Tuesday, June 23, 2015

Out of Band Critical Adobe Flash Player Update

Adobe Flashplayer

Adobe has released Version 18.0.0.194 of Adobe Flash Player for Windows and Macintosh to address a critical vulnerability that is being exploited in limited, targeted attacks. 

Version information for Linux and the Extended Release is available in the Release Notes.

Release date: June 23, 2015
Vulnerability identifier: APSB15-14
Priority: See table below
CVE number: CVE-2015-3113
Platform: Windows, Macintosh and Linux

Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 18.0.0.194.
  • Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.296.
  • Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.486.
  • Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x and Windows 10 TP, will automatically update to the current version.

Flash Player Update Instructions

It is recommended that you either use the auto-update mechanism within the product when prompted or the direct download links.  The problem with the auto-update mechanism is that it can take a few days to finally provide the update and up to a week if using the "Notify me to install updates" setting.

Flash Player Auto-Update

The update settings for Flash Player versions 10.3 and above can found in the Advanced tab of the Flash Player Settings Manager.  The locations are as follows:
  • Windows: click Start > Settings > Control Panel > Flash Player
  • Macintosh: System Preferences (under Other) click Flash Player
  • Linux Gnome: System > Preferences > Adobe Flash Player
  • Linux KDE: System Settings > Adobe Flash Player
Also note that the Flash Player Settings Manager is where to manage local settings.

Flash Player Direct Download Links

Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras.

    Notes:
    • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
    • Uncheck any toolbar offered with Adobe products if not wanted.
    • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
    • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

    References






    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Wednesday, June 10, 2015

    Pale Moon 25.5.0 Released with Security Updates

    Pale Moon

    Pale Moon has been updated to version 25.5 and includes numerous fixes/changes as well as security updates.


    Security fixes:
    • Fixes for miscellaneous memory safety hazards (relevant and applicable fixes from CVE-2015-2708 and CVE-2015-2709)
    • DiD (defense-in-depth) fix to prevent potential overflows in CSS restyling
    • Fix for updater hijacking (CVE-2015-2720)
    • Fix to prevent potential disclosure of sensitive information in Android logs (CVE-2015-2714)
    • Fix for a buffer overflow in the XML parser (CVE-2015-2716)
    • Fix for a potentially exploitable crash in DNS handling
    Fixes/changes:


    A complete list of the fixes, changes and additions is available in the Release Notes. Some of the changes that may be of particular interest to users are as follows:
    • Logjam fix: Refuse DHE keys with less than 1024 key bits
    • Search plugin updates to re-enable Google suggestions and reduce tracking (Squarefractal)
    • Added a preference for always preferring a certain dictionary language.
      To use this, create a new preference spellchecker.dictionary.override (string) and set it to your language code.
    • Updated SQLite to version 3.8.10.1
    • Changed the after-upgrade page loaded to the release notes instead of the home page (and hoping people actually do take a moment to read them, preventing unnecessary support requests).
    • Reorganized the AppMenu (give equal ease for windowed and tabbed browsing, deprioritize Sync)

      Minimum system Requirements (Windows):
      • Windows Vista/Windows 7/Windows 8/Server 2008 or later
      • A processor with SSE2 support
      • 256 MB of free RAM (512 MB or more recommended)
      • At least 150 MB of free (uncompressed) disk space
      Pale Moon includes both 32- and 64-bit versions for Windows:
      Other versions:

        Update

        To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.



        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...








        Tuesday, June 09, 2015

        Microsoft Security Bulletin Release for June 2015


        Microsoft released eight (8) bulletins.  Two (2) bulletins are identified as Critical and the remaining six (6) are rated Important in severity.

        The updates address vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer and Microsoft Exchange Server.  Details about the CVEs can be found in the below-referenced TechNet Security Bulletin.

