Tuesday, May 09, 2017

Microsoft Security Updates for May, 2017


After today, Windows 10 devices running version 1507 will no longer receive security and quality updates.  Instructions on how to update to the latest Windows 10 version are available in this Microsoft support article.

May Security Update Details:

The May Microsoft updates address vulnerabilities in  Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, .NET Framework and Adobe Flash Player for Windows 8.1 and above.  Addressed in the updates are Remote Code Execution and Elevation of Privilege.  

For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Information about the update for Windows 10 is available at Windows 10 update history.

However, to actually have a better understanding about the updates released today, see Zero Day Initiative — The May 2017 Security Update Review by Dustin Childs.
 

    Additional Update Notes

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
    • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

    References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...





      Adobe Flash Player Critical Update

      Adobe Flashplayer

      Adobe has released Version 25.0.0.171 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

      These updates address critical vulnerabilities including a use-after-free vulnerability that could lead to code execution and memory corruption vulnerabilities that could lead to code execution.

      Release date:  May 9 11, 2017
      Vulnerability identifier: APSB17-15
      CVE number: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-30744
      Platform: Windows, Macintosh, Linux and Chrome OS

      Update:

      *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

        Verify Installation

        To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

        Do this for each browser installed on your computer.

        To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

        References



        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...









        Monday, May 08, 2017

        Security Update for Microsoft Malware Protection Engine



        Microsoft released Security Advisory 4022344 about an update to the Microsoft Malware Protection Engine.  The update addresses a security vulnerability that was reported to Microsoft.

        The vulnerability addressed in the update could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. According to the Advisory,
        "An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system."

        An updated MSRT will be included with the Security Updates on May 9.  Windows Defender will automatically update or can be manually launched and checked for updates.

        References:




        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...

        False/Positives of WinPatrol wpsetup.exe and Access to Website

        WinPatrol Scotty

        Since the new release of WinPatrol Version 35.5.2017.8 was announced, there have been reports of the wpsetup.exe being detected as a trojan.  I reached out to Bret Lowry who gave me permission to share information about both the false/positives as well as problems reaching WinPatrol.com.

        False/Positives

        Those are false positives; we have reported them to most of the manufacturers.
        Many are due to BitDefender having a false positive.
        Emsisoft
        GData
        eScan
        Ad-Aware

        All use BitDefender under the covers. You can tell by looking at the detection name in VirusTotal.
        Symantec reports ALL new binaries as a potential threat until the manufacturer contacts them, that is how they are handling the flood of new malware. They’ve been doing that for years now but no one calls them out for it out of fear of the giant.

        It is due to our using the InstallMate installer.
        The installer is not infected. {emphasis added}

        What would be super helpful would be a grass roots campaign demanding VirusTotal act responsibly by providing a link on their site for reporting false positives directly to the manufacturer in question.

        Access to WinPatrol.com

        There have also been reports of problems reaching the WinPatrol website.  Bret indicated that problem with the slowness is not due to problems at WinPatrol.com.  Rather the issue is due to the Internet Backbone company Level3.  As can be seen from the following link to the Level3 Outage map, the problem with Level3 connectivity is widespread:  http://downdetector.com/status/level3/map/Although I found access slow earlier today, I was able to get the update by launching WinPatrol and selecting "Check for Save Updates" from the PLUS tab.

        You can find the unofficial WinPatrol forum at LandzDown here

        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...

        WinPatrol Update Released

        WinPatrol Scotty

        WinPatrol Version 35.5.2017.8 was released with several fixes to better align with Windows 10.

        Fixes:
        • Fixed addition of Startup programs to be compatible with recent changes to Windows 10.
        • Fixed removal of Startup programs to be compatible with recent changes to Windows 10.
        • Disabled and removed checkbox for “Allow PLUS info data collection” because recent changes in allowed URL length resulting in no data being returned for customers.

