Wednesday, October 28, 2020

Mozilla Firefox Version 82.0.2 Released

Firefox


Mozilla sent yet another Firefox update to the release channel today, Version 82.0.2 was released with one bug fix.

Fixed

    • Fixed duplication of WebSocket messages in certain cases (bug 1673340)

 References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 27, 2020

Mozilla Firefox Version 82.0.1 Released

Firefox


Mozilla sent Firefox Version 82.0.1 to the release channel today.  

At the time of this posting, there is no update to Firefox ESR.

Fixed

  • Avoid an unnecessary prompt to reboot when using the full installer on Windows (bug 1671715)
  • Restored the ability to print on paper whose width or height is larger than 100 inches, e.g. for receipts (bug 1672370)
  • Fixed printing of documents with margins of zero, e.g. some PDFs (bug 1672529)
  • Fixed handling of the WebDriver:ClickElement command in the marionette testing framework (bug 1666755)
  • Stability fix (bug 1660539)

 References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Verson 28.15.0 Released With Security Updates


Pale Moon

Pale Moon has been updated to version 28.15.0.  This is a development and bugfix release. 

Note: Included in the updates are DiD* patches.

*DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

Changes/fixes:

  • Implemented support for CSS caret-color.
  • Implemented support for un-prefixed ::selection CSS pseudo-element styling.
  • Fixed another potential crashing scenario in ResizeObservers.
  • Fixed several crashes in the DOM Fetch API.
  • Fixed a crash in table pagination.
  • Security issues fixed: CVE-2020-15680 (VG-VD-20-115) and several memory safety hazards.
  • Unified XUL Platform Mozilla Security Patch Summary: 1 fixed, 2 defense-in-depth, 12 not applicable.

 Pale Moon includes both 32- and 64-bit versions for Windows:

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, October 20, 2020

Oracle Java SE JRE Security Update

java

Oracle released the scheduled critical security updates for its Java SE Runtime Environment software. This Critical Patch Update contains 8 new security patches for Oracle Java SE.  All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

Update

If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

Download Information

Java SE Runtime Environment Version 8u271:  https://www.oracle.com/java/technologies/javase-jre8-downloads.html or https://java.com/en/download/manual.jsp.

Notes:

  • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
  • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
  • Verify your versionhttp://www.java.com/en/download/testjava.jsp.   Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

Critical Patch Updates

For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
  • 19 January 2021 
  • 13 April 2021 
  • 20 July 2021 
  • 19 October 2021

Unwanted "Extras"

Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  publicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

Do the following to suppress the sponsor offers:
  1. Launch the Windows Start menu
  2. Click on Programs
  3. Find the Java program listing
  4. Click Configure Java to launch the Java Control Panel
  5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
  6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
Java suppress sponsor offers

Java Security Recommendations

1)  In the Java Control Panel, at minimum, set the security to high.
2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.
3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...




Windows 10 October 2020 Update Released!



A  gradual release of the Windows 10 October 2020 update has begun today!  If you are anxious to move to this new version, see this article on How to get the Windows 10 October 2020 Update, although it would be advisable to check the Known issues first.  With an older device, you may want to wait until it is offered.  However, my 2008 PC has not had any issues with the Insider Builds.  

As always, before making changes to your PC, make a backup.

Examples of New Features:

The new Microsoft Edge is now the default version of Edge and includes an embedded Internet Explorer 11 mode that launches IE in an Edge tab. IE Mode is only for intranet sites and is an interim only until sites update for the new browser.

Some of the new features include a change to the Start Menu which shows off Microsoft's Fluent Design icons.  It also improves support for Light and Dark modes.

The new version also includes further Settings migration from the Control Panel. With this release, most of the changes are in the System section. For example. by going to Settings > System > Display > Advanced display settings, you can change refresh rates.  A feature I particularly like is the new option to copy system details from the About section.  This makes it easier to provide system information when requesting assistance.

