Tuesday, October 26, 2021

Windows October 2021 Release Preview Update for Versions 2004, 20H2, and 21H1

Microsoft released KB5006738, the monthly “C” release preview cumulative update with non-security improvements and fixes for Windows 10 Versions 2004, 20H2 and 21H1.  

IMPORTANT: Starting in October 2021, there will no longer be non-security releases (known as "C" releases) for Windows 10, version 1909. Only cumulative monthly security updates (known as the "B" or Update Tuesday release) will continue for Windows 10, version 1909.

The highlighted changes include the following:
  • Updates an issue an issue that might prevent subtitles from displaying for certain video apps and streaming video sites.
  • Updates an issue that that prevents Kana input mode users from inserting a question mark (?) using the Shift-0 key combination.
  • Updates an issue that sometimes causes your lock screen background to appear black if you have set up a slideshow of pictures as your lock screen background.  

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

For information about the types of updates released by Microsoft each month see Windows 10 update servicing cadence primer.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, October 21, 2021

Windows 11 Optional Preview Cumulative Update


Microsoft released KB5006746, the monthly “C” release preview cumulative update with non-security improvements and fixes for the Windows 11 original release, Build 22000.282.

The highlighted changes include the following:
  • Updates an issue that causes Internet Explorer to stop working when you type certain characters in the Input Method Editor (IME).
  • Updates an issue that occurs when you try to rename a file in File Explorer using the new Japanese IME.
  • Updates an issue that might distort the sound captured by voice assistants. 
  • Updates an issue that sometimes causes your lock screen background to appear black if you have set up a slideshow of pictures as your lock screen background. 
  • Updates an issue that might cause your Bluetooth mice and keyboards to respond slower than expected.  
  • Improves the time estimate for how long you might wait to use your device after it restarts.
  • Updates an issue that might prevent you from using the Xbox Game Bar recording features.
  • Updates an issue that causes some applications to run slower than usual after you upgrade to Windows 11 (original release).
  • Updates an issue that prevents Narrator and other screen readers from announcing when the Start menu is open in certain cases.
  • Updates an issue in that prevents the search window from appearing on a secondary monitor.
  • Updates an issue that prevents you from opening multiple instances of an app using Shift and clicking on the app’s icon in the taskbar.
  • Updates the visual design and animations of the Chat icon on the taskbar.
  • Updates an issue for a small number of users that prevents the Start menu from working and prevents you from seeing the updated taskbar after upgrading to Windows 11 (original release).

See the referenced KB article for the long list of improvements and fixes included in the update.

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

For information about the types of updates released by Microsoft each month see Windows 11 life cycle and servicing update.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 11 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 19, 2021

Oracle Java SE Security Update Released

 

java



Oracle released the scheduled security update for its Java SE Runtime Environment software.  
This Critical Patch Update contains fifteen (15) new security patches for Oracle Java SE.  Thirteen (13) of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 

Update

If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

Download Information

Java SE Runtime Environment Version 8u311:  https://www.oracle.com/java/technologies/javase-jre8-downloads.html or https://java.com/en/download/manual.jsp.

Notes:

  • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
  • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
  • Verify your version:  http://www.java.com/en/download/testjava.jsp  Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version
  • Important:  The Edge browser does not support plug-ins.  In the event you still have a need for Java, it will be necessary to use Firefox or open with Internet Explorer by selecting the "More Actions" option located at the top of the Edge browser and then click "Open with Internet Explorer.  (See Windows 10 and Java.)

Critical Patch Updates

For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
  • 18 January 2022
  • 19 April 2022
  • 19 July 2022
  • 18 October 2022

Unwanted "Extras"

Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and publicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

Do the following to suppress the sponsor offers:
  1. Launch the Windows Start menu
  2. Click on Programs
  3. Find the Java program listing
  4. Click Configure Java to launch the Java Control Panel
  5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
  6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
Java suppress sponsor offers

Java Security Recommendations

1)  In the Java Control Panel, at minimum, set the security to high.
2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.
3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 12, 2021

Adobe Acrobat DC and Reader DC Security Updates Released

    

Adobe
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. 
 
Release date:  October 12, 2021
Vulnerability identifier: APSB21-104
Platform: Windows and MacOS

Update or Complete Download

Reader DC and Acrobat DC were updated to version 21.007.20099.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References
Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft October 2021 Security Updates

    



The Microsoft October 2021 security updates have been released and consist of 71 CVEs.  Of these CVEs, 2 are rated Critical, 68 are rated Important, and 1 Low in severity.  


For new Windows 11 adapters, note that the update today includes the first "Update Tuesday" update.

The updates apply to the following long list of products:  .NET Core & Visual Studio, Active Directory Federation Services, Console Window Host, HTTP.sys, Microsoft DWM Core Library, Microsoft Dynamics, Microsoft Dynamics 365 Sales, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Intune, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft Office Word, Microsoft Windows Codecs Library, Rich Text Edit Control, Role: DNS Server, Role: Windows Active Directory Server, Role: Windows AD FS Server, Role: Windows Hyper-V, System Center, Visual Studio, Windows AppContainer, Windows AppX Deployment Service, Windows Bind Filter Driver, Windows Cloud Files Mini Filter Driver, Windows Common Log File System Driver, Windows Desktop Bridge, Windows DirectX, Windows Event Tracing, Windows exFAT File System, Windows Fastfat Driver, Windows Installer, Windows Kernel, Windows MSHTML Platform, Windows Nearby Sharing, Windows Network Address Translation (NAT), Windows Print Spooler Components, Windows Remote Procedure Call Runtime, Windows Storage Spaces Controller, Windows TCP/IP, Windows Text Shaping, and Windows Win32K.

See the KBs listed at October 2021 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.


Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The October 2021 Security Update Review.

 

Additional Update Notes:

 

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...




 

Tuesday, October 05, 2021

Mozilla Firefox Version 93.0 Released with Security Updates

     FirefoxMozilla sent Firefox Version 93.0 to the release channel today.  The update includes seven security updates of which four (4) are rated high and three (3) are rated moderate.

Firefox ESR was updated to Version 78.15.


High


Moderate


New

  • Firefox now supports the new AVIF image format, which is based on the modern and royalty free AV1 video codec. It offers significant bandwidth savings for sites compared to existing image formats. It also supports transparency and other advanced features.
  • Firefox PDF viewer now supports filling more forms (XFA-based forms, used by multiple governments and banks). Learn more.
  • When available system memory is critically low, Firefox on Windows will automatically unload tabs based on their last access time, memory usage, and other attributes. This should help reduce Firefox out-of-memory crashes. Switching to an unloaded tab automatically reloads it.
  • To prevent session loss for macOS users who are running Firefox from a mounted .dmg file, they’ll now be prompted to finish installation. This permission prompt only appears the first time these users run Firefox on their computer.
  • Firefox now blocks downloads that rely on insecure connections, protecting against potentially malicious or unsafe downloads. Learn more and see where to find downloads in Firefox.
  • Improved web compatibility for privacy protections with SmartBlock 3.0. Learn more
  • Introducing a new referrer tracking protection in Strict Tracking Protection and Private Browsing. Learn more

Fixed

  • The VoiceOver screen reader now correctly reports checkable items in accessible tree controls as checked or unchecked.
  • The Orca screen reader now works correctly with Firefox, no longer requiring users to switch to another application after starting Firefox.\
  • Various security fixes

Changed

  • TLS ciphersuites that use 3DES have been disabled. Such ciphersuites can only be enabled when deprecated versions of TLS are also enabled. Learn more.
  • The download panel now follows the Firefox visual styles.
Update To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.