        Direct Download Link: WinPatrol Version 35.5.2017.8


        You can find the unofficial WinPatrol forum at LandzDown here.


        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...

        Friday, May 05, 2017

        Mozilla Firefox Verson 53.0.2 Released


        FirefoxMozilla sent Firefox Version 53.0.2 to the release channel today.  (No references made to version 53.0.1.)  When checking, I wasn't offered an update to Firefox ESR.

        The next scheduled release is June 13, 2017 (5 week cycle with release for critical fixes as needed).

        Security Fix:

        Fixed

        • Make form validation errors and date picker panel visible to the user (Bug 1341190)

        Changed

        • The non-standard showDialog argument to window.find is now ignored (Bug 1348409)
          Update:

          To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

            References




            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...




            Friday, April 28, 2017

            PaleMoon Version 27.3 Released with Security Updates


            Pale Moon
            Pale Moon has been updated to Version 27.3.  Included in the updates are DiD* patches.
            *DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

            Note that Version 27.3 is a major development update with many changes in the media back-end.  As a result, it is important to realize that some aspects are still a work in progress and some html5 video playback issues with MSE (Media Source Encryption) may be encountered.

            Details from the Release Notes:

            Security/privacy changes:
            • Updated NSS to 3.28.4-RTM to address a number of issues.
            • Added support for RSA-AES(-GCM)-SHA256/384 suites to broaden compatibility.
            • Reconfigured networking security: disabled static DHE suites by default, enabled all RSA-AES(-GCM)-SHA256/384 suites in their stead.
            • Fixed referrer policy keyword to align with the current spec ("cross-origin" vs "crossorigin").
            • Added an option to display punycode domain for IDN websites to combat phishing.
              This is enabled by default for domain-validated https sites.
              Preference: browser.identity.display_punycode
              0 = Display IDN name in identity panel (previous behavior)
              1 = Display punycode name for DV SSL domains (default)
              2 = Also display punycode for HTTP sites if IDN name used
            • Fixed an issue to prevent contacting remote servers when a connection might get blocked.
            • Fixed 3 public security flaws in libevent, which may affect Mozilla-based products. DiD
            • Fixed several memory- and thread-safety hazards.
            • Fixed an address bar spoofing issue. (CVE-2017-5451)
            • Fixed a potentially exploitable crash with HTTP/2. (CVE-2017-5446)
            • Fixed several security hazards in XSLT processing. (CVE-2017-5438) (CVE-2017-5439) (CVE-2017-5440)
            • Fixed several security hazards in old protocols. (CVE-2017-5444) (CVE-2017-5445)
            • Fixed out-of-bounds access in text formatting. (CVE-2017-5447)
            • Fixed a potentially exploitable issue with innerText. (CVE-2017-5442)
            • Fixed a potentially exploitable issue in graphite font shaping.
            • Fixed a potentially exploitable crash with credential-authentication.
            • Fixed out-of-bounds access with text selection in rare cases.
            • Fixed a security hazard in the ANGLE library.
                Changes/fixes:
                • Fixed up, checked and enabled vertical text writing modes!
                  Pale Moon will now be able to display vertical, right-to-left script.
                • Added the option to reset non-default profiles.
                • Fixed various issues in the WebP image decoder.
                • Added internally-supported document types to allowed types.
                • Fixed locale selection in ICU after update to ICU58.
                  (Note: Pale Moon uses the system locale for date formatting, not the browser locale)
                • Re-implemented the previous spellchecker dictionary logic (allow user override of document/element language, improve logic and make it unambiguous).
                • Ongoing fixes for the MP4 parser and MSE.
                • Made HTML Media Elements' preload attribute MSE-spec compliant.
                  The preload attribute on HTML media elements is now ignored in the case of an MSE source. This prevents an issue with sourceopen not firing when preload="none".
                • Fixed some issues with Windows WMF media playback.
                • Fixed an issue with Synced preferences sometimes overwriting stored individual preferences.
                • Fixed display of RSS folder icons.
                • Fixed issues with custom context menus.
                • Fixed an issue importing bookmarks with separators losing their extra data.
                • Changed the way numeric addresses are handled in the address bar so it doesn't perform a search when it shouldn't.
                • Added an option (browser.sessionstore.cache_behavior) to control from which source restored tabs pull their page content:
                  0 = load restored tab data from cache (current behavior, default)
                  1 = refresh restored tab data from the network
                  2 = refresh stored tab data from the network and bypass any cached data.
                • Improved upon a v27 performance regression with SVG scaling.
                • Improved performance by being more selective which CSS animations to process.
                  As a side-effect, elements changing their display from "none" to something visible now also animate.
                • Increased memory allocation for the use of very large PAC files.
                • Added menu entries for the permissions manager and improvements to its function and display.
                • Added preferences to control "highlight all" behavior of the find bar:
                  accessibility.typeaheadfind.highlightallbydefault = true/false highlight all found words by default.
                  accessibility.typeaheadfind.highlightallremember = true/false remember the last-used state of Highlight All.
                • Added devtools command-line options.
                • Added remote IP and protocol to Devtools->Network entry details.
                • Added support for
                  and HTML tags.
                • Fixed a regression in the MSIE profile migrator.
                • Removed migration of browser-specific settings when migrating data from IE/Safari.
                • Implemented optional parameters for permessage-deflate in preparation for RFC7692 errata making acceptance of them mandatory (and to prevent web compat issues doe to the current conflicting text of it).
                • Made the image document favicon skinnable.
                • Aligned DOM selection addRange with the spec.
                • Exposed mozAnon constructor js binding to system scopes for XHR.
                • Enhanced form data handling from JavaScript.
                Minimum system Requirements (Windows):
                • Windows Vista/Windows 7/8/10/Server 2008 or later
                • Windows Platform Update (Vista/7) strongly recommended
                • A processor with SSE2 instruction support
                • 256 MB of free RAM (512 MB or more recommended)
                • At least 150 MB of free (uncompressed) disk space
                Pale Moon includes both 32- and 64-bit versions for Windows:

