Saturday, February 27, 2021

Adobe Acrobat and Reader Optional Hotfix Released

Adobe
Adobe released a third optional hotfix this month, this release for both Adobe Acrobat and Adobe Reader for Windows and macOS that addresses important bug fixes.

Release date:  February 25, 2020
Vulnerability identifier: None
Platform: Windows and MacOS

Bug fixes

Sandbox

  • 4312515: Not able to render and switch out from PV in Portfolio files and blank page is rendered.

Rendering

  • 4323682: Acrobat DC disappears upon opening files with comments.

PDF Shell

  • 4324435: PDF thumbnails are not getting generated after the latest update in Reader DC.

PDFL

  • 4324516: Acrobat is not able to launch if 3rd party tools “PDFLib TET Plugin” is placed

JavaScript

  • 4324590: app.thermometer produces error when it’s value is updated

Security-Signatures

  • 4324697: Crash on Opening a particular Signed PDF

PDF Optimizer

  • 4325421: Win: Acrobat Standard - Reduce File Size option not being displayed under File menu

Update

Reader DC was updated to version 21.001.20142.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

 
Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References




Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Wednesday, February 24, 2021

Microsoft Optional Cumulative Update For Windows 10 Versions 2004 and 20H2


Microsoft released KB4601382 as an optional preview cumulative update with non-security improvements and fixes for Windows 10 Versions 2004 and 20H2.

From the KB Article:

"NEW 2/24/21
IMPORTANT As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft’s plans, see Update on Adobe Flash Player End of Support."

 There is a long list of changes that can be viewed in the KB article.  Of note, however, is this key change:

"Windows 10 servicing stack update - 19041.841 and 19042.841 

  • This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates."

To download and install the update, go to Settings -> Update and Security ->  Windows Update and select Check for updates. The standalone package is available in the Microsoft Update Catalog.

For information about the the types of updates released by Microsoft each month see Windows 10 update servicing cadence primer.

Windows 10 update history


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, February 23, 2021

Mozilla Firefox Version 86.0 Released With Security Updates

Firefox

Mozilla sent Firefox Version 86.0 to the release channel today.  The update includes ten security updates of which five (5) are rated high, two (2) moderate and three (3) rated low.

 

Firefox ESR was updated to Version 78.8.

High

Moderate

Low

New

Fixed

  • Reader mode now works with local HTML pages.

  • Using screen reader quick navigation to move to editable text controls no longer incorrectly reaches non-editable cells in some grids such as on messenger.com.

  • The Orca screen reader's mouse review feature now works correctly after switching tabs in Firefox.

  • Screen readers no longer report column headers incorrectly in tables containing cells spanning multiple columns.

  • Links in Reader View now have more color contrast.


Changed

  • On Linux and Android, the protection to mitigate the stack clash attack has been activated.

  • From Firefox 86 onward, DTLS 1.0 is no longer supported for establishing WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from now on as the minimum version.

  • Consolidated all video decoding in the new RDD process which results in a more secure Firefox.

References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Reader Optional Hotfix Released

Adobe
Adobe has released an optional hotfix for Adobe Reader for Windows and macOS that addresses an important bug fix.

Release date:  February 22, 2020
Vulnerability identifier: None
Platform: Windows and MacOS

Bug fixes

Security-Signatures

  • 4324888: An error message is incorrectly displayed and associated with a valid digital signature.

Update

Reader DC was updated to version 21.001.20140.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

 
Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References




Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Wednesday, February 17, 2021

Microsoft "C" Release Preview Cumulative Update for Windows 10 Versions 1909 and 1809


Microsoft released the monthly “C” release preview update cumulative update with non-security improvements and fixes yesterday for Windows 10 Versions 1909 and 1809. 

Both sets of updates have a long list of key changes which can be viewed in the KB article.  Note, however, if you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.  To download and install the update, go to Settings -> Update and Security ->  Windows Update and select Check for updates. The standalone packages are as follows:

KB4601380:  Windows Versions 1909 and 1809 (Builds 18363.1411 and 17763.1790

For information about the the types of updates released by Microsoft each month see Windows 10 update servicing cadence primer.

