Tuesday, May 31, 2022

Mozilla Firefox Version 101.0 Released with Security Updates

             FirefoxMozilla sent Firefox Version 101.0 to the release channel today.  The update includes eleven security updates of which seven (7) are rated high, four (4) moderate and one (1) are rated low.

Firefox ESR was updated to Version 91.10.

High

 Moderate

Low

New

  • Reading is now easier with the prefers-contrast media query, which allows sites to detect if the user has requested that web content is presented with a higher (or lower) contrast.

  • It’s your choice! All non-configured MIME types can now be assigned a custom action upon download completion.

  • Firefox now allows users to use as many microphones as you want, at the same time, during video conferencing. The most exciting benefit is that you can easily switch your microphones at any time (if your conferencing service provider enables this flexibility).

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

Posted by No comments:
Labels: , , , ,

Monday, May 30, 2022

Memorial Day: Remembering Those Who Gave Their All

 



Vietnam Memorial Wall
April 30, 2005
Photograph by Luigi Masu

In honor of those who gave their all in the service of their country. 


Memorial Day History


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by No comments:
Labels:

Tuesday, May 24, 2022

May 2022 Windows 11 Non-Security Optional Preview "C" Release

    Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11.

Following are the highlights for KB5014019 (OS Build 22000.708) for Windows 11: 

  • Updates an issue that might cause video subtitles to be partially cut off.

  • Updates an issue that incorrectly aligns video subtitles.

  • Displays the temperature on top of the weather icon on the taskbar. 

  • Updates an issue that prevents you from using the minimize, maximize, and close buttons on a maximized app window.  

See the referenced KB article for the long list of improvements and fixes included in the update.

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest LCU.  For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

For information about the types of updates released by Microsoft each month, see Windows 11 life cycle and servicing update.

Windows 11 update history


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Posted by No comments:
Labels: , ,

May 2022 Windows 10 Version 1809 Non-Security Optional Preview "C" Release

  


Microsoft released KB5014022 (OS Build 17763.2989), the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 10 version 1809.

The improvements include the following:

  • Addresses an issue that might run an AnyCPU application as a 32-bit process.

  • Addresses an issue that affects remote procedure calls (RPC) to the Win32_User or Win32_Group WMI class. The domain member that runs the RPC contacts the primary domain controller (PDC). When multiple RPCs occur simultaneously on many domain members, this might overwhelm the PDC.

  • Addresses an issue that occurs when adding a trusted user, group, or computer that has a one-way trust in place. The error message, “The object selected doesn't match the type of destination source” appears.

  • Addresses a known issue that might cause Windows server computers to log event ID 40 in the System event log whenever you update or refresh a Group Policy on a server or client. The event Description is, ”The event logging service encountered an error when attempting to apply one or more policy settings.”

  • Addresses a memory leak issue that affects Windows systems that are in use 24 hours each day of the week.

  • Addresses an issue that causes print failures when a low integrity level (LowIL) application prints to a null port.

  • Addresses an issue that might cause the Remote Desktop client application to stop working when you end a session.

  • Addresses an issue that might cause camera redirection to fail over Remote Desktop Protocol (RDP) in Remote Desktop (RD), Azure Virtual Desktop (formerly Windows Virtual Desktop) and Microsoft Defender Application Guard scenarios.

  • Addresses an issue that prevents Azure Desired State Configuration (DSC) scenarios that have multiple partial configurations from working as expected.

  • Addresses an issue that fails to display the Application Counters section in the performance reports of the Performance Monitor tool.

  • Addresses an issue that prevents BitLocker from encrypting when you use the silent encryption option.

  • Addresses a reliability issue in the Terminal Services Gateway (TS Gateway) service that randomly causes clients to disconnect.

  • Addresses an issue in which the Cluster Windows Management Instrumentation (WMI) provider (ClustWMI.dll) generates high CPU usage in WMIPRVSE.EXE.

  • Addresses an issue that might cause a system to stop responding when a user signs out if Microsoft OneDrive is in use.

  • Addresses a known issue that might prevent recovery discs (CD or DVD) from starting if you created them using the Backup and Restore (Windows 7) app in Control Panel. This issue occurs after installing Windows updates released January 11, 2022 or later.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Note: You must install the August 10, 2021 SSU (KB5005112) before installing the LCU. 

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Posted by No comments:
Labels: , ,

Friday, May 20, 2022

Out-of-Band Windows 10 Update

         


Microsoft released out-of-band (OOB) KB5015020 (OS Builds 19042.1708, 19043.1703, and 19044.1708) for Windows 10 versions 21H2, 21H1, and 20H2.

The update addresses an issue that might prevent you from installing Microsoft Store apps.

If your device does not have the May 11, 2021 (KB5003173) or later LCU, you must install the special standalone August 10, 2021 SSU (KB5005260) before installing this update.  For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.


Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Posted by No comments:
Labels: , ,

Mozilla Firefox Version 100.0.2 Released with Critical Security Update

 FirefoxMozilla sent Firefox Version 100.0.2 to the release channel today.  The update includes two critical security updates.  Firefox ESR was updated to 91.9.1 and Firefox for Android was updated to 100.3.

  • Critical

Release Notes
Rapid Release Calendar

Posted by No comments:
Labels: , , ,

Monday, May 16, 2022

Mozilla Firefox Version 100.0.1 Released

         FirefoxMozilla sent Firefox Version 100.0.1 to the release channel today.  

Fixed

·        Fixed an issue with subtitles in Picture-in-Picture mode while using Netflix (bug 1768818)

·        Fixed an issue where some commands were unavailable in the Picture-in-Picture window (bug 1768201)

Changed

·        Firefox's security sandbox now blocks access to the Win32k APIs for Content Processes on Windows (bug 1767999)

Release Notes
Rapid Release Calendar

Posted by No comments:
Labels: , ,

Tuesday, May 10, 2022

Microsoft May 2022 Security Updates

           

The Microsoft May 2022 security updates have been released and consist of 74 CVEs.  Of these CVEs, 7 are rated critical, 65 rated important and 1 low in severity.  At the time of release, one is listed as publicly known and under active exploit and two others are publicly known.

The security updates apply to the following products, features, and roles: .NET and Visual Studio, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Local Security Authority Server (lsasrv), Microsoft Office, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Windows ALPC, Remote Desktop Client, Role: Windows Fax Service, Role: Windows Hyper-V, Self-hosted Integration Runtime, Tablet Windows User Interface, Visual Studio, Visual Studio Code, Windows Active Directory, Windows Address Book, Windows Authentication Methods, Windows BitLocker, Windows Cluster Shared Volume (CSV), Windows Failover Cluster Automation Server, Windows Kerberos, Windows Kernel, Windows LDAP - Lightweight Directory Access Protocol, Windows Media, Windows Network File System, Windows NTFS, Windows Point-to-Point Tunneling Protocol, Windows Print Spooler Components, Windows Push Notifications, Windows Remote Access Connection Manager, Windows Remote Desktop, Windows Remote Procedure Call Runtime, Windows Server Service, Windows Storage Spaces Controller, and Windows WLAN Auto Config Service.

See the KBs listed at the bottom of the page at May 2022 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.

Important Note: Windows 10 Versions 1909 and 20H2 have reached the end of service and will no longer receive updates.  The most current version of Windows 10 is 21H2. 

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The May 2022 Security Update Review.

 

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



 

Posted by No comments:
Labels: , , ,

Pale Moon Version 31.0.0 Released with Security Updates

         

Pale Moon

Pale Moon has been updated to version 31.0.0.  This is a milestone release following the recall of version 30.  From the Release Notes:

Most important changes in this milestone:

  • We're once again accepting the installation of legacy Firefox extensions alongside our own Pale Moon exclusive extensions. As always, please note that using extensions for an old version of a different browser is entirely at your own risk and we obviously cannot and will not provide much (if any) support for their use. Firefox extensions will be indicated with an orange dot in the Add-ons Manager in the browser. This will include the converted extensions for the few of you who are coming from recalled versions with -fxguid suffixes.
  • Implemented "optional chaining" (thanks, FranklinDM!).
  • Implemented setBaseAndExtent for text selections.
  • Implemented queueMicroTask() "pseudo-promise" callbacks.
  • Implemented accepting unit-less values for rootMargin in Intersection observers for web compatibility, making it act more like CSS margin as one would expect.
  • Improvements to CSS grid and flexbox rendering and display following spec changes and improving web compatibility.
  • Improved performance of parallel web workers in JavaScript.
  • Improved display of cursive scripts (on Windows). Good-bye Comic Sans!
  • Updated various in-tree libraries.
  • Added support for extended VPx codec strings in media delivery via MSE (RFC-6381).
  • Fixed a long-time regression where the browser would no longer honor old-style body and iframe body margins when indicated in the HTML tags directly instead of CSS. This improves compatibility with particularly old and/or archived websites.
  • Fixed several crashes and stability issues.
  • Added a licensing screen to the Windows installer to clarify the browser's licensing. In other installations, you may find this licensing statement in the added license.txt file in the browser installation location.
  • Removed all Google SafeBrowsing/URLClassifier service code.
  • Restored Mac OS X code and buildability in the platform.
  • Removed the non-standard ArchiveReader DOM API that was only ever a prototype implementation.
  • Removed most of the last vestiges of the invasive Mozilla Telemetry code from the platform. This potentially improves performance on some systems.
  • Removed leftover Electrolysis controls that could sometimes trick parts of the browser into starting in a (very broken) multi-process mode due to some plumbing for it still being present, if users would try to force the issue with preferences. Obviously, this was a footgun for power users.
  • Removed more Android/Fennec code (on-going effort to clean up our code).
  • Removed the Marionette automated testing framework.
  • Security issues addressed: CVE-2022-29915, CVE-2022-29911, and several issues that do not have a CVE number.
  • UXP Mozilla security patch summary: 4 fixed, 1 DiD, 19 not applicable**.

