Windows 10 Non-Security Release Preview Cumulative Update

  

Microsoft released KB5005611, the monthly “C” release preview cumulative update with non-security improvements and fixes for Windows 10 Versions 21H1, 20H2, and 2004.  

IMPORTANT: Starting in October 2021, there will no longer be non-security releases (known as "C" releases) for Windows 10, version 1909. Only cumulative monthly security updates (known as the "B" or Update Tuesday release) will continue for Windows 10, version 1909.

The highlighted changes include the following:

• Updates an issue that causes News and interests to appear when you right-click the taskbar even if you have turned off that feature on your device.
• Updates an issue that causes blurry News and interests icons when you use certain screen resolutions.
• Updates an issue that causes the system clock to be wrong by one hour after a daylight saving time (DST) change.  
• Updates an issue that prevents you from providing input to apps when the taskbar is not at the bottom of the screen. 

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

For information about the types of updates released by Microsoft each month see Windows 10 update servicing cadence primer.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Acrobat DC and Adobe Reader DC Optional Hotfix

  

Adobe released an optional hotfix for Adobe Acrobat DC and Adobe Reader DC for Windows that addresses important bug fixes for vulnerabilities described in the corresponding security bulletins of Reader and Acrobat.

Release date:  September 29, 2021
Vulnerability identifier: None
Platform: Windows and Macintosh

Bug fixes

Accessibility

• 4341633: Outline box is not visible in Custom Area selection on using Reading Order tool

Adobe Sign

• 4341599: Unable to type @ symbol in Add Signer dialog in Request Signature workflow with localized keyboard

Editing

• 4341451: [Windows only] Selection border does not show up while selecting objects during marquee selection

Installer

• 4341424: Acrobat/Reader starts repair window when launched from shortcut icon or on opening FDF/XDP/XFDF files

PDFMaker

• 4341762: Alt-text of figures is not getting captured and appearing gibberish post conversion to pdf

Rendering

• 4341347: Out of Memory error while scrolling through page thumbnails
• 4341548: Lag was observed while using Marquee Zoom tool on Mac

Viewer

• 4341639: On Mac, black marker is not visible on dragging-dropping in Left Side Panels
• 4341271: Menu Bar appears truncated on extended monitor

Update or Complete Download

Reader DC and Acrobat DC were updated to version 21.007.20095 for Windows and 21.007.2009x for Macintosh. 

Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

• PSIRT
• Release Notes
• Security Bulletin
• System Requirements

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 92.0.1 Released

   Mozilla sent Firefox Version 92.0.1 to the release channel.

Fixed

• Fixes an issue where audio playback was not working on some Linux systems (bug 1730499)

• Fixes issues with the findbar close button on different operating systems (bug 1728368)

Update 

To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar
  
  

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft September 2021 Security Updates

   

The Microsoft September 2021 security updates have been released and consist of 66 CVEs.  Of these CVEs, 3 are rated Critical, 62 are rated Important, and 1 Moderate in severity.  

One bug is listed as publicly known but is not being exploited at this time.

The updates apply to the following long list of products:  Azure Open Management Infrastructure, Azure Sphere, Dynamics Business Central Control, Microsoft Accessibility Insights for Android, Microsoft Edge (Chromium-based), Microsoft Edge for Android, Microsoft MPEG-2 Video Extension, Microsoft Office, Microsoft Office Access, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft Office Word, Microsoft Windows Codecs Library, Microsoft Windows DNS, Visual Studio, Windows Ancillary Function Driver for WinSock, Windows Authenticode, Windows Bind Filter Driver, Windows BitLocker, Windows Common Log File System Driver, Windows Event Tracing, Windows Installer, Windows Kernel, Windows Key Storage Provider, Windows MSHTML Platform, Windows Print Spooler Components, Windows Redirected Drive Buffering, Windows Scripting, Windows SMB, Windows Storage, Windows Subsystem for Linux, Windows TDX.sys, Windows Update, Windows Win32K, Windows WLAN Auto Config Service, and Windows WLAN Service.