When doing a new Windows10 install, there is an improved set of default applications on the taskbar. If you're logging in with a Microsoft account, Windows 10 uses your choice of services and devices to pin icons.  For those using an Android phone and have it linked to your Windows account, it will automatically pin Your Phone.  Note, however, if updating an existing install,the  taskbar icons won't change.

Illustrated examples of some of the changes in the update can be seen at Bleeping Computer in Windows 10 20H2 is released, here are the new features.


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 82.0 Released With Security Updates

Firefox


Mozilla sent Firefox Version 82.0 to the release channel today.  The update includes seven security updates of which four (4) are rated high, two (2) moderate and one (1) rated low.

Firefox ESR was updated to Version 78.4.

High

 Moderate

 Low

 New

  • With this release, Firefox introduces a number of improvements that make watching videos more delightful:

    • the Picture-In-Picture button has a new look and position, making it easier for you to find and use the feature.
    • Picture-In-Picture now has a keyboard shortcut for Mac users (Option + Command + Shift + Right bracket) that works before you start playing the video.
    • For Windows users, Firefox now uses DirectComposition for hardware decoded video, which will improve CPU and GPU usage during video playback, improving battery life.
  • Firefox is faster than ever with improved performance on both page loads and start up time:

    • Websites that use flexbox-based layouts load 20% faster than before;
    • Restoring a session is 17% quicker, meaning you can more quickly pick up where you left off;
    • For Windows users, opening new windows got quicker by 10%.
  • You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar.
  • WebRender continues to roll out to more Firefox users on Windows.

Fixed
  • Screen reader features which report paragraphs now correctly report paragraphs in Firefox instead of lines.

Changed

  • Credit card auto-fill is now more accessible with the card type, and the card number in the card editor now available to screen readers.
  • Printing dialog errors for invalid form entries are now reported to screen readers.

References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 13, 2020

Microsoft October 2020 Security Updates



The Microsoft October security updates have been released and consist of 87 CVEs.  Of these 87 CVEs, 11 are rated Critical, 75 are rated Important and 1 is rated moderate in severity.  

The updates apply to the following:  Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft JET Database Engine, Azure Functions, Azure Sphere, Open Source Software, Microsoft Exchange Server, Visual Studio, PowerShellGet, Microsoft .NET Framework, Microsoft Dynamics, Adobe Flash Player, and Microsoft Windows Codecs Library.

An update to ADV990001 includes information on the new versions of Servicing Stack.  For information about Servicing Stack updates see Servicing Stack Updates (SSU).

The KBs listed below contain information about known issues with the security updates. 

KB Article Applies To
4577668 Windows 10 Version 1809, Windows Server 2019
4577671 Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4579311 Windows 10, version 2004
4580345 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4580346 Windows 10, version 1607, Windows Server 2016
4580347 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4580353 Windows Server 2012 (Security-only update)
4580358 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4580378 Windows Server 2008 Service Pack 2 (Monthly Rollup)
4580382 Windows Server 2012 (Monthly Rollup)
4580385 Windows Server 2008 Service Pack 2 (Security-only update)
4580387 Windows 7, Windows Server 2008 R2 (Security-only update)
4581424 Exchange Server 2019, Exchange Server 2016, Exchange Server 2013

Recommended Reading:  

See Dustin Childs review and analysis in Zero Day Initiative — The October Security Update Review.

For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box.

Additional Update Notes:

  • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
  • MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool.
  • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • Windows Update History:

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...





Adobe Flash Player Critical Security Update Released


Adobe Flashplayer

Adobe released Version 32.0.0.445 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS.  These updates address a critical vulnerability in Adobe Flash Player. Successful exploitation could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user. 

Release date:  October 13, 2020
Vulnerability identifier:  APSB20-58
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:

*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Mozilla Firefox Version 81.0.2 Released

    Firefox


    Mozilla sent Firefox Version 81.0.2 to the release channel today to fix a bug that was introduced with Firefox Version 81.0 which resulted in Twitter not loading in the browser.