                Update

                To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                Remember - "A day without laughter is a day wasted."
                May the wind sing to you and the sun rise in your heart...


                Wednesday, April 19, 2017

                Mozilla Firefox Version 53.0 Released with Massive Security Updates


                FirefoxMozilla sent Firefox Version 53.0 to the release channel today.  The update includes a massive 35 security updates identified as eight (8) Critical, sixteen (16) High, seven (7) Moderate updates and four (4) low security updates.  Firefox ESR was updated to version 45.9.0.

                The next scheduled release is June 13, 2017 (5 week cycle with release for critical fixes as needed).

                Security Fixes:

                Critical

                High

                Moderate

                Low

                New

                • Improved graphics stability for Windows users with the addition of compositor process separation (Quantum Compositor)
                • Two new 'compact' themes available in Firefox, dark and light, based on the Firefox Developer Edition theme
                • Lightweight themes are now applied in private browsing windows
                • Reader Mode now displays estimated reading time for the page
                • Windows 7+ users on 64-bit OS can select 32-bit or 64-bit versions in the stub installer

                Changed

                • Updated the design of site permission requests to make them harder to miss and easier to understand
                • Windows XP and Vista are no longer supported. XP and Vista users running Firefox 52 will continue to receive security updates on Firefox ESR 52.
                • 32-bit Mac OS X is no longer supported. 32-bit Mac OS X users can switch to Firefox ESR 52 to continue receiving security updates.
                • Updates for Mac OS X are smaller in size compared to updates for Firefox 52
                • Media playback on new tabs is blocked until the tab is visible
                • The last few characters of shortened tab titles fade out instead of being replaced by ellipses to keep more of the title visible
                • New visual design for audio and video controls
                • Ended Firefox Linux support for processors older than Pentium 4 and AMD Opteron
                Update:

                To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                  References




                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...




