Thursday, October 31, 2019

Mozilla Firefox Version 70.0.1 Released

Firefox

Mozilla sent Firefox Version 70.0.1 to the release channel today.  The update included several bug fixes, including one that resulted in some sites failing to load.

As of the time of this posting there was no indication of an update for Firefox ESR.

Fixed

    • Fix for an issue that caused some websites or page elements using dynamic JavaScript to fail to load. (Bug 1592136)
    • Update OpenH264 video plugin for macOS 10.15 users (Bug 1587543)
    • Title bar no longer shows in full screen view (Bug 1588747)

      Changed

      Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Tuesday, October 29, 2019

      Pale Moon Version 28.7.2 Released with Security Updates


      Pale Moon
      Pale Moon has been updated to version 28.7.2.  This is a security and bugfix update.

      From the Release Notes:

      Changes/fixes:
      • Disabled the use of ICC color profiles for images on Linux by default.
      • Updated timezone data for internationalization functions.
      • Fixed the option to use hardware acceleration over RDP for Windows 8.1 and 10.
      • Fixed an issue with inner window navigation potentially leaking.
      • Fixed a startup crash caused by Qihoo 360 Safeguard/360 Total Security.
      • Ported some expat parser fixes from upstream.
      • Ported several NSS upstream fixes to our build.
      • Aligned handling of U+0000 in the html5 parser with expectations.
      • Added size checks to WebGL data buffering.
      • Fixed build issues with newer glibc versions.
      • Fixed build issues for ARM targets.
      • Worked around a gcc9 compiler issue that would prevent building with it.
      • Sec bug fixes: CVE-2019-15903, CVE-2019-11757, CVE-2019-11763 and several potentially exploitable crashes and memory safety hazards that don't have a CVE number.
      • Unified XUL Platform Mozilla Security Patch Summary: 6 fixed, 6 DiD, 1 rejected, 24 not applicable.

      UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...



      Thursday, October 24, 2019

      Windows 10 Version 1903 Cumulative Update Released



      Microsoft released cumulative update KB 4522355 with non-security improvements and fixes for Windows 10 Version 1903 today.  The update includes a long list of non-security quality improvements.  There are currently no known issues with the update. 

      The highlights listed are as follows:
      • Updates an issue that prevents Microsoft Narrator from working in certain touch mode scenarios.
      • Updates an issue that starts assistive technology (AT) (such as Microsoft Narrator, Magnifier, or NVDA) after signing in when you've configured it to start before signing in. 
      • Updates an issue that causes Magnifier to stop working in certain scenarios, and you have to restart it manually. 
      • Updates an issue that causes Microsoft Narrator to stop working in the middle of a session in certain scenarios. 
      • Updates an issue that might prevent a scroll bar from being selected. 
      • Updates an issue that allows a device to go to Sleep (S3) even if you configure the device to never sleep. 
      • Updates an issue that prevents you from shrinking a window in some cases.
      • Updates an issue that prevents you from connecting to a virtual private network (VPN).
      • Updates an issue that causes screen flickering or is slow to display the screen when you show application thumbnails on a monitor that has high dots per inch (DPI).
      • Updates an issue that causes the tile for the Photos app to appear larger than expected in the Start menu under certain conditions. 
      • Updates an issue that causes the system to stop responding at the sign-in screen.
      • Updates an issue that might cause a black screen to appear the first time you sign in after installing a feature or quality update.
      • Updates an issue that causes the Start menu, the Cortana Search bar, Tray icons, or Microsoft Edge to stop responding in certain scenarios after installing a monthly update.

        To download and install the update, go to Settings -> Update and Security ->  Windows Update and select Check for updates.  The standalone package for this update is available in the Microsoft Update Catalog.  In addition, with Windows Update, the latest SSU (KB4525419) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

        Windows 10 update history

        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...

        Tuesday, October 22, 2019

        Mozilla Firefox Version 70.0 Released with Security Updates

        Firefox

        Mozilla sent Firefox Version 70.0 to the release channel today.  The update included thirteen (13) security updates of which one (1) is critical, three (3) are high, eight (8) moderate and one (1) are rated low.

        With the release of Version 70.0, the Enhanced Tracking Protection added in Version 69.0 is on by default on all platforms.  Information about the feature is available in the Mozilla blog post, Latest Firefox Brings Privacy Protections Front and Center Letting You Track the Trackers

        Also released was Firefox ESR Version 68.2.

