Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Corrine

Pages: [1] 2 3 ... 76
1
Mozilla sent Firefox Version 70.0 to the release channel today.  The update included thirteen (13) security updates of which one (1) is critical, three (3) are high, eight (8) moderate and one (1) are rated low.

With the release of Version 70.0, the Enhanced Tracking Protection added in Version 69.0 is on by default on all platforms. 

Also released was Firefox ESR Version 68.2.

Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."

Release Notes
Security Updates

2
This explains the automatic CCleaner update as posted here.  From Hackers Breach Avast Antivirus Network Through Insecure VPN Profile:
Quote
Hackers accessed the internal network of Czech cybersecurity company Avast, likely aiming for a supply chain attack targeting CCleaner. Detected on September 25, intrusion attempts started since May 14.

Quote
Suspecting CCleaner as the targeted asset, Avast on September 25 stopped the upcoming updates for the software and started to check prior releases for malicious modification.

To ensure that no risk comes to its users, the company re-signed an official CCleaner release and pushed it as an automatic update on October 15. That release updated users still on version 5.57 to version 5.62 of the product so they could benefit from "its enhanced security and improved performance."

Furthermore, the old certificate was revoked, says in a statement today Jaya Baloo, Avast Chief Information Security Officer (CISO).


3
Adobe has released an out-of-band update for Adobe Acrobat and Reader Adobe which contains stability and services load optimization fixes, updating the latest release to updated to version 2019.021.20048.

Release date:  October 17, 2019
Vulnerability identifier: None
Platform: Windows and MacOS

The Release Notes for Adobe Acrobat and Reader have been updated with the following notice:

Quote
"Note : A follow up update (19.021.20048) is available which fixes critical issues in this update. Adobe recommends that you directly pick the next update - 19.021.20048."

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

4
Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  This Critical Patch Update contains 20 new security patches for Oracle Java SE.  All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

Update
If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

Download Information


Java SE 13

    Release Notes: https://www.oracle.com/technetwork/java/javase/documentation/13u-relnotes-5461742.html
    Download: https://www.oracle.com/technetwork/java/javase/downloads/index.html#JDK13


Java SE 11

    Release Notes: https://www.oracle.com/technetwork/java/javase/documentation/11u-relnotes-5093844.html
    Download: https://www.oracle.com/technetwork/java/javase/downloads/index.html#JDK11

Java SE 8


    Release Notes: https://www.oracle.com/technetwork/java/javase/8u-relnotes-2225394.html
    Download: https://www.oracle.com/technetwork/java/javase/downloads/index.html#JDK8

Notes:


    UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras". 

5
Microsoft released cumulative updates with non-security improvements and fixes for Windows 10 Versions 1809, 1803 and 1709 today.  In addition, cumulative updates were also released for Windows 8.1 and Windows 7:

Windows 10 Version 1809, KB4520062
Windows 10 Version 1803, KB4519978
Windows 10 Version 1709, KB4520006
Windows 8.1, KB4520012
Windows 7, KB4519972

To download and install the update, go to Settings -> Update and Security ->  Windows Update and select Check for updates. 


6
 Adobe has released security updates for Adobe Acrobat and Reader addressing a long list of CVE's for Windows and macOS. Particularly due to 45 of the vulnerabilities being rated critical for Reader, it is advised that the update be applied as soon a possible.  The update additionally includes bug fixes.

Release date:  October 15, 2019
Vulnerability identifier: APSB19-49
Platform: Windows and MacOSUpdate or Complete Download

Reader DC and Acrobat DC were updated to version 2019.02.2.20047.

Update checks can be manually activated by choosing Help/Check for Updates.

    Reader DC and other versions are available here:  https://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
    Acrobat DC for Windows is available here:  http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Security Bulletin
Release Notes

7
Web News / Microsoft Now Enables Windows 10 Tamper Protection By Default
« on: October 14, 2019, 04:24:01 PM »
From Twitter:  Microsoft Security Intelligence on Twitter: "Tamper protection, a new feature that prevents malicious or unauthorized changes to security features, is now generally available for Microsoft Defender ATP customers and enabled by default for home users. Learn what this means and how you can deploy: https://t.co/rk0H3z7gUF https://t.co/PEqCOADVdP" / Twitter

Also see Microsoft Now Enables Windows 10 Tamper Protection By Default:
Quote
With the Windows Defender becoming a reliable antivirus solution and further security enhancements being added to Windows 10, malware has increasingly made efforts to bypass it.

This is done by attempting to turn off or reduce the functionality of Windows Defender through PowerShell commands, group policies, or Registry modifications.

For example, over the past 4 months we have seen TrickBot, GootKit, and the Nodersok Trojans make a concerted effort to bypass Windows Defender in order to remain resident on an infected computer or to bypass its protections.

To enable Tamper Protection, go to Settings > Windows Security > Virus & Threat Protection and click "Manage Settings".  Scroll down to the "Tamper Protection" setting to enable.

8
Mozilla sent Firefox Version 69.0.3 to the release channel today. The update fixed two bugs. No update has been posted for Firefox ESR.

Fixed
  • Fixed download errors for Windows 10 users with Parental Controls enabled (bug 1586228)
  • Fixed Yahoo mail users being prompted to download files when clicking on emails (bug 1582848)
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

Release Notes

9
General Software News, Updates & Discussions / Adobe Flash Player Update
« on: October 09, 2019, 06:51:45 PM »
Although not released prior to the Microsoft Security updates, Adobe later released Version 32.0.0.270 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS. The update contains assorted functional fixes.

