Tuesday, December 12, 2017

Microsoft Security Updates for December, 2017



The December security release consists of 32 security updates in which 20 are listed as Critical and 12 are rated Important. The release consists of security updates for the following software: 
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Services and Web Apps
  • Microsoft Exchange Server
  • ChakraCore
  • Microsoft Malware Protection Engine 
The updates address Remote Code Execution, Information Disclosure, "Defense in Depth" (Note:  "Defense-in-Depth" is a fix that does not apply to an actively exploitable vulnerability but prevents future vulnerabilities caused by the same code when surrounding code changes expose the problem.), Security Feature Bypass, Spoofing and Denial of Service.

For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

Also see this month's Zero Day Initiative — The December 2017 Security Update Review by Dustin Childs in which he discusses several of the patches.

Additional Update Notes

  • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
  • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
  • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...





Adobe Flash Player and AIR Security Update

Adobe Flashplayer

Adobe has released Version 28.0.0.126 of Adobe Flash Player and Version 28.0.0.127 of Adobe AIR.  The update addresses CVE-2017-11305, a regression that could lead to the unintended reset of the global settings preference file.

Release date:  December 12, 2017
Vulnerability identifier: APSB17-42
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:

*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Thursday, December 07, 2017

    Mozilla Firefox Version 57.0.2 Released


    FirefoxMozilla sent yet another update for Firefox Version 57 to the release channel, Version 57.0.2.

    Fixed

    • Block old versions of G Data Endpoint Security for crashing Firefox on start up - Windows only (bug 1421991)
    • Fix a regression with WebGL and D3D9 - Windows only

      Update:

      To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...