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by No comments:
Labels: , , ,

Tuesday, May 03, 2022

Mozilla Firefox Version 100.0 Released with Security Updates

            FirefoxMozilla sent Firefox Version 100.0 to the release channel today.  The update includes eleven security updates of which six (6) are rated high, two (2) moderate and one (1) are rated low.

Firefox ESR was updated to Version 91.9.

High

New

  • We now support captions/subtitles display on YouTube, Prime Video, and Netflix videos you watch in Picture-in-Picture. Just turn on the subtitles on the in-page video player, and they will appear in PiP.

  • Picture-in-Picture now also supports video captions on websites that use WebVTT (Web Video Text Track) format, like Coursera.org, Canadian Broadcasting Corporation, and many more.

  • On the first run after install, Firefox detects when its language does not match the operating system language and offers the user a choice between the two languages.

  • Firefox spell checking now checks spelling in multiple languages. To enable additional languages, select them in the text field’s context menu.

  • HDR video is now supported in Firefox on Mac—starting with YouTube! Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy higher-fidelity video content. No need to manually flip any preferences to turn HDR video support on—just make sure battery preferences are NOT set to “optimize video streaming while on battery”.

  • Hardware accelerated AV1 video decoding is enabled on Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce 30). Installing the AV1 Video Extension from the Microsoft Store may also be required.

  • Video overlay is enabled on Windows for Intel GPUs, reducing power usage during video playback.

  • Improved fairness between painting and handling other events. This noticeably improves the performance of the folume slider on Twitch.

  • Scrollbars on Linux and Windows 11 won't take space by default. On Linux, users can change this in Settings. On Windows, Firefox follows the system setting (System Settings > Accessibility > Visual Effects > Always show scrollbars).

  • Firefox now supports credit card autofill and capture in the United Kingdom.

  • Firefox now ignores less restricted referrer policies—including unsafe-url, no-referrer-when-downgrade, and origin-when-cross-origin—for cross-site subresource/iframe requests to prevent privacy leaks from the referrer.

Fixed

  • Users can now choose preferred color schemes for websites. Theme authors can now make better decisions about which color scheme Firefox uses for menus. Web content appearance can now be changed in Settings.

  • Beginning in this release, the Firefox installer for Windows is signed with a SHA-256 digest, rather than SHA-1. Update KB4474419 is required for successful installation on a computer running Microsoft Windows 7. 

  • In macOS 11+ we now only rasterize the fonts once per window. This means that opening a new tab is fast, and switching tabs in the same window is also fast. (There's still work to do to share fonts across windows, or to reduce the time it takes to initialize these fonts.)

  • The performance of deeply-nested display: grid elements is greatly improved.

  • Support for profiling multiple java threads has been added.

  • Soft-reloading a web page will no longer cause revalidation for all resources.

  • Non-vsync tasks are given more time to run, which improves behavior on Google docs and Twitch.

  • Geckoview APIs have been added to control the start/stop time of capturing a profile.

Changed

  • Firefox has a new focus indicator for links which replaces the old dotted outline with a solid blue outline. This change unifies the focus indicators across form fields and links, which makes it easier to identify the focused link, especially for users with low vision.

  • New users can now set Firefox as the default PDF handler when setting Firefox as their default browser.

  • Some websites might not work correctly in Firefox version 100 due to Firefox's new three-digit number. 

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

Posted by No comments:
Labels: , , , ,

Monday, May 02, 2022

Oracle Java SE Bugfix Update Released

    

java



Oracle released a patch to its previously released Java SE Runtime Environment Version 8u331.  This is a bugfix update and does not include any security patches.

Update:  If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

Download Information

Java SE Runtime Environment Version 8u331, Patch 8u333: https://www.oracle.com/java/technologies/javase-jre8-downloads.html or https://java.com/en/download/manual.jsp.

Notes:

  • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
  • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
  • Verify your version:  http://www.java.com/en/download/testjava.jsp  Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version
  • Important:  The Edge browser does not support plug-ins.  In the event you still have a need for Java, it will be necessary to use Firefox or open with Internet Explorer mode (See Microsoft Edge Enhancements for IE Mode).

Critical Patch Updates

For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
  • 19 July 2022
  • 18 October 2022
  • 17 January 2023
  • 18 April 2023

Unwanted "Extras"

Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and publicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, that does not preclude the pre-checked option for some other unnecessary add-on.

Do the following to suppress the sponsor offers:
  1. Launch the Windows Start menu
  2. Click on Programs
  3. Find the Java program listing
  4. Click Configure Java to launch the Java Control Panel
  5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
  6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
Java suppress sponsor offers

Java Security Recommendations

1)  In the Java Control Panel, at minimum, set the security to high.
2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.
3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Posted by No comments:
Labels: ,
Subscribe to: Posts (Atom)