressively, saving battery life.
        • Finder on macOS now displays download progress for files being downloaded.
      • JIT support comes to ARM64 for improved performance of our JavaScript Optimizing JIT compiler.

      Changed

      • As previously announced in the Plugin Roadmap for Firefox, the "Always Activate" option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website.
      • With the deprecation of Adobe Flash Player, there is no longer a need to identify users on 32-bit version of the Firefox browser on 64-bit version operating systems reducing user agent fingerprinting factors providing greater level of privacy to our users as well as improving the experience of downloading other apps.
      • Firefox no longer loads userChrome.css or userContent.css by default improving start-up performance. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability.
      Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...