    Fixed
    • Fixed an incompatibility with Twitter.com manifesting itself with the intermittent display of a network protocol violation error page

    References

    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Friday, October 02, 2020

    Pale Moon Version 28.14.2 Released


    Pale Moon
    Pale Moon has been updated to version 28.14.2 to fix a few important issues.  Linux versions will follow soon.

    Changes/fixes:
    • Fixed some additional crashes caused by the ResizeObserver API. This should take care of all crashes that have been attributed to this new code.
    • Fixed erroneous parsing of CSS percentages as number values.

     Pale Moon includes both 32- and 64-bit versions for Windows:

    Update

    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

    Release Notes




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Thursday, October 01, 2020

    Microsoft Cumulative Update for Windows 10 Version 2004



    Microsoft released a cumulative update KB4577063 with non-security improvements and fixes for Windows 10 Version 2004. 

    The update addresses a long list of issues, of which the following are identified as highlights: 

    • Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.
    • Addresses an issue with Microsoft Edge IE Mode that occurs when you enable Configure enhanced hang detection for Internet Explorer mode in Microsoft Edge. 
    • Addresses an issue that, in some instances, prevents the Language Bar from appearing when the user signs in to a new session. This occurs even though the Language Bar is configured properly. 
    • Addresses an issue that fails to recognize the first East Asian language character typed into a Microsoft Foundation Class Library (MFC) DataGrid. 
    • Addresses an issue the prevents you from reconnecting to a previously closed session because that session is in an unrecoverable state. 
    • Addresses an issue that causes games that use spatial audio to stop working. 
    • Addresses an issue that prevents the deletion of stale user profiles when you configure a profile cleanup Group Policy object (GPO). 
    • Addresses an issue in which selecting I forgot my Pin from Settings>Accounts>Sign-in options fails in a Windows Hello for Business On-Premise deployment. 
    • Updates 2021 time zone information for Fiji. 
    • Addresses an issue that affects the Microsoft’s System Centre Operations Manager’s (SCOM) ability to monitor a customer's workload. 
    • Addresses an issue that causes random line breaks when you redirect PowerShell console error output. 
    • Addresses an issue with creating HTML reports using tracerpt
    • Allows the DeviceHealthMonitoring Cloud Service Plan (CSP) to run on Windows 10 Business and Windows 10 Pro editions.
    • Addresses an issue that prevents the content under HKLM\Software\Cryptography from being carried over during Windows feature updates. 
    • Addresses an issue that causes an access violation in lsass.exe when a process is started using the runas command in some circumstances. 
    • Addresses an issue in which Windows Defender Application Control enforces package family name rules that should be audit only. 
    • Addresses an issue that displays an error that states that a smart card PIN change was not successful even though the PIN change was successful. 
    • Addresses an issue that might create duplicate Foreign Security Principal directory objects for Authenticated and Interactive users in the domain partition. As a result, the original directory objects have “CNF” added to their names and are mangled. This issue occurs when you promote a new domain controller using the CriticalReplicationOnly flag. 
    • Updates the configuration of Windows Hello Face recognition to work well with 940nm wavelength cameras. 
    • Reduces distortions and aberrations in Windows Mixed Reality head-mounted displays (HMD). 
    • Ensures that new Windows Mixed Reality HMDs meet minimum specification requirements and default to a 90Hz refresh rate. 
    • Addresses an issue that causes a stop error on a Hyper-V host when a virtual machine (VM) issues a specific Small Computer System Interface (SCSI) command. 
    • Addresses an issue that might cause attempts to bind a socket to a shared socket to fail. 
    • Addresses an issue that might prevent applications from opening or cause other errors when applications use Windows APIs to check for internet connectivity and the network icon incorrectly displays “No internet access” in the notification area. This issue occurs if you use a group policy or local network configuration to disable active probing for the Network Connectivity Status Indicator (NCSI). This also occurs if active probing fails to use a proxy and passive probes fail to detect internet connectivity. 
