Wednesday, April 19, 2017

Mozilla Firefox Version 53.0 Released with Massive Security Updates


FirefoxMozilla sent Firefox Version 53.0 to the release channel today.  The update includes a massive 35 security updates identified as eight (8) Critical, sixteen (16) High, seven (7) Moderate updates and four (4) low security updates.  Firefox ESR was updated to version 45.9.0.

The next scheduled release is June 13, 2017 (5 week cycle with release for critical fixes as needed).

Security Fixes:

Critical

High

Moderate

Low

New

  • Improved graphics stability for Windows users with the addition of compositor process separation (Quantum Compositor)
  • Two new 'compact' themes available in Firefox, dark and light, based on the Firefox Developer Edition theme
  • Lightweight themes are now applied in private browsing windows
  • Reader Mode now displays estimated reading time for the page
  • Windows 7+ users on 64-bit OS can select 32-bit or 64-bit versions in the stub installer

Changed

  • Updated the design of site permission requests to make them harder to miss and easier to understand
  • Windows XP and Vista are no longer supported. XP and Vista users running Firefox 52 will continue to receive security updates on Firefox ESR 52.
  • 32-bit Mac OS X is no longer supported. 32-bit Mac OS X users can switch to Firefox ESR 52 to continue receiving security updates.
  • Updates for Mac OS X are smaller in size compared to updates for Firefox 52
  • Media playback on new tabs is blocked until the tab is visible
  • The last few characters of shortened tab titles fade out instead of being replaced by ellipses to keep more of the title visible
  • New visual design for audio and video controls
  • Ended Firefox Linux support for processors older than Pentium 4 and AMD Opteron
Update:

To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...




    Tuesday, April 18, 2017

    Oracle Java Critical Security Updates Released

    java

    Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  The update contains eight (8) new security fixes for Oracle Java SE. 
    Details for the CVE's addressed in the update are available here.

    Update

    If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

    Download Information

    Download link:  Java SE 8u131

    Verify your version:  http://www.java.com/en/download/testjava.jsp

    Notes:
    • Minimally, UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras". 
    • Starting with Java SE 7 Update 21 in April 2013, all Java Applets and Web Start Applications should be signed with a trusted certificate.  It is not recommended to run untrusted/unsigned Certificates.  See How to protect your computer against dangerous Java Applets

    Critical Patch Updates

    For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
    • 18 July 2017
    • 17 October 2017
    • 16 January 2018
    • 17 April 2018

    Unwanted "Extras"

    Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

    Do the following to suppress the sponsor offers:
    1. Launch the Windows Start menu
    2. Click on Programs
    3. Find the Java program listing
    4. Click Configure Java to launch the Java Control Panel
    5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
    6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
    Java suppress sponsor offers

    Java Security Recommendations


    1)  In the Java Control Panel, at minimum, set the security to high.
    2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

    3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...




    Sunday, April 16, 2017

    "Khrystos Voskres!" Happy Easter!



    "Khrystos Voskres!"

    (Christ is Risen!)






    "Voistyno Voskres!"

    (He is Truly Risen!)






    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...




    Tuesday, April 11, 2017

    Microsoft Security Updates for April, 2017


    Today marks a red letter day for Microsoft updates.  In addition to security updates, sparking the most attention is the official release of the Windows 10 Creators Update (see the Windows Experience Blog post, What’s new in the Windows 10 Creators Update).

    Of lesser interest to many is the official "End of Life_ for Windows Vista.

    Also of note is the security guidance, Defense-in-Depth Update for Microsoft Office:
    "Microsoft has released an update for Microsoft Office that turns off, by default, the Encapsulated PostScript (EPS) Filter in Office as a defense-in-depth measure. Microsoft is aware of limited targeted attacks that could leverage an unpatched vulnerability in the EPS filter and is taking this action to help reduce customer risk until the security update is released.

    Microsoft strongly recommends against turning on the EPS filter at this time, however customers who need to turn on the EPS filter can reference KB Article 2479871."

