Saturday, December 24, 2022

Merry Christmas, Khristos Razhdayetsya


Many people are unaware that the true origin of "Carol of the Bells" (Shchedryk), one of my favorite Christmas songs, is Ukrainian.  It was composed by Ukrainian composer Mykola Leontovych in 1904.  (See The Unknown Ukrainian Carol that everyone knows for additional information.)  

Following through with the Ukrainian theme, below is a video I created ten years ago with the old "Windows Movie Maker" which was a part of the Windows Essentials 2012 suite.  The video includes examples of some of the traditional foods that are part of the Ukrainian Christmas Eve celebration.  They were part of our family tradition when my husband, born in Lviv, Ukraine was alive.

 

Warmest holiday wishes to family, friends, fellow Windows Insider MVPs (#WIMVP) #WindowsInsiders, and Security Garden subscribers. May you enjoy the spirit of Christmas every day of the coming year.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Tuesday, December 20, 2022

Pale Moon Version 31.4.2 Released with Security Updates

 Pale Moon

Pale Moon has been updated to version 31.4.2.  This is a bugfix and security update.

Changes/Fixes:

  • Fixed JPEG-XL's transparency display for images with an alpha channel.
  • Temporarily removed regex lookbehind to stop crashes occurring on 32-bit builds of the browser.
  • Added some extra sanity checks to our zip/jar/xpi reader to avoid issues with corrupt archives.
  • Aligned cookie checks with RFC 6265 bis. See implementation notes.
  • Removed obsolete code in Windows widgets that could cause potential issues with long paths and file names on supported versions.
  • Fixed several crashes.
  • Security issues addressed: CVE-2022-46876, CVE-2022-46874 and several others that do not have a CVE number.
  • UXP Mozilla security patch summary: 4 fixed, 20 not applicable.

Implementation notes:

  • RFC 6265 has been worked on with draft changes describing how cookies are actually being handled in the real world, in the bis versions of the RFC. While these changes have not yet been finalized, browsers in general do adhere to the latest available bis version of this RFC. Specifically, the long-standing exceptions for cookie names and values have been formalized, e.g. having quoted values. Our behavior has changed in that we now once again accept Tab characters (0x09) which is the one excluded control character from the range that is otherwise forbidden. We also no longer apply these checks exclusively to those in http headers, and any way of setting cookies must now adhere to the valid range. Cookies that fail these range checks for valid characters will be ignored.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Friday, December 16, 2022

Mozilla Firefox Version 108.0.1 Released with Fix

 

Mozilla sent Firefox Version 108.0.1 to the Release Channel today with one fix.

Fixed

  • Fixes the default search engine being reset on upgrade for profiles which were previously copied from a different location.

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, December 13, 2022

Microsoft December 2022 Security Updates

 

The Microsoft December 2022 security updates have been released and consist of 52 new CVEs.  Of these CVEs, 6 are rated critical, 43 important, and 3 are rated moderate in severity.  At the time of release, one is listed as publicly known and one as being in the wild.

The security updates apply to the following products, features, and roles: .NET Framework, Azure, Client Server Run-time Subsystem (CSRSS), Microsoft Bluetooth Driver, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office, Microsoft Office OneNote, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft Windows Codecs Library, Role: Windows Hyper-V, SysInternals, Windows Certificates, Windows Contacts, Windows DirectX, Windows Error Reporting, Windows Fax Compose Form, Windows HTTP Print Provider, Windows Kernel, Windows PowerShell, Windows Print Spooler Components, Windows Projected File System, Windows Secure Socket Tunneling Protocol (SSTP), Windows SmartScreen, Windows Subsystem for Linux, and Windows Terminal.

See the list of KBs at the bottom of the page at December 2022 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. 

Important:


As of December 13, 2022, all editions of Windows 10, version 21H1 have reached end of servicing. The December 2022 security update is the last update available for this version. Devices running this version will no longer receive monthly security and preview updates containing protections from the latest security threats.


Windows 8.1 will reach the end of support January 10, 2023.  The December 13, 2022 security update will be the last update available for this version. After that date, devices running this version will no longer receive monthly security and quality updates.


Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The November 2022 Security Update Review.

 

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 108.0 Released with Security Updates

 FirefoxMozilla sent Firefox Version 108.0 to the release channel today.  The update includes eight security updates of which four (4) are rated high, three (3) moderate, and one (1) rated low.

Firefox ESR was updated to Version 102.6.


High


#CVE-2022-46871: libusrsctp library out of date

#CVE-2022-46872: Arbitrary file read from a compromised content process

#CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6

#CVE-2022-46879: Memory safety bugs fixed in Firefox 108


Moderate


#CVE-2022-46873: Firefox did not implement the CSP directive unsafe-hashes

#CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions

#CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS


Low


#CVE-2022-46877: Fullscreen notification bypass

New

  • Import maps, which allow web pages to control the behavior of JavaScript imports, are now enabled by default.

  • Processes used for background tabs now use efficiency mode on Windows 11 to limit resource use.

     
     ky331_4-1670944900026.png

     

  • The shift+esc keyboard shortcut now opens the Process Manager, offering a way to quickly identify processes that are using too many resources.

  • Improved frame scheduling when under load; this substantially improves Firefox’s MotionMark scores.

Fixed

  • Firefox now supports properly color correcting images tagged with ICCv4 profiles.

  • Support for non-English characters when saving and printing PDF forms.

  • The bookmarks toolbar's default "Only show on New Tab" state works correctly for blank new tabs. As before, you can change the bookmark toolbar's behavior using the toolbar context menu.

  • Various security fixes.

Changed

  • Firefox now supports the WebMIDI API and a new experimental mechanism for controlling access to dangerous capabilities.


Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, December 02, 2022

Windows 10, Version 21H1 Approaching End-of-Life

 All editions of Windows 10, version 21H1 will reach the end of servicing on December 13, 2022.  The December 13, 2022 security update will be the last update available for this version. After that date, devices running this version will no longer receive monthly security and quality updates.

Windows Update will automatically initiate a feature update to the latest version of Windows 10.  When this occurs, you will be able to choose a convenient time for your device to restart and complete the update.  Rather than waiting, consider updating now.  See How to get the Windows 10 2022 Update app.  

Another option is to upgrade eligible devices to Windows 11. To determine if your device supports Windows 11 use the How to use the PC Health Check app.

For information about servicing timelines and lifecycle, see Windows 10 release informationWindows 11 release information, and Lifecycle FAQ - Windows.

Windows 10 update history
Windows 11 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, December 01, 2022

Pale Moon Update Exclusively for Windows 32-bit Operating Systems

Pale Moon

Pale Moon has been updated to version 31.4.1.1 for Windows 32-bit systems.  The update is due to an issue with Microsoft-supplied complier and run-time library updates resulting in a crash of version 31.4.1 on some older systems running Windows 7 32-bit.  

Other architectures and operating systems are unaffected and don't require an update and may continue to use of version 31.4.1.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...