    • Addresses an issue that prevents Microsoft Intune from syncing on a device using the virtual private network version 2 (VPNv2) configuration service provider (CSP). 
    • Suspends uploads and downloads from peers when a VPN connection is detected. 
    • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config
    • Addresses an issue with ntdsutil.exe that prevents you from moving Active Directory database files. The error is, “Move file failed with source <original_full_db_path> and Destination <new_full_db_path> with error 5 (Access is denied.)” 
    • Addresses an issue that incorrectly reports that Lightweight Directory Access Protocol (LDAP) sessions are unsecure in Event ID 2889. This occurs when the LDAP session is authenticated and sealed with a Simple Authentication and Security Layer (SASL) method. 
    • Addresses an issue that might cause Windows 10 devices that enable Credential Guard to fail authentication requests when they use the machine certificate. 
    • Restores the constructed attribute in Active Directory and Active Directory Lightweight Directory Services (AD LDS) for msDS-parentdistname
    • Addresses an issue that causes queries against large keys on Ntds.dit to fail with the error, “MAPI_E_NOT_ENOUGH_RESOURCES.” This issue might cause users to see limited meeting room availability because the Exchange Messaging Application Programming Interface (MAPI) cannot allocate additional memory for the meeting requests. 
    • Addresses an issue that intermittently generates Online Certificate Status Protocol (OSCP) Responder audit events (5125) to indicate that a request was submitted to the OCSP Responder Service. However, there is no reference to the serial number or the domain name (DN) of the issuer of the request. 
    • Addresses an issue that displays strange characters before the day, month, and year fields in the output from console commands. 
    • Addresses an issue that causes lsass.exe to stop working, which triggers a restart of the system. This issue occurs when invalid restart data is sent with a non-critical paged search control. 
    • Addresses an issue that fails to log events 4732 and 4733 for Domain-Local group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control. 
    • Addresses an issue with the Microsoft Cluster Shared Volumes File Systems (CSVFS) driver that prevents Win32 API access to SQL Server Filestream data. This occurs when the data is stored on a Cluster Shared Volume in a SQL Server failover cluster instance, which is on an Azure VM. 
    • Addresses an issue that causes a deadlock when Offline Files are enabled. As a result, CscEnpDereferenceEntryInternal holds parent and child locks. 
    • Addresses an issue that causes deduplication jobs to fail with stop error 0x50 when you call HsmpRecallFreeCachedExtents()
    • Addresses an issue that causes applications stop working when they use Microsoft’s Remote Desktop sharing APIs. The breakpoint exception code is 0x80000003. 
    • Removes the HTTP call to www.microsoft.com that the Remote Desktop Client (mstsc.exe) makes at sign out when using a Remote Desktop Gateway. 
    • Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows. 
    • Adds support for certain new Windows Mixed Reality motion controllers. 
    • Addresses an issue that causes apps that use Dynamic Data Exchange (DDE) to stop responding when you attempt to close the app. 
    • Adds an Azure Active Directory (AAD) Device Token that is sent to Windows Update (WU) as part of each WU scan. WU can use this token to query for membership in groups that have an AAD Device ID.
    • Addresses an issue with setting the “Restrict delegation of credentials to remote servers” Group Policy with the “Restrict Credential Delegation” mode on the Remote Desktop Protocol (RDP) client. As a result, the Terminal Server service tries to use “Require Remote Credential Guard” mode first and will only use “Require Restricted Admin” if the server does not support “Require Remote Credential Guard".
    • Addresses an issue in Windows Subsystem for Linux (WSL) that generates an “Element not found” error when you try to start WSL.
    • Addresses an issue with certain WWAN LTE modems that might show no internet connection in the notification area after waking from sleep or hibernation. Additionally, these modems might not be able to connect to the internet.