See the KBs listed at September 2021 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The September 2021 Security Update Review.

 

Additional Update Notes:

• MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool.
• Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
  
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Windows Update History:
• Windows 10
• Windows 8.1

 

References

• Security Update FAQ
• Security Updates Guide

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

 

Adobe Acrobat DC and Reader DC Security Updates Released

   

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. 

 

Release date:  August 14, 2021
Vulnerability identifier: APSB21-55
Platform: Windows and MacOS

Update or Complete Download

Reader DC and Acrobat DC were updated to version 21.007.20091.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

• PSIRT
• Release Notes
• Security Bulletin
• System Requirements

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 29.4.1 Released With Security Updates

  

Pale Moon has been updated to version 29.4.1.  This is a security update.  Linux versions will follow shortly.

Changes/fixes:

• Fixed potential crashes. DiD
• Fixed a potential indirect exploit of Microsoft Internet Explorer. (CVE-2021-38492)
• Unified XUL Platform Mozilla Security Patch Summary: 1 fixed, 2 DiD, 8 not applicable.

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 92.0 Released With Security Updates

    Mozilla sent Firefox Version 92.0 to the release channel today.  The update includes five security updates of which three (3) are rated high and two (2) are rated moderate.

Firefox ESR was updated to Version 78.14.

High

• CVE-2021-29993: Handling custom intents could lead to crashes and UI spoofs

• CVE-2021-38493: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1

• CVE-2021-38494: Memory safety bugs fixed in Firefox 92

Moderate

• CVE-2021-38491: Mixed-Content-Blocking was unable to check opaque origins

• CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer

New

• More secure connections: Firefox can now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc headers.
• Full-range color levels are now supported for video playback on many systems.
• Mac users can now access the macOS share options from the Firefox File menu.
• Support for images containing ICC v4 profiles is enabled on macOS.

Fixed

• Firefox performance with screen readers and other accessibility tools is no longer severely degraded if Mozilla Thunderbird is installed or updated after Firefox.
• macOS VoiceOver now correctly reports buttons and links marked as ‘expanded’ using the aria-expanded attribute.
• An open alert in a tab no longer causes performance issues in other tabs using the same process.
 
Changed

• The bookmark toolbar menus on macOS now follow Firefox visual styles.
• Certificate error pages have been redesigned for a better user experience.
Continuing work to restructure Firefox’s JavaScript memory management to be more performant and use less memory.

Update 

To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar

Windows 10 Optional Preview Cumulative Update

 

Microsoft released KB5005101, the monthly “C” release preview cumulative update with non-security improvements and fixes for Windows 10 Versions 21H1, 20H2, and 2004.  The highlighted changes include the following:

• Updates a rare condition that causes Bluetooth headsets to only work for voice calls.

• Updates an issue that provides the wrong Furigana result when you cancel the Japanese reconversion.

• Updates an issue that resets syncing for Microsoft OneDrive to “Known folders only” after you install a Windows update.

• Updates an issue that prevents audio headsets that connect to a device using USB from working if the device has certain third-party audio drivers.

• Updates an issue with resizing images that might produce flickering and residual line artifacts.

• Updates an issue that prevents you from typing any words in the username box during the out-of-box experience (OOBE) process. This issue occurs when you use the Chinese Input Method Editor (IME).

• Updates an issue with copying and pasting a text box into Office 365 apps. If you use an IME, you won’t be able to insert text into the text box.

• Updates an issue that might cause your device to stop working when making a touch input gesture. This issue occurs if you bring more fingers into contact with the touchpad or screen during the middle of the gesture.

• Updates an issue that might cause an external monitor to display a black screen after Hibernation. This issue might occur when the external monitor connects to a docking station using a certain hardware interface.

• Updates an issue that resets the brightness for standard dynamic range (SDR) content on high-dynamic range (HDR) monitors. This occurs after you restart your device or reconnect to the device remotely. 

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

For information about the types of updates released by Microsoft each month see Windows 10 update servicing cadence primer.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...