Tuesday, November 29, 2022

November 2022 Windows 11 Non-Security Optional Preview "C" Release

 Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11.

Following are the highlights for KB5020044 (OS Build 22621.900) for Windows 11: 

  • Gives Microsoft OneDrive subscribers storage alerts on the Systems page in the Settings app. The alerts appear when you are close to your storage limit.
  • Provides the full amount of the storage capacity of all your OneDrive subscriptions. It also displays the total storage on the Accounts page in the Settings app.
  • Combines Windows Spotlight with Themes on the Personalization page. This makes it easier for you to discover and turn on the Windows Spotlight feature.
  • Addresses a known issue that affects the Input Method Editor (IME). Certain applications might stop responding. This occurs when you use keyboard shortcuts to change the input mode of the IME.
  • Addresses an issue that causes File Explorer to stop working. This occurs when you close context menus and menu items.

IMPORTANT: There will be no preview, non-security releases for Windows 10 or Windows 11 during the month of December. Preview releases normally target the third week of the month. There will be a December security update release, as usual.

For information about the types of updates released by Microsoft each month, see Windows 11 life cycle and servicing update.

Update: To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Mozilla Firefox Version 107.0.1 Released

 

Mozilla sent Firefox Version 107.0.1 to the Release Channel today with bug fixes.

Fixed

  • Fixed an issue with accessing some sites reliably in Private Browsing mode or Strict ETP due to anti-adblockers (bug 1717806).

  • Fixed an issue where Color Management was not available for some users (bug 1799391).

  • Fixed an issue with text overlapping in the Settings Menu for some locales (bug 1800379).

  • Fixed an incompatibility with the new Windows 11 22H2 Suggested Actions feature resulting in hangs when copying phone number links (bug 1798098).

  • Fixed an issue where the DevTools UI is not accessible when an alert dialog is displayed (bug 1801840).

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 31.4.1 Released

 Pale Moon

Pale Moon has been updated to version 31.4.1.  This is a bugfix release.

Changes/fixes:

  • Fixed wrong color of decoded JPEG-XL images.
  • Fixed an issue with plugins not receiving keypress events properly.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Tuesday, November 22, 2022

Windows 10 Version 22H2 Ready for Broad Deployment

 Announced by the Windows Health Dashboard:

"The Windows 10, version 22H2 feature update is entering its final rollout phase and is now designated for broad deployment. As part of the broad deployment phase, Microsoft is offering this update to an expanded set of eligible devices running Windows 10, version 20H2 and later versions.
If you have an eligible device, you can install this feature update by opening Windows Update Settings and selecting Check for updates. Once the update is ready for your device, you will see the option to Download and install

Devices currently on Windows 10, version 20H2 or newer will have a fast installation experience because this feature update will install like a monthly update. For more information on how to install Windows 10, version 22H2, read this blog post. If you want to explore moving to Windows 11, see How to get the Windows 11 2022 Update."

Windows 10 22H2 can be updated from versions 20H2, 21H1, and 21H2. 

Note: Windows 10 Version 20H2 reached the end of service on August 9, 2022 and the December 13,2022 security update will mark the end of service for Windows 10, version 21H1.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 31.4.0 Released with Security Updates

 Pale Moon

Pale Moon has been updated to version 31.4.0.  This is a major development and security update adding JPEG-XL image support and more.

Changes/Fixes:

  • Added support for the JPEG-XL image format.
  • Implemented regular expressions lookaround/lookbehind.
  • Aligned CORS header parsing with the updated spec. See implementation notes.
  • We no longer fire keypress events for non-printable keys. See implementation notes.
  • Added support for MacOS 13 "Ventura" in the platform, primarily benefitting White Star.
  • Fixed potentially problematic thread locking code on *nix platforms.
  • Fixed some small issues in the display and operation of the Web Developer tools.
  • Removed unused but performance-impacting panning and tab animation measuring code. (telemetry leftovers)
  • Improved code for SunOS builds.
  • Updated Internationalization data for time zones.
  • Fixed a buffer overflow for Mac builds.
  • Security issues addressed: CVE-2022-45411 and potential issues without a CVE number.
  • UXP Mozilla security patch summary: 2 fixed, 1 DiD, 1 deferred, 25 not applicable.

