November 2023 Windows 10 Non-Security Preview Update

 

Microsoft released KB502278 for Windows 10 version 22H2 optional non-security release preview (Windows monthly updates explained).

Highlight included in the update:

• New! This update adds the Copilot in Windows (in preview) button to the right side of the taskbar. This only applies to devices that run Home or Pro editions (non-managed business devices). When you select it, Copilot in Windows appears at the right on your screen. It will not overlap with desktop content or block open app windows. This is available to a small audience initially and deploys more broadly in the months that follow. To learn more, see How to get Copilot in Windows (in preview) on Windows 10 and Welcome to Copilot in Windows.

• New! The news & interests feature on your device is now larger! This will help you use the feature more effectively and show the content you care about most on a larger scale.

• New! If you use Home or Pro consumer devices or non-managed business devices, you can get some of the newest experiences as soon as they are ready. To do so, go to Settings > Update & Security > Windows Update. Set the Get the latest updates as soon as they are available toggle to on. Note that this toggle is not turned on for devices that your IT department manages unless IT configures a new policy.

• This update addresses an issue that causes IE mode to stop responding. This occurs when you have multiple IE mode tabs open.

• This update addresses an issue that affects the cursor. Its movement lags in some screen capture scenarios.

• This update addresses an issue that affects the touch keyboard. It might not appear during the out-of-box experience (OOBE).

See the KB article for the lengthy list of quality improvements included in the update.

IMPORTANT Because of reduced operations during the Western holidays and the upcoming new year, there won’t be a non-security preview release for the month of December 2023. There will be a monthly security release for December 2023. Normal monthly servicing for both security and non-security preview releases will resume in January 2024.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 120.0.1 Released

 

Mozilla sent Firefox Version 120.0.1 to the Release Channel.

Fixed

• Fixed a bug that was causing persistent startup slowdowns. (bug 1867095)

• Fixed an issue that was causing 100% CPU usage on sites such as Google Maps. (bug 1866409)

• Fixed an issue that was causing YouTube videos to show a green screen when hardware acceleration was enabled. (bug 1865928)

• Fixed an issue where the status bar was still visible when viewing fullscreen video. (bug 1853896)

• Fixed a startup crash affecting Linux users on some aarch64 systems with page sizes other than 4KB. (bug 1866025)

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 32.5.1 Released with Security Updates

Pale Moon has been updated to version 32.5.1.  This is a minor development and security update.

Important: as of this version, our beta FreeBSD binaries require at least FreeBSD 13.

Changes/fixes:

• Restricted protocol fallback for TLS. Pale Moon no longer (by default) allows TLS 1.3 to fall back to earlier protocol versions during the initial handshake.
• Reverted the addition of browser.bookmarks.openInTabClosesMenu due to behavioral issues with menus.
  If you desire the intended behavior, please use an extension instead.
• We no longer support the data: protocol inside SVG's <use> statements.
• Enabled more validation/error checking for WebGL on Windows to prevent potential crashes.
• Improved secure context checking for iframes.
• Fixed the handling of relative paths in URLs starting with multiple forward slashes.
• Security issues addressed: CVE-2023-6204, CVE-2023-6210, CVE-2023-6209 and CVE-2023-6205 DiD
• UXP Mozilla security patch summary: 3 fixed, 1 DiD, 14 not applicable.

Notes:

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 120.0 Released with Security Updates

  Mozilla sent Firefox Version 120.0 to the release channel.  The update includes eleven security updates of which seven (7) are rated high, two (2) moderate, and two (2) rated low.

Firefox ESR was updated to Version 115.5.

High

#CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer
#CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer
#CVE-2023-6205: Use-after-free in MessagePort::Entangled
#CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition
#CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer
#CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
#CVE-2023-6213: Memory safety bugs fixed in Firefox 120

#

Moderate

#CVE-2023-6208: Using Selection API would copy contents into X11 primary selection
#CVE-2023-6209: Incorrect parsing of relative URLs starting with "///"

Low

#CVE-2023-6210: Mixed-content resources not blocked in a javascript: pop-up
#CVE-2023-6211: Clickjacking to load insecure pages in HTTPS-only mode

New

• Firefox supports a new “Copy Link Without Site Tracking” feature in the context menu which ensures that copied links no longer contain tracking information.
  

  

• Firefox now supports a setting (in Preferences → Privacy & Security) to enable Global Privacy Control. With this opt-in feature, Firefox informs the websites that the user doesn’t want their data to be shared or sold.

  

• Firefox’s private windows and ETP-Strict privacy configuration now enhance the Canvas APIs with Fingerprinting Protection, thereby continuing to protect our users’ online privacy.

• Firefox has enabled Cookie Banner Blocker by default in private windows for all users in Germany. Firefox will now auto-refuse cookies and dismiss annoying cookie banners for supported sites.

• Firefox has enabled URL Tracking Protection by default in private windows for all users in Germany. Firefox will remove non-essential URL query parameters that are often used to track users across the web.

• Firefox now imports TLS trust anchors (e.g., certificates) from the operating system root store. This will be enabled by default on Windows, macOS, and Android, and if needed, can be turned off in settings (Preferences → Privacy & Security → Certificates).

• Keyboard shortcuts have now been added for editing and deleting a selected credential on about:logins. For editing - Alt + enter (Option + return on macOS) and for deleting - Alt + Backspace (Option + Delete on macOS).

• Users on Ubuntu Linux now have the ability to import from Chromium when both are installed as Snap packages.

• Picture-in-Picture now supports corner snapping on Windows and Linux - just hold Ctrl as you move the PiP window.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar
• ESR Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft November 2023 Security Updates

 

The Microsoft November 2023 security updates have been released and consist of 63 new patches. In addition, multiple Chromium bugs and other externally reported CVEs are being incorporated into the release, bringing the total number of CVEs to 78.

Of the CVEs released, 3 are rated critical, 56 are rated important and 4 are rated moderate in severity. At the time of release, three of the CVEs are listed as being under active attack and three as publicly known.

The security updates apply to the following products, features and roles: Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; ASP.NET and .NET Framework; Azure; Mariner; Microsoft Edge (Chromium-based), Visual Studio, and Windows Hyper-V.

See the list of KBs at the bottom of the page at November 2023 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. For specific information on Windows 11, versions 23H2 and 22H2, see KB5032190.  For Windows 10, Version 22H2 and 21H2, see KB5032189.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The Novemberr 2023 Security Update Review.

 

Additional Update Notes:

• MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool. 
• Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
  
• Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows 10 Home and Pro and Windows 11 Home and Pro.
• Windows Update History:
• Windows 11
• Windows 10

 

References

• Security Update FAQ
• Security Updates Guide

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Acrobat/Reader Update with Security Updates

 

Adobe is releasing an update with bug fixes and security updates for Acrobat and Acrobat Reader. 

The security updates provide mitigations for vulnerabilities described in the corresponding security bulletins for Reader and Acrobat.

Update or Complete Download

Adobe Acrobat and Reader were updated to version 23.006.20380 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 119.0.1 Released

 

Mozilla sent Firefox Version 119.0.1 to the Release Channel.

Fixed

• Fixed a bug causing colors in the <select> HTML element to not be applied to dropdown menu arrows. (bug 1861253)

• Fixed a bug with the <input> HTML element state not changing when dynamically updating the disabled attribute on an ancestor <fieldset>. (bug 1861027)

• Fixed a bug causing elements with the indeterminate CSS selector in a radio group to not update. (bug 1861346)

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...