Thursday, August 29, 2024

August 2024 Windows 10 Non-Security Preview Update

 Microsoft released KB5041582 for Windows 10 version 22H2 optional non-security release preview (Windows monthly updates explained).

Highlights
  • This update addresses non-security issues for your Windows operating system.
See the KB article for the list of quality improvements included in the update.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, August 27, 2024

August 2024 Windows 11 Non-Security Preview Update

 Microsoft released KB5041587 (OS Builds 22621.4112 and 22631.4112 today for Windows 11 23H3 and Windows 11 22H2. 

Highlights

Gradual rollout

These might not be available to all users because they will roll out gradually.

  • [Windows Share] New! You can now share content to your Android device from the Windows Share window. To do this, you must pair your Android device to your Windows PC. Use the Link to Windows app on your Android device and Phone Link on your PC.
  • ​​​​​​​[Narrator] This update makes scan mode respond quicker. This is especially helpful when you use Microsoft Edge and read large documents. To use scan mode, you must turn on Narrator first (Windows logo key + Ctrl + Enter). Then, turn on scan mode by pressing Caps lock + Spacebar during a Narrator session.
  • [Voice access] You can now dictate the characters that you spell at a faster speed. You also have more editing options for the commands that select, delete, and move within text.
  • [File Explorer]​​​​​​​
    • When you press Windows logo key + E, a screen reader might say a pane has focus, or the focus might not be set at all.
    • When you press Ctrl + F, sometimes the search does not start.
    • Keyboard focus sometimes might get lost when you press Shift + Tab.
    • Screen readers do not announce when you open or browse items that are in a breadcrumb of the Open or Save dialog.
    • Screen readers do not announce when you open or browse items in the column header.

  • [Widgets Board] We are rolling out an update to the Widgets Board to improve security and the APIs for creating widgets and feeds for users in EEA regions. As part of this update, the Microsoft Start Experiences app will power the Microsoft Start widget and feed experiences. Also, as part of this update, some existing widgets will be removed and others will be modified, temporarily affecting their functionality. This update sets the foundation for new widgets and other features in development, set to roll out soon.

In addition, see the KB Article for information on new features that may not be available to everyone as they will be rolling out gradually.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

References:

Windows 11 update history


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, August 26, 2024

Optional Hotfix Patch for Adobe Reader and Acrobat

 

Adobe
Adobe has released an optional hotfix patch that addresses some bug fixes for Windows only.

Update or Complete Download

Reader DC and Acrobat DC were updated to version 24.003.20054.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, August 20, 2024

Mozilla Firefox Version 129.0.2 Released

   Mozilla sent Firefox Version 129.0.2 to the Release Channel.

Fixed

  • Fixed an issue with screen readers prompting "Alert" when hovering over tabs. (Bug 1908873)
  • Fixed an issue where drag-and-drop operations would not work as expected with extensions that rely on this functionality. (Bug 1911486)

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, August 13, 2024

Microsoft August 2024 Security Updates

 


The Microsoft August 2024 security updates have been released and consist of 90 new patches to Microsoft products. Including third-party CVEs documented, the total number of CVEs reported is 102.


Of the Microsoft CVEs released, 7 are rated critical, 79 important, and 1 moderate in security. At the time of release, four of the CVEs are listed as being publicly known and six are listed as under active attack.

The security updates apply to the following products, features and roles: Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and (of course) Secure Boot.

See the list of KBs at the bottom of the page at August 2024 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. For specific information on Windows 11, Versions 23H2 and 22H2, see KB5041585.  For Windows 10, Versions 22H2 and 21H2, see KB5041580.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The August 2024 Security Update Review.

Additional Update Notes:


 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Acrobat/Reader Update with Security Updates

 

Adobe
Adobe is releasing an update with bug fixes and new features for end users described in the New features summary as well as security updates for Acrobat and Reader. 

The security updates provide mitigations for vulnerabilities described in the security bulletins of Reader and Acrobat.

Update or Complete Download

Adobe Acrobat and Reader are being updated to version 24.002.21005.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Release Notes

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Verson 129.0.1 Released

  Mozilla sent Firefox Version 129.0.1 to the Release Channel.

Fixed

  • Fixed playback issues on some websites with copyrighted video served via digital rights management. (Bug 1911283)
  • Fixed a crash when dragging a video file onto some websites. (Bug 1910990)

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 33.3.0 Released with Security Updates

  Pale Moon Pale Moon has been updated to version 33.3.0.  This is a major development update.  

Important notes with this version:

  1. From this version forward, all 64-bit releases require a processor with AVX capabilities! Please keep en eye on the forum for announcements of 64-bit SSE builds by the community if you are on particularly old or otherwise limited hardware that does not support AVX.
  2. For Linux users: Starting with this version, our binaries are built with gcc 11 on a still conservative but more modern build platform (Oracle Linux 8). As a result, there may be some lib incompatibilities if you are still running on a particularly old distro for some reason. While we try to serve as broad of a Linux base as possible with our binaries, our lowest common denominator will occasionally shift to newer distros as a result of O.S. life cycles, compiler capabilities and available libraries.

