Tuesday, April 08, 2025

Microsoft April 2025 Security Updates

 

The Microsoft April 2025 security updates have been released and consist of 124 new CVEs to Microsoft products. The additional third-party CVEs bring the combined total to 134 CVEs and 9 non-Microsoft CVEs.


Of the Microsoft CVEs released, 11 are rated critical, 2 low and the rest are rated important in security. At the time of release, one is listed as being publicly known and under active attack.

The security updates apply to the following products, features and roles: Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, BitLocker, Kerberos, Windows Hello, OpenSSH, and Windows Lightweight Directory Access Protocol (LDAP).

See the list of KBs at the bottom of the page at April 2025 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The April 2025 Security Update Review.

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by No comments:
Labels: , , ,

Mozilla Firefox Version 137.0.1 Released with Updates

   Mozilla sent Firefox Version 137.0.1 to the Release Channel.

Fixed

  • Fixed an issue where folder shortcuts on Windows were incorrectly treated as files during file uploads, preventing selecting files within the target folder. (Bug 1958222)
  • Fixed a crash experienced by Windows users when downloading files with Qihoo 360 Total Security Antivirus software installed. (Bug 1958112)
  • Fixed an occasional startup crash. (Bug 1958293)

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by No comments:
Labels: , ,

Pale Moon Version 33.7.0 Released with Security Updates

 Pale MoonPale Moon has been updated to version 33.7.0.  This is a development, bugfix and security update.

Changes/fixes:

  • Implemented CSS two-location color stop logic. This allows for two-location color stops (`color x% y%`) in gradients, which is shorthand for `color x%, color y%` where both colors are equal.
  • Our minimum GCC version requirement to build is now 9.1.
  • Improved channel handling when CSP blocks network redirects.
  • Implemented several fixes for CORS preflight requests.
  • Added explicit whitelisting from CSP content loading of javascript: scheme URLs.
  • Updated the ffvpx library to 6.0.1, this time preventing video color range regressions. An update to 6.0 was previously backed out in 33.5.0.
  • Updated the JPEG-XL library to 0.11.1 to pick up several fixes and improve decoding compatibility of jxl files.
  • Updated the SQLite library to 3.49.1.
  • Fixed a spec compliance issue with DOMRect and DOMQuad returning 0 if NaN was present. We now return NaN in that case, per spec.
  • Fixed a spec compliance issue with NTLM authentication. We now compute Channel Binding Hashes using the certificate signature's hash algorithm, per spec.
    Note that particularly weak algorithms are not used and SHA256 will be used as a minimum, instead, in those cases.
  • Fixed a buildability issue on Mac with XCode 16.3.
  • Added some additional safety checking to SharedArrayBuffers.
  • Added some additional safety checking to XSLT compilation and transformation.
  • Windows only: Added a preference widget.windows.follow_shortcuts_on_file_open to control how Windows File Open dialogs handle shortcut links. See implementation notes.
  • Security bugs addressed: CVE-2025-3028 (DiD) and CVE-2025-3033 (see implementation notes).

    Implementation notes:

    • Windows only: This version introduces a new (numeric) preference to control how the "Open File" dialogs handle shortcut links in the file system.
      A low-severity security issue (CVE-2025-3033) was found that in some specific circumstances could allow a malicious actor to convince a user to upload an unintended file from their file system with a specially-crafted shortcut file. To mitigate this, a special flag can be passed to File Open dialogs which prevent the dialogs from parsing shortcut links and navigating to target files and folders based on the shortcut file contents. This can be controlled with the newly-added preference. Since this flag, when set, also prevents users from navigating "through" shortcuts to folders (from e.g. the desktop) and would instead open/attach/upload the shortcut file itself, this would be disruptive to many users' workflows. Considering the major usability drawback and the low-severity nature of the security issue (which would require considerable social engineering to pull off), Pale Moon, at least for the time being or until a better solution is found, will continue allowing the following of shortcuts and navigating through them to target folders and files in File Open dialogs. If you are overly cautious, you may want to set this preference to the value 0 which always prevents shortcut parsing and following. For everyone else, just a warning to please stay safe and never follow strange sequences of instructions from strangers that you don't exactly know what they do (and never take their explanations at face value).