    April Security Update Details:

    The April Microsoft updates address vulnerabilities in  Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Visual Studio for Mac, .NET Framework, Silverlight and Adobe Flash Player for Windows 8.1 and above.  Addressed in the updates are Remote Code Execution and Elevation of Privilege.  

    Microsoft has completed the change replacing security bulletins with the new Security Updates Guide.  The new guide includes the ability to view and search security vulnerability information in a single online database. The guide is described as a "portal" by the MSRC Team in Furthering our commitment to security updates. For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Information about the update for Windows 10 is available at Windows 10 update history.
     

      Additional Update Notes

      • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
      • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
      • Reminder:  Windows Vista Reaching End of Live (EoL)
      • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

      References


        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...





        Adobe Flash Player Critical Security Update

        Adobe Flashplayer

        Adobe has released Version 25.0.0.148 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

        These updates address critical vulnerabilities that could lead to code execution and potentially allow an attacker to take control of the affected system. 

        Release date: April 11, 2017
        Vulnerability identifier: APSB17-10
        CVE number: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
        Platform: Windows, Macintosh, Linux and Chrome OS

        Update:

        Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

          Verify Installation

          To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

          Do this for each browser installed on your computer.

          To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

          References



          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...








          Adobe Reader and Acrobat Critical Security Updates

          Adobe

          Adobe has released security updates for Adobe Reader and Acrobat XI for Windows and Macintosh. These updates address critical vulnerabilities including code execution, heap buffer overflow, memory corruption, integer overflow, memory corruption and, finally, vulnerabilities in the directory search path used to find resources that could lead to code execution.


          Release date: April 11, 2017
          Vulnerability identifier: APSB17-11
          CVE Numbers: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017-3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017-3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052, CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-2017-3056, CVE-2017-3057, CVE-2017-3065
          Platform: Windows and Macintosh

          Update or Complete Download

          Update checks can be manually activated by choosing Help > Check for Updates.
            Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

            Enable "Protected View"

            Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

            To enable this setting, do the following:
            • Click Edit > Preferences > Security (Enhanced) menu. 
            • Change the "Off" setting to "All Files".
            • Ensure the "Enable Enhanced Security" box is checked. 

            Adobe Protected View
            Image via Sophos Naked Security Blog

            References



            Home
            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...







            Thursday, March 30, 2017

            Windows Vista Reaching End of Live (EoL)




            Windows Vista, the operating system so many people learned to dislike. 

            Personally, I enjoyed using Windows Vista during its prime but quickly learned to appreciate the many improvements in Windows 7 and, in particular, Windows 10.

            The official RTM (Release to Manufacture) of Windows Vista was November 8, 2006.  Now, over ten years later, on Tuesday, April 11, 2017, the operating system is reaching EoL (End of Life).

            Although there may be updates included for Windows Vista with the April 11 security updates, reaching EoL means that after that date the operating system will receive no additional
            • Security updates,
            • Non-security hot-fixes,
            • Free or paid assisted support options, or
            • Online technical content updates from Microsoft.
              Although computers running the Windows Vista will continue to work, without future security updates, there may well be an increase in risk of viruses and other security threats.  In addition, signature updates for Microsoft Security Essentials are only expected to be available for a limited time.



              References:
              Home
              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...

              Tuesday, March 28, 2017

              Coming Soon: Windows 10 Creators Update (Information and Suggestions)

              Windows 10 Creators Update


              The date that has been rumored for the global release of the Windows 10 Creators Update is April 11, 2017, just two weeks away.  Although no official announcement has been made or is expected from Microsoft, with the news today that ISO files are available for Build 15063 for both PCs and phones in the Fast Ring, PCs in the Slow Ring and those on the Xbox Insider Program, it appears the rumored date may indeed be correct.