Windows 10 update history

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Acrobat and Reader Optional Hotfix Released


AdobeAdobe has released an optional hotfix for Adobe Acrobat and Reader for Windows and macOS that addresses some important bug fixes.

Release date:  February 15, 2021
Vulnerability identifier: None
Platform: Windows and MacOS

Bug fixes:

Viewer

  • 4324395: An error comes up on opening PDFs in Reader when trying to open from OneDrive’s Personal Vault Folder

Sandbox

  • 4324448: Unable to Save PDF file to Citrix ShareFile drive
  • 4324392: Unable to save digitally signed PDF to Box drive when “Enable Protected Mode at startup (Preview)” is enabled

Browser

  • 4324403: Error “PDF browser plugin is missing, reinstall the application” shown on opening PDF in browser
  • 4324403: Hang on connecting to Global Protect tool with error “PDF browser plugin is missing, reinstall the application” shown in background

Printing

  • 4324342: “Choose Paper source by PDF page size” checkbox is not working while Protected Mode is enabled

Search

  • 4323902: Acrobat is not able to load associated index with a PDF file

Installer

  • 4323851: Getting Error 1722 while installing 32-bit Reader or on applying latest Reader patch

Fill & Sign

  • 4324424: Reader: Nothing happens on clicking “Save a copy” button after adding a signature through Fill and Sign on a Reader extended document

Editing

  • 4324400: Cell content from Excel app is getting copied as image to the Edit app

Update or Complete Download

Reader DC and Acrobat DC were updated to version 21.001.20138.

 Update checks can be manually activated by choosing Help/Check for Updates. 

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, February 11, 2021

Out-of-Band Update Released for Windows 10 Version 1909



Microsoft has released Out-of-Band update KB5001028* addressing an issue that affects a small number of devices with Windows 10, version 1909 and Windows Server, version 1909. 

The issue affects devices with Wi-Fi connections using WPA3 (Wi-Fi Protected Access 3) which installed KB4598298, released on January 21, 2021 or KB4601315, released on February 9, 2021. 

You will receive this update automatically and do not need to take any further action if you have automatic updates enabled. It is a cumulative update and supersedes all previous updates for Windows 10, version 1909.  The update is also available via the Microsoft Update Catalog.

 * Note:  As indicated in Windows message center, "Release notes associated with this update might publish with a delay after the update is available for download.

Windows Update History


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, February 09, 2021

Microsoft February 2021 Security Updates



The Microsoft February 2021 security updates have been released and consist of 56 CVEsOf these 56 CVEs, 11 are rated Critical, 43 are rated Important, and two are rated Moderate in severity.  One bug (CVE-2021-1732) is known to be actively exploited and six other bugs are listed as being publicly known at the time of release. 


The updates apply to the following
productsMicrosoft Windows components, .NET Framework, Azure IoT, Azure Kubernetes Service, Microsoft Edge for Android, Exchange Server, Office and Office Services and Web Apps, Skype for Business and Lync, and Windows Defender.

If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.  For information about Servicing Stack updates see Servicing Stack Updates (SSU).

The KBs listed below contain information about known issues with the security updates.  

KB Article

Applies To

4493194

SharePoint Server 2019

4493195

SharePoint Enterprise Server 2016

4493210

SharePoint Foundation 2013

4493223

SharePoint Foundation 2010

4571787

Exchange Server 2019

4600944

Security and Quality Rollup for .NET Framework 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1

4600945

Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2

4600957

Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012

4601048

Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1, RT 8.1, and Windows Server 2012 R2

4601050

Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 2004, Windows Server, version 2004, Windows 10, version 20H2, and Windows Server, version 20H2

4601051

Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016

4601052

Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703

4601054

Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803

4601055

Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019

4601056

Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1909, and Windows Server, version 1909

4601057

Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012

4601058

Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2

4601060

Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server, version 2019

4601315

Windows 10, Version 1909, Windows Server, Version 1909

4601318

Windows 10, Version 1607, Windows Server 2016

4601319

Windows 10, version 2004

4601345

Windows 10, Version 1809, Windows Server 2019

4601347

Windows 7, Windows Server 2008 R2 (Monthly Rollup)