      Note:  If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.  

      To download and install the update, go to Settings -> Update and Security ->  Windows Update and select Check for updates.  The standalone package for this update is available in the Microsoft Update Catalog.  In addition, with Windows Update, the latest SSU (KB4577266) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

      Windows 10 update history

      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Mozilla Firefox Version 81.0.1 Released

      Firefox


      Mozilla sent Firefox Version 81.0.1 to the release channel today with bug fixes.

      Firefox ESR was updated to version 78.3.1.

      Fixed

      References

      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Wednesday, September 30, 2020

      Pale Moon Version 28.14.1 Released


      Pale Moon
      Pale Moon has been updated to version 28.14.1.

      From the Release Notes:  This update addresses an intermittent crash in the newly-implemented ResizeObserver API (introduced in 28.14.0) occurring on a number of high-profile and often-used websites.

       Pale Moon includes both 32- and 64-bit versions for Windows:

      Update

      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Tuesday, September 29, 2020

      Pale Moon Version 28.14.0 Released With Security Updates


      Pale Moon
      Pale Moon has been updated to version 28.14.0. The update is a development and security update.  Linux versions will follow shortly.

      Note: Included in the updates are DiD* patches.
      *DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

      From the Release Notes:

      Changes/fixes:

      • Updated the browser identity code for website security to more clearly indicate website status.
        A detailed explanation is available on the forum and beyond the scope of these release notes.
      • Updated unofficial branding to be more generic and more clearly separate unofficial builds from Pale Moon as a product.
        Please note that this goes hand in hand with an update of our redistribution license, and from this point forward any "New Moon" products are to be considered separate, and not unofficial Pale Moon builds or in any way related to or affiliated with Pale Moon, despite the similarity in name.
      • Added a preference (signon.startup.prompt) to give users the option to ask for the Master Password the moment the application starts (before the main window opens). This allows a workaround for getting multiple Master Password prompts if individual components need access to the password store at the same time.
      • Changed the way download sources are displayed to always use the actual domain downloads are from. In some situations the browser would previously display the domain of the referring page in an inconsistent fashion.
      • Implemented the ES2019 Object.fromEntries() utility function.
      • Implemented the CSS flow-root keyword.
      • (Re-)implemented percentage-based CSS opacity values according to the updated spec.
      • Implemented the last few missing bits for a standards-compliant implementation of JavaScript modules.(preloading, resource: scheme, etc.)
      • Implemented the ResizeObserver DOM API.
      • Fixed a null crash on some websites using CSS clip paths.
      • Updated script handling inside SVGs to only run scripts if they are enabled and permitted, avoiding a potential XSS pitfall.
      • Fixed several memory safety hazards and crashes.
      • Updated the MediaQueryList interface to the updated spec. It now inherits from EventTarget and implements AddEventListener/RemoveEventListener in addition to AddListener/RemoveListener and should improve web compatibility for some sites.
      • Removed support for the archaic and non-standard <marquee> element.
      • Removed some leftovers from the discontinued plugin update checker service.
      • Removed some internal HPKP implementation leftovers.
      • Cleaned up the Windows widget code to reduce potentially vulnerable direct-dll loads.
      • Security issues fixed: CVE-2020-15676 and CVE-2020-15677
      • Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 1 defense-in-depth, 7 not applicable.

       Pale Moon includes both 32- and 64-bit versions for Windows:

      Update

      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Thursday, September 24, 2020

      Optional Hotfix Released for Adobe Acrobat and Reader


      AdobeAdobe has released an optional hotfix for Adobe Acrobat and Reader for Windows and macOS that addresses some important bug fixes.

      Release date:  September 24, 2020
      Vulnerability identifier: None
      Platform: Windows and MacOS

      Update or Complete Download

      Reader DC and Acrobat DC were updated to version 20.012.20048.