              Update:   Windows 10 Creators Update coming April 11, Surface expands to more markets

              As with the Anniversary Update last year, it is expected that the initial roll-out of the Creators Update will be slow, gradually picking up over several months.  As Gregg Keizer wrote in Microsoft paces delivery of Windows 10 upgrades,
              "According to advertising network AdDuplex, 60 days after the Aug. 2, 2016, introduction of Windows 10 1607 -- aka Anniversary Update -- just 35% of measured Windows 10 PCs were running the upgrade. By the 90-day mark, however, that number had soared to 80%, showing that Microsoft, after a purposefully slow start, had stomped on the update accelerator."
              This was confirmed by John Cable, Microsoft Director of Program Management within the Windows Servicing and Delivery (WSD) team in Providing customers with more choice and control in the Creators Update.

              Important

              💥 Having installed each of the Insider Builds, I really like the improvements in that have been made along the way.  Although I have not had any failures installing the numerous Insider Builds on my 2008 device, hardware and drivers vary from device to device.  Thus, before proceeding with the installation of the Creators Update, be sure that, minimally, all important documents, irreplaceable pictures and other files are backed up prior to installing the new version.  Ideally, create a system image before installing the update.

              💥 In the event you have Windows 10 Pro and need to delay the update, it can be deferred for up to four months.  From Settings, navigate to Update & Security.  In Windows Update, select the link for "Advanced options" and check the box for "Defer feature updates".

              💥 The installation of the Creators Update is essentially replacing the entire operating system.  As a result, all previously created System Restore points are gone since they no longer apply.  It is important after the update has completed to enable System Restore.  To do this
              1. Navigate to Control Panel\All Control Panel Items\System
              2. Select "System protection"
              3. Click your system disk and note that it is shown as "off" 
              4. Click "Configure" and select "Turn on System Protection" 
              5. Ok the change and close the windows. 

              Windows 10
              Following is a small collection of articles by various journalists providing different perspectives of what to expect in the Creators Update.  Additional articles of interest are included below in the "References".

              References:


              Home
              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...

              Mozilla Firefox Version 52.0.2 Released


              FirefoxMozilla sent Firefox Version 52.0.2 to the release channel. The update includes the fixes listed below.

              Fixes:

              • Use Nirmala UI as fallback font for additional Indic languages
              • Fix loading tab icons on session restore
              • Fix a crash on startup on Linux
              • Fix new installs erroneously not prompting to change the default browser setting

              Update

              To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                References




                Remember - "A day without laughter is a day wasted."
                May the wind sing to you and the sun rise in your heart...




                Friday, March 24, 2017

                Microsoft Released Replacement Cumulative Updates

                Microsoft Updates

                Microsoft released three replacement cumulative updates.

                There is one update each for Windows 10 version 1607 (Anniversary Update) and version 1511.  The update includes quality improvements with no new operating system features introduced.

                The third update is for Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1 and is applicable if experiencing the symptom described below.

                • Windows 10, 1607, OS Build 14393.970: KB4016635
                  • Addressed a known issue with KB4013429 that caused form display issues with CRM 2011 on Internet Explorer 11. 
                  • Addressed the issue with KB4013429 that prevents users from updating apps from Windows Store with 0x80070216 error.
                  • To get the stand-alone package for this update, go to the Microsoft Update Catalog

                • Windows 10, 1511, OS Build 10586.842: KB4016636
                  • Addressed a known issue with KB4013198 that caused form display issues with CRM 2011 on Internet Explorer 11.
                  • To get the stand-alone package for this update, go to the Microsoft Update Catalog.

                • Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1: KB4016446
                  • This update is only needed if you are experiencing an issue with forms in Microsoft Dynamics CRM 2011 not displayed correctly after KB 4013073 is installed on a Windows system that is running Internet Explorer 11.
                  • To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
                If you installed earlier updates, only the new fixes contained in the respective package will be downloaded and installed.

                The updates are also available from Windows Update.




                Home
                Remember - "A day without laughter is a day wasted."
                May the wind sing to you and the sun rise in your heart...