                  Tuesday, April 18, 2017

                  Oracle Java Critical Security Updates Released

                  java

                  Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  The update contains eight (8) new security fixes for Oracle Java SE. 
                  Details for the CVE's addressed in the update are available here.

                  Update

                  If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

                  Download Information

                  Download link:  Java SE 8u131

                  Verify your version:  http://www.java.com/en/download/testjava.jsp

                  Notes:
                  • Minimally, UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras". 
                  • Starting with Java SE 7 Update 21 in April 2013, all Java Applets and Web Start Applications should be signed with a trusted certificate.  It is not recommended to run untrusted/unsigned Certificates.  See How to protect your computer against dangerous Java Applets

                  Critical Patch Updates

                  For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
                  • 18 July 2017
                  • 17 October 2017
                  • 16 January 2018
                  • 17 April 2018

                  Unwanted "Extras"

                  Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

                  Do the following to suppress the sponsor offers:
                  1. Launch the Windows Start menu
                  2. Click on Programs
                  3. Find the Java program listing
                  4. Click Configure Java to launch the Java Control Panel
                  5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
                  6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
                  Java suppress sponsor offers

                  Java Security Recommendations


                  1)  In the Java Control Panel, at minimum, set the security to high.
                  2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

                  3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

                  References




                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...




                  Sunday, April 16, 2017

                  "Khrystos Voskres!" Happy Easter!



                  "Khrystos Voskres!"

                  (Christ is Risen!)






                  "Voistyno Voskres!"

                  (He is Truly Risen!)






                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...




                  Tuesday, April 11, 2017

                  Microsoft Security Updates for April, 2017


                  Today marks a red letter day for Microsoft updates.  In addition to security updates, sparking the most attention is the official release of the Windows 10 Creators Update (see the Windows Experience Blog post, What’s new in the Windows 10 Creators Update).

                  Of lesser interest to many is the official "End of Life_ for Windows Vista.

                  Also of note is the security guidance, Defense-in-Depth Update for Microsoft Office:
                  "Microsoft has released an update for Microsoft Office that turns off, by default, the Encapsulated PostScript (EPS) Filter in Office as a defense-in-depth measure. Microsoft is aware of limited targeted attacks that could leverage an unpatched vulnerability in the EPS filter and is taking this action to help reduce customer risk until the security update is released.

                  Microsoft strongly recommends against turning on the EPS filter at this time, however customers who need to turn on the EPS filter can reference KB Article 2479871."

                  April Security Update Details:

                  The April Microsoft updates address vulnerabilities in  Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Visual Studio for Mac, .NET Framework, Silverlight and Adobe Flash Player for Windows 8.1 and above.  Addressed in the updates are Remote Code Execution and Elevation of Privilege.  

                  Microsoft has completed the change replacing security bulletins with the new Security Updates Guide.  The new guide includes the ability to view and search security vulnerability information in a single online database. The guide is described as a "portal" by the MSRC Team in Furthering our commitment to security updates. For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Information about the update for Windows 10 is available at Windows 10 update history.
                   

                    Additional Update Notes

                    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
                    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
                    • Reminder:  Windows Vista Reaching End of Live (EoL)
                    • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

                    References


                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...





                      Adobe Flash Player Critical Security Update

                      Adobe Flashplayer

                      Adobe has released Version 25.0.0.148 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

                      These updates address critical vulnerabilities that could lead to code execution and potentially allow an attacker to take control of the affected system. 

                      Release date: April 11, 2017
                      Vulnerability identifier: APSB17-10
                      CVE number: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
                      Platform: Windows, Macintosh, Linux and Chrome OS

                      Update:

                      Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

                        Verify Installation

                        To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                        Do this for each browser installed on your computer.

                        To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                        References



                        Remember - "A day without laughter is a day wasted."
                        May the wind sing to you and the sun rise in your heart...








