Friday, December 24, 2021

Merry Christmas, Khristos Razhdayetsya!



Warmest wishes to family, friends, 
fellow #WindowsInsiders, and 
Security Garden subscribers for a

Merry Christmas!
Khristos Razhdayetsya!






May you enjoy the spirit of Christmas every day of the coming year.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...




Sunday, December 19, 2021

Mozilla Firefox Version 95.0.2 Released

         FirefoxMozilla released yet another update to Firefox, sending Firefox Version 95.0.2 to the release channel today.  

Fixed

  • Addresses frequent crashes experienced by users with certain AMD CPUs running on Windows 7, 8, and 8.1

Security Updates
Release Notes
Rapid Release Calendar

Thursday, December 16, 2021

Mozilla Firefox Version 95.0.1 Released

        FirefoxMozilla sent Firefox Version 95.0.1 to the release channel today.  

Fixed

  • Fixed frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error messages when trying to connect to various microsoft.com domains (bug 1745600)
  • Fix for a WebRender crash on some Linux/X11 systems (bug 1741956)
  • Fix for a frequent Windows shutdown crash (bug 1738984)
  • Fix websites contrast issues for some Linux users with Dark mode set at OS level (bug 1740518)

Security Updates
Release Notes
Rapid Release Calendar

Tuesday, December 14, 2021

Scot's Newsletter Forums Lives On!

Scot's Newsletter Forums

A little over two weeks ago, Scot Finnie (owner and founder of Scot's Newsletter Forums) posted what was to long-time members, a shocking Announcement that the time had come for him to pull away from the forums and Scot's Newsletter, reading in part:

"To be honest, in recent years -- since leaving Computerworld -- I have lost my long-held zeal for computers. I've moved on to other pursuits, and have even launched a small local business in an unrelated field.

 

My hope is that I can find someone or some group of people to whom I can turn over the forums, the scotsnewsletter.com domain, and all the keys to the castle. In other words, a new owner. As the new owner, you would have the option to use my first name in perpetuity (in any marketing materials etc.) For the first year I would be around to consult on any questions that might arise (at no cost). All that for one dollar. Such a deal.

 

I think that new blood, someone with new ideas who wants to try a few things, will find there's still enough of an ember on the forums to start something new. One of those ideas might be changing the name of the forums."

Fortunately, with the announcement today, We Have a New Owner! that hope has come true!   



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...




Microsoft December 2021 Security Updates

      

The Microsoft December 2021 security updates have been released and consist of 67 CVEs.  Of these CVEs, 7 are rated Critical, and 60 are rated Important severity.  At the time of release, five are listed as publicly known and one is listed as under active exploit.

The updates apply to the following long list of products:  Apps, ASP.NET Core & Visual Studio, Azure Bot Framework SDK, BizTalk ESB Toolkit, Internet Storage Name Service, Microsoft Defender for IoT, Microsoft Devices, Microsoft Edge (Chromium-based), Microsoft Local Security Authority Server (lsasrv), Microsoft Message Queuing, Microsoft Office, Microsoft Office Access, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft PowerShell, Microsoft Windows Codecs Library, Office Developer Platform, Remote Desktop Client, Role: Windows Fax Service, Role: Windows Hyper-V, Visual Studio Code, Visual Studio Code - WSL Extension, Windows Common Log File System Driver, Windows Digital TV Tuner, Windows DirectX, Windows Encrypting File System (EFS), Windows Event Tracing, Windows Installer, Windows Kernel, Windows Media, Windows Mobile Device Management, Windows NTFS, Windows Print Spooler Components, Windows Remote Access Connection Manager, Windows Storage, Windows Storage Spaces Controller, Windows SymCrypt, Windows TCP/IP, and Windows Update Stack.

See the KBs listed at December 2021 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.


Note:  This is the month for the quarterly MSRT run.  Although included with Windows updates, it can be downloaded separately:  

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The December 2021 Security Update Review.

 

Additional Update Notes:

 

References



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...




 

Pale Moon Version 29.4.3 Released with Security Updates

    

Pale Moon

Pale Moon has been updated to version 29.4.3.  This is a security update.  This update reinstates FUEL again for old extension compatibility. See implementation notes.