    Notes:  *DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

    Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

    Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

    Release Notes
    Release Cycle

    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Posted by No comments:
    Labels: , , ,

    Tuesday, April 01, 2025

    Mozilla Firefox Version 137.0 Released with Security Updates

      FirefoxMozilla sent Firefox Version 137.0 to the release channel.  Firefox ESR was updated to Versions 115.22.0 and 129.0.

    The update includes eightsecurity updates of which three (3) are rated high, four (4) are rated moderate and one (1) is rated low. The security updates can be reviewed here.

    Many new features are included in the update.  To review all of the new features, see the Release Notes.

    Update:  To get the update now, select "Help" from the Firefox menu and pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  If you do not use the English language version, Fully Localized Versions are available for download.

    Rapid Release Calendar


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...
    Posted by No comments:
    Labels: , , , ,

    Thursday, March 27, 2025

    Mozilla Firefox Version 136.0.4 Released with Critical Security Update

       Mozilla sent Firefox Version 136.0.4 to the Release Channel.  Firefox ESR was updated to versions 128.8.1 and115.21.1.

    The update includes one security update rated critical.

    Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

    Release Notes


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...
    Posted by No comments:
    Labels: , , , ,

    Tuesday, March 25, 2025

    Mozilla Firefox Version 136.0.3 Released with Update

         Mozilla sent Firefox Version 136.0.3 to the Release Channel.

    Fixed

    • Significantly improved responsiveness on TikTok by improving the speed of date formatting. (Bug 1954323).

    Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

    Release Notes


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...
    Posted by No comments:
    Labels: , ,

    Thursday, March 20, 2025

    Adobe Acrobat/Reader Optional Update

     

    Adobe
    Adobe is releasing an optional hotfix patch for Acrobat and Acrobat Reader that addresses some important bug fixes.

    Update or Complete Download

    Adobe Acrobat and Reader were updated to version 25.001.20435 for Microsoft Windows and version 25.001.20438 for Macintosh.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

    Reader DC and other versions are available here: https://get.adobe.com/reader/

    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    Release Notes

    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...
    Posted by No comments:
    Labels: , ,

    Tuesday, March 18, 2025

    Mozilla Firefox Version 136.0.2 Released with Updates

      Mozilla sent Firefox Version 136.0.2 to the Release Channel.

    Fixed

    • Fixed a bug where "Cookies and site data" and "Temporary cached files and pages" were unexpectedly enabled after updating to Firefox 136 for users with "History" and/or "Site settings" set to clear on shutdown in previous versions. (Bug 1952564).

    Affected users already on Firefox 136 can disable these settings in "Privacy & Security".

    • Fixed an issue where the Primary Password prompt appeared in unexpected situations. (Bug 1946121).
    • Fixed visibility issues with radio buttons on dark backgrounds. (Bug 1951930).
    • Fixed high CPU usage on Windows when the screen was locked or the laptop lid was closed. (Bug 1924932).

    Web Platform

    Disabled support for the CookieStore API due to compatibility concerns. The API will be enabled later once the compatibility issues have been addressed.

    Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

    Release Notes


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...
    Posted by No comments:
    Labels: , ,

    Tuesday, March 11, 2025

    Pale Moon Version 33.6.1 Released with Security Update

      Pale MoonPale Moon has been updated to version 33.6.1.  This is a security, bugfix and stability update.

    Important: Mac and FreeBSD builds will be updated soon. They are currently not yet ready due to builder absence.

    Changes/fixes:
    • Simplified some WASM code generation in the Ion JIT compiler.
    • Fixed a crash in loading external resource maps.
    • Disabled potentially unsafe attempts at recovering JIT operations.
    • Fixed some minor linking issues in about:rights.
    • Updated the embedded emoji font to fix incorrect display of some of the wheelchair emoji.
    • Security issues addressed: CVE-2025-1934 (*DiD).

