Friday, December 16, 2016

Pale Moon Version 27.0.3 Released with Security Updates


Pale Moon
Pale Moon has been updated to Version 27.0.3.  The update addresses a number of bugs and regressions with the new milestone release as well as security updates.  Included in the updates are DiD* patches.
*DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
Details from the Release Notes:

Security and Crash fixes:
  • Fixed use-after-free while manipulating DOM events and removing audio elements (CVE-2016-9899).
  • Fixed CSP bypass using the marquee tag (CVE-2016-9895).
  • Fixed a vulnerability in the internal Jetpack modules (CVE-2016-9903). DiD
  • Fixed use-after-free in Editor while manipulating DOM subtrees (CVE-2016-9898).
  • Fixed an error in the buffer logic in http-chunked decoder.
  • Fixed a crash in generational GC code (not in use by default) DiD
  • Fixed a compartment mismatch bug in plug-in code
  • Fixed a crash trying to get a nonexistent property.
  • Improved MediaRecorder's observer safety.
  • Fixed a crash related to document history.
      Changes/fixes:
      • Fixed certain network errors not displaying.
      • Fixed network error page styling.
      • Fixed the writing of DOM storage data to tabs (should solve the "tabs not loading their contents" issue when migrating a profile and some other situations).
      • Disabled downloadable font unicode-ranges on non-Windows platforms.
      • Added a Google Fonts user-agent override for non-Windows platforms so they don't send unicode-ranged composite fonts (Feature detection? Google apparently still doesn't know what that is).
      • Re-enabled the reporting of CSS errors to the console by default to prevent issues with some extensions who rely on this (e.g. Stylish).
      • Fixed and updated preferences for location bar suggestions.
      • Fixed several x64-specific issues in memory allocation code (regression fix).
      • Fixed timer issues when resuming a computer from stand-by (regression fix).
      • Fixed a number of branding and textual issues in the browser.
      • Fixed prompting for the saving of off-line data (previously always allowed without prompting).
      • Fixed a layout regression that would cause block elements following left floats to not wrap to the next line if there wasn't enough clearance.
      • Fixed a mismatch in Firefox extension compatibility-mode installation where Firefox extensions served by addons.mozilla.org would be marked incompatible when trying to install.
      Minimum system Requirements (Windows):
      • Windows Vista/Windows 7/8/10/Server 2008 or later
      • Windows Platform Update (Vista/7) strongly recommended
      • A processor with SSE2 instruction support
      • 256 MB of free RAM (512 MB or more recommended)
      • At least 150 MB of free (uncompressed) disk space
      Pale Moon includes both 32- and 64-bit versions for Windows:

      Update

      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Tuesday, December 13, 2016

      Mozilla Firefox Version 50.1.0 Released with Critical Security Updates


      FirefoxMozilla sent Firefox Version 50.1.0 to the release channel today.  The update includes four (4) Critical, six (6) High and three (3) Moderate updates.  No additional changes are indicated in the release notes.  Firefox ESR was updated to version 45.6.0.

      The next scheduled release is January 23, 2017 (5 week cycle with release for critical fixes as needed).

      Security Fixes:


      Critical
      High

      Moderate

      Update

      To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

        References




        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...




        Microsoft Security Bulletin Release for December, 2016


        As this is the second Tuesday of the month, there will be one security monthly rollup for Windows 7 and 8.1 as well as Server 2008 and 2012.  The details of the updates included are listed below.

        Reminder:  After the January 2017 Update Tuesday release, bulletins will be eliminated and the information will only be available from the new Security Updates Guide which includes the ability to view and search security vulnerability information in a single online database. The guide is described as a "portal" by the MSRC Team in Furthering our commitment to security updates.

        December Security Update Details:

        Microsoft released twelve (12) bulletins.  Six (6) bulletins are identified as Critical and six (6) rated Important in severity

        The updates address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Microsoft Office Services and Web Apps, .NET Framework and Adobe Flash Player for Windows 8.1 and above. 