Linux versions will follow shortly.

Changes/fixes:

  • Restored the FUEL abstraction library again.
  • Added some extra sanity checks to timers and text fragments. DiD
  • Added a potential crash safeguard in program threading logic. DiD
  • Fixed the following security issues: CVE-2021-43537, CVE-2021-43541, CVE-2021-43536, CVE-2021-43545 and CVE-2021-43542.
  • Unified XUL Platform Mozilla Security Patch Summary: 5 fixed, 3 DiD, 10 not applicable.

Implementation notes:

  • Despite being removed in 29.4.0 and 29.4.2, the long-since deprecated FUEL abstraction functions inside Pale Moon have been restored again after considerable blowback from the community and lack of effort to fix afflicted extensions. It was decided to just restore this indefinitely in the end, since it serves no-one to have users be forced to do without or stay on insecure versions of the browser for something nobody seems to want to address in the extension ecosystem. Keep an eye on the forum for a more in-depth announcement soon (will be linked here when available).

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, December 07, 2021

Mozilla Firefox Version 95 Released with Security Updates

       FirefoxMozilla sent Firefox Version 95.0 to the release channel today.  The update includes thirteen security updates of which six (6) are rated high, five (5) are rated moderate, and two (2) are rated low.

Firefox ESR was updated to Version 91.4.

High


Moderate

 Low

New

  • RLBox — a new technology that hardens Firefox against potential security vulnerabilities in third-party libraries — is now enabled on all platforms.
  • Good news! You can now download Firefox from the Microsoft Store on Windows 10 and Windows 11 platforms.
  • We’ve reduced CPU usage on macOS in Firefox and WindowServer during event processing.
  • We’ve also reduced the power usage of software decoded video on macOS, especially in fullscreen. This includes streaming sites such as Netflix and Amazon Prime Video.
  • You can now move the Picture-in-Picture toggle button to the opposite side of the video. Simply look for the new context menu option Move Picture-in-Picture Toggle to Left (Right) Side.
  • To better protect Firefox users against side-channel attacks such as Spectre, Site Isolation is now enabled for all Firefox 95 users.

Fixed

  • After starting Firefox, users of the JAWS screen reader and ZoomText magnifier will no longer need to switch applications in order to access Firefox.
  • You’ll find the state of controls using the ARIA switch role is now correctly reported by Mac OS VoiceOver.
  • You’ll see a faster content process startup on macOS.
  • We’ve also made memory allocator improvements.
  • And we’ve improved page load performance by speculatively compiling JavaScript ahead of time. 

Changed

  • We’ve added a User Agent override for Slack.com, which allows Firefox users to use more Call features and have access to Huddles.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

Wednesday, November 24, 2021

Windows 10 Optional Preview Cumulative Update

   


Microsoft released
 KB5007235, the monthly “C” release preview cumulative update with non-security improvements and fixes for Windows 10 Versions 21H1, 20H2, and 2004.  

IMPORTANT:  Windows 10, version 2004 will reach end of servicing on December 14, 2021. To continue receiving security and quality updates, it is strongly recommended that you update to the latest version of Windows 10.

Note:  Due to the holidays, there will not be a "C" release preview in December.

The highlighted changes include the following:
  • Updates an issue that that causes some variable fonts to display incorrectly.   

  • Updates an issue that might cause the 32-bit version of Microsoft Excel to stop working on certain devices when you export to PDF. 

  • Updates an issue that displays letters or characters at the wrong angle when you use the Meiryo UI font and other vertical fonts. These fonts are frequently used in Japan, China, or other countries in Asia.  

  • Updates an issue that causes Internet Explorer to stop working when using the Input Method Editor (IME) to insert elements. 

  • Updates an issue that causes the Settings page to unexpectedly close after you uninstall a font. 

  • Updates an issue that affects your ability to rename a file using folder view in File Explorer when you use the new Japanese IME. 

  • Updates an issue that turns off screen capture and recording functionalities on the Windows Game Bar after a service failure. 