      Notes:  *DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

      Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

      Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

      Release Notes
      Release Cycle

      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Posted by No comments:
      Labels: , , ,

      Microsoft March 2025 Security Updates

       

      The Microsoft March 2025 security updates have been released and consist of 56 new CVEs to Microsoft products.


      Of the Microsoft CVEs released, 6 are rated critical and 50 are rated important in security. At the time of release, one is listed as being publicly known and six under active attack.

      The security updates apply to the following products, features and roles: Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Serve.

      See the list of KBs at the bottom of the page at March 2025 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates.

      Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The March 2025 Security Update Review.

      Additional Update Notes:

       

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...
      Posted by No comments:
      Labels: , , ,

      Mozilla Firefox Version 136.0.1 Released with Updates

        Mozilla sent Firefox Version 136.0.1 to the Release Channel.

      Fixed

      • Fixed an issue where a cookie size limit caused problems with website cookie management when using the CookieStore API. This could cause login and other state-related issues. (Bug 1950565).
      • Fixed an issue where Control/Command+L did not focus the address bar in new windows. (Bug 1947723).

      Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

      Release Notes


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...
      Posted by No comments:
      Labels: , ,

      Adobe Acrobat/Reader Update with Security Updates

       

      Adobe
      Adobe is releasing an update with bug fixes and new features for end users described in the New features summary as well as security updates for Acrobat and Reader. 

      The security updates provide mitigations for vulnerabilities described in the security bulletins of Reader and Acrobat.

      Update or Complete Download

      Adobe Acrobat and Reader are being updated to version 25.001.20432.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

      Reader DC and other versions are available here: https://get.adobe.com/reader/

      Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

      Release Notes

      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...
      Posted by No comments:
      Labels: , , , ,

      Tuesday, March 04, 2025

      Adobe Acrobat/Reader Update

       

      Adobe
      Adobe is releasing an update with new features and bug fixes for Acrobat and Reader. 

      Update or Complete Download

      Adobe Acrobat and Reader were updated to version 25.001.20428.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

      Reader DC and other versions are available here: https://get.adobe.com/reader/

      Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

      Release Notes

      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...
      Posted by No comments:
      Labels: , ,

      Mozilla Firefox Version 136.0 Released with Security Updates

       FirefoxMozilla sent Firefox Version 136.0 to the release channel.  Firefox ESR was updated to Versions 115.21 and 128.8.

      The update includes fifteen security updates of which eight (8) are rated high, five (5) are rated moderate and two (2) are rated low. The security updates can be reviewed here.

      New features include an updated sidebar, the option for vertical tabs layout and more.  For Linux users, Firefox is now available on ARM64 (AArch64), with installation options via APT and tarballs. Flatpak support is coming soon.

      To review all of the new features, changes and fixes, see the Release Notes.

      Update:  To get the update now, select "Help" from the Firefox menu and pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  If you do not use the English language version, Fully Localized Versions are available for download.

      Rapid Release Calendar


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...
      Posted by No comments:
      Labels: , , , ,

      Tuesday, February 25, 2025

      February 2025 Windows 11 24H2 Non-Security Preview Update

        Microsoft released KB5052093 (OS Build 26100.3323) for Windows 11 24H2.

      Gradual rollout

      These might not be available to all users because they will roll out gradually. 

      • [Task Manager] Fixed: It might identify an HDD as an SSD.

      • [Taskbar] New! You can now share files directly from a jump list on the taskbar. Jump lists appear when you right-click an app that has a jump list

      • [Windows Spotlight]


        • New! There’s a quick and easy way to find out more information about a background image. Simply hover over the image or click the “Learn about this picture” icon.

        • New! This update makes Windows Spotlight easier to find. You’ll notice changes to the icon color and background. Also, the icon will show at the lower right area on your desktop.