        Addressed in the updates are Remote Code Execution, Elevation of Privilege and Information Disclosure.

        Information about the update for Windows 10 is available at Windows 10 update history with #KB3206632 for 1607, #KB3205386 for 1511 and #KB3205853 for RTM. 

        Critical:
        • MS16-144 -- Cumulative Security Update for Internet Explorer (3204059)
        • MS16-145 -- Cumulative Security Update for Microsoft Edge (3204062)
        • MS16-146 -- Security Update for Microsoft Graphics Component (3204066)
        • MS16-147 -- Security Update for Microsoft Uniscribe (3204063)
        • MS16-148 -- Security Update for Microsoft Office (3204068)
        • MS16-154 -- Security Update for Adobe Flash Player (3209498)
        Important:
        • MS16-149 -- Security Update for Microsoft Windows (3205655)
        • MS16-150 -- Security Update for Secure Kernel Mode (3205642)
        • MS16-151 -- Security Update for Windows Kernel-Mode Drivers (3205651)
        • MS16-152 -- Security Update for Windows Kernel (3199709)
        • MS16-153 -- Security Update for Common Log File System Driver (3207328)
        • MS16-155 -- Security Update for .NET Framework (3205640) 

          Additional Update Notes

          • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows 10 Version 1511, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
          • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
          • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

          References


            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...





            Adobe Flash Player and AIR Critical Security Update Released

            Adobe Flashplayer

            Adobe has released Version 24.0.0.186 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

            These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Note in particular that an exploit for CVE-2016-7892 exists in the wild, and is being used in limited, targeted attacks against users running Internet Explorer (32-bit) on Windows.

            Release date: December 13, 2016
            Vulnerability identifier: APSB16-39
            CVE number: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892
            Platform: Windows, Macintosh, Linux and Chrome OS

            Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras. 

              Notes:
              • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
              • Uncheck any toolbar offered with Adobe products if not wanted.
              • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
              • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.

              Verify Installation

              To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

              Do this for each browser installed on your computer.

              To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

              References




              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...








              Thursday, December 08, 2016

              Malwarebytes Version 3.0 Released


              Malwarebytes Version 3.0, announced as a public beta one month ago, has officially been released.

              Malwarebytes Premium subscribers will be pleased to learn that in addition to the anti-malware product, Version 3.0 of Malwarebytes also includes Malwarebytes Anti-Exploit and Malwarebytes Anti-Ransomware.  With that combination, new subscription purchases for Malwarebytes Premium will be $39.99 per computer per year, a savings of $9.91 and about 33% less than the average traditional antivirus license.

              Due to the layered defense built into Malwarebytes 3.0, Malwarebytes (MBAM) Premium subscribers have the option of keeping their traditional anti-virus software program or they can uninstall it and just run MBAM.  MBAM 3.0 is compatible with all major antivirus software, including Windows Defender and Microsoft Security Essentials. 

              Malwarebytes Anti-Malware users with a perpetual subscription are grandfathered and users of the free versions need not worry, all three programs remain available as free stand-alone versions.

              A Few of the Changes and Improvements:

              • Although the new version retains the protective capabilities of Malwarebytes Anti-Malware v.2.x along with the efficacy of the web modules, Version 3.0 is a complete rewrite and re-architecting of the earlier Malwarebytes Anti-Malware v.2.x.
              • You'll notice a major improvement in scan time.  A threat scan on my Windows 10 Pro, Version 1607 with MBAM v2.x took 32 minutes, 45 seconds to scan 358,337 objects. On Windows 10 Pro Insider Preview Build 14971, it only took 21 minutes, 22 seconds to scan 434,652 objects.  That was ten minutes less for almost 100,000 more objects with MBAM v3.0!
              • Updates should be applied automatically according to the setting located on the Settings > Protection tab and should only alert you if there is an issue.
              • The Scan Schedule can be a changed or additional scans scheduled from Scan Schedule.
              • The Reports section includes all Scan Reports and any Real-time Detection / Block events. IP blocks will be in the Reports area entitled ‘Website Blocked’ report Malware files blocked will be in the Reports area entitled 'Malware Blocked'.  The Protection Logs, which merely provided a list of the application and event actions for the day have been removed.  Thus, only Scan and Block reports are included in the Reports section.