  • Updates an issue that prevents the applications that you use often from appearing on the Start menu as they should.

  • Updates an issue that causes Internet Explorer to stop working.

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

For information about the types of updates released by Microsoft each month see Windows 10 update servicing cadence primer.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, November 22, 2021

Windows 11 Optional Preview Cumulative Update

 


Microsoft released KB5007262, the monthly “C” release preview cumulative update with non-security improvements and fixes for the Windows 11 original release, Build 22000.282.

Note:  Due to the holidays, there will not be a "C" release preview in December.

The highlighted changes include the following:
  • Updates an issue that causes Internet Explorer to stop working when you copy and paste text while using the Input Method Editor (IME).

  • Updates an issue that displays the incorrect background for the iFLY Simplified Chinese IME icon in the notification area.  

  • Updates an issue that prevents the display of File Explorer and desktop shortcut menus. This issue often occurs when you choose to use a single click to open an item.

  • Improves the animation performance of icons on the taskbar.

  • Updates volume control issues that affect Bluetooth audio devices.

  • Updates an issue that causes File Explorer to stop working after you close a File Explorer window.

  • Updates an issue that displays incorrect closed-caption shadows for some videos.

  • Updates an issue that automatically removes the Serbian (Latin) Windows display language from a device.

  • Updates an issue that causes flickering when you hover over icons on the taskbar; this issue occurs if you’ve applied a high contrast theme.

  • Updates an issue that, under certain conditions, prevents the keyboard focus rectangle from being visible when you use Task View, Alt-Tab, or Snap Assist.

  • Updates an issue that might cause Windows Mixed Reality to start when you put on a headset. This issue occurs even when you’ve turned off the option “Start Mixed Reality Portal when my headset's presence sensor detects that I'm wearing it”.

  • Updates an issue that might cause your device to report that it doesn't detect a printer after you plug it in.

  • Updates an issue that might cause a temporary loss of audio on your device.

  • Updates an issue that that causes some variable fonts to display incorrectly.

  • Updates an issue that displays letters or characters at the wrong angle when you use the Meiryo UI font and other vertical fonts. These fonts are frequently used in Japan, China, or other countries in Asia.

  • Updates an issue that causes certain apps to stop responding to input. This issue occurs on devices that have a touchpad.

  • Adds an option for you to choose whether to automatically turn on Focus Assist for the first hour after a Windows feature update.

  • Updates an audio distortion issue that affects Xbox One and Xbox Series Audio peripherals and occurs when you use them with spatial audio.

  • Updates several aspects of Windows emoji. As part of an iterative and ongoing work, we have made the following improvements for this release:

    • Updates all emoji from the Segoe UI Emoji font to the Fluent 2D emoji style

      alternate text

    • Includes support for Emoji 13.1, which:

      • Updates the emoji dictionary

      • Adds the ability to search for Emoji 13.1 in all supported languages

      • Updates the Emoji and more panel so you can enter emoji in your applications

See the referenced KB article for the long list of improvements and fixes included in the update.

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest LCU. This update includes SSU 2200.345.  For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

For information about the types of updates released by Microsoft each month see Windows 11 life cycle and servicing update.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 11 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 94.0.2 Released

       FirefoxMozilla sent Firefox Version 94.0.2 to the release channel today.  

Fixed

  • Improved hangs experienced by users of assistive technology such as NVDA when installing Firefox through the Microsoft Store (bug 1736742)
  • Resolved general instability/crashes on Linux caused by a file descriptor leak when backgrounding tabs using WebGL (bug 1741997)
Changed
  • Updated preference design for Firefox Suggest for improved clarity.

Update To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

Tuesday, November 16, 2021

Windows 10 Version 21H2 Released

 

Although it is being rolled out in stages, Windows 10 Version 21H2 has been released.  It is available to systems running Windows 10 Version 2004 and higher.  

It is particularly important to update Windows 10 Version 2004 as it reaches end of support on December 14, 2021.  Also note the following from the Lifecycle FAQ (which also includes the Windows 10 end of support dates.): 

 "Important

Beginning with Windows 10, version 21H2 (the Windows 10 November 2021 Update), feature updates will be released annually in the second half of the year via the General Availability Channel. Go here to learn more. Microsoft will continue to support at least one Windows 10 release until October 14, 2025."