                        Adobe Reader and Acrobat Critical Security Updates

                        Adobe

                        Adobe has released security updates for Adobe Reader and Acrobat XI for Windows and Macintosh. These updates address critical vulnerabilities including code execution, heap buffer overflow, memory corruption, integer overflow, memory corruption and, finally, vulnerabilities in the directory search path used to find resources that could lead to code execution.


                        Release date: April 11, 2017
                        Vulnerability identifier: APSB17-11
                        CVE Numbers: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017-3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017-3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052, CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-2017-3056, CVE-2017-3057, CVE-2017-3065
                        Platform: Windows and Macintosh

                        Update or Complete Download

                        Update checks can be manually activated by choosing Help > Check for Updates.
                          Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

                          Enable "Protected View"

                          Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

                          To enable this setting, do the following:
                          • Click Edit > Preferences > Security (Enhanced) menu. 
                          • Change the "Off" setting to "All Files".
                          • Ensure the "Enable Enhanced Security" box is checked. 

                          Adobe Protected View
                          Image via Sophos Naked Security Blog

                          References



                          Home
                          Remember - "A day without laughter is a day wasted."
                          May the wind sing to you and the sun rise in your heart...







                          Thursday, March 30, 2017

                          Windows Vista Reaching End of Live (EoL)




                          Windows Vista, the operating system so many people learned to dislike. 

                          Personally, I enjoyed using Windows Vista during its prime but quickly learned to appreciate the many improvements in Windows 7 and, in particular, Windows 10.

                          The official RTM (Release to Manufacture) of Windows Vista was November 8, 2006.  Now, over ten years later, on Tuesday, April 11, 2017, the operating system is reaching EoL (End of Life).

                          Although there may be updates included for Windows Vista with the April 11 security updates, reaching EoL means that after that date the operating system will receive no additional
                          • Security updates,
                          • Non-security hot-fixes,
                          • Free or paid assisted support options, or
                          • Online technical content updates from Microsoft.
                            Although computers running the Windows Vista will continue to work, without future security updates, there may well be an increase in risk of viruses and other security threats.  In addition, signature updates for Microsoft Security Essentials are only expected to be available for a limited time.



                            References:
                            Home
                            Remember - "A day without laughter is a day wasted."
                            May the wind sing to you and the sun rise in your heart...

                            Tuesday, March 28, 2017

                            Coming Soon: Windows 10 Creators Update (Information and Suggestions)

                            Windows 10 Creators Update


                            The date that has been rumored for the global release of the Windows 10 Creators Update is April 11, 2017, just two weeks away.  Although no official announcement has been made or is expected from Microsoft, with the news today that ISO files are available for Build 15063 for both PCs and phones in the Fast Ring, PCs in the Slow Ring and those on the Xbox Insider Program, it appears the rumored date may indeed be correct.

                            Update:   Windows 10 Creators Update coming April 11, Surface expands to more markets

                            As with the Anniversary Update last year, it is expected that the initial roll-out of the Creators Update will be slow, gradually picking up over several months.  As Gregg Keizer wrote in Microsoft paces delivery of Windows 10 upgrades,
                            "According to advertising network AdDuplex, 60 days after the Aug. 2, 2016, introduction of Windows 10 1607 -- aka Anniversary Update -- just 35% of measured Windows 10 PCs were running the upgrade. By the 90-day mark, however, that number had soared to 80%, showing that Microsoft, after a purposefully slow start, had stomped on the update accelerator."
                            This was confirmed by John Cable, Microsoft Director of Program Management within the Windows Servicing and Delivery (WSD) team in Providing customers with more choice and control in the Creators Update.

                            Important

                            💥 Having installed each of the Insider Builds, I really like the improvements in that have been made along the way.  Although I have not had any failures installing the numerous Insider Builds on my 2008 device, hardware and drivers vary from device to device.  Thus, before proceeding with the installation of the Creators Update, be sure that, minimally, all important documents, irreplaceable pictures and other files are backed up prior to installing the new version.  Ideally, create a system image before installing the update.