      • [Lock screen] New! This update makes it easier to learn more about the image on your lock screen when you select the “Like” button.

      • [Narrator] New! There are new functions for Narrator scan mode. Skip past links (n) allows you to go to the text after a link. Use the comma (,) to jump to the start of an item (large table, long list, or another item.) Use the period (.) to jump to the end of an item. This is most helpful when you read long emails, news articles, and wiki pages. Jump to lists (l) allows you to quickly access a list on a web page or in a document. To use these new functions, turn on Narrator first (Windows logo key + Ctrl + Enter). Then turn scan mode on by pressing Caps lock + Spacebar. Note that scan mode is on by default on most web pages (like news articles, wiki page, and so on).

      • [Game Pass Ultimate and PC Game Pass subscribers] New! Some of you might see a new referral card for a PC Game Pass subscription on the Settings home page. With it, you can invite friends and family to try a PC Game Pass for free. If you qualify, the card only appears when you sign in to your PC using your Microsoft account.

      • [File Explorer]

      See the KB article for improvements included.

      Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  

      ReferencesWindows 11 update history



      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...
      Posted by No comments:
      Labels: , ,

      February 2025 Windows 11 23H3 and 22H2 Non-Security Preview Update

        Microsoft released KB5052094 (OS Builds 22621.4974 and 22631.4974) for Windows 11 23H3 and Windows 11 22H2. 

      Highlights

      Gradual rollout

      A gradual rollout releases updates over a period of time, so users receive them at different times. To see the status of this feature, go to Windows release health dashboard.​​​​​​​


      • [Taskbar] New! You can now share files directly from a jump list on the taskbar. Jump lists appear when you right-click an app that has a jump list.

      • [Windows Spotlight]


        • New! There’s a quick and easy way to find out more information about a background image. Simply hover over the image or click the “Learn about this picture” icon.

        • New! This update makes Windows Spotlight easier to find. You’ll notice changes to the icon color and background. Also, the icon will show at the lower right area on your desktop.

      • [Lock screen] New! This update makes it easier tolearn more about the image on your lock screen when you click the “Like” icon.

      • [Narrator] New! There are new functions for Narrator scan mode. Skip past links (n) allows you to go to the text after a link. Use the comma (,) to jump to the start of an item (large table, long list, or another item.) Use the period (.) to jump to the end of an item. This is most helpful when you read long emails, news articles, and wiki pages. Jump to lists (l) allows you to quickly access a list on a web page or in a document. To use these new functions, turn on Narrator first (Windows logo key + Ctrl + Enter). Then turn scan mode on by pressing Caps lock + Spacebar. Note that scan mode is on by default on most web pages (like news articles, wiki page, and so on).

      • [Game Pass Ultimate and PC Game Pass subscribers] New! Some of you might see a new referral card for a PC Game Pass subscription on the Settings home page. With it, you can invite friends and family to try a PC Game Pass for free. If you qualify, the card only appears when you sign in to your PC using your Microsoft account.​​​​​​​​​​​​​​

      • [File Explorer]


        • New! You can now snooze or turn off the “Start backup” reminder in the File Explorer address bar. This only applies if you are not already backing up your files and folder. To view this new option, right-click Start backup.

        • Fixed: When you enter a URL in the address bar, it might not go to the location.

        • Fixed: The address bar overlaps files when you use the F11 full-screen mode.

        • Fixed: The context menu opens slowly when you right-click cloud files.

        • Thumbnails for cloud files display more consistently in search results.

      • [Start menu] Fixed: The colors are wrong when you open the account manager flyout menu. This occurs when you use a mixed dark and light custom mode in Settings > Personalization > Colors.​​​​​​​

      • [Mouse] Fixed: In Settings > Accessibility > Mouse pointer and touch, you can choose a color for the mouse that is not the default. When you chose a color, it reverts to white after the User Account Control (UAC) dialog appears.

        Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  

        References:

        Windows 11 update history


        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...
        Posted by No comments:
        Labels: , ,
        Subscribe to: Posts (Atom)