Saturday, December 24, 2022

Merry Christmas, Khristos Razhdayetsya


Many people are unaware that the true origin of "Carol of the Bells" (Shchedryk), one of my favorite Christmas songs, is Ukrainian.  It was composed by Ukrainian composer Mykola Leontovych in 1904.  (See The Unknown Ukrainian Carol that everyone knows for additional information.)  

Following through with the Ukrainian theme, below is a video I created ten years ago with the old "Windows Movie Maker" which was a part of the Windows Essentials 2012 suite.  The video includes examples of some of the traditional foods that are part of the Ukrainian Christmas Eve celebration.  They were part of our family tradition when my husband, born in Lviv, Ukraine was alive.

 

Warmest holiday wishes to family, friends, fellow Windows Insider MVPs (#WIMVP) #WindowsInsiders, and Security Garden subscribers. May you enjoy the spirit of Christmas every day of the coming year.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Tuesday, December 20, 2022

Pale Moon Version 31.4.2 Released with Security Updates

 Pale Moon

Pale Moon has been updated to version 31.4.2.  This is a bugfix and security update.

Changes/Fixes:

  • Fixed JPEG-XL's transparency display for images with an alpha channel.
  • Temporarily removed regex lookbehind to stop crashes occurring on 32-bit builds of the browser.
  • Added some extra sanity checks to our zip/jar/xpi reader to avoid issues with corrupt archives.
  • Aligned cookie checks with RFC 6265 bis. See implementation notes.
  • Removed obsolete code in Windows widgets that could cause potential issues with long paths and file names on supported versions.
  • Fixed several crashes.
  • Security issues addressed: CVE-2022-46876, CVE-2022-46874 and several others that do not have a CVE number.
  • UXP Mozilla security patch summary: 4 fixed, 20 not applicable.

Implementation notes:

  • RFC 6265 has been worked on with draft changes describing how cookies are actually being handled in the real world, in the bis versions of the RFC. While these changes have not yet been finalized, browsers in general do adhere to the latest available bis version of this RFC. Specifically, the long-standing exceptions for cookie names and values have been formalized, e.g. having quoted values. Our behavior has changed in that we now once again accept Tab characters (0x09) which is the one excluded control character from the range that is otherwise forbidden. We also no longer apply these checks exclusively to those in http headers, and any way of setting cookies must now adhere to the valid range. Cookies that fail these range checks for valid characters will be ignored.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Friday, December 16, 2022

Mozilla Firefox Version 108.0.1 Released with Fix

 

Mozilla sent Firefox Version 108.0.1 to the Release Channel today with one fix.

Fixed

  • Fixes the default search engine being reset on upgrade for profiles which were previously copied from a different location.

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, December 13, 2022

Microsoft December 2022 Security Updates

 

The Microsoft December 2022 security updates have been released and consist of 52 new CVEs.  Of these CVEs, 6 are rated critical, 43 important, and 3 are rated moderate in severity.  At the time of release, one is listed as publicly known and one as being in the wild.

The security updates apply to the following products, features, and roles: .NET Framework, Azure, Client Server Run-time Subsystem (CSRSS), Microsoft Bluetooth Driver, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office, Microsoft Office OneNote, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft Windows Codecs Library, Role: Windows Hyper-V, SysInternals, Windows Certificates, Windows Contacts, Windows DirectX, Windows Error Reporting, Windows Fax Compose Form, Windows HTTP Print Provider, Windows Kernel, Windows PowerShell, Windows Print Spooler Components, Windows Projected File System, Windows Secure Socket Tunneling Protocol (SSTP), Windows SmartScreen, Windows Subsystem for Linux, and Windows Terminal.

See the list of KBs at the bottom of the page at December 2022 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. 

Important:


As of December 13, 2022, all editions of Windows 10, version 21H1 have reached end of servicing. The December 2022 security update is the last update available for this version. Devices running this version will no longer receive monthly security and preview updates containing protections from the latest security threats.


Windows 8.1 will reach the end of support January 10, 2023.  The December 13, 2022 security update will be the last update available for this version. After that date, devices running this version will no longer receive monthly security and quality updates.


Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The November 2022 Security Update Review.

 

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 108.0 Released with Security Updates

 FirefoxMozilla sent Firefox Version 108.0 to the release channel today.  The update includes eight security updates of which four (4) are rated high, three (3) moderate, and one (1) rated low.

Firefox ESR was updated to Version 102.6.


High


#CVE-2022-46871: libusrsctp library out of date

#CVE-2022-46872: Arbitrary file read from a compromised content process

#CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6

#CVE-2022-46879: Memory safety bugs fixed in Firefox 108


Moderate


#CVE-2022-46873: Firefox did not implement the CSP directive unsafe-hashes

#CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions

#CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS


Low


#CVE-2022-46877: Fullscreen notification bypass

New

  • Import maps, which allow web pages to control the behavior of JavaScript imports, are now enabled by default.