Update:  To get the update, go to Settings > Update & Security > Windows Update and click the button to "Check for updates".  Because the update is being rolled out stages, users of later versions of Windows 10 may not find the update available yet.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, November 11, 2021

Lest We Forget

 The "eleventh hour of the eleventh day of the eleventh month" of 1918.  Whether you call it Veteran's DayArmistice Day or Remembrance Day, November 11th is a time to put aside politics and pay tribute to all who died for their country.  It is also a perfect time to thank the Veterans in whatever country you live in.

As in previous years, I am republishing a portion of my friend Canuk's last tribute and, once again, adding a special thank you to my friends Mitch the "Phantom Phixer" and Larry, "Ghost".

The comment Canuk posted provides one example of why he was a special person:
"I too "will remember your friends who never had a full life", while thanking you and your comrades who have served with pride, honesty and honour."
LEST WE FORGET




We Shall Keep the Faith by Moira Michael, November 1918
Oh! you who sleep in Flanders Fields, Sleep sweet - to rise anew! We caught the torch you threw And holding high, we keep the Faith With All who died. We cherish, too, the poppy red That grows on fields where valor led; It seems to signal to the skies That blood of heroes never dies, But lends a lustre to the red Of the flower that blooms above the dead In Flanders Fields. And now the Torch and Poppy Red We wear in honor of our dead. Fear not that ye have died for naught; We'll teach the lesson that ye wrought In Flanders Fields. Flags courtesy of3DFlags.com





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Wednesday, November 10, 2021

Pale Moon Version 29.4.2.1 Released

 


Pale Moon

Pale Moon has been updated to version 29.4.2.1.  Both Windows and Linux versions have been published.

This is a small update to address the following:

Autocomplete drop-downs would have incorrect styling, causing issues with custom themes (e.g., resulting in readability issues) and not displaying as intended. 

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, November 09, 2021

Windows 11 Security Update Released

 


Microsoft released security update KB5007215 for the Windows 11 original release, Build 22000.318.

The security update includes quality improvements.  The highlighted changes include the following:
  • Addresses an issue in which certain apps might have unexpected results when rendering some user interface elements or when drawing within the app. You might encounter this issue with apps that use GDI+ and set a zero (0) width pen object on displays with high dots per inch (DPI) or resolution, or if the app is using scaling.
  • If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

    For more information about the resolved security vulnerabilities, please refer to the Security Update Guide website and the November 2021 Security Updates.

IMPORTANT:  Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a preview release (known as a “C” release) for the month of December 2021. There will be a monthly security release (known as a “B” release) for December 2021. Normal monthly servicing for both B and C releases will resume in January 2022.

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

For information about the types of updates released by Microsoft each month see Windows 11 life cycle and servicing update.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 11 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft November 2021 Security Updates

     



The Microsoft November 2021 security updates have been released and consist of 55 CVEs.  Of these CVEs, 6 are rated Critical, and 49 are rated Important severity.  At the time of release, four listed as publicly known and two are listed as under active exploit.

The updates apply to the following long list of products:  3D Viewer, Azure, Azure RTOS, Azure Sphere, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Edge (Chromium-based) in IE Mode, Microsoft Exchange Server, Microsoft Office, Microsoft Office Access, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Office Word, Microsoft Windows, Microsoft Windows Codecs Library, Power BI, Role: Windows Hyper-V, Visual Studio, Visual Studio Code, Windows Active Directory, Windows COM, Windows Core Shell, Windows Cred SSProvider Protocol, Windows Defender, Windows Desktop Bridge, Windows Diagnostic Hub, Windows Fastfat Driver, Windows Feedback Hub, Windows Hello, Windows Installer, Windows Kernel, Windows NTFS, Windows RDP, Windows Scripting, and Windows Virtual Machine Bus.

See the KBs listed at November 2021 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.


Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The November 2021 Security Update Review.

 

Additional Update Notes:

 

References



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...