                Pale Moon Version 27.2.1 Released


                Pale Moon
                Pale Moon has been updated to Version 27.2.1.  The update fixes some stability and usability issues.

                Details from the Release Notes:

                    Changes/fixes:

                    • Fixed an issue with planar alpha handling (transparency) when drawing JXR images.
                    • Fixed a crash related to a change JavaScript array handling introduced in 27.2.0.
                      This became apparent with the pentadactyl extension, but could happen in other situations as well.
                    • Fixed a crash when opening ridiculously large images with HQ scaling enabled (default).
                      Pale Moon will now only apply HQ scaling for images within reasonable limits (64 Mpix or smaller). Images larger than that may not display properly when zooming in, or may not display at all, even scaled down (e.g. >256 Mpix large) and show a "broken image" placeholder instead; please use dedicated image viewer applications for those kinds of images; it is outside the scope of a web browser to handle such large images.
                    • Changed the way URL hashes are handled, and will no longer %-decode anchor hash identifiers by default.
                      Note that this is against RFC 3986, which states that any part of the URL scheme that isn't data should be decoded.
                      This is required for web compatibility because several sites use hash links to pass actual data to web applications (Please don't do this! Hashes ar part of the URL address, should only consist of "safe" characters, and aren't suited to pass arbitrary data) and the most common browsers no longer follow the RFC in that respect.
                      If you want RFC compliance, switch dom.url.getters_decode_hash to true
                    • Restored 2 RSA Camellia cipher suites that were missing: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA and TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
                    • Fixed an issue with custom toolbars getting deleted during upgrade from 27.0/27.1 to 27.2

                      Minimum system Requirements (Windows):
                      • Windows Vista/Windows 7/8/10/Server 2008 or later
                      • Windows Platform Update (Vista/7) strongly recommended
                      • A processor with SSE2 instruction support
                      • 256 MB of free RAM (512 MB or more recommended)
                      • At least 150 MB of free (uncompressed) disk space
                      Pale Moon includes both 32- and 64-bit versions for Windows:

                      Update

                      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...


                      Monday, March 20, 2017

                      Microsoft Released Replacement Cumulative Update



                      Microsoft released a new cumulative update for PCs running the "Anniversary Update, Version 1607.  KB4015438 replaces KB4013429 and is a quality improvement update and does not include any new features.

                      Key changes include:
                      • Addressed a known issue with KB4013429 that caused Windows DVD Player (and 3rd party apps that use Microsoft MPEG-2 handling libraries) to crash.

                      • Addressed a known issue with KB4013429, that some customers using Windows Server 2016 and Windows 10 1607 Client with Switch Embedded Teaming (SET) enabled might experience a deadlock or when changing the physical adapter’s link speed property. This issue is most commonly seen as a DPC_WATCHDOG_VIOLATION or when verifier is enabled a VRF_STACKPTR_ERROR is seen in the Memory dump.
                      If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed.

                      The update is available from Windows Update.  The standalone package is available in the Microsoft Update Catalog.




                      Home
                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...

                      Saturday, March 18, 2017

                      Pale Moon Version 27.2 Released with Security Updates


                      Pale Moon
                      Pale Moon has been updated to Version 27.2.  The update focuses on back-end improvements and security. Included in the updates are DiD* patches.
                      *DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
                      Details from the Release Notes:

