Saturday, September 28, 2019

Windows 10 Version 1903 Released for "Broad Deployment"



Although Windows 10 Version 1903 was released in May, it was done so as a "targeted deployment". As of September 26, 2019, Version 1903 has finally been released for "broad deployment". From Windows 10, version 1903 and Windows Server, version 1903 - Windows Release Information | Microsoft Docs:

Current status as of September 26, 2019:

Windows 10, version 1903 (the May 2019 Update) is designated ready for broad deployment for all users via Windows Update.

As devices running the Home, Pro, and Pro for Workstation editions of Windows 10, version 1803 (the April 2018 Update) will reach end of service on November 12, 2019, we are broadly updating these devices, as well as those running earlier versions of Windows 10 that are past end of service, to keep these devices both supported and receiving monthly updates. If you are not offered the Windows 10, version 1903 feature update, please check below for known issues and safeguard holds that may affect your device.

We recommend commercial customers running earlier versions of Windows 10 begin broad deployments of Windows 10, version 1903 in their organizations.

Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard.
As a result, Microsoft has released this Compatibility update for installing Windows 10 version 1903: September 26, 2019 which makes improvements to make the installation of Version 1903 easier. Some of the improvements included are as follows:
  • Addresses an issue in the migration file (.mig) which may cause an error to occur after you upgrade.
  • Addresses an issue that causes a black screen when you try to create a new virtual machine (VM). This issue occurs after VMWare version 15.10 or an earlier version is installed and then you upgrade.
  • Addresses incompatible third-party drivers that may cause issues when you upgrade.
  • Addresses an issue during the upgrade in which Korean characters may be clipped or unreadable.
  • Addresses an issue that causes the ESD file to be unnecessarily redownloaded during the upgrade.
  • Addresses hard link issues when you perform an offline upgrade.

As indicated in the Bleeping Computer article, Windows 10 Version 1903 Now in Broad Deployment, Available to Everyone:

If you are not offered the Windows 10 version 1903 update, then you should check the Windows 10 Health Dashboard for any known hardware blocks.

There are currently known blocks for NEC laptops with Intel and Broadcom Wi-Fi adapters and certain Intel Rapid Storage Technology Drivers (Intel RST).
Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, September 26, 2019

Windows 10 Version 1903 Cumulative Update Released



Microsoft released cumulative update KB 4498140 with non-security improvements and fixes for Windows 10 Version 1903 today.  A long list of non-security quality improvements is included in the update.  Highlights were listed as follows:
  • Updates an issue that causes vertical fonts to be larger when printing to a PostScript printer.
  • Updates an issue that may cause you to disconnect from a virtual private network (VPN) on cellular networks.
  • Updates an issue that may cause audio playback and recording to fail when connecting to a remote virtual machine.
  • Updates an issue that may prevent older systems from upgrading to the latest operating systems because a display driver error on older versions.
  • Updates an issue that may cause the screen color to turn white on laptops that have built-in, high-dynamic-range (HDR) screens. 
  • Updates an issue that causes audio in certain games to be quieter or different than expected. 

To download and install the update, go to Settings -> Update and Security ->  Windows Update and select Check for updates.  The standalone package for this update is available in the Microsoft Update Catalog.  In addition, with Windows Update, the latest SSU (KB4520390) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

Windows 10 update history

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, September 23, 2019

Microsoft Out-of-Band Security Update Released



Microsoft has released an Out-of-Band security update addressing CVE-2019-1255 which relates to a Microsoft Defender Denial of Service Vulnerability and CVE-2019-1367, a Scripting Engine Memory Corruption Vulnerability. CVE-02019-1255 is rated Important and CVE 2019-1367 is rated Critical in severity.

The updates address Denial of Service and Remote Code Execution. They apply to the following:  Windows Defender, Microsoft Security Essentials, Internet Explorer versions 9, 10 and 11 as well as Microsoft Forefront Endpoint Protection 2010, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection Microsoft System Center 2012 Endpoint Protection.

Edit Note:  In case you missed it in CVE-2019-1367, the update to Internet Explorer needs to be downloaded manually from the Windows Update Catalog. 

