Thursday, December 31, 2020

Adobe Flash Player Reaches EoL (End of Life)


Adobe Flashplayer

The final scheduled update of Adobe Flash Player for all regions outside of Mainland China was issued on December 8, 2020.  It will no longer be supported after December 31 2020, as having reached EoL (End of Life).  Beginning January 12, 2021, Adobe will block Flash content from running in Flash Player. 

Although Microsoft has made KB4577586 available in the Microsoft Update Catalog, it will also be released via Windows Update and is expected to be included in the Microsoft January 2021 Security Updates.

As indicated in the below-referenced Microsoft "Update for the removal of Flash Player", if you are using a browser that supports NPAPI (Firefox/Pale Moon/MyPal) or PPAPI (Opera and Chromium-based browsers), it is necessary to also use the referenced Flash Player Uninstaller. (Note:  a restart will be needed when running the Adobe Flash Player uninstaller.)

"This update only removes Adobe Flash Player that was installed by your version of Windows. If you installed Adobe Flash Player manually from another source, it will not be removed. For more information about how to remove Adobe Flash Player, see the Uninstall Flash Player | Windows topic on the Adobe website."

References


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, December 22, 2020

Mozilla Firefox Version 84.0.1 Released

Firefox


Mozilla sent Firefox Version 84.0.1 to the release channel today.  Firefox ESR remains at Version 78.6.

Fixed

  • Fixed problems loading secure websites and crashes for users with certain third-party PKCS11 modules and smartcards installed (bug 1682881).
  • Fixed slower than expected performance and flickering on Canvas elements for some Windows users (bug 1683116).
  • Fixed a bug causing some Unity JS games to not load on Apple Silicon devices due to improper detection of the OS version (bug 1680516).
  • Fixed crashes caused by various third-party antivirus software.

  References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, December 18, 2020

Pale Moon Version 28.17.0 Released With Security Updates


Pale Moon

Pale Moon has been updated to version 28.17.0.  This is a development, bugfix and security update.

Changes/fixes:

  • Changed the way dates and times are formatted in the UI to properly adhere to the user's regional settings in the O.S.
  • Re-enabled the DOM Filesystem API for web compatibility.
  • Moved the global user-agent override to the networking component. See implementation notes.
  • Worked around crashes and run-time issues with module scripts. See implementation notes.
  • Fixed a website layout issue with table-styled elements potentially overlapping when placed inside a flexbox.
  • Fixed some code logic issues with websockets.
  • Fixed a regression when waking the computer from standby causing high CPU usage in some uncommon situations.
  • Updated the list of prohibited ports the browser can use. See implementation notes.
  • Updated root certificates.
  • Windows: Changed the way downloaded files without an extension are handled. See implementation notes.
  • Mac-beta: Improved version detection of MacOS including Big Sur.
  • Security issues addressed: CVE-2020-26978 and CVE-2020-35112.
  • Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 1 deferred to the next release, 16 not applicable.

 Implementation notes:

  • The global user-agent override was moved to the networking component where it is actually implemented. The new preference name is network.http.useragent.global_override. Please note that using a blanket override is normally (very) counterproductive and does not, in fact, help much with privacy. It would also override the compatibility modes (Native/Gecko/Firefox) in Pale Moon. As such, the browser will now warn you if the user-agent is globally overridden (in preferences) and allow you to easily reset that override and re-enable the various compatibility modes.
  • Module scripting caused some persistent and very hard to track browser crashes that we've narrowed down to a specific optimization in the JavaScript JIT (Just-In-Time) compiler (IonMonkey). This optimization is now disabled by default but if you need that little extra performance (usually only noticed in very optimized code or some benchmarks) then you can re-enable it, trading in stability, by setting the new preference javascript.options.ion.inlining to true.
  • Prohibited ports: Pale Moon maintains a blacklist of ports the browser may normally not connect to on servers, to mitigate abusive web scripting employing your browser as an attack bot on servers (e.g. by connecting to mail servers or what not), NAT slipstreaming, and similar security issues. To more thoroughly prevent known abusable ports on servers, this list was extended with a number of additional default ports for various non-http protocols.
  • Downloaded files without a file extension: When a file without an extension is downloaded, we will now open the download folder where you may choose to take any specific action manually, instead of trying to execute it as a program or through an associated program.

  Pale Moon includes both 32- and 64-bit versions for Windows:

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, December 15, 2020

Mozilla Firefox Version 84.0 Released With Security Updates

Firefox


Mozilla sent Firefox Version 84.0 to the release channel today.  The update includes fourteen security updates of which one (1) is rated critical, six (6) are rated high, four (4) moderate and three (3) rated low.