4601348

Windows Server 2012 (Monthly Rollup)

4601349

Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)

4601357

Windows Server 2012 (Security-only update)

4601360

Windows Server 2008 (Monthly Rollup)

4601363

Windows 7, Windows Server 2008 R2 (Security-only update)

4601366

Windows Server 2008 (Security-only update)

4601384

Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)

4601887

Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019

4602269

Exchange Server 2019, Exchange Server 2016

4603002

Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1

4603003

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012

4603004

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2

4603005

Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2

 Recommended Reading 

See Dustin Childs review and analysis in Zero Day Initiative -- The February 2021 Security Update Review.

For more information about the updates released today, see the Security Update Guide.

REMINDER:  Adobe Flash Player is out of support.  For more information, see Adobe Flash end of support on December 31, 2020. Flash content is blocked from running in Flash Player today, January 12, 2021. For more information, see Adobe Flash Player EOL General Information Page.

Additional Update Notes:

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...





Adobe Acrobat DC and Reader DC Security Updates Released

Adobe
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. 
 
Important note:  Adobe has received a report that CVE-2021-21017 has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.

Release date:  February 9, 2020
Vulnerability identifier: APSB21-09
Platform: Windows and MacOS

Update or Complete Download

Reader DC and Acrobat DC were updated to version 21.001.20135.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates. 
Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References




Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Mozilla Firefox Version 85.0.2 Released

Firefox

Mozilla sent Firefox Version 85.0.2 to the release channel today.  The update fixes the two-month old "freeze on startup" bug.

 

Fixed:


References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, February 05, 2021

Pale Moon Version 29.0.1 Released With Security Update


Pale Moon

Pale Moon has been updated to version 29.0.1.   This release is a security and stability update.

Changes/fixes:
  • Fixed a browser crash when manipulating frame trees.
  • Fixed an issue with depth textures in ANGLE.
  • Updated the SSOAU for YouTube Studio.
  • Security issue addressed: ZDI-CAN-12197.

  Pale Moon includes both 32- and 64-bit versions for Windows:

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Mozilla Firefox Version 85.0.1 Released With Security Update

Firefox

Mozilla sent Firefox Version 85.0.1 to the release channel today.  The update includes one (1) critical security update.

 

Firefox ESR was updated to Version 78.7.1.

Critical:

New
 

  • Prevent access to NTFS special paths that could lead to filesystem corruption.
  • Fixed a crash when authenticating to websites using SPNEGO on macOS devices with Apple Silicon CPUs (bug 1685427).
  • Avoid printing an extra blank page at the end of some documents (bug 1689789).
  • Fixed a browser crash in case of unexpected Cache API state (bug 1684838).
  • FIxed external URL scheme handlers when using the Firefox flatpak (bug 1688966)

References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, February 03, 2021

Microsoft Cumulative Update for Windows 10 Versions 2004 and 20H2


Microsoft released the monthly “C” release preview update cumulative update with non-security improvements and fixes yesterday for Windows 10 Versions 2004 and 20H2. 

Both sets of updates have a long list of key changes which can be viewed in the KB articles.  Note, however, if you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.  To download and install the update, go to Settings -> Update and Security ->  Windows Update and select Check for updates. The standalone packages are as follows:

KB4598291:  Windows Versions 2004 and 20H2 (Builds 19041.789 and 19042.789) 


Windows 10 update history

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, February 02, 2021

Pale Moon Version 29.0 Released


Pale Moon

Pale Moon has been updated to version 29.0.   This release continues to build on further improvements and enhancements in the platform and additions to the browser, as well as a large number of bug fixes.

Linux versions (now also including GTK3 builds) will follow shortly.