        Also released was one new Security Advisory:
        One Security Advisory was revised for Windows 8.x:

        Critical:
        • MS15-056 -- Cumulative Security Update for Internet Explorer (3049563)
        • MS15-057 -- Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890)
        Important:
        • MS15-059 -- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)
        • MS15-060 -- Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)
        • MS15-061 -- Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)
        • MS15-062 -- Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)
        • MS15-063 -- Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)
        • MS15-064 -- Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)

        Additional Update Notes

        • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 

        • Internet Explorer -- For additional information about the blocking of out-of-date ActiveX controls see the TechNet article, Out-of-date ActiveX control blocking.  Additional changes introduced this month include the blocking of outdated Silverlight.  Additional information is available in the IE Blog.

        • Windows 8.x -- Non-security new features and improvements for Windows 8.1 are now included with the second Tuesday of the month updates.  Additional information about this change is available here.

        • Windows XP -- Although Microsoft has stopped providing Microsoft Security Essentials for Windows XP, definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.  The MSRT still works on Windows XP.

        References




          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...









          Adobe Flash Player and AIR Security Updates

          Adobe Flashplayer

          Adobe has released Version 18.0.0.160 of Adobe Flash Player for Windows and Macintosh.  Version information for Linux and the Extended Release is available in the Release Notes.

          These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.  Details of the vulnerabilities are included in the below-referenced Security Bulletin.

          New Features are documented in the Release Notes, referenced below.  Of interest to many will be the Improved Flash Player Install Process:
          "With Flash Player 18, in the vast majority of cases, the installer will no longer display a dialog to shut down the currently running browsers or applications that are using Flash Player! 

          Once the installation is completed, you will be notified that the browser may need to be restarted to use the newly installed version. This requirement depends on your browser’s ability to see the new version.  Either way, Flash will continue to work and you can easily force the new version to appear by simply restarting your browser when it’s convenient for you."

          Release date: June 10, 2015
          Vulnerability identifier: APSB15-11
          CVE number: CVE-2015-3096, CVE-2015-3097, CVE-2015-3098, CVE-2015-3099, CVE-2015-3100, CVE-2015-3101, CVE-2015-3102, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107, CVE-2015-3108
          Platform: All Platforms
          • Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 18.0.0.160.  The current version of Adobe AIR is 18.0.0.144.
          • Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.292.
          • Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.466.
          • Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to the current version.
          • The latest version of Adobe AIR for Android is 17.0.0.143 and earlier versions, available by downloading it from the Android Marketplace by browsing to it on a mobile phone.   

          Flash Player Update Instructions

          It is recommended that you either use the auto-update mechanism within the product when prompted or the direct download links.  The problem with the auto-update mechanism is that it can take a few days to finally provide the update and up to a week if using the "Notify me to install updates" setting.

          Flash Player Auto-Update

          The update settings for Flash Player versions 10.3 and above can found in the Advanced tab of the Flash Player Settings Manager.  The locations are as follows:
          • Windows: click Start > Settings > Control Panel > Flash Player
          • Macintosh: System Preferences (under Other) click Flash Player
          • Linux Gnome: System > Preferences > Adobe Flash Player
          • Linux KDE: System Settings > Adobe Flash Player
          Also note that the Flash Player Settings Manager is where to manage local settings.

          Flash Player Direct Download Links

          Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras.

            Notes:
            • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
            • Uncheck any toolbar offered with Adobe products if not wanted.
            • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
            • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.

            Verify Installation

            To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

            Do this for each browser installed on your computer.

            To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

            References






            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...


            Tuesday, June 02, 2015

            Mozilla Firefox 38.0.5 Released with Minor Additions/Fixes


            Firefox
            Mozilla sent Version 38.0.5 to the release channel.  This is a minor update that includes a couple of fixes and the integration of the  "Pocket" add-on.  An existing Pocket account or a Firefox account is required to use the feature. 

            What’s New

            • New -- Keep track of articles and videos with Pocket
            • New -- Clean formatting for articles and blog posts with Reader View
            • New -- Share the active tab or window in a Hello conversation
            • Fixed -- A race condition that would cause Firefox to stop painting when switching tabs (bug 1067470)
            • Fixed -- Fixed graphics performance when using the built-in VGA driver on Windows 7 (Bug 1165732)

            Known Issues

            • unresolved -- Responsive images do not update when the enclosing viewport changes

            Update

            To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

            References

            Home
            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...