February 2024 Windows 11 Non-Security Preview Update

 Microsoft released KB5034848 (OS Builds 22621.3285 and 22631.3235) today for Windows 11 23H3 and Windows 11 22H2. 

IMPORTANT:  The date for optional, non-security preview releases for Windows 11, version 22H2 has been extended from February 27,2024 to June 25, 2025. 

Highlights included in the update:

• New!  The Phone Link settings page has a new name: Mobile devices. Go to Settings > Bluetooth & devices > Mobile devices.

• New! You can now use the Snipping Tool on your PC to edit the most recent photos and screenshots from your Android device. You will get an instant notification on your PC when your Android device captures a new photo or screenshot. To turn this on, go to Settings > Bluetooth & devices > Mobile devices. Choose Manage devices and allow your PC to access your Android device.

• New! This update adds support for the USB 80Gbps standard. It is the next generation of USB4 that has twice the bandwidth of USB 40Gbps. To use USB 80Gbps, you must have a compatible PC and USB4 or Thunderbolt™ peripheral.

• This update affects games you install on a secondary drive. Now, they remain installed on the drive.

• This update addresses an issue that affects long-edge fed printers. The alignment of stapling or hole punch locations is wrong.

• This update addresses an issue that affects the Windows Settings Home page. It randomly stops responding when you go to the page.

• This update addresses an issue that affects networking. A device fails to make the automatic switch from cellular to Wi-Fi when it can use Wi-Fi.

• This update addresses an issue that stops a system from going to sleep. This occurs when you connect an external device to the system.

• This update affects the Windows Backup app. It will no longer show on the user interface in regions where the app is not supported. To learn more, see KB5032038.

See the KB article for a separate list of quality improvements included in the update for Windows 11 23H3 and Windows 11 22H2. 

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

References:

Windows 11 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

February 2024 Windows 10 Non-Security Preview Update

 Microsoft released KB5034843 for Windows 10 version 22H2 optional non-security release preview (Windows monthly updates explained).

Highlights included in the update:

• New! Using Windows share, you can now directly share URLs to apps like WhatsApp, Gmail, Facebook, and LinkedIn. Sharing to X (formerly Twitter) is coming soon.

• This update affects games you install on a secondary drive. Now, they remain installed on the drive.

• This update affects the Windows Backup app. It will no longer show on the user interface in regions where the app is not supported. To learn more, see KB5032038.

See the KB article for the list of quality improvements included in the update.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 33.0.1 Released with Security Updates

  Pale Moon has been updated to version 33.0.1.  This is a bugfix and security update.

Changes/fixes:

• Removed site-specific override for Amazon.com due to breakage.
• Fixed script timeout values that were inadvertently overridden in branding.
• Fixed an issue where empty MIME type registrations would break some parts of the UI.
• (Linux only) Pasting URLs to content now by default does not navigate to that URL.
• If content-paste-navigation is enabled (via middlemouse.contentLoadURL), navigation is now restricted to pasting to active body type elements (to prevent unwanted navigation when pasting URLs to input boxes, for example).
• Fixed a problem with JS modules preventing ExportEntries from working.
• (Linux only) Fixed a build issue when building with a system-supplied cairo library (unsupported).
• Fixed an issue where workers could lock up the browser with SetInterval with an out-of-bounds (too small) value. This is now clamped to 4ms matching the HTML spec.
• Fixed a few usability issues with the built-in developer tools.
• Fixed a potential crash in web workers.
• Fixed a potential overflow issue in image maps.
• Fixed a potential security issue with multi-part/mixed content (CVE-2024-1551).

Notes:

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

From this point forward, UXP Mozilla security patch summaries will no longer be listed as they are mostly irrelevant.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Optional Hotfix Patch for Adobe Reader and Acrobat

 

Adobe has released an optional hotfix patch for Acrobat and Acrobat Reader that addresses some important bug fixes. 

Update or Complete Download

Reader DC and Acrobat DC were updated to version 23.008.20555 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

• Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 123.0 Released with Security Updates

  Mozilla sent Firefox Version 123.0 to the release channel.  Firefox ESR was updated to Version 115.7.