New additions:

  • Implemented Intl.PluralRules API for JavaScript.
  • Added a frequently-requested preference (browser.tabs.allowTabDetach) to disable "tearing off" of tabs (meaning dragging them outside of the tab bar resulting in them being made into their own window).
  • Added FLAC as a recognized filetype-by-extension.
  • Implemented basic support for the scrollbar-width CSS keyword. See implementation notes.
  • Added preliminary support for modern FreeBSD builds.
  • Selectively enabled core features of the DOM Animations API.
  • Enabled AV1 video support by default (previously built but not enabled in releases).
  • Added support for pointer events.
  • Added support for the SVG transform-box property.
  • Added support for the inputmode property for forms to enable context-sensitive display of soft keyboards.
  • Enabled shutting down of the file I/O worker when idle for a while (resource optimization).
  • Enabled blocking of auto-play of media in the background by default.
  • We now offer official GTK3 builds for Linux alongside the GTK2 builds.
  • Partial (and as of yet, not acceptably functional) implementation of Google WebComponents. See implementation notes.
Changes/fixes:
  • Updated NSPR to 4.29.
  • Updated NSS to 3.59.
  • Disabled legacy database format for storage of certificates and passwords. See implementation notes.
  • Updated several site-specific user-agent overrides for web compatibility.
  • Improved styling of the "find in page" bar to avoid unreadable text on some system themes.
  • Removed a large chunk of Android-specific code.
  • Split gkmedias.dll back out from xul.dll.
  • Cleaned up a number of redundant and obsolete code paths.
  • Fixed a regression with the Performance API.
  • Fixed an initialization issue in the browser when users would force-disable certain types of caching.
  • Fixed a crash when attempting to save a file from FTP that could be displayed in the browser.
  • Fixed the root cause of an issue with JavaScript module loading causing crashes. See implementation notes.
  • Fixed a rare initialization issue for the print preview window causing it to not display.
  • Fixed a crash on Mac when text input was not secure.
  • Disabled the Storage Manager API by default.
  • Disabled the <menuitem> html tag by default. If you still need this, you can re-enable it with the preference dom.menuitem.enabled in about:config.
  • Fixed a memory safety issue related to XUL trees (CVE-2021-23962).
  • Implemented several defense-in-depth measures to improve stability and future security.
  • Unified XUL Platform Mozilla Security Patch Summary: 1 fixed, 6 DiD, 1 already implemented, 1 deferred to the next release, 24 not applicable.
Implementation notes:
  • We've implemented basic support for the scrollbar-width CSS keyword. The most important setting used with increasing frequency on the web is scrollbar-width: none effectively disabling scrollbars while not affecting overflow behavior when content would overflow its designated space (normally that would result in scrollbars being added to access the hidden content). This support for none is complete. A different setting for this keyword is thin. While this is implemented, it is currently reliant on the underlying system theme for widgets on various operating systems and (especially on Linux) may have little or no effect depending on the widget theme you are using, resulting in standard-sized scrollbars (the same as auto, the default for this keyword).
  • The legacy database format for storing security certificates and passwords (dbm, a Berkeley-derived format) is no longer built and as a result the browser will no longer be able to convert the old format (cert8.db and key3.db) to the current format which is SQL-based. Please see our document on profile migration for pointers on upgrading very old profiles that have not had this migration occur yet.
  • We tracked down (thanks, jarman!) the issue that had us forced to disable the inlining of code optimization in our JIT compiler for JavaScript (IonMonkey) in our previous version by default, to prevent crashes with module scripts (see release notes of 28.17.0). As a result we've been able to reclaim our temporary loss in performance of the browser while solving the crashes caused by this optimization.
  • We've implemented a good chunk of Google WebComponents (CustomElements and Shadow DOM). The incomplete code is behind a preference (dom.webcomponents.enabled) and it is strongly suggested you do not touch it unless you plan on helping us implement the remainder of this fundamentally-web-altering spec. Please do not expect that this preference is a magic wand to make Google and it's puppy sites suddenly work in "modern" (mind the quotes) ways or without help (e.g. polyfills). While we've ticked a lot of the boxes already for a working implementation, this specification is kind of special in that it is all-or-nothing because it is not an extension or evolution of existing technology, but rather an attempt at redefining how websites work and are structured (with plenty of critical feedback because of that) at the most fundamental level.

  Pale Moon includes both 32- and 64-bit versions for Windows:

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...