              System Requirements:  Malwarebytes Version 3.0 is supported on all versions from Windows XP to the latest Windows 10.  Note, however, that the Anti-Ransomware technology is only enabled on Windows 7 or higher.

              Update:

              Malwarebytes 3.0 can be installed over the top of your exist Malwarebytes programs.  If you do not want to wait for the upgrade to be offered, you can download and run the installer from https://www.malwarebytes.com/ (direct download link here)  Malwarebytes 3.0 will automatically remove the old Anti-Malware, Anti-Exploit and Anti-Ransomware and upgrade them all to Malwarebytes 3.0. 

              References:




              Home
              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...

              Friday, December 02, 2016

              Pale Moon Version 27.0.2 Releaed as DiD


              Pale Moon
              Pale Moon has been updated to Version 27.0.2, released as a DiD* patched update that fixes the crash at the root of CVE-2016-9079.  The update also includes usability fixes.
              *DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
              Details from the Release Notes:


                Security fix:
                • Fixed a crash in SVG, related to CVE-2016-9079, as a defense-in-depth measure.
                  Usability Fixes:
                  • Enabled Firefox Compatibility mode by default for the useragent string.
                    Unfortunately too many websites (and especially the big players who should know better like Google, Apple and Microsoft) still require the "we must pretend to be Firefox if we want this site to work" status quo to be maintained, because people still insist on using useragent sniffing to determine "browser features", or even worse, discriminate against free choice of browser by flat-out refusing service (I'm looking at you, banking industry and cloud services!) when visiting websites just because companies don't want to provide assistance to any but users on the main 3.
                    HTML offers plenty of ways to do proper feature detection; site owners should use them.
                    Seriously people, it was a bad idea 20 years ago, and it's a worse idea in 2016.
                  • The built-in devtools are back, and with a facelift!
                    Thanks to some consistent community help, the built-in devtools, sorely missed by a number of our users, are back. They've received a code and style update and should be fully functional on the new platform. This was originally planned for 27.1, but it was decided to include this as soon as possible, not in the least to assist extension developers in their efforts to adapt to Pale Moon 27.
                  Minimum system Requirements (Windows):
                  • Windows Vista/Windows 7/8/10/Server 2008 or later
                  • Windows Platform Update (Vista/7) strongly recommended
                  • A processor with SSE2 instruction support
                  • 256 MB of free RAM (512 MB or more recommended)
                  • At least 150 MB of free (uncompressed) disk space
                  Pale Moon includes both 32- and 64-bit versions for Windows:

                  Update

                  To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...


                  Wednesday, November 30, 2016

                  Mozilla Firefox Version 50.0.2 Released to Address Critical Zero-Day Vulnerability


                  FirefoxMozilla sent Firefox Version 50.0.2 to the release channel today to address a critical zero-day vulnerability in the wild.  Firefox ESR was updated to version 45.5.1.

                  The next scheduled release is December 13, 2016 (5 week cycle with release for critical fixes as needed).

                  Critical
                  Additional information about the vulnerability is available in Vulnerability Note VU#791496, "Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability".

                  Note:  As explained in the Pale Moon forum announcement, although significantly diverted from Mozilla development, the question arose as to whether Pale Moon is also vulnerable.  After evaluation, it was reported that it is extremely unlikely that Pale Moon is vulnerable to this exploit.

                  Update via Twitter message from PaleMoon:
                  "Despite this, we'll still be releasing a DiD patched update on Dec 2nd that fixes the crash at the root of this."

                  Update

                  To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                    References




                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...




                    Monday, November 28, 2016

                    Mozilla Firefox Version 50.0.1 Released with Critical Security Update


                    FirefoxMozilla sent Firefox Version 50.0.1 to the release channel today.  The update includes one (1) critical security update affecting Firefox versions 49 and 50.  Firefox ESR is not affected.  Also included in the update is a bugfix.

