Tuesday, March 28, 2023

March 2023 Windows 11 Version 22H2 Non-Security Optional Preview "C" Release

 Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11, Version 22H2.  The Windows 11 version 22H1 is a separate update.

Following are the highlights for KB5023778 (OS Build 22621.1485):

  • New! This update introduces notifications for Microsoft accounts in the Start menu. This is only available to a small audience right now. It will deploy more broadly in the coming months. Some devices might notice different visual treatments as we gather feedback.

  • New! The search box on the taskbar will be lighter when you set Windows to a custom color mode. This will occur when you set the Windows mode to dark and the app mode to light in Settings > Personalization > Colors.

  • This update addresses an issue that affects the Notepad combo box in Settings. It fails to show all the available options.

  • This update addresses an issue that affects Microsoft PowerPoint. It stops responding. This occurs when you use accessibility tools.

  • This update addresses an issue that affects Microsoft Narrator. It fails to read items in dropdown lists in Microsoft Excel.

  • This update addresses an issue that affects USB printers. The system classifies them as multimedia devices even though they are not.

See the referenced KB article for the long list of improvements and fixes included in the update.

Update: To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

For information about the types of updates released by Microsoft each month, see Windows monthly updates explained.

Windows 11 update history


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

March 2023 Windows 11 Version 21H2 Non-Security Optional Preview "C" Release

 Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11, Version 21H2.  The preview update for Windows 11, Version 22H2 is a separate release.  

Following are the highlights for KB5023774 (OS Build 22000.1761) for Windows 11 version 22H1: 

  • New! This update improves the search box experience on the taskbar. As you type in the search box, search results now appear in the search flyout box. You 1can also change the search experience you want for your taskbar by going to Settings > Personalization > Taskbar. For commercial customers, this update adds a new policy for IT administrators to manage how the search box on the taskbar appears in your organization. For more information, see Customizing search on the Windows 11 taskbar.

  • This update addresses an issue that affects the Notepad box in Settings. It fails to show all the available options.

  • This update addresses an issue that affects Microsoft PowerPoint. It stops responding. This occurs when you use accessibility tools.

  • This update addresses an issue that affects USB printers. The system classifies them as multimedia devices even though they are not.

  • This update addresses an issue that affects Xbox subscribers. If you purchase an Xbox subscription using the "Redeem code" option, the Xbox subscription card does not appear on the Settings Accounts page. This occurs when recurring billing is off.

See the referenced KB article for the list of improvements and fixes included in the update.

Update: To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

For information about the types of updates released by Microsoft each month, see Windows monthly updates explained.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, March 23, 2023

Optional Hotfix Patch for Adobe Reader and Acrobat

 

Adobe
Adobe has released an optional hotfix patch for Acrobat and Acrobat Reader that addresses some important bug fixes for Adobe Acrobat DC and Reader. 

Bug Fixes

Fill and Sign
  • 4401463: Acrobat throwing fail fast exception error while closing PDF files

Update or Complete Download

Reader DC and Acrobat DC were updated to version 23.001.20093 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References
Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, March 21, 2023

March 2023 Windows 10 Non-Security Optional Preview "C" Release

 Microsoft released KB5022906 for Windows 10 versions 22H2, 21H2 and 20h2 (OS Builds 19042.2788, 19044.2788, and 19045.2788) optional non-security release preview (Windows monthly updates explained).

Important: After March 2023, there are no more optional, non-security preview releases for the supported editions of Windows 10, version 20H2 and Windows 10, version 21H2. Only monthly security update releases will continue for these versions. 

Windows 10, version 22H2 will continue to receive security and optional releases. However, starting in April 2023, optional, non-security preview updates will be released on the fourth Tuesday of the month.

The following is the highlighted change included in the update:
  • This update addresses an issue that affects USB printers. The system classifies them as multimedia devices even though they are not.

See the referenced KB Article for prerequisites and the additional improvements and fixes included in the update for each edition.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 111.0.1 Released

 

Mozilla sent Firefox Version 111.0.1 to the Release Channel today.

Fixed

  • Fixed a crash on macOS while pinch-zooming under some circumstances (bug 1658986).

  • Fixed a bug causing Firefox to freeze on startup for some Windows users (bug 1823159).