                            💥 In the event you have Windows 10 Pro and need to delay the update, it can be deferred for up to four months.  From Settings, navigate to Update & Security.  In Windows Update, select the link for "Advanced options" and check the box for "Defer feature updates".

                            💥 The installation of the Creators Update is essentially replacing the entire operating system.  As a result, all previously created System Restore points are gone since they no longer apply.  It is important after the update has completed to enable System Restore.  To do this
                            1. Navigate to Control Panel\All Control Panel Items\System
                            2. Select "System protection"
                            3. Click your system disk and note that it is shown as "off" 
                            4. Click "Configure" and select "Turn on System Protection" 
                            5. Ok the change and close the windows. 

                            Windows 10
                            Following is a small collection of articles by various journalists providing different perspectives of what to expect in the Creators Update.  Additional articles of interest are included below in the "References".

                            References:


                            Home
                            Remember - "A day without laughter is a day wasted."
                            May the wind sing to you and the sun rise in your heart...

                            Mozilla Firefox Version 52.0.2 Released


                            FirefoxMozilla sent Firefox Version 52.0.2 to the release channel. The update includes the fixes listed below.

                            Fixes:

                            • Use Nirmala UI as fallback font for additional Indic languages
                            • Fix loading tab icons on session restore
                            • Fix a crash on startup on Linux
                            • Fix new installs erroneously not prompting to change the default browser setting

                            Update

                            To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                              References




                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...




                              Friday, March 24, 2017

                              Microsoft Released Replacement Cumulative Updates

                              Microsoft Updates

                              Microsoft released three replacement cumulative updates.

                              There is one update each for Windows 10 version 1607 (Anniversary Update) and version 1511.  The update includes quality improvements with no new operating system features introduced.

                              The third update is for Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1 and is applicable if experiencing the symptom described below.

                              • Windows 10, 1607, OS Build 14393.970: KB4016635
                                • Addressed a known issue with KB4013429 that caused form display issues with CRM 2011 on Internet Explorer 11. 
                                • Addressed the issue with KB4013429 that prevents users from updating apps from Windows Store with 0x80070216 error.
                                • To get the stand-alone package for this update, go to the Microsoft Update Catalog

                              • Windows 10, 1511, OS Build 10586.842: KB4016636
                                • Addressed a known issue with KB4013198 that caused form display issues with CRM 2011 on Internet Explorer 11.
                                • To get the stand-alone package for this update, go to the Microsoft Update Catalog.

                              • Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1: KB4016446
                                • This update is only needed if you are experiencing an issue with forms in Microsoft Dynamics CRM 2011 not displayed correctly after KB 4013073 is installed on a Windows system that is running Internet Explorer 11.
                                • To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
                              If you installed earlier updates, only the new fixes contained in the respective package will be downloaded and installed.

                              The updates are also available from Windows Update.




                              Home
                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...

                              Pale Moon Version 27.2.1 Released


                              Pale Moon
                              Pale Moon has been updated to Version 27.2.1.  The update fixes some stability and usability issues.

                              Details from the Release Notes:

                                  Changes/fixes:

