Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Corrine

Pages: [1] 2 3 ... 72
1
Adobe has released an optional update for Acrobat DC and Acrobat Reader DC to version 2019.012.20035. The update is a hotfix patch for Windows only that addresses some important bug fixes. 

Update checks can be manually activated by choosing Help/Check for Update or download the installer from here

Release Notes

2
The June security updates have been released and consist of 88 CVEs and 4 advisories. Of these 88 CVEs, 21 are rated Critical and 66 are rated Important and 1 Moderate in severity. Four are listed as publicly known and none are listed as under active attack at the time of release.

The updates address Remote Code Execution, Information Disclosure, Spoofing, Elevation of Privilege, Denial of Service,  Security Feature Bypass, and Tampering.  They apply to the following:  Adobe Flash Player, Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Skype for Business and Microsoft Lync, Microsoft Exchange Server and Azure.

Release Notes (Includes Known Issues)

Windows Update History:Recommended reading:  Dustin Childs review and analysis in Zero Day Initiative — The June 2019 Security Update Review.


3
Adobe has released Version 32.0.0.207 of Adobe Flash Player and AIR for Windows, macOS, Linux and Chrome OS. These updates address bug fixes as well as a critical vulnerability in Flash Player.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

Release date:  June 11, 2019
Vulnerability identifier: APSB19-30
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:
Security Bulletin
Release Notes Flash Player 32 AIR 32

4
Security Alerts & Briefings / Pale Moon Version 28.5.1 Released
« on: June 04, 2019, 01:15:43 PM »
Pale Moon has been updated to version 28.5.1.  This is a security and bugfix update.

Applicable security issues fixed: CVE-2019-7317, CVE-2019-11701, CVE-2019-11698, CVE-2019-9817 (DiD), CVE-2019-11700, CVE-2019-11696, CVE-2019-11693, and several potentially exploitable crashes and memory safety hazards that do not have a CVE number assigned to them.

Release Notes

5
Windows 10 Version 1903 is continuing to be rolled out slowly.  However, Microsoft has released a cumulative update with non-security improvements and fixes for this newly-released version.  In addition to addressing a number of issues, the update addresses "Windows Update blocked because of drive reassignment", described in KB 4500988.

To view the improvements and features, see the following:  KB4497935 (OS Build 18362.145)
 
To download and install this update, go to Settings > Update and Security > Windows Update and select Check for updates.
If you are using Windows Update, the latest SSU (KB4498523) will be offered to you automatically. However, to get the standalone package for the SSU update, go to the Microsoft Update Catalog website.

6
Microsoft has released cumulative updates with non-security improvements and fixes for Windows 10 Versions 1709 and 1703.  As shown in their respective KB articles, the issues addressed are almost the same for both versions as is the sole known issue.

          Windows 10 Version 1709:   KB4499147 (OS Build 16299.1182), Microsoft Update Catalog

          Windows 10 Version 1703:   KB4499162 (OS Build 15063.1839), Microsoft Update Catalog

To download and install this update, go to Settings > Update and Security > Windows Update and select Check for updates.

The standalone packages are available for both versions from the Microsoft Update Catalog, linked above. Note, however, if you use the Update Catalog, it will be necessary to manually check for any needed Servicing stack updates (SSU).  Using Windows Update, any needed Servicing stack updates will be offered automatically.

7
Microsoft has released a cumulative update for both Windows 7 SP1 and Windows 8.1. The update for both operating system includes improvements and fixes with no new operating system features introduced. There is, however, a known issue for both operating systems for users of Mcfee:

Quote
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.

Windows 8.1:  See KB4499182 for the list of improvements and fixes as well as the various know issues and accompanying workarounds.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 7:  See KB4499178 for the list of improvements and fixes as well as the various know issues and accompanying workarounds.  As indicated previously, starting with 4493472 Monthly Rollup updates will no longer include PciClearStaleCache.exe. This installation utility addressees inconsistencies in the internal PCI cache. This can cause the symptoms documented in the KB article.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

8
From Firefox CSP Issue may cause extension conflicts - gHacks Tech News:
Quote
Mozilla Firefox has an issue right now that is causing conflicts if multiple extensions are installed that modify CSP headers on visited sites.

CSP, which stands for Content Security Policy, is a security addition that sites may use to detect and mitigate certain attack types such as Cross Site Scripting or data injections.

Browser extensions may use CSP injection to modify headers. The popular content blocker uBlock Origin may use it to block remote fonts from loading on pages visited in the browser, and Canvas Blocker uses it to block data URL pages.

The referenced article includes a link that ghacks maintains of extensions known to use CSP.  In addition to uBlock Origin, the list includes popular extensions including HTTPS Everywhere and others.

If you use uBlock Origin on Firefox and are experiencing issues, try the following solution for uBlock Origin: 
  • Tools > Add-ons > Extensions > uBlock Origin
  • Dashboard > Settings > UNcheck "Block remote fonts" under Default Behavior.

