Tuesday, October 31, 2023

Windows 11 23H2 and Windows 11 22H2 Updates

  Microsoft released KB5031455 (OS Builds 22621.2506 and 22631.2506) today for Windows 11 23H3 and Windows 11 22H2. 

Highlights of the changes included with this update are as follows and are described here:

Highlights:

  • Copilot in Windows preview
  • Start menu
  • Taskbar, system tray, and notifications
  • File Explorer
  • Windows Share
  • Backup and restore
  • Emoji
  • Windows Spotlight
  • Narrator
  • Voice Access
  • Security
  • Graphics and Windows Mixed Reality
  • Settings and Bluetooth
  • Windows 365 Switch
  • Input

Update Windows 11 23h2: 

To get the update open Settings > Windows Update, turn on “Get the latest updates as soon as they’re available,” and selecting “Check for updates”.  KB5027397 is an enablement package that activates the features of Windows 11, version 23H2

You can also download Windows 11 23H2 ISO images from Microsoft's Software Download page.  However, it is strongly advised that first you ensure your device meets systems requirements by using the PC Health Check app.

Note: Microsoft has indicated that if it is detected that your device may have an issue, such as application incompatibility, a safeguard hold may be put in place and the update not offered until the issue is resolved. 

Update Windows 11 22H2:

To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates area.  

References:

Windows 11 overview - What's new in Windows
Windows 11 Specifications
KB5027397: Feature update to Windows 11, version 23H2 by using an enablement package
Windows 11 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 32.5.0 Released with Security Updates

 Pale Moon

Pale Moon has been updated to version 32.5.0.  This is a major development and security update.

Changes/fixes:

  • Added an initial implementation of the ReadableStreams API, improving web compatibility with sites that apparently use this API in utilitarian fashion.
  • Added support for transparency in WebM videos for the edge case of using <video> elements for transparent animated images. Major caveat: this will massively impact performance of video playback if an alpha channel is present in the video.
  • Added support for crypto.randomUUID to allow website scripting to generate random UUIDs (universally unique identifiers) through the WebCrypto interface.
  • By user request, added a preference browser.bookmarks.openInTabClosesMenu (default true) to allow users to configure if they want to keep the bookmarks menu open if they open bookmarks from it in a new tab (by middle-clicking or Ctrl-clicking). The default behavior is to close the bookmarks menu like any other menu when an option in it is clicked.
  • Removed the user-agent override for Netflix, since they have stopped supporting the Silverlight browser plugin. Pale Moon no longer has a way to provide Netflix DRM-controlled playback with them dropping it, so there is no longer a reason to try and force compatibility.
  • Updated the user-agent override for Spotify. While it is possible to use the website with this, it suffers from the same DRM issue and not all media will be playable (only non-encumbered media can be played in Pale Moon like podcasts). Your mileage may vary.
  • Implemented timer nesting and clamping for workers, preventing timer hangs on bad website code.
  • Improved handling of drawing SVG images on canvases without explicit width or height attributes. We now follow the css-sizing-3 Intrinsic Sizes spec.
  • Improved performance of our memory allocator.
  • Updated libvpx to 1.6.1.
  • Cleaned up and updated some media playback code.
  • Removed the inclusion of GMP (Gecko Media Plugin) support from Pale Moon, as it was only in use for EME/DRM and WebRTC, neither of which we support.
  • Removed the last vestiges of EME/DRM code from UXP, since this will never be supported in any application building on it due to the media industry's draconic policies around FOSS.
  • Removed simd.js, moving actually used SIMD handling to C++.
  • Removed the use of libav in our source, replacing its supply of FFT with the equivalent from FFMpeg.
  • Fixed potential type confusion in IonMonkey due to 3-byte opcodes.
  • Fixed an issue with tooltips persisting even if the browser window would have lost focus.
  • Fixed PerformanceObserver navigation and resource timing (default disabled for privacy); our implementation now fully passes conformance tests.
  • Fixed an issue where top-level SVG images would not be correctly clipped by positioned elements, giving the impression of wrong z-ordering as the SVG would overlap other elements.
  • Dev: Updated setInterval to fall back to 0 if no duration is supplied.
  • Dev: Updated ResizeObserver to a recent spec change, now returning an array of results for borderBoxSize and contentBoxSize instead of an object.
  • Dev: Updated Intl.NumberFormat and DefaultNumberOption() to follow spec updates. Most importantly for web compatibility, we now allow the "maximumFractionDigits" option in Intl.NumberFormat to be less than the default minimum fraction digits for the chosen locale, following the general consensus in TC39 around this issue.
  • Increased leniency (removed upper limit) of GLSL versions as they tend to be fully backwards compatible.
  • Fixed various crashes.
  • Added a safeguard to the sec-gpc header (Global Privacy Control) so it cannot be inadvertently overwritten.
  • Security fixes: addressed CVE-2023-5722, CVE-2023-5723, CVE-2023-5724, CVE-2023-5727 and several other issues without a CVE number assigned to them.
  • UXP Mozilla security patch summary: 6 fixed, 2 DiD, 19 not applicable.

Notes:

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.


Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.


Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates


Release Notes
Release Cycle

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, October 26, 2023

October 2023 Microsoft Windows 11 Non-Security Preview Update

   Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11, Version 22H2 today.

Below are some of the many highlights included in the KB5031455 update.  See the KB article for the long list of quality improvements.

Highlights:

  • This update adds a preview of centralized AI assistance, called Copilot in Windows. This makes Windows 11 the first PC platform to add centralized AI assistance to help you get things done.
  • This update gives a richer preview when you hover over files under Recommended on the Start menu. For this first release, thumbnails will not be available for all files.
  • Starting in this update, desktop labels appear when you move between desktops in Task View (WIN + CTRL + left or right arrows). New sliding animations will also show when you change your desktops.
  • This update introduces the Windows Backup app. Use it to quickly get your current PC backed up and ready to move to a new PC.
  • Passkeys are a simple and more secure replacement for passwords when you sign in to a website or application that supports them. You can now go to any app or website that supports passkeys to create a passkey that uses Windows Hello.

Update: To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

For information about the types of updates released by Microsoft each month, see Windows monthly updates explained.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

October 2023 Windows 10 Non-Security Preview Update

 

Microsoft released KB5031445 for Windows 10 version 22H2 optional non-security release preview (Windows monthly updates explained).

Highlight included in the update:
  • This update addresses an issue that affects touchscreens. They do not work properly when you use more than one display.


The following are the quality improvements included in the update:
  • This update supports daylight saving time (DST) changes in Syria. To learn more, see Interim guidance for Syria DST changes 2022.

  • This update addresses a memory leak in ctfmon.exe.

  • This update addresses a memory leak in TextInputHost.exe.

  • This update addresses an error that occurs when you print using v4 print drivers.

  • This update addresses an issue that affects Outlook. It stops responding. This occurs when you print to an Internet Printing Protocol (IPP) printer that has a slow response time.

  • This update addresses an issue that affects connectivity. It is lost. This occurs when you add a second network interface card (NIC) that has no default gateway.

  • This update makes Country and Operator Settings Asset (COSA) profiles up to date for certain mobile operators.

  • This update addresses an issue that affects Windows Defender Application Control (WDAC). Its “allow” policies might block some binaries from running.

  • This update addresses an issue that affects robocopy. The /efsraw switch stops it from copying data properly.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 24, 2023

Mozilla Firefox Version 119.0 Released with Security Updates

 FirefoxMozilla sent Firefox Version 119.0 to the release channel.  The update includes eleven security updates of which three (3) are rated high, seven (7) moderate, and one (1) rated low.

Firefox ESR was updated to Version 115.4.

Note: Effective November 1, 2023, Mozilla will be renaming Firefox Accounts to Mozilla Accounts. From Firefox accounts renamed Mozilla accounts - What you need to know:


Why the renaming?
Over the years, Firefox accounts expanded its role beyond being solely an authentication solution for Firefox Sync. It now serves as Mozilla's main authentication and account management service for a wide range of products and services, supporting millions of active account customers globally. As such, the original "Firefox" branding no longer accurately reflects the broad scope of Mozilla's offerings. The renaming is intended to create a more consistent brand experience across all Mozilla surfaces, driving higher awareness of the portfolio of Mozilla products.


A new account isn't needed and sign-in remains the same.  Additional information is available in the referenced support document.


High


#

#CVE-2023-5721: Queued up rendering could have allowed websites to clickjack

#CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4

#CVE-2023-5731: Memory safety bugs fixed in Firefox 119


Moderate

#CVE-2023-5722: Cross-Origin size and header leakage

#CVE-2023-5723: Invalid cookie characters could have led to unexpected errors

#CVE-2023-5724: Large WebGL draw could have led to a crash

#CVE-2023-5725: WebExtensions could open arbitrary URLs

#CVE-2023-5726: Full screen notification obscured by file open dialog on macOS

#CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows

#CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash.


Low

#CVE-2023-5722: Cross-Origin size and header leakage


New

  • Gradually rolling out in Fx119, Firefox View includes more content. You can now see all open tabs, from all windows. If you sync open tabs, you’ll see all tabs from other devices. Browsing history is now listed and you can sort by date or by site. As before, recently closed tabs are also listed on Firefox View.