  • Processes used for background tabs now use efficiency mode on Windows 11 to limit resource use.

     
     ky331_4-1670944900026.png

     

  • The shift+esc keyboard shortcut now opens the Process Manager, offering a way to quickly identify processes that are using too many resources.

  • Improved frame scheduling when under load; this substantially improves Firefox’s MotionMark scores.

Fixed

  • Firefox now supports properly color correcting images tagged with ICCv4 profiles.

  • Support for non-English characters when saving and printing PDF forms.

  • The bookmarks toolbar's default "Only show on New Tab" state works correctly for blank new tabs. As before, you can change the bookmark toolbar's behavior using the toolbar context menu.

  • Various security fixes.

Changed

  • Firefox now supports the WebMIDI API and a new experimental mechanism for controlling access to dangerous capabilities.


Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, December 02, 2022

Windows 10, Version 21H1 Approaching End-of-Life

 All editions of Windows 10, version 21H1 will reach the end of servicing on December 13, 2022.  The December 13, 2022 security update will be the last update available for this version. After that date, devices running this version will no longer receive monthly security and quality updates.

Windows Update will automatically initiate a feature update to the latest version of Windows 10.  When this occurs, you will be able to choose a convenient time for your device to restart and complete the update.  Rather than waiting, consider updating now.  See How to get the Windows 10 2022 Update app.  

Another option is to upgrade eligible devices to Windows 11. To determine if your device supports Windows 11 use the How to use the PC Health Check app.

For information about servicing timelines and lifecycle, see Windows 10 release informationWindows 11 release information, and Lifecycle FAQ - Windows.

Windows 10 update history
Windows 11 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, December 01, 2022

Pale Moon Update Exclusively for Windows 32-bit Operating Systems

Pale Moon

Pale Moon has been updated to version 31.4.1.1 for Windows 32-bit systems.  The update is due to an issue with Microsoft-supplied complier and run-time library updates resulting in a crash of version 31.4.1 on some older systems running Windows 7 32-bit.  

Other architectures and operating systems are unaffected and don't require an update and may continue to use of version 31.4.1.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, November 29, 2022

November 2022 Windows 11 Non-Security Optional Preview "C" Release

 Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11.

Following are the highlights for KB5020044 (OS Build 22621.900) for Windows 11: 

  • Gives Microsoft OneDrive subscribers storage alerts on the Systems page in the Settings app. The alerts appear when you are close to your storage limit.
  • Provides the full amount of the storage capacity of all your OneDrive subscriptions. It also displays the total storage on the Accounts page in the Settings app.
  • Combines Windows Spotlight with Themes on the Personalization page. This makes it easier for you to discover and turn on the Windows Spotlight feature.
  • Addresses a known issue that affects the Input Method Editor (IME). Certain applications might stop responding. This occurs when you use keyboard shortcuts to change the input mode of the IME.
  • Addresses an issue that causes File Explorer to stop working. This occurs when you close context menus and menu items.

IMPORTANT: There will be no preview, non-security releases for Windows 10 or Windows 11 during the month of December. Preview releases normally target the third week of the month. There will be a December security update release, as usual.

For information about the types of updates released by Microsoft each month, see Windows 11 life cycle and servicing update.

Update: To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Mozilla Firefox Version 107.0.1 Released

 

Mozilla sent Firefox Version 107.0.1 to the Release Channel today with bug fixes.

Fixed

  • Fixed an issue with accessing some sites reliably in Private Browsing mode or Strict ETP due to anti-adblockers (bug 1717806).

  • Fixed an issue where Color Management was not available for some users (bug 1799391).

  • Fixed an issue with text overlapping in the Settings Menu for some locales (bug 1800379).

  • Fixed an incompatibility with the new Windows 11 22H2 Suggested Actions feature resulting in hangs when copying phone number links (bug 1798098).

  • Fixed an issue where the DevTools UI is not accessible when an alert dialog is displayed (bug 1801840).

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 31.4.1 Released

 Pale Moon

Pale Moon has been updated to version 31.4.1.  This is a bugfix release.

Changes/fixes:

  • Fixed wrong color of decoded JPEG-XL images.
  • Fixed an issue with plugins not receiving keypress events properly.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Tuesday, November 22, 2022

Windows 10 Version 22H2 Ready for Broad Deployment

 Announced by the Windows Health Dashboard:

"The Windows 10, version 22H2 feature update is entering its final rollout phase and is now designated for broad deployment. As part of the broad deployment phase, Microsoft is offering this update to an expanded set of eligible devices running Windows 10, version 20H2 and later versions.
If you have an eligible device, you can install this feature update by opening Windows Update Settings and selecting Check for updates. Once the update is ready for your device, you will see the option to Download and install

Devices currently on Windows 10, version 20H2 or newer will have a fast installation experience because this feature update will install like a monthly update. For more information on how to install Windows 10, version 22H2, read this blog post. If you want to explore moving to Windows 11, see How to get the Windows 11 2022 Update."