Changes/fixes:

  • Implemented the bulk of the CSS "cascade layers" spec (@layer{}). This implementation is not 100% complete yet, but should satisfy common use of CSS cascade layers on the web.
  • Implemented support for Sec-Fetch-* headers, implementing another mechanism to deal with site security. See this part of the spec for a primer on what this does.
  • Added support for FFmpeg 7.0 / libavcodec 61 (Linux).
  • Pale Moon will now look up hosts in DNS ahead of time to make page navigation smoother. See implementation notes.
  • Pale Moon will now block access to the reserved address 0.0.0.0 on non-Windows operating systems. See implementation notes.
  • Dev: Aligned rounding behavior and precision ranges of toFixed and related functions with the spec. See implementation notes.
  • Dev: Aligned isTrusted for PostMessage and BroadcastChannel with expected values on the web. See implementation notes.
  • Dev: Added the navigator.webdriver attribute for web compatibility (always false in Pale Moon as we do not support browser automation APIs).
  • Re-implemented the Durstenfeld shuffle for plugin enumeration that was unfortunately dropped with one of our past rebases, to strengthen fingerprinting resistance.
  • Fixed an issue with character clusters (e.g. for text selection) resulting from a regression surrounding our improvements for emoji handling.
  • Fixed an issue with setting DOM color values. DiD
  • Slightly improved password form handling, detecting previously unsupported field orders.
  • Updated NSS to 3.90.4.
  • Updated our emoji font to 15.1.2 (Unicode 15.1 with some additional extras/updates).
  • Code cleanup:
    • Removed unused code related to the (incomplete) FoxEye experiment.
    • Removed support code for LibAV and (very) old versions of FFmpeg. We require libavcodec 58 or later (FFmpeg 4.0+) from this version forward (Linux).
    • Removed click event dispatching code that is no longer relevant.
    • Cleaned up internal macro use in CSS code (this does not impact any exposed APIs or code).
    • Removed the hidden network.dns.disablePrefetchFromHTTPS pref. DNS prefetching should not be treated differently for http and https.
  • Security issues addressed: CVE-2024-7531.

Implementation notes:

  • Pale Moon will now pre-emptively look up the internet addresses in DNS for website navigation (e.g. from links). This speeds up navigation as there will be no delay for DNS lookups when users navigate to a new host or domain from the visited page. Please note that this only deals with DNS (i.e.: looking up the addresses of websites in the domain name system) and Pale Moon will not pre-emptively connect to the servers in question; it will just have the addresses for them ready in case the user decides to navigate to them.
    For some people, this may still be seen as a privacy issue (e.g. when the DNS server operated within an organization is tightly monitored for "unwanted traffic") as it will regularly fire DNS lookups for hosts or domains the user doesn't actually visit, so if this is a concern for you and you wish to revert to our previous behavior, go to Preferences -> Advanced -> tab "Network", and uncheck "Prefetch DNS lookups".
  • Pale Moon will no longer allow connecting to the "this machine" special reserved address 0.0.0.0 (and IPv6 equivalents [::]/[::0.0.0.0]) on operating systems other than Windows. This is to mitigate potentially unrestricted access to local resources on UNIX-like operating systems due to the way the network stack operates there. If needed for your use case, you can control this behavior through the preference network.dns.blockQuad0 -- if set to true, any attempt to connect to the reserved addresses will result in an error.
  • We aligned behavior of number conversions with what is generally expected on the web by mainstream browser engines and/or updated specs. Specifically, toFixed no longer accepts negative precision ranges, and toExponential will now round up at the midpoint in the decimal significand.
  • Initially, the mechanisms BroadcastChannel and MessagePort implicitly called for dispatched events to not be trusted, but since browsers marked them as trusted, this was in conflict with the spec. Eventually, the spec for this was changed to make them trusted in this case. Pale Moon now follows this behavior as well.

*DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle


Remember - "A day without laughter is a day wasted."

Tuesday, August 06, 2024

Mozilla Firefox Version 129.0 Released with Security Updates

 


FirefoxMozilla sent Firefox Version 129.0 to the release channel.  Firefox ESR was updated to Version 115.14.0.

The update includes fourteen security updates of which eleven (11) are rated high, two (2) are rated moderate, and one (1) is rated low.

High




Moderate

#CVE-2024-7529: Document content could partially obscure security prompts
#CVE-2024-7530: Use-after-free in JavaScript code coverage collection


Low

#CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines


New

  • Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacing, and text alignment. These changes offer a more accessible reading experience.
  • Reader View now has a Theme menu with additional Contrast and Gray options. You can also select custom colors for text, background, and links from the Custom tab.
  • A tab preview is now displayed when hovering the mouse over background tabs, making it easier to locate the desired tab without needing to switch tabs.
  • HTTPS is replacing HTTP as the default protocol in the address bar on non-local sites. If a site is not available via HTTPS, Firefox will fall back to HTTP.
  • HTTPS DNS records can now be resolved with the operating system's DNS resolver on specific platforms (Windows 11, Linux, Android 10+). Previously this required DNS over HTTPS to be enabled. This capability allows the use of HTTP/3 without needing to use the Alt-Svc header, upgrades requests to HTTPS when the DNS record is present, and enables wider use of ECH.
  • Added support for multiple languages in the same document spoken in macOS VoiceOver.
  • Address Autofill is now enabled for users in France and Germany.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, August 05, 2024

Optional Hotfix Patch for Adobe Reader and Acrobat

 


Adobe
Adobe has released an optional hotfix patch that addresses some important bug fixes for Windows only.

Update or Complete Download

Reader DC and Acrobat DC were updated to version 24.002.20991.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...