Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Corrine

Pages: [1] 2 3 ... 80
LandzDown Lounge / Happy 45th Birthday, Microsoft!
« on: April 04, 2020, 05:23:19 PM »
Via Twitter
Who wants a slice of cake? 🎂

On this day in 1975, Microsoft was born.

Mozilla sent Firefox Version 74.0.1 and Firefox ESR Version 68.6.1 to the release channel today. The update included two (2) security updates both rated critical.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

From Update on Stable channel releases for Microsoft Edge - Microsoft Edge Blog:

Updated 3/31/2020 – Following the updated Chromium schedule, we are adjusting our schedule for upcoming Microsoft Edge releases and cancelling the version 82 release. Microsoft Edge 81 will release to Stable in early April, followed by an early release of Microsoft Edge 83 in mid-May.

Microsoft released an out-of-band update that addresses the following issue for Windows 10 Versions 1909, 1903, 1803 and 1709:

"Addresses an issue that might display a limited or no internet connection status in the notification area on devices that use a manual or auto-configured proxy, especially with a virtual private network (VPN). Additionally, this issue might prevent some devices from connecting to the internet using applications that use WinHTTP or WinINet."

Important Notes:
  • If you are not experiencing the referenced connectivity issues, it is recommended that the update not be installed.
  • The update is not available via Windows Update. It is only available from the [Microsoft Update Catalog.
Windows 10 update history

From Office - Microsoft Edge Addons:

Office browser extension puts an icon on the Microsoft Edge toolbar that gives you direct access to your Office files, whether they are stored online or on your computer.

Office web extension can open files stored in OneDrive and OneDrive for Business.

You get the features of Word, Excel, PowerPoint, OneNote, and Sway right in your browser without needing Office installed.

The Office browser extension now includes proofing of your content*. It connects to a Microsoft online service that offers spelling, grammar and refinements suggestions for your writing on most websites and is available in more than 80 languages.

To get the extension, launch Microsoft Store > Click "Productivity" > type "Office browser extension" in the search box.  More information here:  Quick access to your Office files in the browser - Office Support

Microsoft released cumulative update KB 4541335 with non-security improvements and fixes for Windows 10 Versions 1909 and 1903 today. From the KB Article:

"Windows 10, versions 1903 and 1909 share a common core operating system and an identical set of system files. As a result, the new features in Windows 10, version 1909 were included in the recent monthly quality update for Windows 10, version 1903 (released October 8, 2019), but are currently in a dormant state. These new features will remain dormant until they are turned on using an enablement package, which is a small, quick-to-install “master switch” that simply activates the Windows 10, version 1909 features.

To reflect this change, the release notes for Windows 10, version 1903 and Windows 10, version 1909 will share an update history page. Each release page will contain a list of addressed issues for both 1903 and 1909 versions. Note that the 1909 version will always contain the fixes for 1903; however, 1903 will not contain the fixes for 1909. This page will provide you with the build numbers for both 1909 and 1903 versions so that it will be easier for support to assist you if you encounter issues.

For more details about the enablement package and how to get the feature update, see the Windows 10, version 1909 delivery options blog."

In addition, Microsoft made the change below and documented in the Windows message center:

"Timing for upcoming Windows optional C and D releases

We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-security releases (C and D updates) for all supported versions of Windows client and server products (Windows 10, version 1909 down through Windows Server 2008 SP2).

There is no change to the monthly security updates (B release – Update Tuesday); these will continue as planned to ensure business continuity and to keep our customers protected and productive."

See the KB article for the improvements. To download and install the update, go to Settings -> Update and Security -> Windows Update and select Check for updates. The standalone package for this update is available in the Microsoft Update Catalog. In addition, with Windows Update, the latest SSU KB4541338) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

Windows 10 update history

links fixed by winchester73

Pale Moon version 28.9.0 has been released.  The update is a major development update with new features, changes/fixes as well as security-related fixes.

The update includes DiD ("Defense-in-Depth") updates.  A DiD update is s a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Update:  To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and Check for Updates.

Release Notes

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Release date:  March 17, 2020
Vulnerability identifier: APSB20-13
Platform: Windows and MacOS

Update or Complete Download

Reader DC and Acrobat DC were updated to version 20.006.20042.

Update checks can be manually activated by choosing Help/Check for Updates.
Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


From CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability:

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.

To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.

The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests.

KB 4551762:  This update is for Windows 10 Versions 1903 and 1909.

Security Alerts & Briefings / Microsoft March 2020 Security Updates
« on: March 10, 2020, 04:38:34 PM »
The Microsoft March security updates have been released and consist of 115 CVEs. Of these 26 CVEs, rated Critical, 88 Important, and 1 rated Important in severity. None of the bugs being patched are listed as being publicly known or under active attack at the time of release.

The updates apply to the following:  Microsoft Windows, Microsoft Edge(EdgeHTML-based), Microsoft Edge (Chromium-based), ChakraCore, Internet Explorer, Microsoft Exchange Server, Microsoft Office and Microsoft Office Services and Web Apps, Azure DevOps, Windows Defender, Visual Studio, Open Source Software, Azure, and Microsoft Dynamics.

As of the time of this posting, Adobe has not released updates for Flash Player.

Recommended Reading:  See Dustin Childs review and analysis in Zero Day Initiative — The March 2020 Security Update Review.

March Security Updates Guide

Pale Moon has been updated to version 28.8.4.  The update is a small web compatibility and security update.  Linux versions will follow shortly.

The update includes a DiD ("Defense-in-Depth") update.  A DiD update is s a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Release Notes

As described in Protecting users from potentially unwanted applications in Microsoft Edge - Microsoft Edge Blog, beginning with Microsoft Edge build 80.0.338.0, a new feature has been added to prevent downloads that may contain potentially unwanted apps (PUA) by blocking those apps from downloading. Although the feature is off by default, it can be enabled by doing the following:

1.  Open Settings.
2.  Select "Privacy and services".
3.  Scroll down to Services, and turn on "Block potentially unwanted apps".

In the event an app is mislabeled as PUA, it can be kept by tapping "…" at the bottom of the notice shown when an app is blocked and selecting "Keep" > "Keep anyway".

To report the app as safe, go to edge://downloads/, and select "Report this app as reputable", which will result in a redirect to the Edge feedback site.

Mozilla sent Firefox Version 73.0.1 to the release channel today with a number of fixes.  Firefox ESR Version remains at Version 68.5.

Release Notes

Pale Moon has been updated to version 28.8.3 as a bugfix and security update.

The update includes two DiD ("Defense-in-Depth") updates. A DiD update is s a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Release Notes

uBlock Origin Updater has become obsolete · Issue #112 · JustOff/ublock0-updater · GitHub
I'm pleased to announce that starting from version, uBlock Origin for Firefox legacy-based browsers can auto-update itself without any additional tricks. This also means that uBlock Origin Updater is becoming obsolete, and I'm going to make it so that it uninstalls itself on the next update.

I checked Add-ons and, sure enough, uBlock Origin Updater is no longer installed.

Pages: [1] 2 3 ... 80