Updates provided for the latest Windows 10 version 1903 through version 1607:

Windows 10, Version 1903:  https://www.catalog.update.microsoft.com/Search.aspx?q=KB4522016
Windows 10, Version 1809:  https://www.catalog.update.microsoft.com/Search.aspx?q=KB4522015
Windows 10, Version 1803:  https://www.catalog.update.microsoft.com/Search.aspx?q=KB4522015
Windows 10, Version 1709:  https://www.catalog.update.microsoft.com/Search.aspx?q=KB4522012
Windows 10, Version 1703:  https://www.catalog.update.microsoft.com/Search.aspx?q=KB4522011
Windows 10, Version 1607:  https://www.catalog.update.microsoft.com/Search.aspx?q=KB4522010

Updates for Windows 7, Windows 8 Embedded and 8.1:  https://www.catalog.update.microsoft.com/Search.aspx?q=KB4522007

For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box.  Information about the updates is available from the Windows Update History:

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...





Wednesday, September 18, 2019

Mozilla Firefox Version 69.0.1 Released with Security Update

Firefox

Mozilla sent Firefox Version 69.0.1 to the release channel today.  The update one (1) security update rated moderate.

No update has been posted for Firefox ESR.

Moderate


Fixed

  • Fixed external programs launching in the background when clicking a link from inside Firefox to launch them (bug 1570845)
  • Usability improvements to the Add-ons Manager for users with screen readers (bug 1567600)
  • Fixed the Captive Portal notification bar not being dismissable in some situations after login is complete (bug 1578633)
  • Fixed the maximum size of fonts in Reader Mode when zoomed (bug 1578454)
  • Fixed missing stacks in the Developer Tools Performance section (bug 1578354)

Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, September 12, 2019

Malwarebytes Browser Guard

Malwarebytes

Malwarebytes introduces Browser Guard.  From Malwarebytes Press Center - News & Events | Free Malwarebytes Browser Guard Combats Privacy Abuses, Tracking, Clickbait, Unwanted Ads and Tech Support Scammers:
"Malwarebytes’ innovative browser extension safeguards consumers from scammers, enabling them to browse the web up to four times faster, without interruption. The free tool blocks tech support scams in addition to annoying and sometimes malicious pop-ups, and prevents browser hijacking and browser lockers, all known scare tactics used to trap consumers into purchasing unnecessary, expensive technical support and exposing them to unwanted content."

To install on Google Chrome go to https://chrome.google.com/webstore/ and search for Malwarebytes Browserguard
To install on Firefox go to https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ 

Note:  Although Browser Guard is indicated as free for use on Chrome and Firefox browsers, it also works on Microsoft Edge Chromium, Dev and Beta versions.  To use it on those versions of Microsoft Edge:
  • Go to edge://extensions/
  • Click "Allow extensions from other stores" and "Allow" to the pop-up.
  • Go to https://chrome.google.com/webstore/ and search for Malwarebytes Browserguard
  • Click "Add to Chrome"
Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 28.7.1 Released with Security Updates


Pale Moon
Pale Moon has been updated to version 28.7.1. 

From the Release Notes:

This is a security and bug-fix update.

Changes/fixes:

  • Fixed an issue where saving a webpage to disk would sometimes drop tags from the document.
  • Fixed an issue with click-to-play plugin content throwing up a blank notification.
  • Fixed an issue in the renderer where region intersections would sometimes return the wrong result.
    This fixes a regression caused by the fix for CVE-2016-5252.
  • Fixed security issues: CVE-2019-11744, CVE-2019-11752, CVE-2019-11737, CVE-2019-11746, CVE-2019-11750, CVE-2019-11747 and CVE-2019-11738.
  • Unified XUL Platform Mozilla Security Patch Summary: 7 fixed, 1 DiD, 1 already covered, 22 not applicable.

UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Tuesday, September 10, 2019

Microsoft September 2019 Security Updates



The Microsoft September security updates have been released and consist of  80 CVEs and 2 advisories. Of these 80 CVEs, 17 are rated Critical, 62 are rated Important and 1 is rated Moderate in severity. Two are listed as publicly known and two others are listed as under active attack at the time of release.