9
Microsoft has released cumulative updates with non-security improvements and fixes for Windows 10 Versions 1803 and 1809.  In addition to the numerous improvements and fixes, the update provides the following functionality change which allows the user to decide when to install a feature update:
Quote
"we are introducing functionality that allows you to decide when to install a feature update. You control when you get a feature update while simultaneously keeping your devices up to date. Feature updates that are available for eligible devices will appear in a separate module on the Windows Update page (Settings > Update & Security > Windows Update). If you would like to get an available update right away, select Download and install now. To find out more about this feature, please go to this blog."
To view the improvements and features, see the following: To download and install this update, go to Settings > Update and Security > Windows Update and select Check for updates.
To get the standalone package for this update, go to the Microsoft Update Catalog website.

10
Yes, the Windows 10 May Update has been released!  From How to get the Windows 10 May 2019 Update | Windows Experience Blog:

Quote
How to get the Windows 10 May 2019 Update

Beginning today, the May 2019 Update is available for customers who would like to install the latest release. If you are ready to install the update, open your Windows Update settings (Settings > Update & Security > Windows Update) and select Check for updates. Once the update appears, you can select Download and install now. (Note: You may not see Download and install now on your device as we are slowly throttling up this availability, while we carefully monitor data and feedback). Once the download is complete and the update is ready to install, we’ll notify you so that you can pick the right time to finish the installation and reboot, ensuring the update does not disrupt you. This new ‘Download and install now’ capability is available for devices running Windows 10, version 1803 or version 1809 that also have the May 21st updates (or later) installed. For more information on the new user update controls and how to get the May 2019 Update, watch this video.

Update:  In order to have the option to "Download and install now", install the latest updates.  See Microsoft Cumulative Update Released for Windows 10 Versions 1803 and 1809

11
Mozilla sent Firefox Version 67.0 to the release channel today.  The update included twenty-two (22) security updates of which two (2) are critical, twelve (12) are high, six (6) moderate and two (2) are rated low.

Firefox  ESR was updated to version 60.7.

Release Notes
Security Updates

12
Microsoft has released a cumulative updates with non-security improvements and fixes for each of the released Windows 10 versions.   This update addresses an issue that may prevent access to some gov.uk websites that do not support HTTP Strict Transport Security (HSTS) when using Internet Explorer 11 or Microsoft Edge.

See the KB articles listed below for your specific version of Windows 10:

1903 support.microsoft.com/help/4505057
1809 support.microsoft.com/help/4505056
1803 support.microsoft.com/help/4505064
1709 support.microsoft.com/help/4505062
1703 support.microsoft.com/help/4505055
1607 support.microsoft.com/help/4505052
1507 support.microsoft.com/help/4505051

13
From Windows 10 Won't Boot When Using System Restore After Updating:

Quote
Microsoft says that a known issue will block Windows 10 from booting after trying to restore the system to a restore point created before installing a Windows 10 update.

The issue affects all Windows machines where system protection is turned on and a system restore point has been created prior to installing one or more Windows 10 updates.

When users try to restore the system after the Windows 10 updates have finished installing, the system will not be restored and, instead, "the computer experiences a Stop error (0xc000021a)" and, after restarting the computer, the system will not be able to return to the Windows desktop.

Windows Support article with workaround:  You cannot restore the system to a restore point after you install a Windows 10 update

14
Web News / Another Intel Flaw!
« on: May 14, 2019, 09:47:42 PM »
From New RIDL and Fallout Attacks Impact All Modern Intel CPUs:

Quote
Multiple security researchers have released details about a new class of speculative execution attacks against most modern Intel processors. Called data-sampling attacks, they are different from and more dangerous than Meltdown, Spectre and their variations because they can leak data from CPU buffers, which is not necessarily present in caches.

Speculative execution is a method for optimizing the performance of a CPU by running tasks in advance, without knowing whether they will be needed or not.

As indicated in the Wired article at Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs | WIRED, it is four distinct attacks using a similar technique, and all capable of siphoning a stream of potentially sensitive data from a computer's CPU to an attacker.

15
The May security updates have been released and consist of 79 CVEs along with two advisories. Of these 79 CVEs, 22 are rated Critical and 57 are rated Important in severity. Two of these bugs are listed as publicly known and one is listed as under active attack at the time of release.

The updates address Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Information Disclosure, Denial of Service, Spoofing, and Security Feature Bypass and apply to the following: The updates cover Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, .NET Framework and ASP.NET, Skype for Android, Azure DevOps Server, and the NuGet Package Manager.

Known Issues: See the Known Issues and accompanying work-around in the KB Articles for your version of Windows 10:
Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative — The May 2019 Security Update Review.

Pages: [1] 2 3 ... 72