        Critical

        High

        Moderate

        Low

        New

        • More privacy protections from Enhanced Tracking Protection:
        • More security protections from Firefox Lockwise, our digital identity and password management tool:
          • Lockwise for desktop lets you create, update, and delete your logins and passwords to sync across all your devices, including the Lockwise mobile apps and Firefox mobile browsers
.
          • Integrated breach alerts from Firefox Monitor, to alert you when saved logins and passwords are compromised in online data breaches.
          • Complex password generation, to help you create and save strong passwords for new online accounts.
        • Improvements to core engine components, for better browsing on more sites
          • A faster Javascript Baseline Interpreter to handle the modern web’s
            large codebases and improve page load performance by as much as 8
            percent.
          • WebRender rolled out to more Firefox for Windows users, now available by default on Windows desktops with integrated Intel graphics cards and resolution of 1920x1200 or less) for improved graphics rendering.
          • Compositor improvements in Firefox for macOS that reduce power
            consumption, speed up page load by as much as 22 percent, and reduce
            resource use for video by up to 37 percent.
        • More browser features to help you get the most out of Firefox products and services
          • A stand-alone Firefox account menu for easy access to Firefox services like Monitor and Send.
          • A message panel accessed from the gift icon in the toolbar that offers a quick overview of new releases and key features.
          • When a website uses your geolocation, an indicator is shown in the
            address bar.

        Changed

        • Built-in Firefox pages now follow the system dark mode preference
        • Aliased theme properties have been removed, which may affect some themes
        • Passwords can now be imported from Chrome on macOS in addition to existing support for Windows
        • Readability is now greatly improved on under- or overlined texts, including links. The lines will now be interrupted instead of crossing over a glyph.
        Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

        References


        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...

        Friday, October 18, 2019

        Adobe Acrobat DC and Reader DC Out-of-Band Update Released

        Adobe
        Adobe has released an out-of-band update for Adobe Acrobat and Reader Adobe which contains stability and services load optimization fixes, updating the latest release to updated to version 2019.021.20048.
        Release date:  October 17, 2019
        Vulnerability identifier: None
        Platform: Windows and MacOS

        The Release Notes for Adobe Acrobat and Reader have been updated with the following notice:
        "Note : A follow up update (19.021.20048) is available which fixes critical issues in this update. Adobe recommends that you directly pick the next update - 19.021.20048."
        Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

        References





        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...



        Tuesday, October 15, 2019

        Oracle Java Critical Security Updates Released

        java

        Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  This Critical Patch Update contains 20 new security patches for Oracle Java SE.  All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

        Update

        If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

        Download Information

        Java SE 13

        Java SE 11

        Java SE 8

        Notes:

        • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
        • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
        • Verify your versionhttp://www.java.com/en/download/testjava.jsp.   Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

        Critical Patch Updates

        For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
        • 14 January 2020
        • 14 April 2020
        • 14 July 2020
        • 20 October 2020

        Unwanted "Extras"

        Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

        Do the following to suppress the sponsor offers:
        1. Launch the Windows Start menu
        2. Click on Programs
        3. Find the Java program listing
        4. Click Configure Java to launch the Java Control Panel
        5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
        6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
        Java suppress sponsor offers

        Java Security Recommendations

        1)  In the Java Control Panel, at minimum, set the security to high.
        2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.
        3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

        References




        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...




        Microsoft Cumulative Updates for Windows 10, Windows 8.1 and Windows 7 Released



        Microsoft released cumulative updates with non-security improvements and fixes for Windows 10 Versions 1809, 1803 and 1709 today.  In addition, cumulative updates were also released for Windows 8.1 and Windows 7:

        Windows 10 Version 1809, KB4520062:
        • Prevents blank tiles from appearing in the Start menu when you upgrade to Windows 10, version 1809 from any previous version of Windows 10.  However, if you have already upgraded to Windows 10, version 1809, installing this update will not remove existing blank tiles. 
        • Updates an issue that causes the power consumption for a device in Connected Standby mode to be high.
        • Updates an issue that might display a black screen at startup during the first sign in after installing an update. 
        • Updates an issue with Bluetooth that occurs when using certain audio profiles for extended periods.
        • Updates an issue that prevents users from opening the print dialog in Internet Explorer to print a webpage. 
        • Updates an issue that causes the Settings app to stop working when you change a Theme. 
        • Updates an issue that might prevent a scroll bar from being selected in Internet Explorer. 
          Windows 10 Version 1803, KB4519978:
          • Updates an issue that might display a black screen at startup during the first sign in after installing an update. 
          • Updates an issue with Bluetooth when using certain audio profiles for extended periods.
          • Updates an issue that causes a system to stop working during the Windows upgrade process.
          • Updates an issue that may prevent a scroll bar from being selected in Internet Explorer. 
           Windows 10 Version 1709, KB4520006:
          • Updates an issue that causes a system to stop working during the Windows upgrade process.

          Windows 8.1:  KB4520012
          Windows 7:  KB4519972 


          To download and install the update, go to Settings -> Update and Security ->  Windows Update and select Check for updates



        • Windows Update History:


        • Home
          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...

