April 2022 Windows 10 21H2 and 21H1 Non-Security Optional Preview "C" Release

        

Microsoft released KB5011831 (OS Builds 19042.1682, 19043.1682, and 19044.1682), the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 10 versions 21H2 and 21H1.

The highlighted changes include the following:

• Updates an issue that causes Internet Explorer to stop working when you copy and paste text using an Input Method Editor (IME). 

• Updates an issue that displays a black screen for some users when they sign in or sign out.

• Updates an issue that might cause a Microsoft OneDrive file to lose focus after you rename it and press the Enter key.

• Updates an issue that causes the news and interest panel to appear when you haven’t clicked, tapped, or moused over it.

• Updates an issue that prevents you from changing a password that has expired when you sign in to a Windows device. For information about the types of updates released by Microsoft each month see Windows 10 update servicing cadence primer.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Windows 10 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

April 2022 Windows 11 Non-Security Optional Preview "C" Release

   Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11 and other supported versions of Windows.

Following are the highlights for KB5012643 (OS Build 22000.652) for Windows 11: 

• Updates an issue that might cause video subtitles to be partially cut off.

• Updates an issue that incorrectly aligns video subtitles.

• Displays the temperature on top of the weather icon on the taskbar. 

• Updates an issue that prevents you from using the minimize, maximize, and close buttons on a maximized app window.   

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

See the referenced KB article for the long list of improvements and fixes included in the update.

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest LCU.  For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

For information about the types of updates released by Microsoft each month, see Windows 11 life cycle and servicing update.

Windows 11 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

April 2022 Windows 10 Non-Security Optional Preview "C" Release

       

Microsoft released KB5012636 (OS Build 17763.2867), the monthly “C” release preview cumulative update with non-security improvements and fixes for Windows 10, version 1809.

The highlighted changes include non-security issues for your Windows operating system, including improvements for servicing the Secure Boot component of Windows. 

For information about the types of updates released by Microsoft each month see Windows 10 update servicing cadence primer.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Note: You must install the August 10, 2021 SSU (KB5005112) before installing the LCU. 

Windows 10 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Oracle Java SE Security Update Released

   

Oracle released the scheduled security update for its Java SE Runtime Environment software.  This Critical Patch Update contains seven (7) new security patches for Oracle Java SE.  All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 

Update:  If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

Download Information

Java SE Runtime Environment Version 8u331:  https://www.oracle.com/java/technologies/javase-jre8-downloads.html or https://java.com/en/download/manual.jsp.

Notes:

• UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
• Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
• Verify your version:  http://www.java.com/en/download/testjava.jsp.   Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version
• Important:  The Edge browser does not support plug-ins.  In the event you still have a need for Java, it will be necessary to use Firefox or open with Internet Explorer mode (See Microsoft Edge Enhancements for IE Mode).

Critical Patch Updates

For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:

• 19 July 2022
• 18 October 2022
• 17 January 2023
• 18 April 2023

Unwanted "Extras"

Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and publicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, that does not preclude the pre-checked option for some other unnecessary add-on.

Do the following to suppress the sponsor offers:

1. Launch the Windows Start menu
2. Click on Programs
3. Find the Java program listing
4. Click Configure Java to launch the Java Control Panel
5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.

Java Security Recommendations

1)  In the Java Control Panel, at minimum, set the security to high.
2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

References

• Java, The Never-Ending Saga  
• Critical Patch Updates and Security Alerts
• Release Notes
• Oracle Java SE Risk Matrix 
• Oracle Security Blog 

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Windows 10 Version 21H2 Available for Broad Deployment

       

Microsoft has made Windows 10 version 21H2 available for broad deployment. With Windows 10, version 20H2 reaching end of service on May 10, 2022, it is strongly recommended that devices running the Home, Pro, Pro Education, and Pro for Workstations editions update to version 21H2. 

For instructions on how to get the update to version 21H2, see How to get the Windows 10 November 2021 Update.  

In the event your device is fairly new, you should strongly consider upgrading to Windows 11.  Use the PC Health Check App to find out if your device is eligible for the upgrade to Windows 11.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Happy Easter! "Khrystos Voskres!"

"Khrystos Voskres!"
(Christ is Risen!)

"Voistyno Voskres!"
(He is Truly Risen!)

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Acrobat DC and Reader DC Security Updates Released

   

Adobe has released updates for Adobe Acrobat DC and Reader DC for Windows and macOS. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak, security feature bypass and privilege escalation. 

 

Release date: April 12, 2022
Vulnerability identifier: None
Platform: Windows and MacOS

Update or Complete Download

Reader DC and Acrobat DC were updated to version 22.001.20117 for Windows and version 22.001.20112 for Mac.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

• PSIRT
• Release Notes
• Security Bulletin
• System Requirements

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft April 2022 Security Updates

          

The Microsoft April 2022 security updates have been released and consist of 128 CVEs.  Of these CVEs, 10 are rated critical, 115 rated Important and 3 Moderate in severity.  At the time of release, one is listed as publicly known and one is listed as under active exploit.