    To access Firefox View, select the file folder icon at the top left of your tab strip

  • Gradually rolling out in Fx119, Firefox now allows you to edit PDFs by adding images and alt text, in addition to text and drawings.
  • Recently closed tabs now persist between sessions that don't have automatic session restore enabled. Manually restoring a previous session will continue to reopen any previously open tabs or windows.
  • If you're migrating your data from Chrome, Firefox now offers the ability to import some of your extensions as well.
  • As part of Total Cookie Protection, Firefox now supports the partitioning of Blob URLs, this mitigates a potential tracking vector that third-party agents could use to track an individual.
  • The visibility of fonts to websites has been restricted to system fonts and language pack fonts in Enhanced Tracking Protection strict mode to mitigate font fingerprinting.
  • The Storage Access API web standard was updated to improve security while mitigating website breakages and further enabling the phase out of third-party cookies in Firefox.
  • Encrypted Client Hello (ECH) is now available to Firefox users, delivering a more private browsing experience. ECH extends the encryption used in TLS connections to cover more of the handshake and better protect sensitive fields. Read more about the launch of ECH on Mozilla Distilled.
  • Media sniffing is no longer applied to files served as type application/octet-stream, this allows these files to be downloaded instead of attempting playback.
  • On Windows, the mouse pointer will disappear while typing if the relevant Windows mouse properties system setting is enabled.
  • Firefox is now available in the Santali (sat) language.

Fixed

  • Fixed an issue causing unexpected jumps in scroll position on Facebook.


Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 17, 2023

Oracle Java SE Security Update Released

 

java



Oracle released the scheduled update for its Java SE Runtime Environment software.  
This is a bugfix and security update.  

This Critical Patch Update contains 5 new security patches for Oracle Java SE.  All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

Download Information:  Java SE Runtime Environment Version  8u391:  https://java.com/en/download/manual.jsp

Java Security Recommendations

1) If Java is still installed on your computer, it is recommended that all updates be applied as soon as possible and older, less secure, versions uninstalled.  See Why should I uninstall older versions of Java from my system?.
2) In the Java Control Panel, at minimum, set the security to high.
3) Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

Notes:

  • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
  • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
  • Verify your version:  http://www.java.com/en/download/testjava.jsp  Note: The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version
  • Important: The Edge browser does not support plug-ins.  In the event you still have a need for Java, it will be necessary to use Firefox.

Patch Schedule

For Oracle Java SE, the next scheduled update is January 16, 2024.  The planned release schedule is available here.

Unwanted "Extras"

Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and publicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, that does not preclude the pre-checked option for some other unnecessary add-on.

Do the following to suppress the sponsor offers:
  1. Launch the Windows Start menu
  2. Click on Programs
  3. Find the Java program listing
  4. Click Configure Java to launch the Java Control Panel
  5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
  6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
Java suppress sponsor offers

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Optional Hotfix Patch for Adobe Reader and Acrobat

 

Adobe
Adobe has released an optional hotfix patch for Acrobat and Acrobat Reader that addresses some important bug fixes for Adobe Acrobat DC and Reader. 

Update or Complete Download

Reader DC and Acrobat DC were updated to version 23.003.20360 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 10, 2023

Microsoft October 2023 Security Updates

 

The Microsoft October 2023 security updates have been released and consist of 103 new patches. Of the CVEs released, 13 are rated critical, and 90 are rated important in severity. At the time of release, two of the CVEs are listed as being under active attack and as publicly known.

The security updates apply to the following products, features and roles: Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; ASP.NET Core and Visual Studio; Azure; Microsoft Dynamics; and Skype for Business.

See the list of KBs at the bottom of the page at October 2023 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. For specific information on Windows 11, version 22H2, see KB5031354 and KB5031358 for Windows 11, version 21H2.  For Windows 10, Version 22H2 and 21H2, see KB5031356.

IMPORTANT The October 2023 security update is the last security release for some editions of Windows 11, version 21H2. Windows 11, version 22H2 will continue to receive security and optional releases.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The September 2023 Security Update Review.

 

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 118.0.2 Released

 

Mozilla sent Firefox Version 118.0.2 to the Release Channel.

Fixed

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 03, 2023

Pale Moon Version 32.4.1 Released with Security Updates

 Pale Moon

Pale Moon has been updated to version 32.4.1.  This is a bugfix and security release.

Changes/Fixes:

  • Fixed an issue in BigInt typedArray costructors.
  • Added some safety checks for Performance Observers.
  • Fixed JSON BigInt regressions.
  • Fixed missing BigInt increment/decrement operations.
  • Added WASM sign extension opcodes.
  • Fixed an issue with dead Promise wrappers in JavaScript DiD*
  • Fixed an issue with Alternative Services DiD*
  • Fixed an issue with libvpx (address CVE-2023-5217) DiD*
Notes:

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...