The updates address Elevation of Privilege, Remote Code Execution, Information Disclosure, Denial of Service, Spoofing and Security Feature Bypass. They apply to the following:  Microsoft Windows, Internet Explorer, Microsoft Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Adobe Flash Player, Microsoft Lync, Visual Studio, Microsoft Exchange Server, .NET Framework, Microsoft Yammer, .NET Core, ASP.NET, Team Foundation Serverk and Project Rome.

Known Issues:  See the Known Issues and accompanying work-around in the KB Articles:

KB Article Applies To
4512578 Windows 10, version 1809, Windows Server 2019
4513696 Visual Studio 2015
4515384 Windows 10, version 1903, Windows Server version 1903
4515832 Microsoft Exchange Server 2019 and Exchange Server 2016
4516044 Windows 10, version 1607, Windows Server 2016
4516046 Internet Explorer
4516055 Windows Server 2012 (Monthly Rollup)
4516058 Windows 10, version 1803, Windows Server version 1803
4516062 Windows Server 2012 (Security-only update)
4516064 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4516065 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
4516066 Windows 10, version 1709
4516067 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4516068 Windows 10, version 1703
4516070 Windows 10

Recommended Reading:  

See Dustin Childs review and analysis in Zero Day Initiative — The September 2019 Security Update Review.

For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

Additional Update Notes:

  • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
  • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
  • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • Windows Update History:

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...





Adobe Flash Player Critical Security Update Released


Adobe Flashplayer

Adobe has released Version 32.0.0.255 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user..

Release date:  September 10, 2019
Vulnerability identifier: APSB 19-46
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:

*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Tuesday, September 03, 2019

    Mozilla Firefox Version 69.0 Released with Security Updates

    Firefox

    Mozilla sent Firefox Version 69.0 to the release channel today.  The update included seventeen (17) security updates of which one (1) is critical, eight (8) are high, five (5) moderate and three (3) are rated low.

    Of particular interest in Version 69.0 are the new Enhanced Tracking Protection, the option to block video autoplay and Flash content requires user permission before activating content on a website.

    Also released were Firefox ESR Version 60.9 (Security vulnerabilities fixed in Firefox ESR 60.9) and Version 68.1 (Security vulnerabilities fixed in Firefox ESR 68.1).

    Critical

      High

      Moderate

      Low

      New

      • Enhanced Tracking Protection (ETP) rolls out stronger privacy protections:
        • The default standard setting for this feature now blocks third-party tracking cookies and cryptominers.
        • The optional strict setting blocks fingerprinters as well as the items blocked in the standard setting.
      • The Block Autoplay feature is enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound.
      • For our users in the US or using the en-US browser, we are shipping a new “New Tab” page experience that connects you to the best of Pocket’s content.
      • Support for the Web Authentication HmacSecret extension via Windows Hello now comes with this release, for versions of Windows 10 May 2019 or newer, enabling more passwordless experiences on the web.
      • Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients.
      • For our users on Windows 10, you’ll see performance and UI improvements:
        • Firefox will give Windows hints to appropriately set content process priority levels, meaning more processor time spent on the tasks you're actively working on, and less processor time spent on things in the background (with the exception of video and audio playback).
        • For our existing Windows 10 users, you can easily find and launch Firefox from a shortcut on the Win10 taskbar.
      • For our users on macOS, battery life and download UI are both improved:
        • macOS users on dual-graphics-card machines (like MacBook Pro) will switch back to the low-power GPU more aggressively, saving battery life.
        • Finder on macOS now displays download progress for files being downloaded.
      • JIT support comes to ARM64 for improved performance of our JavaScript Optimizing JIT compiler.

      Changed

      • As previously announced in the Plugin Roadmap for Firefox, the "Always Activate" option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website.
      • With the deprecation of Adobe Flash Player, there is no longer a need to identify users on 32-bit version of the Firefox browser on 64-bit version operating systems reducing user agent fingerprinting factors providing greater level of privacy to our users as well as improving the experience of downloading other apps.
      • Firefox no longer loads userChrome.css or userContent.css by default improving start-up performance. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability.
      Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...