June 2022 Windows 10 Version 19042 Non-Security Optional Preview "C" Release

 

Microsoft released KB5014666 (OS Builds 19042.1806, 19043.1806, and 19044.1806), optional “C” release preview cumulative updates with non-security improvements and fixes for Windows 10 version 21H2 and 21H1.

The following are the highlights included in the update:

• Addresses an issue that prevents the Pashto language from appearing in the language list.
• Addresses an issue that affects the touchpad area that responds to a right-click (the right-click zone). 
• Addresses a known issue that might prevent you from using the Wi-Fi hotspot feature.

No additional improvements or fixes were included in the update.  However, for those still on Windows 10 version 21H1, see How to get the Windows 10 May 2021 Update.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 102.0 Released with Security Updates

              Mozilla sent Firefox Version 102.0 to the release channel today.  The update includes eighteen security updates of which four (4) are rated high, ten (10) moderate and four (4) are rated low.

Firefox ESR was updated to Version 91.11.

Note: While Bug 1771084 does not represent a specific vulnerability that was fixed, we recommend anyone rebasing patches to include it. 102 branch: Patch 1 and 2. 91 Branch: Patch 1 and 2 (Despite saying Parts 2 and 3, there is no Part 1)

High

• #CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content

• #CVE-2022-34470: Use-after-free in nsSHistory

• #CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI

• #CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11

Moderate

• #CVE-2022-34482: Drag and drop of malicious image could have led to malicious executable and potential code execution

• #CVE-2022-34483: Drag and drop of malicious image could have led to malicious executable and potential code execution

• #CVE-2022-34476: ASN.1 parser could have been tricked into accepting malformed ASN.1

• #CVE-2022-34481: Potential integer overflow in ReplaceElementsAt

• #CVE-2022-34474: Sandboxed iframes could redirect to external schemes

• #CVE-2022-34469: TLS certificate errors on HSTS-protected domains could be bypassed by the user on Firefox for Android

• #CVE-2022-34471: Compromised server could trick a browser into an addon downgrade

• #CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked

• #CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt

• #CVE-2022-2200: Undesired attributes could be set as part of prototype pollution

Low

• #CVE-2022-34480: Free of uninitialized pointer in lg_init

• #CVE-2022-34477: MediaError message property leaked information on cross-origin same-site pages

• #CVE-2022-34475: HTML Sanitizer could have been bypassed via same-origin script via use tags
• #CVE-2022-34473: HTML Sanitizer could have been bypassed via use tags

New

• Tired of too many windows crowding your screen? You can now disable automatic opening of the download panel every time a new download starts. Read more.
• Firefox now mitigates query parameter tracking when navigating sites in ETP strict mode.
• Subtitles and captions for Picture-in-Picture (PiP) are now available at HBO Max, Funimation, Dailymotion, Tubi, Disney+ Hotstar, and SonyLIV. This allows you to view video in a small window pinned to a corner of the screen while navigating between apps or browsing content on the main screen.

Fixed

• When using a screen reader on Windows, pressing enter to activate an element no longer fails or clicks the wrong element and/or another application window. For those blind or with very limited vision, this technology reads out loud what is on the screen, and users can adapt them to their needs (now, on our platform, without errors).

Changed

• Improved security by moving audio decoding into a separate process with stricter sandboxing, thus improving process isolation.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

June 2022 Windows 11 Non-Security Optional Preview "C" Release

     Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11.

Following are the highlights for KB5014668 (OS Build 22000.778) for Windows 11: 

• New! Introducing search highlights.
• Addresses an issue that causes certain games to stop working if they use certain audio technology to play sound effects
• Changes the name of the Your Phone app to Phone Link on the Settings page.
• Addresses an issue that causes the Microsoft Surface Dial customization settings page to stop working.

See the referenced KB article for the long list of improvements and fixes included in the update.

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest LCU.  For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

For information about the types of updates released by Microsoft each month, see Windows 11 life cycle and servicing update.