Firefox ESR was updated to Version 78.6.

Critical

 

High

 

Moderate

 

Low

New

  • Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non-native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox.

  • WebRender rolls out to MacOS Big Sur and Windows devices with Intel Gen 5 and 6 GPUs. Additionally we'll ship an accelerated rendering pipeline for Linux/GNOME/X11 users for the first time, ever!

  • Firefox now uses more modern techniques for allocating shared memory on Linux, improving performance and increasing compatibility with Docker.

  • Firefox 84 is the final release to support Adobe Flash.

References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, December 09, 2020

Adobe Acrobat DC and Reader DC Out-of-Cycle Security Update Released


AdobeAdobe has released an out-of-cycle hotfix for Adobe Acrobat and Reader for Windows and macOS that addresses some important bug fixes as well as an important vulnerability, successful exploitation of which could lead to information disclosure in the context of the current user.

Release date:  December 9, 2020
Vulnerability identifier: APSB20-75
Platform: Windows and MacOS

Bug fixes

Viewer

  • 4317855: [BigSur]Crash on launching Edit after text selection
  • 4317428: Adobe Reader preferences window doesn’t load the content correctly

Update or Complete Download

Reader DC and Acrobat DC were updated to version 20.013.20074.

 Update checks can be manually activated by choosing Help/Check for Updates. 

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, December 08, 2020

Microsoft December 2020 Security Updates



The Microsoft December security updates have been released and consist of 58 CVEs and one Advisory, ADV200013, which provides guidance on a spoofing vulnerability in the DNS Resolver.  Of these 58 CVEs, 9 are rated Critical, 46 Important, and 3 are rated low in severity.  

The updates apply to the following:  Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Edge for Android, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere.

If you are using Windows Update, the latest Servicing Stack Update (SSU) (KB4593175) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.  For information about Servicing Stack updates see Servicing Stack Updates (SSU).

The KBs listed below contain information about known issues with the security updates. 

KB ArticleApplies To
4592438Windows 10, version 2004, Windows Server version 2004, Windows 10, version 20H2, Windows Server version 20H2
4592440Windows 10 Version 1809, Windows Server 2019
4592449Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4592468Windows Server 2012 (Monthly Rollup)
4592471Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4592484Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4592495Windows 8.1, Windows Server 2012 R2 (Security-only update)
4592497Windows Server 2012 (Security-only update)
4592498Windows Server 2008 (Monthly Rollup)
4592503Windows 7, Windows Server 2008 R2 (Security-only update)
4592504Windows Server 2008 (Security-only update)
4593226Windows 10, version 1607, Windows Server 2016
4593465Exchange Server 2019, Exchange Server 2016
4593466Exchange Server 2013
4593467Exchange Server 2010 Service Pack 3

 

Recommended Reading 

See Dustin Childs review and analysis in Zero Day Initiative — The December Security Update Review.

For more information about the updates released today, see the new version of the Security Update Guide, described here.

IMPORTANT Adobe Flash Player will go out of support on December 31, 2020. For more information, see Adobe Flash end of support on December 31, 2020. Flash content will be blocked from running in Flash Player beginning January 12, 2021. For more information, see Adobe Flash Player EOL General Information Page.

Additional Update Notes:

  • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.  However, the embedded ActiveX Flash for IE/EdgeClassic on Windows 8.1/10 remains at x.445.
  • MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool.
  • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • Windows Update History:

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...





Adobe Flash Player Update Released


Adobe Flashplayer

Adobe released Version 32.0.0.465 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS with assorted bug fixes.

Release date:  December 8, 2020
Vulnerability identifier:  None
Platform:  Windows, Macintosh, Linux and Chrome OS
 

From the Release Notes:

"Today marks the final scheduled release of Flash Player for all regions outside of Mainland China.  We want to take a moment to thank all of our customers and developers who have used and created amazing Flash Player content over the last two decades.  We are proud that Flash had a crucial role in evolving web content across animation, interactivity, audio, and video.  We are excited to help lead the next era of digital experiences.

Adobe will no longer support Flash Player after December 31 2020, and Adobe will block Flash content from running in Flash Player beginning January 12 2021; Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems.  

Some users may continue to see reminders from Adobe to uninstall Flash Player from their system.  Please see our Flash Player EOL General Information page for more details and links to instructions for those that would like to uninstall Flash Player manually."

Update:
*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...