Friday, October 30, 2020

Microsoft Cumulative Update for Windows 10 Versions 20H2, 2009, 2004 and 1903



Microsoft released a cumulative update with non-security improvements and fixes for Windows 10 Versions 20H2 and 2009 and a separate update for Versions, 2004 and 1903.  

Both sets of updates have a long list of key changes which can be viewed in the KB articles.  Note, however, if you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.  To download and install the update, go to Settings -> Update and Security ->  Windows Update and select Check for updates. The standalone packages are as follows:

KB4580364:  Windows Versions 2009 and 20H2 (Builds 19041.610 and 19042.610)

KB4580386:  Windows Versions 1903 and 2004 (Builds 18362.1171 and 18363.1171)

  • KB4580386 (Versions 1903 and 2004) is available in the Microsoft Update Catalog website.  In addition, with Windows Update, the latest SSU (KB4577670) will be offered to you automatically.  To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.


Windows 10 update history

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, October 28, 2020

Mozilla Firefox Version 82.0.2 Released

Firefox


Mozilla sent yet another Firefox update to the release channel today, Version 82.0.2 was released with one bug fix.

Fixed

    • Fixed duplication of WebSocket messages in certain cases (bug 1673340)

 References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 27, 2020

Mozilla Firefox Version 82.0.1 Released

Firefox


Mozilla sent Firefox Version 82.0.1 to the release channel today.  

At the time of this posting, there is no update to Firefox ESR.

Fixed

  • Avoid an unnecessary prompt to reboot when using the full installer on Windows (bug 1671715)
  • Restored the ability to print on paper whose width or height is larger than 100 inches, e.g. for receipts (bug 1672370)
  • Fixed printing of documents with margins of zero, e.g. some PDFs (bug 1672529)
  • Fixed handling of the WebDriver:ClickElement command in the marionette testing framework (bug 1666755)
  • Stability fix (bug 1660539)

 References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Verson 28.15.0 Released With Security Updates


Pale Moon

Pale Moon has been updated to version 28.15.0.  This is a development and bugfix release. 

Note: Included in the updates are DiD* patches.

*DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

Changes/fixes:

  • Implemented support for CSS caret-color.
  • Implemented support for un-prefixed ::selection CSS pseudo-element styling.
  • Fixed another potential crashing scenario in ResizeObservers.
  • Fixed several crashes in the DOM Fetch API.
  • Fixed a crash in table pagination.
  • Security issues fixed: CVE-2020-15680 (VG-VD-20-115) and several memory safety hazards.
  • Unified XUL Platform Mozilla Security Patch Summary: 1 fixed, 2 defense-in-depth, 12 not applicable.

 Pale Moon includes both 32- and 64-bit versions for Windows:

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, October 20, 2020

Oracle Java SE JRE Security Update

java

Oracle released the scheduled critical security updates for its Java SE Runtime Environment software. This Critical Patch Update contains 8 new security patches for Oracle Java SE.  All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

Update

If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

Download Information

Java SE Runtime Environment Version 8u271:  https://www.oracle.com/java/technologies/javase-jre8-downloads.html or https://java.com/en/download/manual.jsp.

Notes:

  • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
  • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
  • Verify your versionhttp://www.java.com/en/download/testjava.jsp.   Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

Critical Patch Updates

For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
  • 19 January 2021 
  • 13 April 2021 
  • 20 July 2021 
  • 19 October 2021

Unwanted "Extras"

Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  publicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

Do the following to suppress the sponsor offers:
  1. Launch the Windows Start menu
  2. Click on Programs
  3. Find the Java program listing
  4. Click Configure Java to launch the Java Control Panel
  5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
  6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
Java suppress sponsor offers

Java Security Recommendations

1)  In the Java Control Panel, at minimum, set the security to high.
2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.
3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...




Windows 10 October 2020 Update Released!



A  gradual release of the Windows 10 October 2020 update has begun today!  If you are anxious to move to this new version, see this article on How to get the Windows 10 October 2020 Update, although it would be advisable to check the Known issues first.  With an older device, you may want to wait until it is offered.  However, my 2008 PC has not had any issues with the Insider Builds.  

As always, before making changes to your PC, make a backup.

Examples of New Features:

The new Microsoft Edge is now the default version of Edge and includes an embedded Internet Explorer 11 mode that launches IE in an Edge tab. IE Mode is only for intranet sites and is an interim only until sites update for the new browser.