          Adobe Acrobat DC and Reader DC Security Updates Released

          Adobe
          Adobe has released security updates for Adobe Acrobat and Reader addressing a long list of CVE's for Windows and macOS. Particularly due to 45 of the vulnerabilities being rated critical for Reader, it is advised that the update be applied as soon a possible.  The update additionally includes bug fixes. 

          Release date:  October 15, 2019
          Vulnerability identifier: APSB19-49
          Platform: Windows and MacOS

          Update or Complete Download

          Reader DC and Acrobat DC were updated to version 2019.02.2.20047. 

           Update checks can be manually activated by choosing Help/Check for Updates. 
          Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

          References





          Home
          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...



          Thursday, October 10, 2019

          Mozilla Firefox Version 69.0.3 Released

          Firefox

          Mozilla sent Firefox Version 69.0.3 to the release channel today.  The update fixed two bugs.  No update has been posted for Firefox ESR.

          Fixed

          • Fixed download errors for Windows 10 users with Parental Controls enabled (bug 1586228)
          • Fixed Yahoo mail users being prompted to download files when clicking on emails (bug 1582848)

            Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

            References


            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...

            Wednesday, October 09, 2019

            Adobe Flash Player Update


            Adobe Flashplayer

            Although not released prior to the Microsoft Security updates, Adobe later released Version 32.0.0.270 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS. The update contains assorted functional fixes.

            Release date:  October 9, 2019
            Vulnerability identifier: None
            Platform:  Windows, Macintosh, Linux and Chrome OS

            Update:

            *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

              Verify Installation

              To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

              Do this for each browser installed on your computer.

              To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

              References



              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...









              Tuesday, October 08, 2019

              Microsoft October 2019 Security Updates



              The Microsoft October security updates have been released and consist of  59 CVEs. Of these 59 CVEs, 9 are rated Critical, 49 are rated Important and 1 is rated Moderate in severity. Two are listed as publicly known and two others are listed as under active attack at the time of release.

              The updates address Spoofing, Remote Code Execution, Information Disclosure, Tampering and Denial of Service. They apply to the following:  Microsoft Windows, Internet Explorer, Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, SQL Server Management Studio, Microsoft Dynamics 365, Windows Update Assistant and Open Source Software.

              Note:  Adobe has not issued a Flash Player update.

              Known Issues:  See the Known Issues and accompanying work-around in the KB Articles:


              KB Article Applies To
              4519338 Windows 10, version 1809, Windows Server 2019
              4519974 Internet Explorer
              4519976 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
              4519985 Windows Server 2012 (Security-only update)
              4519990 Windows 8.1, Windows Server 2012 R2 (Security-only update)
              4519998 Windows 10, version 1607, Windows Server 2016
              4520004 Windows 10, version 1709
              4520005 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
              4520007 Windows Server 2012 (Monthly Rollup)
              4520008 Windows 10, version 1803, Windows Server version 1803
              4520010 Windows 10, version 1703
              4520011 Windows 10

              Recommended Reading:  

              See Dustin Childs review and analysis in Zero Day Initiative — The October 2019 Security Update Review.

              For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

              Additional Update Notes:

              • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
              • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
              • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
              • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
              • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
              • Windows Update History:

              References


              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...





              Thursday, October 03, 2019

              Microsoft Out-of-Band Security Update Released



              Microsoft has released an Out-of-Band security update addressing CVE-2019-1367This CVE addresses a scripting engine memory corruption vulnerability.  An update is available for each of Windows 10 versions 1903 through version 1607, Windows 8.1 and Windows 7

              The following important notice is provided for each version of Windows 10 and a similar notice for Windows 8.1 and Windows 7:
              "IMPORTANT This is a required security update that expands the out-of-band update dated September 23, 2019. This security update includes the Internet Explorer scripting engine security vulnerability (CVE-2019-1367) mitigation and corrects a recent printing issue some users have experienced. Customers using Windows Update or Windows Server Update Services (WSUS) will be offered this update automatically. To help secure your devices, we recommend that you install this update as soon as a possible and restart your PC to fully apply the mitigations. Like all cumulative updates, this update supersedes any preceding update.
              Note This update does not replace the upcoming October 2019 monthly update, which is scheduled to release on October 8, 2019."

              Updates provided for the latest Windows 10 version 1903 through version 1607:

              Information about the updates is available from the Windows Update History:

              References


              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...





              Mozilla Firefox Version 69.0.2 Released With Bug Fixes

              Firefox

              Mozilla sent Firefox Version 69.0.2 to the release channel today.  The update fixed several bugs.  No update has been posted for Firefox ESR.

              Fixed

              • Fixed a crash when editing files on Office 365 websites (bug 1579858)
              • Fixed detection of the Windows 10 Parental Controls feature being enabled (bug 1584613)
              • Fixed a Linux-only crash when changing the playback speed while watching YouTube videos (bug 1582222)

                Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                References


                Remember - "A day without laughter is a day wasted."
                May the wind sing to you and the sun rise in your heart...