Implementation Notes:

  • CORS support has been updated to the current spec. Most importantly, Pale Moon now accepts wildcard entries ("*") for the CORS statements Access-Control-Expose-HeadersAccess-Control-Allow-Headers and Access-Control-Allow-Method. Note that wildcards are ignored (according to the spec) when credentials are passed.
  • Pale Moon will no longer fire the keypress events in content when the key pressed is a non-printable key. This is in response to issues where webmasters would use rudimentary and naïve input-restricting scripts in onkeypress handlers that would not take into account editing keys or navigation keys, causing issues for users trying to enter data into forms (and e.g. finding they could no longer use backspace, cursor keys or tab). This aligns our behavior with other browsers for web compatibility, although it should be considered a website error expecting not all keypresses to be intercepted in keypress events.

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, November 17, 2022

Optional Adobe Acrobat/Reader Hotfix Update

 

Adobe
Adobe has released an optional Adobe Acrobat/Reader hotfix patch for Windows that addresses important bugfixes.

Fixes

Annotations

  • 4380497, 4380498, 4380675: Highlight over an image is not correct after latest October update
  • 4371252: Acrobat 64 bit is crashing on opening a PDF with Annotations

Combine

  • 4381721: Performance latency in combining pdf files

Installer

  • 4381203: Error 2251.”Database: Transform: Cannot delete row that does not exist. Table: Registry” on applying October patch.
  • 4383854: Error 150201 while extracting Reader installer

Outlook Send

  • 4380275: Outlook crashing when Document cloud plug in enabled

Viewer

  • 4381197: Raise without handler Error is shown post October release
Update or Complete Download

Reader DC and Acrobat DC were updated to version 22.003.20282 for Windows and version 22.003.20281 for Mac. Reader DC and other versions are available here: https://get.adobe.com/reader/


NoteUNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


Release Notes

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, November 15, 2022

November 2022 Windows 11 Non-Security Optional Preview "C" Release

 


Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11, Version 21H1.  The preview update for Windows 11, version 22H2, will be available in the near term.

Following are the highlights for KB5019157 (OS Build 22000.1281) for Windows 11, 21h1:

  • It addresses some persistent update failures for the Microsoft Store.

  • It addresses an issue that affects pinned apps on the Start menu. The Start menu stops working when you move between pages of pinned apps. This issue occurs when the language is a right to left (RTL) language.

  • It addresses an issue that affects daylight saving time (DST) in the Republic of Fiji. It cancels DST for 2022.

See the referenced KB article for the long list of improvements included in the update.

For information about the types of updates released by Microsoft each month, see Windows 11 life cycle and servicing update.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

November 2022 Windows 10 Non-Security Optional Preview "C" Release

 Microsoft released KB5020030 for all editions of Windows 10 20H2, 21H1, 21H2, and 22H2 (OS Builds 19042.2311, 19043.2311, 19044.2311, and 19044.2311) optional “C” release preview cumulative updates with non-security improvements and fixes.

The following are the highlighted changes included in the update:
  • New! The search box now appears, by default, on the taskbar when the taskbar is at the top of your screen or when you turn on small taskbar button mode. You can use the search box to discover information and search your PC and the web directly from your taskbar. To configure how search appears, right-click the taskbar of your primary monitor and hover over Search. For more information, see Learn more about search.

  • It addresses some persistent update failures for the Microsoft Store.

  • It addresses an issue that affects certain printers. The print outputs are misaligned.

  • It addresses an issue that affects daylight saving time (DST) in the Republic of Fiji. It cancels DST for 2022.

See the referenced KB Article for prerequisites and the additional improvements and fixes included in the update for each edition.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 107.0 Released with Security Updates

 FirefoxMozilla sent Firefox Version 107.0 to the release channel today.  The update includes seven security updates of which eight (8) are rated high, nine (9) moderate, and two (2) rated low.

Firefox ESR was updated to Version 102.5.