Windows 11 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

June 2022 Windows 10 Version 1809 Non-Security Optional Preview "C" Release

     Microsoft released KB5014669 (OS Build 17763.3113), optional “C” release preview cumulative updates with non-security improvements and fixes for Windows 10 version 1809.

The following are the highlights included in the update:

• Addresses an issue that causes Windows to stop working and generates error code 0x3B.
• Addresses an issue that causes file copying to be slower. 

See the referenced KB article for the list of improvements and fixes included in the update.

Prerequisite: You must install the August 10, 2021 SSU (KB5005112) before installing the LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Out-of-Band Update for Windows 10 and Windows 11 Arm-based Devices

Microsoft released KB5016139 for Windows 10 Arm-based devices and KB5016138 for Windows 11 Arm-based devices.  

The updates address a known issue that only affects Windows Arm-based devices.  The issue might prevent signing in using Azure Active Directory (AAD). Apps and services that use AAD to sign in, such as VPN connections, Microsoft Teams, and Microsoft Outlook, might also be affected. 

Important: This issue only affects Windows devices that use Arm processors. No other platforms will receive this out-of-band (OOB) update. This OOB update is cumulative. If you are using updates released before June 14, 2022, we recommend that you install this OOB update instead of the June 14, 2022 security update.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website here for Windows 10 and here for Windows 11.

Windows Update History:

• Windows 11
• Windows 10

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Acrobat DC and Reader DC Updates Released

    

Adobe has released updates for Adobe Acrobat DC and Reader DC for Windows and macOS. 

This release provides various new features for end users described in the New features summary. 

 

Release date: June 14, 2022
Vulnerability identifier: None
Platform: Windows and MacOS

Bug fixes

3D

• 4327229: 3D rendering speed is degraded for large 3D drawings with Protected Mode ON
• 4324133: PM prevents 3D PDF rendering hardware acceleration with NVidia graphics

Accessibility

• 4311218: Spaces are added in Header Cell IDs when Auto Generate Header Cell ID is used
• 4354090: Acrobat crashes on opening pdf on 64 bit installer with NVDA enabled

Actions

• 4362074: Acrobat Crashes while using Action

Export PDF

• 4295421: Export PDF to XLSX - Scanned searchable PDF table is not detected

PDFMaker

• 4345055: Link in slides are not working after converting PPT to PDF

Viewer

• 4355866: Embed File Attachment in PDF(64bit) does not work

Update or Complete Download

Reader DC and Acrobat DC were updated to version 22.001.20142 for Windows and version 22.001.20112 for Mac.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

• PSIRT
• Release Notes
• Security Bulletin
• System Requirements

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft June 2022 Security Updates

            

The Microsoft June 2022 security updates have been released and consist of 55 CVEs.  Of these CVEs, 3 are rated critical, 51 rated important and 1 moderate in severity.  At the time of release, none are listed as publicly known and under active exploit or publicly known.

The security updates apply to the following products, features, and roles: .NET and Visual Studio, Azure OMI, Azure Real Time Operating System, Azure Service Fabric Container, Intel, Microsoft Edge (Chromium-based), Microsoft Office, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Windows ALPC, Microsoft Windows Codecs Library, Remote Volume Shadow Copy Service (RVSS) Role: Windows Hyper-V, SQL Server, Windows Ancillary Function Driver for WinSock, Windows App Store, Windows Autopilot, Windows Container Isolation FS Filter Driver, Windows Container Manager Service, Windows Defender, Windows Encrypting File System (EFS), Windows File History Service, Windows Installer, Windows iSCSI, Windows Kerberos, Windows Kernel, Windows LDAP - Lightweight Directory Access Protocol, Windows Local Security Authority Subsystem Service, Windows Media, Windows Network Address Translation (NAT), Windows Network File System, Windows PowerShell, and Windows SMB.

See the KBs listed at the bottom of the page at June 2022 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.

Important Notes: 

The Internet Explorer 11 desktop application will be retired and go out of support June 15, 2022.  See the steps at Microsoft Support to enable IE Mod on your Windows 10 or Windows 11 device. 

Windows 10 Versions 1909 and 20H2 have reached the end of service and will no longer receive updates.  The most current version of Windows 10 is 21H2. 