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 32.1.0 Released with Security Updates and Compatibility Improvements

 Pale Moon

Pale Moon has been updated to version 32.1.0.  This is a major update with security updates and important compatibility improvements for the web, particularly the implementation of Google WebComponents enabled by default.

Changes/Fixes:

  • Shadow DOM and CustomElements, collectively making up WebComponents, have been enabled by default which should bring much broader web compatibility to the browser for many a site that uses web 2.0+ frameworks. See implementation notes.
  • Tab titles in the browser now fade if they are too long instead of using ellipses, to provide a little more readable space to page titles. Note that this may require some updates to tab extensions or themes.
  • A number of site-specific overrides have been updated or removed because they are no longer necessary or current with the platform developments in terms of web compatibility. We could use your help evaluating the ones that are still there; see the issue on our repo.
  • Updated our promises and async function implementation to the current spec.
  • Implemented Promise.any()
  • Fixed several crashes related to regular expression code.
  • Improved regular expression object handling so it can be properly garbage collected.
  • Fixed some VP8 video playback.
  • Fixed an issue where the caret (text cursor) would sometimes not be properly visible.
  • Updated the embedded emoji font.
  • Implemented the :is() and :where() CSS pseudo-classes.
  • Implemented complex selectors for the :not() CSS pseudo-class.
  • Implemented the inset CSS shorthand property.
  • Implemented the env() environment variable CSS function. See implementation notes.
  • Implemented handling for both RGB encoded video playback (instead of just YUV).
  • Implemented handling for full-range videos (0-255 luminance levels) giving better video playback quality.
  • Removed the WebP image decoder pref. See implementation notes.
  • Enabled the Web text-to-speech API by default (only supported on some operating systems).
  • Updated NSPR to 4.35 and NSS to 3.79.4
  • Cleaned up unused "tracking protection" plumbing. See implementation notes.
  • Cleaned up URI Classifier plumbing (Google SafeBrowsing leftover).
  • Fixed several intermittent and difficult-to-trace crashes.
  • Improved content type security of jar: channels. DiD
  • Improved JavaScript JIT code generation safety. DiD
  • Fixed potential crash scenarios in the graphics subsystem. DiD
  • Improved filename safety when saving files to prevent potential environment leaks.
  • Security issues addressed: CVE-2023-25751, CVE-2023-28163 and several others that do not have a CVE.
  • UXP Mozilla security patch summary: 1 fixed, 4 DiD, 14 not applicable.

Implementation notes:

  • Google WebComponents has been long-running major feature work in UXP. We're finally at a level with this (after several setbacks and brick-walling) that it can be enabled by default. Please note that while this greatly improves web compatibility with many Chrome-focused websites using these controversial technologies, our implementation is not yet complete and more work is necessary. As a result, this change to en
  • technologies, our implementation is not yet complete and more work is necessary. As a result, this change to enable it by default may actually break some previously-working websites as well, but it's expected the majority will work at our current state of implementation. Please visit the forum if you need help with web compatibility issues.
  • The env() CSS function was implemented for compatibility with websites that rely on this without fallback. Note that this function actually has no real use for desktops as it is primarily used to indicate environmental restrictions of mobile screens, e.g. extra space needed to avoid a camera notch or folding screen margin. However, due to the way certain sites implement their styling in a mobile-first approach, it is assumed that this function is available on all systems and in all browsers by these sites. Note that Pale Moon simply hard-codes queried values here.
  • WebP images have had a stable and complete implementation in Pale Moon for a long time now, so the preference to disable support for it has been removed, as it's considered by now to be one of the "staple" image formats supported by web browsers. This was done to reduce complexity for content negotiation, especially since we're adding more support for JPEG-XL that still isn't as-complete. From here on out, we simply always support WebP decoding.
  • While we've had a preference for "tracking protection" in our browser implementation (in about:config), this marketed feature of Firefox was never adopted by us, because it is for the most part a service-based feature, and the non-service parts were undesirable as they were crippling useful APIs. Our effective protection against tracking has not changed, we have simply removed the preference and plumbing for a non-functional service feature that would potentially give the false impression it would do anything.

    As a reminder, if you are concerned about tracking, use a competent adblocker extension, and enable "Tell sites not to share or sell my data" in Preferences -> Privacy under "Data Privacy". You may also want to enable "canvas poisoning" by setting canvas.poisondata to true in about:config to reduce the risk of fingerprinting through canvases.
  • Notes:

    DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

    Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

    Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

    Update

    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

    Release Notes
    Release Cycle

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, March 14, 2023

Microsoft March 2023 Security Updates

  

The Microsoft March 2023 security updates have been released and consist of 74 new CVEs.  Of these CVEs, 6 are rated critical and 67 are rated important and one rated moderate in severity.  At the time of release, one is listed as publicly known and two as being in the wild.

The security updates apply to the following products, features, and roles:  Azure, Client Server Run-time Subsystem (CSRSS), Internet Control Message Protocol (ICMP), Microsoft Bluetooth Driver, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office Excel, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft OneDrive, Microsoft PostScript Printer Driver, Microsoft Printer Drivers, Microsoft Windows Codecs Library, Office for Android, Remote Access Service Point-to-Point Tunneling Protocol, Role: DNS Server, Role: Windows Hyper-V, Service Fabric, Visual Studio, Windows Accounts Control, Windows Bluetooth Service, Windows Central Resource Manager, Windows Cryptographic Services, Windows Defender, Windows HTTP Protocol Stack, Windows HTTP.sys, Windows Internet Key Exchange (IKE) Protocol, Windows Kernel, Windows Partition Management Driver, Windows Point-to-Point Protocol over Ethernet (PPPoE), Windows Remote Procedure Call, Windows Remote Procedure Call Runtime, Windows Resilient File System (ReFS), Windows Secure Channel, Windows SmartScreen, Windows TPM, and Windows Win32K,

See the very long list of KBs at the bottom of the page at March 2023 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. 

Important:


After March 2023, there are no more optional, non-security preview releases for the supported editions of Windows 10, version 20H2 and Windows 10, version 21H2. Only cumulative monthly security updates (known as the "B" or Update Tuesday release) will continue for these versions. Windows 10, version 22H2 will continue to receive security and optional releases.


Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The March 2023 Security Update Review.

 

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 111.0 Released with Security Updates

 FirefoxMozilla sent Firefox Version 111.0 to the release channel today.  The update includes nineteen security updates of which seven (7) are rated high and six (6) rated moderate.

Firefox ESR was updated to Version 102.9.

High

#CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android

#CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android

#CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt

#CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode

#CVE-2023-25751: Incorrect code generation during JIT compilation

#CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9

#CVE-2023-28177: Memory safety bugs fixed in Firefox 111


Moderate


#CVE-2023-28160: Redirect to Web Extension files may have leaked local path

#CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

#CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab

#CVE-2023-28162: Invalid downcast in Worklets

#CVE-2023-25752: Potential out-of-bounds when accessing throttled streams

#CVE-2023-28163: Windows Save As dialog resolved environment variables 


New

  • Windows native notifications are now enabled.
  • Firefox Relay users can now opt-in to create Relay email masks directly from the Firefox credential manager. You must be signed in with your Firefox Account.
  • We’ve added two new locales: Silhe Friulian (fur) and Sardinian (sc).
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References:



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, March 08, 2023

Adobe Acrobat and Reader Update with New Features

  

Adobe
Adobe has released an update with new features for Acrobat and Acrobat Reader for Windows and Mac with some of the features being rolled out incrementally. 

New Features

The following new features are introduced in this release. See the Release Notes to know more about the features.
  • Introducing Acrobat Reader's new experience
  • Adobe Acrobat and Acrobat Reader version changes
  • Enhanced scrolling experience
  • Improvements in auto-adjust layout while editing PDFs
  • Back button to navigate to all tools in modern viewer
  • Third-party plugins support in modern viewer
  • New crop option in the right click context menu
  • Add custom page tool renamed to design a new page
  • Page size while adding a new custom page
  • Enable recipients to invite people using @mention
  • Promote sharing of files using @mention
  • Promote sharing of files tool usage after create and convert workflows
  • Promote edit tool usage
  • Promote export tool usage while using select all and take a snapshot option
  • Promote sign tools discovery
  • Acrobat cross surface discovery
Update or Complete Download

Adobe Acrobat and Reader were updated to version 23.001.20064 for Windows and .x20063 for Mac.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References
Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...