Some of the new features include a change to the Start Menu which shows off Microsoft's Fluent Design icons.  It also improves support for Light and Dark modes.

The new version also includes further Settings migration from the Control Panel. With this release, most of the changes are in the System section. For example. by going to Settings > System > Display > Advanced display settings, you can change refresh rates.  A feature I particularly like is the new option to copy system details from the About section.  This makes it easier to provide system information when requesting assistance.

When doing a new Windows10 install, there is an improved set of default applications on the taskbar. If you're logging in with a Microsoft account, Windows 10 uses your choice of services and devices to pin icons.  For those using an Android phone and have it linked to your Windows account, it will automatically pin Your Phone.  Note, however, if updating an existing install,the  taskbar icons won't change.

Illustrated examples of some of the changes in the update can be seen at Bleeping Computer in Windows 10 20H2 is released, here are the new features.


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 82.0 Released With Security Updates

Firefox


Mozilla sent Firefox Version 82.0 to the release channel today.  The update includes seven security updates of which four (4) are rated high, two (2) moderate and one (1) rated low.

Firefox ESR was updated to Version 78.4.

High

 Moderate

 Low

 New

  • With this release, Firefox introduces a number of improvements that make watching videos more delightful:

    • the Picture-In-Picture button has a new look and position, making it easier for you to find and use the feature.
    • Picture-In-Picture now has a keyboard shortcut for Mac users (Option + Command + Shift + Right bracket) that works before you start playing the video.
    • For Windows users, Firefox now uses DirectComposition for hardware decoded video, which will improve CPU and GPU usage during video playback, improving battery life.
  • Firefox is faster than ever with improved performance on both page loads and start up time:

    • Websites that use flexbox-based layouts load 20% faster than before;
    • Restoring a session is 17% quicker, meaning you can more quickly pick up where you left off;
    • For Windows users, opening new windows got quicker by 10%.
  • You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar.
  • WebRender continues to roll out to more Firefox users on Windows.

Fixed
  • Screen reader features which report paragraphs now correctly report paragraphs in Firefox instead of lines.

Changed

  • Credit card auto-fill is now more accessible with the card type, and the card number in the card editor now available to screen readers.
  • Printing dialog errors for invalid form entries are now reported to screen readers.

References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 13, 2020

Microsoft October 2020 Security Updates



The Microsoft October security updates have been released and consist of 87 CVEs.  Of these 87 CVEs, 11 are rated Critical, 75 are rated Important and 1 is rated moderate in severity.  

The updates apply to the following:  Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft JET Database Engine, Azure Functions, Azure Sphere, Open Source Software, Microsoft Exchange Server, Visual Studio, PowerShellGet, Microsoft .NET Framework, Microsoft Dynamics, Adobe Flash Player, and Microsoft Windows Codecs Library.

An update to ADV990001 includes information on the new versions of Servicing Stack.  For information about Servicing Stack updates see Servicing Stack Updates (SSU).

The KBs listed below contain information about known issues with the security updates. 

KB Article Applies To
4577668 Windows 10 Version 1809, Windows Server 2019
4577671 Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4579311 Windows 10, version 2004
4580345 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4580346 Windows 10, version 1607, Windows Server 2016
4580347 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4580353 Windows Server 2012 (Security-only update)
4580358 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4580378 Windows Server 2008 Service Pack 2 (Monthly Rollup)
4580382 Windows Server 2012 (Monthly Rollup)
4580385 Windows Server 2008 Service Pack 2 (Security-only update)
4580387 Windows 7, Windows Server 2008 R2 (Security-only update)
4581424 Exchange Server 2019, Exchange Server 2016, Exchange Server 2013

Recommended Reading:  

See Dustin Childs review and analysis in Zero Day Initiative — The October Security Update Review.

For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box.

Additional Update Notes:

  • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
  • MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool.
  • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • Windows Update History:

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...





Adobe Flash Player Critical Security Update Released


Adobe Flashplayer

Adobe released Version 32.0.0.445 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS.  These updates address a critical vulnerability in Adobe Flash Player. Successful exploitation could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user. 