                    The next scheduled release is December 13, 2016 (5 week cycle with release for critical fixes as needed).

                    Critical

                    Fixed

                    • Firefox crashes with 3rd party Chinese IME when using IME text

                    Update

                    To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                      References




                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...




                      Tuesday, November 22, 2016

                      Pale Moon Version 27.0.0 Released


                      Pale Moon
                      Pale Moon has been updated to Version 27.0.0. This is a major release, eight months in development.

                      Update:  Version 27.0.1 was released to fix some of the issues that popped up with the new milestone.

                      As explained in the Release Notes, Version 27 is a full upgrade of the back-end platform.  This means that many things work different "under the hood".  As a result, you may run into a number of extension compatibility issues and may wish to run the v27 Compatibility Checking Tool.  Also note the "Removed/support features" in the Release Notes.

                      Edit Note:   If you are having problems with the upgrade, see Some known issues when upgrading to Pale Moon 27.


                      Details from the Release Notes:

                      Security highlights:
                      • All relevant security fixes up to and including Firefox 50 have been ported across from Mozilla to continue to provide an as secure as possible browser.
                      • Several libraries have been updated to their latest versions to pick up any important vulnerability fixes.
                      • There's a new option and control to determine whether to save zone information (marking files as "downloaded from the Internet") on downloaded files (Windows+NTFS). You can find this in Options.
                      New and updated features:
                      • Support for DirectX 11 and Direct2d 1.1 on Windows. This will bring Pale Moon more in line with the capabilities for current-day operating systems and graphics hardware.
                      • Update of the Goanna engine to 3.0 - with many changes to layout and rendering for the modern web.
                      • Pale Moon now fully supports HTTP/2.
                      • Ruby Annotations are now an integral part of the HTML parser, controllable with CSS.
                      • Media Source Extensions have been implemented to solve many video playback issues.
                        This can be enabled/disabled and configured in Options. It's recommended at this time to not enable MSE for WebM since there are a few issues with it on services like YouTube (e.g. losing audio when looping/skipping).
                      • Support for reading and playing so-called "fragmented" MP4 files has been added, further solving media playback issues.
                      • Support for SSL/TLS connections to proxy servers.
                      • Support for the WOFF2 font format for downloadable fonts.
                      • The JavaScript engine has been updated with support for many landmark ECMAScript6 features (chief among them promises and generators). This will solve many of the web compatibility issues that people have started to run into in the past few months (e.g. webmail interfaces, some sites coming up blank because they are script-generated).
                      • The way web content is cached has been changed to be more efficient. If you want to immediately take advantage of this, clear your cache.
                      Minimum system Requirements (Windows):
                      • Windows Vista/Windows 7/8/10/Server 2008 or later
                      • Windows Platform Update (Vista/7) strongly recommended
                      • A processor with SSE2 instruction support
                      • 256 MB of free RAM (512 MB or more recommended)
                      • At least 150 MB of free (uncompressed) disk space
                      Pale Moon includes both 32- and 64-bit versions for Windows:

                      Update

                      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...


                      Tuesday, November 15, 2016

                      Mozilla Firefox Version 50.0 Released With an Abundance of Security Updates


                      FirefoxMozilla sent Firefox Version 50.0 to the release channel today.  The update includes a very large set of security fixes, comprising three (3) Critical, twelve (12) High, ten (10) Moderate and (2) low security updates.  Also included in the release are new, fixed and changes.

                      The next scheduled release is December 13, 2016 (5 week cycle with release for critical fixes as needed).

                      Firefox ESR will continue to ship point releases on the same day that Firefox ships and can be downloaded from here. The ESR version was updated to 45.5.0.