                      Security and Privacy Changes:
                      • Added support for 256-bit AES-GCM encryption.
                      • Added support for ChaCha20-Poly1305 encryption.
                      • Removed support for Camellia-GCM since nobody seems interested in it.
                        (Camellia in 128/256-bit CBC block mode is still fully supported).
                      • Added support for SHA-224, SHA-256, SHA-384 and SHA-512 to Crypto utils.
                      • Improved status handling of secure sites to be less sensitive to "insecure" items that are local.
                      • Fixed print preview hijacking. (CVE-2017-5421)
                      • Fixed a potentially exploitable crash in OnStartRequest. (CVE-2017-5416)
                      • Fixed potential cross-origin content-stealing through a timing attack. (CVE-2017-5407) DiD
                      • Fixed a denial-of-service problem with view-source. (CVE-2017-5422)
                      • Fixed crash in directional controls. (CVE-2017-5413)
                      • Fixed a perceived problem with chrome manifests. (CVE-2017-5427)
                      • Fixed the use of an uninitialized value. (CVE-2017-5405)
                      • Fixed a buffer overflow. (CVE-2017-5412)
                      • Fixed a UAF situation. (CVE-2017-5403)
                      • Fixed a potential spoofing issue with the address bar. (CVE-2017-5417)
                      • Fixed a potential issue in libvpx. (CVE-2017-5402) DiD
                      • Fixed a potential issue with HTTP auth. (CVE-2017-5418)
                      • Fixed several memory safety hazards and potentially exploitable crashes. DiD
                          Changes/fixes:
                          • Updated the ICU lib to 58.2 to fix a number of issues.
                          • Added proper control for the user for offline storage for web applications.
                          • Added a check to prevent auto-filled URLs from copying the auto-filled selection to clipboard/primary.
                          • Added the feature to pass a URL to open in a private window from the command-line.
                          • Improved the display of the downloads indicator on the button in bright-text situations.
                          • DOM storage now honors the "3rd party cookie" setting in that it will not allow 3rd party data to be stored if 3rd party cookies are disallowed.
                          • Allowed toolbar button badges to be properly styled.
                          • Updated the hunspell spellchecking library to 1.6.0 to fix a number of issues.
                          • Fixed desktop notifications being off-screen if fired in rapid succession.
                          • Added Element.insertAdjacentElement and Element.insertAdjacentText DOM functions.
                          • Added support for JPEG-XR images.
                            This makes Pale Moon have the broadest support for image formats of all web browsers.
                            (enabled by default; you can disable this with media.jxr.enabled).
                          • Completely removed the use of GStreamer on Linux.
                          • Added support for element.innerText.
                          • Custom toolbars should now properly remember their state.
                          • Fixed some more playback issues with MP4/MSE videos.
                            Please be aware that we are still working on further improving MSE video handling.
                          • Changed media processing to reduce dangerous processing asynchronicity.
                            This should also make media elements and playback more responsive.
                          • Fixed a useragent string regression always displaying the minor Goanna version as .0
                          • Updated NSPR to 4.13.1.
                          • Updated NSS to 3.28.3-RTM.
                          • Fixed unrestricted icon sizes in PMkit buttons.
                          • Fixed unresponsive buttons on support page when not building the updater.
                          • Fixed the use of "View image" and "Save image as" on extremely large images.
                          • Changed the way "View Image" and "Save image as" work on canvas elements.
                          • Made checking for dangerously large resolution PNG images smarter.
                            It will now accept larger "strip"-aspect ratio images while reducing unsupported large image resolutions.
                            This will e.g. fix Gmail's "emoji" window that uses a ridiculously long but very narrow single image to store all the emoticon pictures.
                          • Converted several hard-coded URLs to preferences.
                          • Updated the google.com override so it would not cripple services based on UA sniffing.
                          • Added Inner and Outer Window ID administration.
                          • Fixed the add-on discovery pane detection.
                          • Added support for canvas ellipse.
                          • Improved drawing of certain MathML elements at problematic zoom levels.
                          • No longer building gamepad support.
                          • Updated Harfbuzz font shaper to 1.4.3 to fix a number of issues.
                          • Fixed a number of crashes (layout, plugins, uncommon navigation, bad URLs).
                          • Aligned SVG specular filters with the spec.
                          Minimum system Requirements (Windows):
                          • Windows Vista/Windows 7/8/10/Server 2008 or later
                          • Windows Platform Update (Vista/7) strongly recommended
                          • A processor with SSE2 instruction support
                          • 256 MB of free RAM (512 MB or more recommended)
                          • At least 150 MB of free (uncompressed) disk space
                          Pale Moon includes both 32- and 64-bit versions for Windows:

                          Update

                          To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                          Remember - "A day without laughter is a day wasted."
                          May the wind sing to you and the sun rise in your heart...