The security updates apply to the following products, features, and roles: .NET Framework, Active Directory Domain Services, Azure SDK, Azure Site Recovery, LDAP - Lightweight Directory Access Protocol, Microsoft Bluetooth Driver, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Local Security Authority Server (lsasrv), Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Windows ALPC, Microsoft Windows Codecs Library, Microsoft Windows Media Foundation, Power BI, Role: DNS Server, Role: Windows Hyper-V, Skype for Business, Visual Studio, Visual Studio Code, Windows Ancillary Function Driver for WinSock, Windows App Store, Windows AppX Package Manager, Windows Cluster Client Failover, Windows Cluster Shared Volume (CSV), Windows Common Log File System Driver, Windows Defender, Windows DWM Core Library, Windows Endpoint Configuration Manager, Windows Fax Compose Form, Windows Feedback Hub, Windows File Explorer, Windows File Server, Windows Installer, Windows iSCSI Target Service, Windows Kerberos, Windows Kernel, Windows Local Security Authority Subsystem Service, Windows Media, Windows Network File System, Windows PowerShell, Windows Print Spooler Components, Windows RDP, Windows Remote Procedure Call Runtime, Windows schannel, Windows SMB, Windows Telephony Server, Windows Upgrade Assistant, Windows User Profile Service, Windows Win32K, Windows Work Folder Service, and YARP reverse proxy.

See the KBs listed at the bottom of the page at April 2022 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The April 2022 Security Update Review.

 

Additional Update Notes:

• MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool. 
• Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
  
• Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows 10 Home and Pro - Microsoft Lifecycle | Microsoft Docs and Windows 11 Home and Pro (Version 21H2) - Microsoft Lifecycle | Microsoft Docs.
• Windows Update History:
• Windows 11
• Windows 10
• Windows 8.1

 

References

• Security Update FAQ
• Security Updates Guide

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

 

Mozilla Firefox Version 99.0.1 Released

        Mozilla sent Firefox Version 99.0.1 to the release channel today.  

Fixed

• Fixed an issue for Windows users that prevented hardware video decoding on newer Intel drivers (bug 1762125)
• Fixed an issue with text rendering in Bengali (bug 1763368)
• Fixed a selection issue in the Download panel with drag and drop (bug 1762723)
• Fixed an issue preventing Zoom gallery mode for users who go to zoom.us URLs instead of subdomain.zoom.us URLs (bug 1762723)
• Fixed an issue preventing Zoom gallery mode for users who go to zoom.us URLs instead of subdomain.zoom.us URLs (bug 1763801)
  

Release Notes
Rapid Release Calendar

Pale Moon Version 29.4.6 Released with Security Updates

        

Pale Moon has been updated to version 29.4.6.  This is a security and bugfix update. 

Linux versions will follow shortly.

Changes/fixes:

• Fixed a potential crash issue on bing.com.
• Updated NSS to 3.52.4 to address security issues.
• Fixed some thread locking issues. DiD
• Worked around a Mesa driver bug that could cause crashes.
• Fixed a potential resource access issue in devtools. DiD
• Security issues with CVEs addressed: CVE-2022-1097, CVE-2022-28285 (DiD) and CVE-2022-28283 (DiD).
• UXP Mozilla security patch summary: 1 fixed, 5 DiD, 2 rejected, 23 not applicable.

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft Edge Enhancements for IE Mode

 With the retirement of the Internet Explorer 11 desktop application set for June 15, 2022, Microsoft Edge continues to make enhancements for IE Mode.  The latest enhancements include restoration of IE COM objects to original functionality and bidirectional sharing of cookies between IE Mode and Microsoft Edge.

With IE 11's retirement just over two months away, if you haven't enabled IE Mode on your Windows 10 device (or Windows 11) now is the time to do so.  Follow the simple steps below from Microsoft Support:

1. In the address bar for Microsoft Edge, type edge://settings/defaultbrowser and then click Enter.
2. Slide the Allow sites to be reloaded in Internet Explorer toggle to Allow.
3. Restart Microsoft Edge.

Internet Explorer mode is now enabled.  To view a website using Internet Explorer mode in Microsoft Edge, use the following steps.

  1. Navigate to the website you want to view in Internet Explorer mode.
  2. Click the three dots in the upper right corner of the browser window.
  3. Select Reload in Internet Explorer Mode.

To return to browsing without Internet Explorer mode, either click Leave on the information bar at the top of the screen or close the current tab and open a new tab in Microsoft Edge.

*Note: Since the instructions were written on the Microsoft Support website, Microsoft Edge has been updated.  Thus, contrary to what is shown there as "ON", the correction option is to toggle the switch to "Allow".

References

• ​With 3 months left before IE retirement, new enhancements arrive in Microsoft Edge for IE mode
• ​Internet Explorer mode in Microsoft Edge

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 99.0 Released with Security Updates

           Mozilla sent Firefox Version 99.0 to the release channel today.  The update includes eleven security updates of which three (3) are rated high, five (5) moderate and three (3) are rated low.

Firefox ESR was updated to Version 91.8.

 

High

#

• CVE-2022-1097: Use-after-free in NSSToken objects
• CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions
• CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8

Moderate

#

• CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument
• CVE-2022-28283: Missing security checks for fetching sourceMapURL
• CVE-2022-28284: Script could be executed via svg's use element
• CVE-2022-28285: Incorrect AliasSet used in JIT Codegen
• CVE-2022-28288: Memory safety bugs fixed in Firefox 99

Low

#

• CVE-2022-28286: iframe contents could be rendered outside the border
• CVE-2022-28287: Text Selection could crash Firefox
• CVE-2022-24713: Denial of Service via complex regular expressions

New 

• You can now toggle Narrate in ReaderMode with the keyboard shortcut "n."  
• You can find added support for search—with or without diacritics—in the PDF viewer.
• The Linux sandbox has been strengthened: processes exposed to web content no longer have access to the X Window system (X11).
• Firefox now supports credit card autofill and capture in Germany and France.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar