Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Corrine

Pages: [1] 2 3 ... 68
1
The December security updates have been released and consist of 39 security patches and one advisory in which 9 are listed as Critical and 30 are rated Important in severity. One of these bugs is listed as publicly known at the time of release and one of these is reported as being actively exploited.

The updates address Remote Code Execution, Information Disclosure, Elevation of Privilege, Denial of Service and Spoofing and apply to the following: Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, .NET Framework, Microsoft Dynamics NAV, Microsoft Exchange Server, Microsoft Visual Studio and Windows Azure Pack (WAP).

See Dustin Childs review and analysis in Zero Day Initiative — The December 2018 Security Update Review

Release Notes
Windows 10 update history


2
Mozilla sent Firefox Version 64.0 to the release channel today.  Firefox ESR Version 60.4 has also been released.
The update included nine (9) security updates of which one is critical, five are high, two (2) moderate and one (1) is rated low.

Mozilla Firefox Release Notes
Security Updates

3
Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS to address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. 

Release date:  December 11, 2018
Vulnerability identifier: APSB18-41
Platform: Windows and MacOS

Update or Complete Download
:

Reader DC and Acrobat DC were updated to version 2019.008.20081. Update checks can be manually activated by choosing Help & Check for Updates.
Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Security Bulletin

4
Web News / Microsoft Edge Being Rebuilt Using Chromium
« on: December 06, 2018, 04:04:56 PM »
Key aspects from Microsoft Edge: Making the web better through more open source collaboration - Windows Experience BlogWindows Experience Blog:
Quote
    We will move to a Chromium-compatible web platform for Microsoft Edge on the desktop. Our intent is to align the Microsoft Edge web platform simultaneously (a) with web standards and (b) with other Chromium-based browsers. This will deliver improved compatibility for everyone and create a simpler test-matrix for web developers.
    Microsoft Edge will now be delivered and updated for all supported versions of Windows and on a more frequent cadence. We also expect this work to enable us to bring Microsoft Edge to other platforms like macOS.

    Improving the web-platform experience for both end users and developers requires that the web platform and the browser be consistently available to as many devices as possible. To accomplish this, we will evolve the browser code more broadly, so that our distribution model offers an updated Microsoft Edge experience + platform across all supported versions of Windows, while still maintaining the benefits of the browser’s close integration with Windows.
    We will contribute web platform enhancements to make Chromium-based browsers better on Windows devices. Our philosophy of greater participation in Chromium open source will embrace contribution of beneficial new tech, consistent with some of the work we described above. We recognize that making the web better on Windows is good for our customers, partners and our business – and we intend to actively contribute to that end.

Also see Microsoft is Rebuilding Edge Browser using Chromium for Windows & macOS.

5
Security Alerts & Briefings / Adobe Flash Player Critical Security Update
« on: December 05, 2018, 01:36:10 PM »
Adobe has released Version 32.0.0.101 of Adobe Flash Player and AIR for Windows, macOS, Linux and Chrome OS. one critical vulnerability in Adobe Flash Player and one important vulnerability in Adobe Flash Player installer. Successful exploitation could lead to Arbitrary Code Execution and privilege escalation in the context of the current user respectively.

Adobe is aware of reports that an exploit for CVE-2018-15982 exists in the wild.

Release date:  December 5, 2018
Vulnerability identifier: APSB18-42
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:
Security Bulletin
Release Notes

6
Security Alerts & Briefings / Adobe Flash Player Critical Security Update
« on: November 20, 2018, 01:25:44 PM »
Adobe has released Version 31.0.0.153 of Adobe Flash Player and AIR for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player 31.0.0.148 and earlier versions.  Successful exploitation could lead to arbitrary code execution in the context of the current user. 

Technical details about this vulnerability are publicly available.