                          Mozilla Firefox Version 52.0.1 Released with One Critical Security Update


                          FirefoxMozilla sent Firefox Version 52.0.1 to the release channel. The update includes one (1) Critical security update.

                          Security Fix:



                          Critical

                            Update

                            To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                              References




                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...




                              Tuesday, March 14, 2017

                              Adobe Shockware Player Security Update

                              Shockwave Player Adobe has released a critical security update for Adobe Shockwave Player which update address an important vulnerability that could potentially lead to escalation of privilege.

                              Although I have yet to need Shockwave Player on this computer, there are still many people who use it.  If you have Shockwave Player installed, please update to the latest version.

                              Release date: March 14, 2017
                              Vulnerability identifier: APSB17-08

                              CVE number: CVE-2017-2983
                              Platform: Windows

                              The newest version 12.2.8.198 is available here: http://get.adobe.com/shockwave/.  As usual, watch for any pre-checked add-ons not needed for the update.

                              References


                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...


                              Microsoft Security Updates for March, 2017


                              After the last minute issue that resulted in the postponement of the February updates, security updates have been released for March.

                              Although this was to be the start of replacing security bulletins with the new Security Updates Guide, security bulletins were also published this month to provide extra time to prepare for the transition. The new guide includes the ability to view and search security vulnerability information in a single online database. The guide is described as a "portal" by the MSRC Team in Furthering our commitment to security updates.

                              March Security Update Details:

                              Microsoft released seventeen (17) bulletins.  Nine (9) bulletins are identified as Critical and eight (8) rated Important in severity

                              The updates address vulnerabilities in Microsoft Windows, Microsoft Edge, Internet Explorer, Microsoft Office, Skype for Business, Microsoft Lync, Microsoft Silverlight, Microsoft Server Software, Microsoft Communications Platforms and Software, Microsoft Exchange and Adobe Flash Player for Windows 8.1 and above. 

                              Addressed in the updates are Remote Code Execution, Information Disclosure and Elevation of Privilege.

                              Information about the update for Windows 10 is available at Windows 10 update history.
                               
                              Critical:
                              • MS17-006 -- Cumulative Security Update for Internet Explorer (4013073)
                              • MS17-007 -- Cumulative Security Update for Microsoft Edge (4013071)
                              • MS17-008 -- Security Update for Windows Hyper-V (4013082)
                              • MS17-009 -- Security Update for Microsoft Windows PDF Library (4010319)
                              • MS17-010 -- Security Update for Microsoft Windows SMB Server (4013389)
                              • MS17-011 -- Security Update for Microsoft Uniscribe (4013076) 
                              • MS17-012 -- Security Update for Microsoft Windows (4013078)
                              • MS17-013 -- Security Update for Microsoft Graphics Component (4013075)
                              • MS17-023 -- Security Update for Adobe Flash Player (4014329) 
                              Important:
                              • MS17-014 -- Security Update for Microsoft Office (4013241)
                              • MS17-015 -- Security Update for Microsoft Exchange Server (4013242) 
                              • MS17-017 -- Security Update for Windows Kernel (4013081)
                              • MS17-018 -- Security Update for Windows Kernel-Mode Drivers (4013083)
                              • MS17-019 -- Security Update for Active Directory Federation Services (4010320)
                              • MS17-020 -- Security Update for Windows DVD Maker (3208223)
                              • MS17-021 -- Security Update for Windows DirectShow (4010318)
                              • MS17-022 -- Security Update for Microsoft XML Core Services (4010321)      

                                Additional Update Notes

                                • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
                                • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
                                • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

                                References


                                  Remember - "A day without laughter is a day wasted."
                                  May the wind sing to you and the sun rise in your heart...