       Update checks can be manually activated by choosing Help/Check for Updates. 
      Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

      References


      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Tuesday, September 22, 2020

      Mozilla Firefox Version 81.0 Released With Security Updates

      Firefox


      Mozilla sent Firefox Version 81.0 to the release channel today.  The update includes ten security updates of which four (4) are rated moderate high and three (3) are rated moderate.

      At the time of this posting, there is no update for Firefox ESR Version 68.12 and based on the Rapid Release Calendar, it appears it may have reached EOL and the current ESR Version is 78.3, available from here.

      High

       

      Moderate

       New

      • You can pause and play audio or video in Firefox right from your keyboard or headset, giving you easy access to control your media when in another Firefox tab, another program, or even when your computer is locked.
      • In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences.
      • For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. To ensure the smoothest experience, this will be rolling out to users gradually.
      • Firefox supports AcroForm, which will soon allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look.
      • Our users in Austria, Belgium and Switzerland using the German version of Firefox will now see Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps. In addition to Firefox’s new tab, Pocket is also available as an app on iOS and Android.

      Fixed
      • We’ve fixed a bug for users of language packs where the default language was reset to English after Firefox updates.
      • Browser native HTML5 audio/video controls received several important accessibility fixes:
        • Audio/video controls remain accessible to screen readers even when they are temporarily hidden visually.
        • Audio/video elapsed and total time are now accessible to screen readers where they weren't previously.
        • Various unlabelled controls are now labelled making them identifiable to screen readers.
        • Screen readers no longer intrusively report progress information unless the user requests it.

      Changed

      • You will soon find Picture-in-Picture more easily on all the videos you watch with new iconography.
      • The bookmarks toolbar is now automatically revealed once bookmarks are imported into Firefox, making it easier to find your most important websites.
      • We have expanded our supported file types - .xml, .svg, and .webp - so files you’ve downloaded can be opened right in Firefox.

      References

      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Tuesday, September 08, 2020

      Microsoft September 2020 Security Updates



      The Microsoft September security updates have been released and consist of 129 CVEs.  Of these 129 CVEs, 23 are rated Critical, 105 are rated Important and 1 is rated moderate in severity.  

      The updates apply to the following:  Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Edge (Chromium-based), Microsoft ChakraCore, Internet Explorer, SQL Server, Microsoft JET Database Engine, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Dynamics, Visual Studio, Microsoft Exchange Server, SQL Server, ASP.NET, Microsoft OneDrive, and Azure DevOps.

      An update to ADV990001 includes information on the new versions of Servicing Stack.  For information about Servicing Stack updates see Servicing Stack Updates (SSU).

      The KBs listed below contain information about known issues with the security updates. 

      KB Article Applies To
      4484488 SharePoint Foundation 2013
      4484515 SharePoint Enterprise Server 2013
      4486667 SharePoint Foundation 2010
      4570333 Windows 10 Version 1809, Windows Server 2019
      4571756 Windows 10, version 2004
      4577015 Windows 10, version 1607, Windows Server 2016
      4577038 Windows Server 2012 (Monthly Rollup)
      4577048 Windows Server 2012 (Security-only update)
      4577051 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
      4577053 Windows 7, Windows Server 2008 R2 (Security-only update)
      4577064 Windows Server 2008 Service Pack 2 (Monthly Rollup)
      4577066 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
      4577070 Windows Server 2008 Service Pack 2 (Security-only update)
      4577071 Windows 8.1, Windows Server 2012 R2 (Security-only update)
      4577352 Exchange Server 2019, Exchange Server 2016

      Recommended Reading:  

      See Dustin Childs review and analysis in Zero Day Initiative — The September Security Update Review.

      For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box.

      Additional Update Notes:

      • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above. Note, however, that there are no Adobe Flash Player security updates for Active X.
      • MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool.
      • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
      • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
      • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
      • Windows Update History:

      References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...