                      Security Fixes:



                      Critical


                      High


                      Moderate

                      Low

                      Firefox Version 50 New, Fixed & Changed:

                      New

                      • Updates to keyboard shortcuts
                        • Set a preference to have Ctrl+Tab cycle through tabs in recently used order
                        • View a page in Reader Mode by using Ctrl+Alt+R (command+alt+r on Mac)
                      • Added option to Find in page that allows users to limit search to whole words only
                      • Added Guarani (gn) locale
                      • Increased availability of WebGL to more than 98 percent of users on Windows 7 and newer
                      • Added download protection for a large number of executable file types on Windows, Mac and Linux
                      • Improved performance for SDK extensions or extensions using the SDK module loader
                      • Playback video on more sites without plugins with WebM EME Support for Widevine on Windows and Mac

                      Fixed

                      • Fixed rendering of dashed and dotted borders with rounded corners (border-radius)

                      Changed

                      • Added a built-in Emoji set for operating systems without native Emoji fonts (Windows 8.0 and lower and Linux)
                      • Blocked versions of libavcodec older than 54.35.1

                        Update

                        To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                          References




                          Remember - "A day without laughter is a day wasted."
                          May the wind sing to you and the sun rise in your heart...




                          Friday, November 11, 2016

                          Lest We Forget

                          Whether you call it Veteran's Day, Armistice Day or Remembrance Day, November 11th is a time to put aside politics and pay tribute to all who died for their country.  It is also a perfect time to thank the Veterans in whatever country you live in. 

                          As in previous years, I am republishing my friend Canuk's last tribute and, once again, adding a special thank you to my friends "Phantom Phixer" and "Ghost".

                          The comment Canuk posted provides one example of why he was a special person:
                          "I too "will remember your friends who never had a full life", while thanking you and your comrades who have served with pride, honesty and honour.

                          Despite anyone's thoughts of the current conflict in Iraq - opposition or agreement, we must always remember that these brave young men and women are fighting for a cause they also may or may not agree with. The huge difference between them and us is that they are putting their lives on the line 24/7 while we sit in our homes in comfort, using the freedom of speech previous warriors won for us, and for that they deserve our love, respect, and support."
                          LEST WE FORGET




                          We Shall Keep the Faith by Moira Michael, November 1918
                          Oh! you who sleep in Flanders Fields, Sleep sweet - to rise anew! We caught the torch you threw And holding high, we keep the Faith With All who died. We cherish, too, the poppy red That grows on fields where valor led; It seems to signal to the skies That blood of heroes never dies, But lends a lustre to the red Of the flower that blooms above the dead In Flanders Fields. And now the Torch and Poppy Red We wear in honor of our dead. Fear not that ye have died for naught; We'll teach the lesson that ye wrought In Flanders Fields. Flags courtesy of3DFlags.com








                          Remember - "A day without laughter is a day wasted."
                          May the wind sing to you and the sun rise in your heart...

                          Tuesday, November 08, 2016

                          Microsoft Security Bulletin Release for November, 2016


                          As this is the second Tuesday of the month, there will be one  security monthly rollup for Windows 7 and 8.1 as well as Server 2008 and 2012.  The details of the updates included are listed below.

                          Another change available this month is a preview of the new Security Updates Guide. Instead of publishing bulletins to describe related vulnerabilities, the "Security Updates Guide" includes the ability to view and search security vulnerability information in a single online database.  After the January 2017 Update Tuesday release, bulletins will be eliminated and the information will only be available from the new Security Updates Guide.

                          The guide, described as a "portal" by the MSRC Team in Furthering our commitment to security updates, includes the following features:
                          • Sort and filter security vulnerability and update content, for example, by CVE, KB number, product, or release date.
                          • Filter out products that don’t apply to you, and drill down to more detailed security update information for products that do.
                          • Leverage a new RESTful API to obtain Microsoft security update information. This eliminates the need for you to employ outdated methods like screen-scraping of security bulletin web pages to assemble working databases of necessary and actionable information.

                          November Security Update Details:

                          Microsoft released fourteen (14) bulletins.  six (6) bulletins are identified as Critical and eight (8) rated Moderate in severity

                          The updates address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Microsoft Office Services and Web Apps, Microsoft SQL Server and Adobe Flash Player for Windows 8.1 and above. 