Release date:  October 9, 2019
Vulnerability identifier: None
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:
Release Notes

10
Security Alerts & Briefings / Microsoft October 2019 Security Updates
« on: October 08, 2019, 05:40:33 PM »
The Microsoft October security updates have been released and consist of 59 CVEs. Of these 59 CVEs, 9 are rated Critical, 49 are rated Important and 1 is rated Moderate in severity. Two are listed as publicly known and two others are listed as under active attack at the time of release.

The updates address Spoofing, Remote Code Execution, Information Disclosure, Tampering and Denial of Service. They apply to the following:  Microsoft Windows, Internet Explorer, Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, SQL Server Management Studio, Microsoft Dynamics 365, Windows Update Assistant and Open Source Software.

Note:  Adobe has not issued a Flash Player update.

Known Issues: See the Known Issues and accompanying work-around in the KB Articles for your version of Windows in the Update History at October 2019 Security Updates.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative — The October 2019 Security Update Review.

11
Microsoft has released an Out-of-Band security update addressing CVE-2019-1367.  This CVE addresses a scripting engine memory corruption vulnerability.  An update is available for each of Windows 10 versions 1903 through version 1607, Windows 8.1 and Windows 7.

The following important notice is provided for each version of Windows 10 and a similar notice for Windows 8.1 and Windows 7:

Quote
"IMPORTANT This is a required security update that expands the out-of-band update dated September 23, 2019. This security update includes the Internet Explorer scripting engine security vulnerability (CVE-2019-1367) mitigation and corrects a recent printing issue some users have experienced. Customers using Windows Update or Windows Server Update Services (WSUS) will be offered this update automatically. To help secure your devices, we recommend that you install this update as soon as a possible and restart your PC to fully apply the mitigations. Like all cumulative updates, this update supersedes any preceding update.

Note This update does not replace the upcoming October 2019 monthly update, which is scheduled to release on October 8, 2019."

Updates provided for the latest Windows 10 version 1903 through version 1607:

    Windows 10, Version 1903:  https://support.microsoft.com/en-us/help/4524147
    Windows 10, Version 1809:  https://support.microsoft.com/en-us/help/4524148
    Windows 10, Version 1803:  https://support.microsoft.com/en-us/help/4524149
    Windows 10, Version 1709:  https://support.microsoft.com/en-us/help/4524150
    Windows 10, Version 1703:  https://support.microsoft.com/en-us/help/4524151
    Windows 10, Version 1607:  https://support.microsoft.com/en-us/help/4524152
    Windows 8.1:  https://support.microsoft.com/en-us/help/4524156
    Windows 7:  https://support.microsoft.com/en-gb/help/4524157

12
Mozilla sent Firefox Version 69.0.2 to the release channel today. The update fixed several bugs. No update has been posted for Firefox ESR.

Fixed
  • Fixed a crash when editing files on Office 365 websites (bug 1579858)
  • Fixed detection of the Windows 10 Parental Controls feature being enabled (bug 1584613)
  • Fixed a Linux-only crash when changing the playback speed while watching YouTube videos (bug 1582222)
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

Release Notes



13
Web News / Microsoft Surface Event
« on: October 02, 2019, 08:59:06 PM »
Microsoft Introduced new Surface products today, the most unexpected of them being the Surface Neo and Surface Duo:

Surface Neo -- a foldable dual-screen device with a detachable keyboard that magnetically seals to the back and can be flipped on top of the bottom display.  Also included is the new Surface Slim Pen that magnetically attaches to the back and charges at the same time.

Surface Duo -- a phone!  No, it isn't a Microsoft phone.  It is Android and includes Microsoft Launcher.  Like the Surface Neo, it also has a foldable dual-screen but with 5.6 inch displays so it can fit in your pocket.

The tech press is filled with articles about all of the new devices.  A few examples that have pictures and other information about the new products:

Microsoft Surface event, everything announced: Pro 7, Pro X, Neo, Duo - Business Insider
Microsoft Surface fall 2019 event: Everything announced | Windows Central
Microsoft's 2019 Surface event by the numbers

14
Web News / Outlook on the Web adds new File Types to Blocked List
« on: September 27, 2019, 03:58:36 PM »
From Changes to File Types Blocked in Outlook on the Web:
Quote
Microsoft’s Exchange team has updated the File Types that is blocked in Outlook Web. The list has been updated as they see it can be risky downloading them in current scenarios. These new extension has been added to the BlockedFileTypes property of existing OwaMailboxPolicy objects. This change will prevent Outlook.com users from downloading attachments that have those file extensions. Microsoft will start rolling them out in October in Exchange Online.

The Exchange announcement is here.

15
Microsoft released cumulative update KB 4498140 with non-security improvements and fixes for Windows 10 Version 1903 today. A long list of non-security quality improvements is included in the update. Highlights were listed as follows:
  • Updates an issue that causes vertical fonts to be larger when printing to a PostScript printer.
  • Updates an issue that may cause you to disconnect from a virtual private network (VPN) on cellular networks.
  • Updates an issue that may cause audio playback and recording to fail when connecting to a remote virtual machine.
  • Updates an issue that may prevent older systems from upgrading to the latest operating systems because a display driver error on older versions.
  • Updates an issue that may cause the screen color to turn white on laptops that have built-in, high-dynamic-range (HDR) screens.
  • Updates an issue that causes audio in certain games to be quieter or different than expected.
To download and install the update, go to Settings -> Update and Security -> Windows Update and select Check for updates. The standalone package for this update is available in the Microsoft Update Catalog. In addition, with Windows Update, the latest SSU (KB4520390) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

Windows 10 update history

Pages: [1] 2 3 ... 76