Release date:  November 20, 2018
Vulnerability identifier: APSB18-44
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:
Security Bulletin
Release Notes

7
Security Alerts & Briefings / Microsoft Security Updates for November, 2018
« on: November 13, 2018, 05:18:06 PM »
The November security updates have been released and consists of security updates for the following:  Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, .NET Core, Skype for Business, Azure App Service on Azure Stack, Team Foundation Server and Microsoft Dynamics 365 (on-premises) version 8.

The updates address Remote Code Execution, Defense in Depth, Information Disclosure, Tampering, Security Feature Bypass, Elevation of Privilege, Denial of Service and Spoofing.

Note:  Since Dustin Childs is in Tokyo for PawnToOwn, his  review and recommendations in  Zero Day Initiative will be delayed due to the time difference.  An update will be provided following his review.

Release Notes
Windows 10 Update history

8
Security Alerts & Briefings / Adobe Flash Player Security Updates Released
« on: November 13, 2018, 04:02:36 PM »
Adobe has released Version 31.0.0.148 of Adobe Flash Player and AIR for Windows, macOS, Linux and Chrome OS. These updates address an important vulnerability in Adobe Flash Player 31.0.0.122 and earlier versions.  Successful exploitation could lead to information disclosure.

Release date:  November 13, 2018
Vulnerability identifier: APSB18-39
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:
Security Bulletin

9
Adobe has released security updates for Adobe Acrobat and Reader for Windows to resolve an important vulnerability.  Successful exploitation could lead to an inadvertent leak of the user’s hashed NTLM password.  Proof-of-concept code for CVE-2018-15979 is publicly available.

Release date:  November 13, 2018
Vulnerability identifier: APSB18-40
Platform: Windows

Update or Complete Download
:

Reader DC and Acrobat DC were updated to version 2019.008.20081. Update checks can be manually activated by choosing Help & Check for Updates.
Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Security Bulletin

10
Pale Moon has been updated to version 28.2.0, a major development release addressing performance, web compatibility, bugfixes, regressions and security vulnerabilities.  In particular, security fixes have been implemented for CVE-2018-12381, CVE-2017-7797, a better fix for CVE-2018-12386 (DiD), CVE-2018-12401 (DiD), CVE-2018-12398, CVE-2018-12392, several Skia bugs, and several crashes and memory safety hazards that do not have a CVE number.

Release Notes

11
Mozilla sent Firefox Version 63.0 to the release channel today.  Information about the "Enhanced Tracking Protection" and other new features in this release is available in the Mozilla Blog at Latest Firefox Rolls Out Enhanced Tracking Protection.

Mozilla Firefox Release Notes


12
LandzDown Lounge / A Windows Insider Visit to Microsoft Headquarters!
« on: October 18, 2018, 06:46:19 PM »
Now you'll all know why I wasn't around last week to post about Patch Tuesday security updates:  A Windows Insider MVP Visit to Microsoft Headquarters!.

13
General Software News, Updates & Discussions / Windows Internals
« on: October 17, 2018, 11:36:34 PM »
Quote
One of the pieces of feedback we regularly hear is that our fans want more detailed and technical articles diving deep into the behind-the-scenes on the development of the Windows OS. To address this feedback, we’re officially kicking off the Windows Internals series of articles today. Some of these articles will be new content published here on our Windows Insider website while others might be links to other blog posts from various teams talking about their work in Windows. The goal is to publish these articles whenever we can but there isn’t a set schedule. Sometimes we may have multiple articles within a single week and sometimes it might be a week or two between new articles.

More at Introducing the Windows Internals Series: One Windows Kernel - Windows Insider with the first article here, One Windows Kernel.

14
Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  This Critical Patch Update contains 12 new security fixes for Oracle Java SE.  11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

Update

If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

Java SE 8u191 or 8u192

Java SE 11.0.1  (x64-bit only)

Notes:

    UNcheck any pre-checked toolbar and/or software  options presented with the update. They are not part of the software update and are completely  optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".
    Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
    Verify your version:  http://www.java.com/en/download/testjava.jsp.   Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

Critical Patch Updates and Security Alerts
Oracle Java SE Risk Matrix

Pages: [1] 2 3 ... 68