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The June 2022 Security Update Review.

 

Additional Update Notes:

• MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool. 
• Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
  
• Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows 10 Home and Pro - Microsoft Lifecycle | Microsoft Docs and Windows 11 Home and Pro (Version 21H2) - Microsoft Lifecycle | Microsoft Docs.
• Windows Update History:
• Windows 11
• Windows 10
• Windows 8.1

 

References

• Security Update FAQ
• Security Updates Guide

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

 

Mozilla Firefox Version 101.0.1 Released

         Mozilla sent Firefox Version 101.0.1 to the release channel today.  

Fixed

• Fixed Firefox clearing the clipboard when closing on macOS (bug 1771823)
• Fixed a compatibility issue causing severely impaired functionality with win32k lockdown enabled on some Windows systems (bug 1769845)
• Fixed context menus not appearing when right-clicking Picture-in-Picture windows on some Linux systems (bug 1771914)
• Various stability fixes

Release Notes

Rapid Release Calendar

Pale Moon Version 31.1.0 Released with Security Updates

          

Pale Moon has been updated to version 31.1.0.  This is a major development update, focusing on media support, browser stability, performance and web compatibility.

Linux versions will be released with a little delay due to the need for a last-minute rebuild.

Additional information about the update is available in the Release Notes under the heading, "Implementation/build notes".

Changes/Fixes:

• Added Mojeek as an additional search engine in the browser. See implementation notes.
  
• Implemented "nullish coalescing operator" (thanks, FranklinDM!) for web compatibility.
  
• Fixed various crash scenarios in XPCOM.
• Fixed an important stability and performance issue related to hardware acceleration.
• Fixed a long-standing issue where overly-long address bar tooltips wouldn't break into multiple lines but instead cut off on the right side.
• Fixed a long-standing issue where dynamic datalist updates for <select> and similar elements wouldn't properly update the option list.
• Disabled broken links to MDN articles in developer tools.
• Updated media support to include support for libavcodec 59/FFmpeg 5.0 for MP4 playback on Linux (thanks, Travis!)
  
• Enabled the date picker for <input type=date>. See implementation notes.
• Re-enabled the use of FIPS mode for NSS. See implementation notes.
• Improved memory handling and memory safety in the JavaScript engine, further reducing current and future crash scenarios.
• Improved memory handling in the graphics subsystem of Goanna.
• Updated FFvpx to v4.2.7
  
• Slightly reduced strictness of media checking for improved compatibility with questionable "gif" video encoders used on major websites.
• Cleaned up the way file pickers (file open/save/save as dialogs) are handled on Windows.
• Restored the gMultiProcessBrowser property of the browser for Firefox extension compatibility. See implementation notes.
  
• Improved the way data is transferred to and from canvases to prevent memory safety issues.
• Updated NSS to 3.52.6 to address security issues.
• Reduced blocking severity for some extensions that were marked hard blockers for GRE (but aren't for UXP).
• Security issues addressed: CVE-2022-31739, CVE-2022-31741, and other security issues that do not have a CVE number.
• UXP Mozilla security patch summary: 2 fixed, 1 DiD, 26 not applicable.

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Windows 10 Version 21H2 Non-Security Optional Preview Release Update

    Microsoft released KB5014023 (OS Builds 19042.1741, 19043.1741, and 19044.1741), optional “C” release preview cumulative updates with non-security improvements and fixes for Windows 10 version 21H2.

The following are the highlights included in the update:

• Addresses a rare issue that prevents Microsoft Excel or Microsoft Outlook from opening.
• Addresses an issue that affects the IE mode window frame. 
• Addresses an issue that prevents internet shortcuts from updating.
• Addresses an issue that causes an Input Method Editor (IME) to discard a character if you enter the character while the IME is converting previous text.
• Addresses an issue that causes file copying to be slower.
• Addresses a known issue that affects certain GPUs and might cause apps to close unexpectedly or cause intermittent issues that affect some apps that use Direct3D 9.

See the referenced KB article for the list of improvements and fixes included in the update.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...