Release date:  October 13, 2020
Vulnerability identifier:  APSB20-58
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:

*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Mozilla Firefox Version 81.0.2 Released

    Firefox


    Mozilla sent Firefox Version 81.0.2 to the release channel today to fix a bug that was introduced with Firefox Version 81.0 which resulted in Twitter not loading in the browser.

    Fixed
    • Fixed an incompatibility with Twitter.com manifesting itself with the intermittent display of a network protocol violation error page

    References

    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Wednesday, October 07, 2020

    Friday, October 02, 2020

    Pale Moon Version 28.14.2 Released


    Pale Moon
    Pale Moon has been updated to version 28.14.2 to fix a few important issues.  Linux versions will follow soon.

    Changes/fixes:
    • Fixed some additional crashes caused by the ResizeObserver API. This should take care of all crashes that have been attributed to this new code.
    • Fixed erroneous parsing of CSS percentages as number values.

     Pale Moon includes both 32- and 64-bit versions for Windows:

    Update

    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

    Release Notes




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Thursday, October 01, 2020

    Microsoft Cumulative Update for Windows 10 Version 2004



    Microsoft released a cumulative update KB4577063 with non-security improvements and fixes for Windows 10 Version 2004. 

    The update addresses a long list of issues, of which the following are identified as highlights: 

    • Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020. For more information, see KB4581051.
    • Addresses an issue with Microsoft Edge IE Mode that occurs when you enable Configure enhanced hang detection for Internet Explorer mode in Microsoft Edge. 
    • Addresses an issue that, in some instances, prevents the Language Bar from appearing when the user signs in to a new session. This occurs even though the Language Bar is configured properly. 
    • Addresses an issue that fails to recognize the first East Asian language character typed into a Microsoft Foundation Class Library (MFC) DataGrid. 
    • Addresses an issue the prevents you from reconnecting to a previously closed session because that session is in an unrecoverable state. 
    • Addresses an issue that causes games that use spatial audio to stop working. 
    • Addresses an issue that prevents the deletion of stale user profiles when you configure a profile cleanup Group Policy object (GPO). 
    • Addresses an issue in which selecting I forgot my Pin from Settings>Accounts>Sign-in options fails in a Windows Hello for Business On-Premise deployment. 
    • Updates 2021 time zone information for Fiji. 
    • Addresses an issue that affects the Microsoft’s System Centre Operations Manager’s (SCOM) ability to monitor a customer's workload. 
    • Addresses an issue that causes random line breaks when you redirect PowerShell console error output. 
    • Addresses an issue with creating HTML reports using tracerpt
    • Allows the DeviceHealthMonitoring Cloud Service Plan (CSP) to run on Windows 10 Business and Windows 10 Pro editions.
    • Addresses an issue that prevents the content under HKLM\Software\Cryptography from being carried over during Windows feature updates. 
    • Addresses an issue that causes an access violation in lsass.exe when a process is started using the runas command in some circumstances. 
    • Addresses an issue in which Windows Defender Application Control enforces package family name rules that should be audit only. 
    • Addresses an issue that displays an error that states that a smart card PIN change was not successful even though the PIN change was successful. 
    • Addresses an issue that might create duplicate Foreign Security Principal directory objects for Authenticated and Interactive users in the domain partition. As a result, the original directory objects have “CNF” added to their names and are mangled. This issue occurs when you promote a new domain controller using the CriticalReplicationOnly flag. 
    • Updates the configuration of Windows Hello Face recognition to work well with 940nm wavelength cameras. 
    • Reduces distortions and aberrations in Windows Mixed Reality head-mounted displays (HMD). 
    • Ensures that new Windows Mixed Reality HMDs meet minimum specification requirements and default to a 90Hz refresh rate. 
    • Addresses an issue that causes a stop error on a Hyper-V host when a virtual machine (VM) issues a specific Small Computer System Interface (SCSI) command. 
    • Addresses an issue that might cause attempts to bind a socket to a shared socket to fail. 
    • Addresses an issue that might prevent applications from opening or cause other errors when applications use Windows APIs to check for internet connectivity and the network icon incorrectly displays “No internet access” in the notification area. This issue occurs if you use a group policy or local network configuration to disable active probing for the Network Connectivity Status Indicator (NCSI). This also occurs if active probing fails to use a proxy and passive probes fail to detect internet connectivity. 
    • Addresses an issue that prevents Microsoft Intune from syncing on a device using the virtual private network version 2 (VPNv2) configuration service provider (CSP). 
    • Suspends uploads and downloads from peers when a VPN connection is detected. 
    • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config
    • Addresses an issue with ntdsutil.exe that prevents you from moving Active Directory database files. The error is, “Move file failed with source <original_full_db_path> and Destination <new_full_db_path> with error 5 (Access is denied.)” 
    • Addresses an issue that incorrectly reports that Lightweight Directory Access Protocol (LDAP) sessions are unsecure in Event ID 2889. This occurs when the LDAP session is authenticated and sealed with a Simple Authentication and Security Layer (SASL) method. 
    • Addresses an issue that might cause Windows 10 devices that enable Credential Guard to fail authentication requests when they use the machine certificate. 
    • Restores the constructed attribute in Active Directory and Active Directory Lightweight Directory Services (AD LDS) for msDS-parentdistname
    • Addresses an issue that causes queries against large keys on Ntds.dit to fail with the error, “MAPI_E_NOT_ENOUGH_RESOURCES.” This issue might cause users to see limited meeting room availability because the Exchange Messaging Application Programming Interface (MAPI) cannot allocate additional memory for the meeting requests. 
    • Addresses an issue that intermittently generates Online Certificate Status Protocol (OSCP) Responder audit events (5125) to indicate that a request was submitted to the OCSP Responder Service. However, there is no reference to the serial number or the domain name (DN) of the issuer of the request. 
    • Addresses an issue that displays strange characters before the day, month, and year fields in the output from console commands. 
    • Addresses an issue that causes lsass.exe to stop working, which triggers a restart of the system. This issue occurs when invalid restart data is sent with a non-critical paged search control. 
    • Addresses an issue that fails to log events 4732 and 4733 for Domain-Local group membership changes in certain scenarios. This occurs when you use the “Permissive Modify” control; for example, the Active Directory (AD) PowerShell modules use this control. 
    • Addresses an issue with the Microsoft Cluster Shared Volumes File Systems (CSVFS) driver that prevents Win32 API access to SQL Server Filestream data. This occurs when the data is stored on a Cluster Shared Volume in a SQL Server failover cluster instance, which is on an Azure VM. 
    • Addresses an issue that causes a deadlock when Offline Files are enabled. As a result, CscEnpDereferenceEntryInternal holds parent and child locks. 
    • Addresses an issue that causes deduplication jobs to fail with stop error 0x50 when you call HsmpRecallFreeCachedExtents()
    • Addresses an issue that causes applications stop working when they use Microsoft’s Remote Desktop sharing APIs. The breakpoint exception code is 0x80000003. 
    • Removes the HTTP call to www.microsoft.com that the Remote Desktop Client (mstsc.exe) makes at sign out when using a Remote Desktop Gateway. 
    • Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows. 
    • Adds support for certain new Windows Mixed Reality motion controllers. 
    • Addresses an issue that causes apps that use Dynamic Data Exchange (DDE) to stop responding when you attempt to close the app. 
    • Adds an Azure Active Directory (AAD) Device Token that is sent to Windows Update (WU) as part of each WU scan. WU can use this token to query for membership in groups that have an AAD Device ID.
    • Addresses an issue with setting the “Restrict delegation of credentials to remote servers” Group Policy with the “Restrict Credential Delegation” mode on the Remote Desktop Protocol (RDP) client. As a result, the Terminal Server service tries to use “Require Remote Credential Guard” mode first and will only use “Require Restricted Admin” if the server does not support “Require Remote Credential Guard".
    • Addresses an issue in Windows Subsystem for Linux (WSL) that generates an “Element not found” error when you try to start WSL.
    • Addresses an issue with certain WWAN LTE modems that might show no internet connection in the notification area after waking from sleep or hibernation. Additionally, these modems might not be able to connect to the internet.

      Note:  If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.  

      To download and install the update, go to Settings -> Update and Security ->  Windows Update and select Check for updates.  The standalone package for this update is available in the Microsoft Update Catalog.  In addition, with Windows Update, the latest SSU (KB4577266) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

      Windows 10 update history

      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Mozilla Firefox Version 81.0.1 Released

      Firefox


      Mozilla sent Firefox Version 81.0.1 to the release channel today with bug fixes.

      Firefox ESR was updated to version 78.3.1.

      Fixed

      References

      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...