                          Addressed in the updates are Remote Code Execution, Elevation of Privilege and Security Feature Bypass.

                          Information about the update for Windows 10 is available at Windows 10 update history.

                          Critical:
                          • MS16-129 -- Cumulative Security Update for Microsoft Edge (3199057)
                          • MS16-130 -- Security Update for Microsoft Windows (3199172)
                          • MS16-131  -- Security Update for Microsoft Video Control (3199151)
                          • MS16-132 -- Security Update for Microsoft Graphics Component (3199120
                          • MS16-141 -- Security Update for Adobe Flash Player (3202790)
                          • MS16-142 -- Cumulative Security Update for Internet Explorer (3198467)


                          Important:
                          • MS16-133 -- Security Update for Microsoft Office (3199168)
                          • MS16-134 -- Security Update for Common Log File System Driver (3193706)
                          • MS16-135 -- Security Update for Windows Kernel-Mode Drivers (3199135)
                          • MS16-136 -- Security Update for SQL Server (3199641)
                          • MS16-137 -- Security Update for Windows Authentication Methods (3199173)
                          • MS16-138 -- Security Update to Microsoft Virtual Hard Disk Driver (3199647)
                          • MS16-139 -- Security Update for Windows Kernel (3199720)
                          • MS16-140 -- Security Update for Boot Manager (3193479)

                            Additional Update Notes

                            • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows 10 Version 1511, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates.
                            • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
                            • Windows 8.x and Windows 10 -- Non-security new features and improvements for Windows 8.1 and Windows 10 are included with the updates.
                            • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

                            References


                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...





                              Adobe Flash Player and AIR Critical Security Updates Released

                              Adobe Flashplayer

                              Adobe has released Version 23.0.0.207 of Adobe Flash Player for Microsoft Windows, Macintosh and Chrome as well as Version 11.2.202.644 for Linux. 

                              The updates resolve type confusion vulnerabilities that could lead to code execution as well as use-after-free vulnerabilities that could lead to code execution.

                              Release date: November 8, 2016
                              Vulnerability identifier: APSB16-37
                              CVE number: CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865
                              Platform: Windows, Macintosh, Linux and Chrome OS

                              Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras. 

                                Notes:
                                • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
                                • Uncheck any toolbar offered with Adobe products if not wanted.
                                • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
                                • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.

                                Verify Installation

                                To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                                Do this for each browser installed on your computer.

                                To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                                References




                                Remember - "A day without laughter is a day wasted."
                                May the wind sing to you and the sun rise in your heart...








                                Thursday, October 27, 2016

                                Microsoft "C Week" Monthly Quality Rollup Updates Released


                                As described in More on Windows 7 and Windows 8.1 servicing changes – Windows for IT Pros, the "C Week" updates have been released.

                                Although C week updates are described as new non-security fixes, please note the out-of-band critical Flash Player update released by Adobe is included with the release.


                                October Quality Rollup Details:

                                References


                                  Remember - "A day without laughter is a day wasted."
                                  May the wind sing to you and the sun rise in your heart...





                                  Wednesday, October 26, 2016

                                  Adobe Flash Player Out-of-Band Critical Security Update

                                  Adobe Flashplayer

                                  Adobe has released Version 23.0.0.205 of Adobe Flash Player for Microsoft Windows, Macintosh and Chrome as well as Version 11.2.202.643 for Linux.

                                  The update addresses an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.

                                  Release date: October 26, 2016
                                  Vulnerability identifier: APSB16-36
                                  CVE number: CVE-2016-7855
                                  Platform: Windows, Macintosh, Linux and Chrome OS

                                  Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras. 

                                    Notes:
                                    • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
                                    • Uncheck any toolbar offered with Adobe products if not wanted.
                                    • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
                                    • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.

                                    Verify Installation

                                    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                                    Do this for each browser installed on your computer.

                                    To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                                    References




                                    Remember - "A day without laughter is a day wasted."
                                    May the wind sing to you and the sun rise in your heart...