The update includes twelve security updates of which four (4) are rated high, six (6) are rated moderate, and two (2) are rated low.

High

#

#CVE-2024-1546: Out-of-bounds memory read in networking channels
#CVE-2024-1547: Alert dialog could have been spoofed on another site
#CVE-2024-1553: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
#CVE-2024-1557: Memory safety bugs fixed in Firefox 123

Moderate

#CVE-2024-1554: fetch could be used to effect cache poisoning
#CVE-2024-1548: Fullscreen Notification could have been hidden by select element
#CVE-2024-1549: Custom cursor could obscure the permission dialog
#CVE-2024-1550: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
#CVE-2024-1551: Multipart HTTP Responses would accept the Set-Cookie header in response parts
#CVE-2024-1555: SameSite cookies were not properly respected when opening a website from an external browser

Low

#CVE-2024-1556: Invalid memory access in the built-in profiler
#CVE-2024-1552: Incorrect code generation on 32-bit ARM devices

New

• We’ve integrated search into Firefox View. You can now search through all of the tabs on each of the section subpages - Recent Browsing, Open Tabs, Recently Closed Tabs, Tabs from other devices, or History.

• Having any issues with a website on Firefox, yet the site seems to be working as expected on another browser? You can now let us know via the Web Compatibility Reporting Tool! By filing a web compatibility issue, you’re directly helping us detect, target, and fix the most impacted sites to make your browsing experience on Firefox smoother.

Fixed

• When translating web pages, we are now also translating text in tooltips (i.e. titles) and text displayed in form controls (i.e. placeholder).

• Various security fixes.

Changed

• Address bar settings can now be found in the Firefox Settings' Search section.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar
• ESR Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Acrobat/Reader Update with Security Updates

 

Adobe released six patches addressing 29 CVEs in Adobe Acrobat and Reader, Commerce, Substance 3D Painter, FrameMaker Publishing Server, Audition, and Substance 3D Designer. Five of the patches are rated critical.  Successful exploitation could lead to arbitrary code execution, application denial-of-service, and memory leak.     

Update or Complete Download

Adobe Acrobat and Reader were updated to version 23.008.20533 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft February 2024 Security Updates

 

The Microsoft February 2024 security updates have been released and consist of 72 new patches. In addition, 6 non-Microsoft Chromium updates are included, bringing the total number of CVEs to 78.

Of the CVEs released, 5 are rated critical, 65 are rated important, and 2 are rated moderate in security. At the time of release, one of the CVEs is listed as being under active attack.

The security updates apply to the following products, features and roles: Microsoft Windows and Windows Components; Office and Office Components; Azure; .NET Framework and ASP.NET; SQL Server; Windows Hyper-V; and Microsoft Dynamics.

See the list of KBs at the bottom of the page at February 2024 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. For specific information on Windows 11, versions 23H2 and 22H2, see KB5034765.  For Windows 10, Version 22H2 see KB5034763.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The February 2023 Security Update Review.

IMPORTANT: 

• After February 2024, there are no more optional, non-security preview releases for Windows 11, version 22H2. Only cumulative monthly security updates (known as the "B" or Update Tuesday release) will continue for this version. Windows 11, version 23H2 and Windows 10, version 22H2 will continue to receive security and optional releases.

Additional Update Notes:

• MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool. 
• Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
  
• Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows 10 Home and Pro and Windows 11 Home and Pro.
• Windows Update History:
• Windows 11
• Windows 10

 

References

• Security Update FAQ
• Security Updates Guide

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 122.0.1 Released

   Mozilla sent Firefox Version 122.0.1 to the Release Channel.

Fixed

• Fixed unexpected line wrapping in some CJK contexts caused by changes in ideographic space handling. (Bug 1870973)

• Fixed a hang when loading sites containing column-based layouts under some circumstances. (Bug 1867784)

• Fixed missing rounded corners for videos playing over another video. (Bug 1869994)

• Fixed Firefox not closing properly and other applications being unable to use a USB security key after being previously used during a Firefox session. (Bug 1863135)

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...