High


#CVE-2022-45403: Service Workers might have learned size of cross-origin media files

#CVE-2022-45404: Fullscreen notification bypass

#CVE-2022-45405: Use-after-free in InputStream implementation

#CVE-2022-45406: Use-after-free of a JavaScript Realm

#CVE-2022-45407: Loading fonts on workers was not thread-safe

#CVE-2022-45408: Fullscreen notification bypass via windowName

#CVE-2022-45409: Use-after-free in Garbage Collection

#CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5


Moderate


#CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy

#CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers

#CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers

#CVE-2022-45413: SameSite=Strict cookies could have been sent cross-site via intent URLs

#CVE-2022-40674: Use-after-free vulnerability in expat

#CVE-2022-45415: Downloaded file may have been saved with malicious extension

#CVE-2022-45416: Keystroke Side-Channel Leakage

#CVE-2022-45417: Service Workers in Private Browsing Mode may have been written to disk

#CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI


Low


#CVE-2022-45419: Deleting a security exception did not take effect immediately

#CVE-2022-45420: Iframe contents could be rendered outside the iframe

New

  • Improved the performance of the instance when Microsoft's IME and Defender retrieve the URL of a focused document in Windows 11 version 22H2.
  • Power profiling — visualizing performance data recorded from web browsers — is now also supported on Linux and Mac with Intel CPUs, in addition to Windows 11 and Apple Silicon.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, November 08, 2022

Microsoft November 2022 Security Updates

 

The Microsoft November 2022 security updates have been released and consist of 64 new CVEs.  Of these CVEs, 9 are rated critical and 52 rated important in severity.  At the time of release, one is listed as publicly known and six as being in the wild.

The security updates apply to the following products, features, and roles: NET Framework, AMD CPU Branch, Azure. Azure Real Time Operating System, Linux Kernel, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Office Word, Network Policy Server (NPS), Open Source Software, Role: Windows Hyper-V, SysInternals, Visual Studio, Windows Advanced Local Procedure Call, Windows ALPC, Windows Bind Filter Driver, Windows BitLocker, Windows CNG Key Isolation Service, Windows Devices Human Interface, Windows Digital Media, Windows DWM Core Library, Windows Extensible File Allocation, Windows Group Policy Preference Client, Windows HTTP.sys, Windows Kerberos, Windows Mark of the Web (MOTW), Windows Netlogon, Windows Network Address Translation (NAT), Windows ODBC Driver, Windows Overlay Filter, Windows Point-to-Point Tunneling Protocol, Windows Print Spooler Components, Windows Resilient File System (ReFS), Windows Scripting, and Windows Win32K.

See the list of KBs at the bottom of the page at November 2022 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. 

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The November 2022 Security Update Review.

 

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Saturday, November 05, 2022

Mozilla Firefox Version 106.0.5 Released

 

Mozilla sent Firefox Version 106.0.5 to the Release Channel today with another bug fix.

Fixed

  • Addresses a crash experienced by users with Intel Gemini Lake CPUs.

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, November 04, 2022

Windows 10 Out-of-Band Update Released to Fix OneDrive Issue

 

 
Microsoft released out-of-band KB5020953 (OS Builds 19042.2194, 19043.2194, and 19044.2194) to fix a Microsoft OneDrive issue that results in Microsoft OneDrive stopping to work. 

The issue occurs after the device has been unlinked, syncing was turned off or signing out of the account.

The update is not available in the Windows Update Release Channel. Window 10 22H2 users who are experiencing this issue will need to manually install the update as the standalone package is only available in the Microsoft Update Catalog website.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, November 03, 2022

Mozilla Firefox Version 106.0.4 Released with Updates

 

Mozilla sent Firefox Version 106.0.4 to the Release Channel today with more bug fixes.

Fixed

  • Fixed an issue with DRM Video playback (bug 1797292).

  • Fixed broken layout of datetime input when switching types (bug 1797139).

  • Fixed a crash experienced by some users during media playback (bug 1792115).

Release Notes



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, November 01, 2022

Pale Moon Version 31.3.1 Released with Security Updates

 Pale Moon

Pale Moon has been updated to version 31.3.1.  This is a security and compatibility update.

Changes/Fixes:

  • Added detection suport for the newly-released MacOS 13 (Ventura).
  • Fixed a potential heap Use-After-Free risk in Expat. (CVE-2022-40674) DiD
  • Fixed potentially undefined behavior in our thread locking code. DiD
  • Fixed a potentially exploitable crash in the refresh driver.
  • Fixed potentially undefined behavior when base-64 decoding. DiD
  • Implemented a texture size cap for WebGL to prevent potential issues with some graphics drivers. DiD
  • Updated site-specific overrides to address issues with ZoHo.
  • UXP Mozilla security patch summary: 1 fixed, 2 DiD, 6 not applicable.

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle