Thursday, September 28, 2023

Mozilla Firefox Version 118.0.1 Released with Critical Security Update

 FirefoxMozilla sent Firefox Version 118.0.1 to the release channel.  The update includes one critical security update.

Firefox ESR was updated to Version 115.3.1.

Critical


#CVE-2023-5217: Heap buffer overflow in libvpx


Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, September 26, 2023

September 2023 Windows 11 Version 22H2 Non-Security Optional Preview "C" Release

  Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11, Version 22H2 today.

Below are some of the many highlights included in the KB5030310 update.  See the KB article for the long list of quality improvements.

Highlights:

  • New! This update introduces websites to the Recommended section of the Start menu. These websites will be personalized for you and come from your browsing history. This gives you quick access to the websites that are important to you. You can remove any website URL from the Recommended section using the shortcut menu. To turn off the feature, go to Settings Personalization Start. You can adjust settings for all recommended content on the Start menu on this Settings page. Commercial customers can manage this feature using a policy.

  • This update addresses an issue that affects Microsoft Excel. It stops responding when you try to share a file as a PDF in Outlook.

  • This update addresses an issue that affects the Korean touch keyboard. It completes the first character in the search box on the taskbar. This is not expected.

  • This update addresses an issue that affects the search box tooltip. It does not appear in the correct position.

  • This update addresses an issue that affects the search button. It disappears when you interact with the search flyout box.

  • This update addresses an issue that affects sleep mode. After you resume from sleep, a blank window appears that has the title "Windows Input Experience.”

  • This update addresses an issue that affects iCloud Calendar and Contacts. Outlooks fails to properly sync them when you use the iCloud for Windows app. To resume syncing, follow the steps in this Apple Support article.

Update: To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

For information about the types of updates released by Microsoft each month, see Windows monthly updates explained.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

September 2023 Windows 11 Version 22H1 Non-Security Optional Preview "C" Release

 Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11, Version 22H1 today.

IMPORTANT After today, September 26, 2023, there will no longer be optional, non-security preview releases for Windows 11, version 21H2.  Only cumulative monthly security updates will continue for the supported versions of Windows 11, version 21H2.

The KB5030301 update highlight for Windows 11 version 22H1 addresses an issue that affects Microsoft Excel. It stops responding when you try to share a file as a PDF in Outlook. This non-security update includes the following quality improvements:

  • New! This update completes the work to comply with the GB18030-2022 requirements. It removes and remaps characters for Microsoft Wubi input and Microsoft Pinyin U-mode input. You can no longer enter character codepoints that are not supported. All the required codepoints are up to date.

  • This update supports daylight saving time (DST) changes in Greenland.

  • This update changes the spelling of Ukraine's capital from Kiev to Kyiv.

  • This update addresses an issue that affects account lockout event 4625. The format of the event is wrong in the ForwardedEvents log. This occurs when an account name is in the user principal name (UPN) format.

  • This update affects the Key Distribution Center (KDC) and user security identifiers (SID). KDC now reads the user SID from the Subject Alternative Name (SAN) of a certificate. Because of this, mobile device management (MDM) providers can use offline templates to fill in the user SID. To learn more, see KB5014754.

  • This update addresses an issue that is related to changes in the forwarding of events.

  • This update addresses an issue that affects XPath queries on FileHash and other binary fields. It stops them from matching values in event records.

  • This update addresses an issue that affects an Application Virtualization (App-V) environment. Copy operations within it stop working. This occurs after you install the April 2023 update.

  • This update addresses an issue that affects the Simple Certificate Enrollment Protocol (SCEP) certificate. The system reports some SCEP certificate installations as failed. Instead, the system should report them as pending.

  • This update addresses an issue that affects Microsoft Print to PDF. It uses the metadata for the name you sign in with as the author of a printed PDF. It should use the display name instead.

  • This update addresses an issue that affects some USB printers. Microsoft Defender stops them from printing.

  • This update addresses an issue that affects Windows Defender Application Control (WDAC). AppID Tagging policies might greatly increase how long it takes your device to start up.

  • This update addresses an issue that affects IMEPad. It stops working. This occurs when you enter end-user-defined characters (EUDC).

  • This update addresses an issue that affects application compatibility. It is related to Microsoft Defender for Endpoint.

  • This update addresses an issue that affects Remote Apps. The display of some elements is not aligned correctly.

  • This update addresses an issue that affects the Microsoft Distributed Transaction Coordinator (DTC). It has a handle leak. Because of this, the system runs out of memory.

  • This update addresses an issue that might make Windows stop responding. This might occur if you use Microsoft OneDrive files that are compressed by NTFS.

  • This update addresses an issue that might cause a user-mode memory leak. It might occur when you call CopyFile() or MoveFile().

  • This update addresses an issue that affects external binding. It fails. This occurs after you install Windows updates dated May 2023 or later. Because of this, there are issues that affect LDAP queries and authentication.

Update: To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

For information about the types of updates released by Microsoft each month, see Windows monthly updates explained.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

September 2023 Windows 10 Non-Security Optional Preview "C" Release

 Microsoft released KB5030300 for Windows 10 version 22H2 optional non-security release preview (Windows monthly updates explained).

The following are the highlighted changes included in the update:
  • New! This update brings back an improved search box experience on the taskbar. If you have a top, bottom, regular, or small icons taskbar, you will see the search box appear. You can use it to easily access apps, files, settings, and more from Windows and the web. You will also have access to the latest search updates, such as search highlights. If you want to restore your previous search experience, you can do that easily. Use the taskbar shortcut menu or respond to a dialog that appears when you use search.

  • New! This update adds animations to a few icons on the news and interests taskbar button. These animations occur when:

    • A new announcement appears on the news and interests taskbar button.

    • You hover over or click the icon while the announcement is on the taskbar.

  • This update addresses an issue that affects Microsoft Excel. It stops responding when you try to share a file as a PDF in Outlook.

  • This update addresses an issue that affects the touch keyboard. Sometimes it does not open.

See the referenced KB Article for long list of quality improvements included in the update.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Windows 11 22H3 Update

    The Windows 11 2023 Update (22H3) is being released today for eligible Windows 11 and Windows 10 devices.  

Windows 11:  Devices with Windows 11 22H2 installed can get opt to install the update now via Windows Update (Settings > Windows Update) and selecting Check for updates. 

Windows 10: Eligible devices can install the update the same as for Windows 11.  To determine if your device meets the minimum system requirements for Windows all, use the PC Health Check app

Additional information about the update is available at the Windows Experience Blog at How to get the Windows 11 2022 Update.

New Features

There are over 150 new features as well as new Surface devices. A short list of the new features included in the Windows 11 2023 Update provided by Zac Bowman at Windows Central is as follows:

  • App folders in Start menu
  • Resizable pinned area in Start menu
  • Drag and Drop on the Taskbar
  • Focus Assist integration with Notification Center
  • New "spotlight" wallpaper feature
  • New Voice Access accessibility feature
  • New Live Captions accessibility feature
  • New gestures and animations for touch users
  • New snap layouts bar when moving app windows
  • New Task Manager app
  • New "Suggested Actions" feature when copying dates/numbers
  • Tabs in File Explorer
  • Better OneDrive integration with File Explorer
  • Numerous UI improvements and consistency updates

See the Windows Experience Blog article by Yusuf Mehdi, Corporate Vice President & Consumer Marketing Officer for an illustrated example of many of the new features.  Other information about the new release are available at Announcing Microsoft Copilot, your everyday AI companion as well as a list of Windows September top features highlights.  You can also watch the video of the presentation at https://www.microsoft.com/en-us/event.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 118.0 Released with Security Updates

 FirefoxMozilla sent Firefox Version 118.0 to the release channel.  The update includes fourteen security updates of which six (6) are rated high, two (2) moderate, and one (1) rated low.

Firefox ESR was updated to Versions 103.0 and 115.3.


High


#CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1

#CVE-2023-5169: Out-of-bounds write in PathOps

#CVE-2023-5170: Memory leak from a privileged process

#CVE-2023-5171: Use-after-free in Ion Compiler

#CVE-2023-5172: Memory Corruption in Ion Hints

#CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3


Moderate


#CVE-2023-5173: Out-of-bounds write in HTTP Alternate Services

#CVE-2023-5174: Double-free in process spawning on Windows


Low


#CVE-2023-5175: Use-after-free of ImageBitmap during process shutdown


New

  • Automated translation of web content is now available to Firefox users! Unlike cloud-based alternatives, translation is done locally in Firefox, so that the text being translated does not leave your machine.

  • Web Audio in Firefox now uses the FDLIBM math library on all systems to improve anonymity with Fingerprint Protection.

  • The visibility of fonts to websites has been restricted to system fonts and language pack fonts to mitigate font fingerprinting in Private Browsing windows.

  • Video Effects and background blur are now available to Firefox users on Google Meet! (Note: These effects have also been released retroactively to support Firefox versions back to Firefox 115.)

  • Firefox Suggest users (US-only at this time) will now be able to see browser add-on suggestions right in the address bar based on their keywords.


Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, September 14, 2023

Pale Moon Version 32.4.0.1 Released to Address Critical Security Vulnerability

  Pale Moon

Pale Moon has been updated to version 32.4.0.1.  This update addresses a critical security vulnerability.

Changes/Fixes:

  • Fixed a WebP decoder issue (CVE 2023-4863)

Notes:

DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, September 12, 2023

Microsoft September 2023 Security Updates

 

The Microsoft September 2023 security updates have been released and consist of 59 new patches and 2 advisories. Of the CVEs released, 5 are rated critical, 55 are rated important and 1 is rated moderated in severity. At the time of release, one is listed as being under active attack and as publicly known.

The security updates apply to the following products, features and roles: Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; .NET and Visual Studio; Azure; Microsoft Dynamics; and Windows Defender.

See the list of KBs at the bottom of the page at September 2023 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. For specific information on Windows 11, version 22H2, see KB5030129 and KB5030217 for Windows 11, version 21H2.  For Windows 10, Version 22H2 and 21H2, see KB5030211.

Important: The September 2023 non-security preview update will be the last optional release for Windows 11, Version 21H2.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The September 2023 Security Update Review.

 

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 117.0.1 Released

 

Mozilla sent Firefox Version 117.0.1 to the Release Channel.

Fixed

  • Fixed a bug causing links opened from outside Firefox to not open on macOS (bug 1850828)

  • Fixed a bug causing extensions using an event page for long-running tasks to be terminated while running, causing unexpected behavior changes (bug 1851373)

  • Temporarily reverted an intentional behavior change preventing Javascript from changing URL.protocol (bug 1850954).
    NOTE: This change is expected to ship in a later Firefox release alongside other web browsers and sites are encouraged to find alternate ways to change the protocol if needed.

  • Fixed audio worklets not working for sites using WebAssembly exception handling (bug 1851468)

  • Fixed the Reopen all tabs option in the Recently closed tabs menu sometimes failing to open all tabs (bug 1850856)

  • Fixed the bookmarks menu sometimes remaining partially visible when minimizing Firefox (bug 1843700)

  • Fixed an issue causing incorrect time zones to be detected on some sites (bug 1848615)

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Acrobat/Reader Update Released with Security Updates

 


Adobe
Adobe has released an update with new features, bug fixes and security updates for Acrobat and Acrobat Reader. 

The security updates provide mitigations for vulnerabilities described in the corresponding security bulletins for Reader and Acrobat.

Update or Complete Download

Adobe Acrobat and Reader were updated to version 23.006.20320 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Release Notes

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, September 05, 2023

Pale Moon Version 32.4.0 Released with Security Fixes

 Pale Moon

Pale Moon has been updated to version 32.4.0.  This is a major development further improving web compatibility and includes security fixes.

Changes/Fixes:

  • Implemented the BigInt primitive type for JavaScript. See implementation notes.
  • Implemented Big(U)Int64 array support.
  • Implemented ergonomic brand checks for JavaScript class fields.
  • Aligned the Performance API with the Timeline v2 spec.
  • Aligned the handling of flex/grid percentages resolving against the parent with other browsers. See implementation notes.
  • Added or updated several user-agent overrides for problematic websites.
  • Added 2 preferences to allow users to disable CSS animations and transitions. See implementation notes.
  • Improved compatibility with MacOS 14.
  • Fixed an important, intermittent JavaScript crash related to garbage collection.
  • Fixed several crashes.
  • Fixed several debug build related issues.
  • Fixed an issue building on SunOS related to the spelling library.
  • Developer: Added ASan support for building with MSVC.
  • Added the .xll file extension to the executable extensions list.
  • Security issues addressed: several potential security issues that do not have a CVE number. DiD
  • UXP Mozilla security patch summary: 1 fixed, 3 DiD, 17 not applicable.

Notes:

  • The BigInt primitive (base number format) in JavaScript allows JavaScript to handle excessively large integers (whole numbers). This primitive is especially useful for specialized scientific applications that need very large yet accurate numbers, but has seen widespread adoption for an as of yet unknown reason as part of web frameworks, causing general web compatibility issues for Pale Moon when scripts expect BigInt support and instead have an error thrown. We have now implemented this primitive for use so we no longer have compatibility issues with these frameworks. It is still unknown why BigInt is in use there and for what. Critical note: BigInt might be tempting to consider for JS-backed cryptography but this is very ill-advised, as BigInt operations are, by their nature, not constant-time and allow timing and side-channel attacks.
  • Flex and grid item sizes in percentages would previously be resolved against the parent like other elements, according to a very long-standing practice that stems from the Internet Explorer days. Mainstream browsers have, however, made an exception for flex items and grid items to no longer do this. We have now made the same exception for these types of elements which should solve layout issues on some websites (notably reserving too much space for items, often resulting in very large areas of whitespace or items being pushed out of view).
  • Two preferences were added (layout.css.animation.enabled and layout.css.transition.enabled) to allow users to completely disable CSS-based animations and transition effects. This was a request by users as both a performance and accessibility consideration. Please note that in some cases, disabling animations and transitions may have an impact on final web page layout, so you may run into some issues when disabling these animations and transitions as the web pages were designed to use them.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.


Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates


Release Notes
Release Cycle

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...