                                  • Fixed an issue with planar alpha handling (transparency) when drawing JXR images.
                                  • Fixed a crash related to a change JavaScript array handling introduced in 27.2.0.
                                    This became apparent with the pentadactyl extension, but could happen in other situations as well.
                                  • Fixed a crash when opening ridiculously large images with HQ scaling enabled (default).
                                    Pale Moon will now only apply HQ scaling for images within reasonable limits (64 Mpix or smaller). Images larger than that may not display properly when zooming in, or may not display at all, even scaled down (e.g. >256 Mpix large) and show a "broken image" placeholder instead; please use dedicated image viewer applications for those kinds of images; it is outside the scope of a web browser to handle such large images.
                                  • Changed the way URL hashes are handled, and will no longer %-decode anchor hash identifiers by default.
                                    Note that this is against RFC 3986, which states that any part of the URL scheme that isn't data should be decoded.
                                    This is required for web compatibility because several sites use hash links to pass actual data to web applications (Please don't do this! Hashes ar part of the URL address, should only consist of "safe" characters, and aren't suited to pass arbitrary data) and the most common browsers no longer follow the RFC in that respect.
                                    If you want RFC compliance, switch dom.url.getters_decode_hash to true
                                  • Restored 2 RSA Camellia cipher suites that were missing: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA and TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
                                  • Fixed an issue with custom toolbars getting deleted during upgrade from 27.0/27.1 to 27.2

                                    Minimum system Requirements (Windows):
                                    • Windows Vista/Windows 7/8/10/Server 2008 or later
                                    • Windows Platform Update (Vista/7) strongly recommended
                                    • A processor with SSE2 instruction support
                                    • 256 MB of free RAM (512 MB or more recommended)
                                    • At least 150 MB of free (uncompressed) disk space
                                    Pale Moon includes both 32- and 64-bit versions for Windows:

                                    Update

                                    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                                    Remember - "A day without laughter is a day wasted."
                                    May the wind sing to you and the sun rise in your heart...


                                    Monday, March 20, 2017

                                    Microsoft Released Replacement Cumulative Update



                                    Microsoft released a new cumulative update for PCs running the "Anniversary Update, Version 1607.  KB4015438 replaces KB4013429 and is a quality improvement update and does not include any new features.

                                    Key changes include:
                                    • Addressed a known issue with KB4013429 that caused Windows DVD Player (and 3rd party apps that use Microsoft MPEG-2 handling libraries) to crash.

                                    • Addressed a known issue with KB4013429, that some customers using Windows Server 2016 and Windows 10 1607 Client with Switch Embedded Teaming (SET) enabled might experience a deadlock or when changing the physical adapter’s link speed property. This issue is most commonly seen as a DPC_WATCHDOG_VIOLATION or when verifier is enabled a VRF_STACKPTR_ERROR is seen in the Memory dump.
                                    If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed.

                                    The update is available from Windows Update.  The standalone package is available in the Microsoft Update Catalog.




                                    Home
                                    Remember - "A day without laughter is a day wasted."
                                    May the wind sing to you and the sun rise in your heart...

                                    Saturday, March 18, 2017

                                    Pale Moon Version 27.2 Released with Security Updates


                                    Pale Moon
                                    Pale Moon has been updated to Version 27.2.  The update focuses on back-end improvements and security. Included in the updates are DiD* patches.
                                    *DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
                                    Details from the Release Notes:

