Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Corrine

Pages: [1] 2 3 ... 70
1
Oracle released the scheduled critical security updates for its Java SE Runtime Environment software. This Critical Patch Update contains 5 new security fixes for Oracle Java SE. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

Update

If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

Download Information

Java SE 8u201 or 8u202
Release Notes:
8u201: https://www.oracle.com/technetwork/java/javase/8u211-relnotes-5290139.html
8u202: https://www.oracle.com/technetwork/java/javase/8u212-relnotes-5292913.html
Download: https://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

Java SE 11.0.2 (x64-bit only)
Note: JDK only.
Release Notes: https://www.oracle.com/technetwork/java/javase/11-0-2-relnotes-5188746.html
Download: https://www.oracle.com/technetwork/java/javase/downloads/jdk11-downloads-5066655.html

NoteUNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional. Preferably, see the instructions below on how to handle "Unwanted Extras".



2
The April security updates have been released and consist of 74 CVE's and one security advisory (for Adobe Flash Player) in which 13 are rated Critical and 61 are rated Important. None are listed as publicly known but two are listed as being under active attack at the time of release.

In addition to a Servicing Stack Update (See ADV990001), the updates apply to the following:  Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Windows,  Microsoft Office and Microsoft Office SharePoint, ChakraCore, ASP.NET, Microsoft Exchange Server, Team Foundation Server, Azure DevOps Server, Open Enclave SDK, and Windows Admin Center.

See Dustin Childs review and analysis in Zero Day Initiative — The April 2019 Security Update Review.

Release Notes
Windows 10 Update history

3
Adobe has released Version 32.0.0.171 of Adobe Flash Player and AIR for Windows, macOS, Linux and Chrome OS. These updates address important bug and security fixes.   

Release date:  APRIL 9, 2019
Vulnerability identifier: APSB19-19
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:
Security Bulletin
Release Notes

4
Adobe has released critical security updates for Adobe Acrobat and Reader for Windows and macOS. Successful exploitation could lead to arbitrary code execution in the context of the current user.  

Release date:  April 9, 2019
Vulnerability identifier: APSB19-17
Platform: Windows and MacOS

Update or Complete Download

Reader DC and Acrobat DC were updated to version 2019.010.20099. Update checks can be manually activated by choosing Help & Check for Updates.

    Reader DC and other versions are available here:  https://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
    Acrobat DC for Windows is available here:  http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


Security Bulletin

5
From:  Microsoft Edge preview builds: The next step in our OSS journey | Windows Experience Blog
Quote
In December, we announced our intention to adopt the Chromium open source project in the development of Microsoft Edge on the desktop. Our goal is to work with the larger Chromium open source community to create better web compatibility for our customers and less fragmentation of the web for all web developers.

Today we’re embarking on the next step in this journey – our first Canary and Developer builds are ready for download on Windows 10 PCs. Canary builds are preview builds that will be updated daily, while Developer builds are preview builds that will be updated weekly. Beta builds will come online in the future. Support for Mac and all supported versions of Windows will also come over time.

For more in depth information see What to expect in the new Microsoft Edge Insider Channels - Microsoft Edge Blog

One nice aspect of the preview is if you already use Microsoft Edge, that existing version installed on your device(s) at this time will continue to work along side with the builds from any of the Microsoft Edge Insider Channels.

6
Web News / Windows 10 Update Changes and Improvements
« on: April 04, 2019, 04:37:53 PM »
Microsoft announced major changes in the Windows 10 Update process today. The changes are included in Windows 10 Version 1903, currently being tested by Windows Insiders and planned for release in late May.

Windows 10 Home users who have complained about lack of control for Windows Updates are going to be particularly happy with the changes.

Following is a brief synopsis of the changes.
  • Feature Updates --"Download and install now" is being added to Windows Update options. As long as your device has no known blocking issues, selecting that option will allow users to get the latest version without having to wait for it to be offered. This change is expected to available in Windows 10 versions 1803 and 1809 by late May.

  • Pause Updates -- Windows 10 Home Users will be able to pause updates up to 35 days. This can be done in 7-day increments up to five times. This applies to both feature and monthly updates.

  • Intelligent Active Hours -- A new option will be available to let Windows Update intelligently adjust active hours based on device-specific usage patterns.

  • Update Coordination -- Referred to as "improved update orchestration", the concept is to improve system performance by coordinating both Windows Updates and Microsoft Store updates when users are away from their devices.
Information about "Expanded focus on quality" including early detection of low-volume, high-severity issues, a "New public dashboard for increased issue transparency" on the Windows 10 Update History page, and more is available in the complete announcement on the Windows Experience Blog at Improving the Windows 10 update experience with control, quality and transparency.

7
Microsoft has released a cumulative update with non-security improvements and fixes for Windows 10 version 1809.  This update includes a long list of improvements and fixes with no new operating system features introduced.

See KB4490481 for the list of improvements and fixes as well as the various know issues and accompanying workarounds.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.  The update is available from Windows Update or the Microsoft Update Catalog

8
Web News / Microsoft Store Books Category is Closing
« on: April 02, 2019, 04:30:45 PM »
Effective today, 02April2019, it is no longer possible to purchase eBooks from the Microsoft store.  I haven't purchased any eBooks from the Microsoft Store, however, if you have and haven't read them yet, better get started now.  At some point early this month, Microsoft will begin processing refunds on purchased eBooks at which time you will no longer have access to those books. 

See the complete FAQ here:  Books in Microsoft Store.

9
Pale Moon has been updated to version 28.4.1.  This is a security and bugfix update.  The Linux version will follow later today.

Note that the update includes fixes identified as "Defense-in-Depth" which means that it is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered. 

Release Notes


10
Mozilla sent Firefox Version 66.0 to the release channel today.  The update addresses 21 CVE's of which five (5) are rated critical, seven (7) high, five (5) moderate and four (4) low in severity.

Firefox ESR has been updated to Version 60.6.

Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

Security Updates
Release Notes

11
If you switched to Groove for listening to your music, please note that the Grove Music OneDrive service will be retired on March 31, 2019.  You will, however, still be able to access your music files in OneDrive and can download your music to your PC or other device with the OneDrive app to continue playing it in Grove. 

It is important to note that if your music is only on Grove and not OnDrive, you only have until March 31, 2019, to export your music from Grove to OneDrive because it will stop syncing then.

Complete information is available in the FAQ:  Groove Music OneDrive Streaming: FAQ.

12
The March security updates have been released and consist of 64 CVE's and four security advisories in which 17 are rated Critical, 45 are rated Important, 1 is rated Moderate and 1 low in severity. Four are listed as publicly known and two are listed as being under active attack at the time of release.

In addition to a Servicing Stack Update (See the "Additional Update Notes" below for more information.), the updates apply to the following:  Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Windows,  Microsoft Office and Microsoft Office SharePoint, ChakraCore, Team Foundation Server, Skype for Business, Visual Studio, and NuGet.

Important
:  Windows 10, version 1709, will reach end of service on April 9, 2019 for devices running Windows 10 Home, Pro, Pro for Workstation, and IoT Core editions. These devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, updating to the latest version of Windows 10 is strongly recommended.  Note, however, that Windows 10 Enterprise, Education, and IoT Enterprise editions will continue to receive servicing for 12 months at no cost per the lifecycle announcement on October 2018.

Recommended Reading:  See Dustin Childs review and analysis in Zero Day Initiative — The March 2019 Security Update Review.

Release Notes
Windows 10 Update history

13
In situations where Windows updates that cause startup failures due to incompatibility or issues in new software, the updates will be uninstalled.  In addition, Windows will also prevent problematic updates from installing automatically for the next 30 days.

See Why were recently installed updates removed? for additional information.

H/T:  Windows 10 to Automatically Remove Updates That Cause Problems

14
Web News / WinRAR Patches 19-Year-Old Security Vulnerability
« on: February 27, 2019, 03:36:40 PM »
Doing a quick search here at LzD, numerous logs showed up with WinRAR listed.  If you have WinRAR installed, it is time to either update it or remove it. 

From WinRAR patches 19 year old security bug that put millions at risk - The Verge
Quote
WinRAR has patched a 19-year-old security vulnerability that allowed attackers to extract malicious software to anywhere on your hard drive. The vulnerability was discovered by researchers at Check Point Software Technologies, who realised that WinRAR’s support for the effectively defunct ACE archive format meant that it was still relying on an insecure and dated DLL file from 2006.

15
Security Alerts & Briefings / Adobe Shockwave Player EoL (End of Life)
« on: February 26, 2019, 05:12:44 PM »
Personally, I haven't used Shockwave Player for years and it has never been installed on either of my 2008 devices.  If it is installed on your PC, it is time to consider uninstalling it as it is reaching EoL as of April 9, 2019.

From End of Life (EOL) for Adobe Shockwave:

Quote
Effective April 9, 2019, Adobe Shockwave will be discontinued and the Shockwave player for Windows will no longer be available for download.

Companies with existing Enterprise licenses for Adobe Shockwave continue to receive support until the end of their current contracts.

Adobe Shockwave is a browser-based multimedia platform for interactive applications and video games. Retiring the Shockwave player for Windows is the last step in a multi-year process: Adobe Director, an authoring tool for Shockwave content, was discontinued on February 1, 2017 and the Shockwave player for macOS was discontinued on March 1, 2017.

Adobe continues to offer a rich set of content creation tools through Creative Cloud, including Adobe Animate for authoring interactive content for multiple platforms, such HTML5 Canvas, WebGL, Flash/Adobe AIR, and others.

Pages: [1] 2 3 ... 70