Windows 10 22H2 can be updated from versions 20H2, 21H1, and 21H2. 

Note: Windows 10 Version 20H2 reached the end of service on August 9, 2022 and the December 13,2022 security update will mark the end of service for Windows 10, version 21H1.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 31.4.0 Released with Security Updates

 Pale Moon

Pale Moon has been updated to version 31.4.0.  This is a major development and security update adding JPEG-XL image support and more.

Changes/Fixes:

  • Added support for the JPEG-XL image format.
  • Implemented regular expressions lookaround/lookbehind.
  • Aligned CORS header parsing with the updated spec. See implementation notes.
  • We no longer fire keypress events for non-printable keys. See implementation notes.
  • Added support for MacOS 13 "Ventura" in the platform, primarily benefitting White Star.
  • Fixed potentially problematic thread locking code on *nix platforms.
  • Fixed some small issues in the display and operation of the Web Developer tools.
  • Removed unused but performance-impacting panning and tab animation measuring code. (telemetry leftovers)
  • Improved code for SunOS builds.
  • Updated Internationalization data for time zones.
  • Fixed a buffer overflow for Mac builds.
  • Security issues addressed: CVE-2022-45411 and potential issues without a CVE number.
  • UXP Mozilla security patch summary: 2 fixed, 1 DiD, 1 deferred, 25 not applicable.

Implementation Notes:

  • CORS support has been updated to the current spec. Most importantly, Pale Moon now accepts wildcard entries ("*") for the CORS statements Access-Control-Expose-HeadersAccess-Control-Allow-Headers and Access-Control-Allow-Method. Note that wildcards are ignored (according to the spec) when credentials are passed.
  • Pale Moon will no longer fire the keypress events in content when the key pressed is a non-printable key. This is in response to issues where webmasters would use rudimentary and naïve input-restricting scripts in onkeypress handlers that would not take into account editing keys or navigation keys, causing issues for users trying to enter data into forms (and e.g. finding they could no longer use backspace, cursor keys or tab). This aligns our behavior with other browsers for web compatibility, although it should be considered a website error expecting not all keypresses to be intercepted in keypress events.

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, November 17, 2022

Optional Adobe Acrobat/Reader Hotfix Update

 

Adobe
Adobe has released an optional Adobe Acrobat/Reader hotfix patch for Windows that addresses important bugfixes.

Fixes

Annotations

  • 4380497, 4380498, 4380675: Highlight over an image is not correct after latest October update
  • 4371252: Acrobat 64 bit is crashing on opening a PDF with Annotations

Combine

  • 4381721: Performance latency in combining pdf files

Installer

  • 4381203: Error 2251.”Database: Transform: Cannot delete row that does not exist. Table: Registry” on applying October patch.
  • 4383854: Error 150201 while extracting Reader installer

Outlook Send

  • 4380275: Outlook crashing when Document cloud plug in enabled

Viewer

  • 4381197: Raise without handler Error is shown post October release
Update or Complete Download

Reader DC and Acrobat DC were updated to version 22.003.20282 for Windows and version 22.003.20281 for Mac. Reader DC and other versions are available here: https://get.adobe.com/reader/


NoteUNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


Release Notes

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, November 15, 2022

November 2022 Windows 11 Non-Security Optional Preview "C" Release

 


Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11, Version 21H1.  The preview update for Windows 11, version 22H2, will be available in the near term.

Following are the highlights for KB5019157 (OS Build 22000.1281) for Windows 11, 21h1:

  • It addresses some persistent update failures for the Microsoft Store.

  • It addresses an issue that affects pinned apps on the Start menu. The Start menu stops working when you move between pages of pinned apps. This issue occurs when the language is a right to left (RTL) language.

  • It addresses an issue that affects daylight saving time (DST) in the Republic of Fiji. It cancels DST for 2022.

See the referenced KB article for the long list of improvements included in the update.

For information about the types of updates released by Microsoft each month, see Windows 11 life cycle and servicing update.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

November 2022 Windows 10 Non-Security Optional Preview "C" Release

 Microsoft released KB5020030 for all editions of Windows 10 20H2, 21H1, 21H2, and 22H2 (OS Builds 19042.2311, 19043.2311, 19044.2311, and 19044.2311) optional “C” release preview cumulative updates with non-security improvements and fixes.

The following are the highlighted changes included in the update:
  • New! The search box now appears, by default, on the taskbar when the taskbar is at the top of your screen or when you turn on small taskbar button mode. You can use the search box to discover information and search your PC and the web directly from your taskbar. To configure how search appears, right-click the taskbar of your primary monitor and hover over Search. For more information, see Learn more about search.

  • It addresses some persistent update failures for the Microsoft Store.

  • It addresses an issue that affects certain printers. The print outputs are misaligned.

  • It addresses an issue that affects daylight saving time (DST) in the Republic of Fiji. It cancels DST for 2022.

See the referenced KB Article for prerequisites and the additional improvements and fixes included in the update for each edition.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...