                                    Security and Privacy Changes:
                                    • Added support for 256-bit AES-GCM encryption.
                                    • Added support for ChaCha20-Poly1305 encryption.
                                    • Removed support for Camellia-GCM since nobody seems interested in it.
                                      (Camellia in 128/256-bit CBC block mode is still fully supported).
                                    • Added support for SHA-224, SHA-256, SHA-384 and SHA-512 to Crypto utils.
                                    • Improved status handling of secure sites to be less sensitive to "insecure" items that are local.
                                    • Fixed print preview hijacking. (CVE-2017-5421)
                                    • Fixed a potentially exploitable crash in OnStartRequest. (CVE-2017-5416)
                                    • Fixed potential cross-origin content-stealing through a timing attack. (CVE-2017-5407) DiD
                                    • Fixed a denial-of-service problem with view-source. (CVE-2017-5422)
                                    • Fixed crash in directional controls. (CVE-2017-5413)
                                    • Fixed a perceived problem with chrome manifests. (CVE-2017-5427)
                                    • Fixed the use of an uninitialized value. (CVE-2017-5405)
                                    • Fixed a buffer overflow. (CVE-2017-5412)
                                    • Fixed a UAF situation. (CVE-2017-5403)
                                    • Fixed a potential spoofing issue with the address bar. (CVE-2017-5417)
                                    • Fixed a potential issue in libvpx. (CVE-2017-5402) DiD
                                    • Fixed a potential issue with HTTP auth. (CVE-2017-5418)
                                    • Fixed several memory safety hazards and potentially exploitable crashes. DiD
                                        Changes/fixes:
                                        • Updated the ICU lib to 58.2 to fix a number of issues.
                                        • Added proper control for the user for offline storage for web applications.
                                        • Added a check to prevent auto-filled URLs from copying the auto-filled selection to clipboard/primary.
                                        • Added the feature to pass a URL to open in a private window from the command-line.
                                        • Improved the display of the downloads indicator on the button in bright-text situations.
                                        • DOM storage now honors the "3rd party cookie" setting in that it will not allow 3rd party data to be stored if 3rd party cookies are disallowed.
                                        • Allowed toolbar button badges to be properly styled.
                                        • Updated the hunspell spellchecking library to 1.6.0 to fix a number of issues.
                                        • Fixed desktop notifications being off-screen if fired in rapid succession.
                                        • Added Element.insertAdjacentElement and Element.insertAdjacentText DOM functions.
                                        • Added support for JPEG-XR images.
                                          This makes Pale Moon have the broadest support for image formats of all web browsers.
                                          (enabled by default; you can disable this with media.jxr.enabled).
                                        • Completely removed the use of GStreamer on Linux.
                                        • Added support for element.innerText.
                                        • Custom toolbars should now properly remember their state.
                                        • Fixed some more playback issues with MP4/MSE videos.
                                          Please be aware that we are still working on further improving MSE video handling.
                                        • Changed media processing to reduce dangerous processing asynchronicity.
                                          This should also make media elements and playback more responsive.
                                        • Fixed a useragent string regression always displaying the minor Goanna version as .0
                                        • Updated NSPR to 4.13.1.
                                        • Updated NSS to 3.28.3-RTM.
                                        • Fixed unrestricted icon sizes in PMkit buttons.
                                        • Fixed unresponsive buttons on support page when not building the updater.
                                        • Fixed the use of "View image" and "Save image as" on extremely large images.
                                        • Changed the way "View Image" and "Save image as" work on canvas elements.
                                        • Made checking for dangerously large resolution PNG images smarter.
                                          It will now accept larger "strip"-aspect ratio images while reducing unsupported large image resolutions.
                                          This will e.g. fix Gmail's "emoji" window that uses a ridiculously long but very narrow single image to store all the emoticon pictures.
                                        • Converted several hard-coded URLs to preferences.
                                        • Updated the google.com override so it would not cripple services based on UA sniffing.
                                        • Added Inner and Outer Window ID administration.
                                        • Fixed the add-on discovery pane detection.
                                        • Added support for canvas ellipse.
                                        • Improved drawing of certain MathML elements at problematic zoom levels.
                                        • No longer building gamepad support.
                                        • Updated Harfbuzz font shaper to 1.4.3 to fix a number of issues.
                                        • Fixed a number of crashes (layout, plugins, uncommon navigation, bad URLs).
                                        • Aligned SVG specular filters with the spec.
                                        Minimum system Requirements (Windows):
                                        • Windows Vista/Windows 7/8/10/Server 2008 or later
                                        • Windows Platform Update (Vista/7) strongly recommended
                                        • A processor with SSE2 instruction support
                                        • 256 MB of free RAM (512 MB or more recommended)
                                        • At least 150 MB of free (uncompressed) disk space
                                        Pale Moon includes both 32- and 64-bit versions for Windows:

                                        Update

                                        To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                                        Remember - "A day without laughter is a day wasted."
                                        May the wind sing to you and the sun rise in your heart...