Tuesday, February 26, 2013

Critical Security Update for Adobe Flash Player



Adobe Flash Player was updated again today to address critical security vulnerabilities.  These updates address vulnerabilities currently being exploited in the wild.
CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content.

CVE-2013-0643 and CVE-2013-0648 are designed to target Flash Player in Firefox.


Update Information

The newest versions are as follows:
Windows and Macintosh:  11.6.602.171
Linux: 11.2.202.273

Release date: February 26, 2013
Vulnerability identifier: APSB13-08
CVE number: CVE-2013-0504, CVE-2013-0643, CVE-2013-0648
Platform: All platforms

Flash Player Update Instructions


Flash Player for Windows, Macintosh and Linux

Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, direct download links are available.

Notes:
  • If you use the Adobe Flash Player Download Center, be careful to uncheck the optional McAfee Security Plus box.  It is not needed for the Flash Player update.
  • Uncheck any toolbar offered with Adobe products if not wanted.
  • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
  • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

References







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


IE10 for Windows 7 Released

IE10

Internet Explorer 10 has been released globally for Windows 7.  It is available in 95 languages.

Initially, the update will be available via Windows Update for those running the IE10 release preview, followed in stages for the remaining Windows 7 users.  If you would rather not wait to be offered the update, IE10 is available via the links shown below.

Note that IE10 is not compatible with Windows Vista.

Key Improvements

Key improvements in IE9 include improved performance, security, and privacy.  Of major significance are the results of the independent testing conducted by NSS Labs, referenced below, in which IE10 with App Rep had a mean malware block rate of 99.1%.

System Requirements

Processor
  • Computer with a 1 gigahertz (GHz) 32-bit (x86) or 64-bit (x64) processor.
Operating system
  • Windows 7 32-bit with Service Pack 1 (SP1) or higher
  • Windows 7 64-bit with Service Pack 1 (SP1) or higher
  • Windows Server 2008 R2 with Service Pack 1 (SP1) 64-bit
Memory
  • Windows 7 32-bit—512 MB
  • Windows 7 64-bit—512 MB
  • Windows Server 2008 R2 64-bit—512 MB
Hard drive space
  • Windows 7 32-bit—70 MB
  • Windows 7 64-bit—120 MB
  • Windows Server 2008 R2 64-bit—200 MB
Display
  • Super VGA (800 x 600) or higher-resolution monitor with 256 colors 

Download Link

Go here to determine if your PC is running the 32-bit or 64-bit version of Windows.

References




Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Wednesday, February 20, 2013

Moving to SkyDrive


SkyDrive
I hope Security Garden readers haven't missed the message from the Windows Live Mesh and SkyDrive Teams announcing the retirement of Mesh earlier this month.

With the retirement of Mesh the following changes are taking place:
  • Remote desktop and peer-to-peer sync are no longer be available.
  • Any data on the Mesh cloud (Mesh synced storage or SkyDrive synced storage) will be permanently deleted on August 13, 2013.  (Mesh users go here to access your Mesh online storage.)
  • Synced folders have stopped syncing.
  • You are no longer able to connect to your PCs remotely using Mesh.

Get SkyDrive

Whether you are a former Windows Live Mesh user or just never tried SkyDrive, you will discover that it is very easy to set up.  SkyDrive works on Windows 8, Windows 7, or Vista, and Mac OS X Lion computers.

Setting up SkyDrive couldn't be easier.
  1. Download SkyDrive Desktop App for Windows
  2. Double-click SkyDriveSetup to start the installation.
    SkyDrive Install
  3. Click the Getting Started link on the Wizard that launches after installation.
    SkyDrive Getting Started
  4. Sign in with your Microsoft Account.  If you don't have a Microsoft Account yet, just click the link to sign up.
  5. Click Next and you have the option to change the location of the Skydrive folder, although you may want to stay with the default.
    SkyDrive Introduction
  6. As appropriate, check the box to "Make files on this PC available to me on my other devices" and then click Done.
    SkyDrive Done
  7. All you need to do to get started is drag the files and folders to your new SkyDrive folder and the application does the rest!

It is that easy!

Now you can easily access your files from another computer or device.  With 7 GB of free storage, you have enough space for 20,000 Office documents or 7,000 photos.

SkyDrive Desktop for Windows System Requirements

  • Operating system: One of the following:
    • 32- or 64-bit version of either Windows 8, Windows 7, or Windows Vista with Service Pack 2 and the Platform Update for Windows Vista. (This app can't be installed on PCs running Windows RT.)
    • Windows Server 2008 R2 or Windows Server 2008 with Service Pack 2 and the Platform Update for Windows Server 2008
  • Processor: 1.6 GHz or higher, Pentium IV or higher
  • Memory: 1 GB of RAM or higher
  • Internet connection: High-speed Internet access is recommended.
~   ~   ~   ~   ~   ~

As a SkyDrive Insider, I am excited to share information about SkyDrive.  If you have a question about this post, please leave a comment and I'll do my best to assist.

Learn more about the SkyDrive Insiders program here

References



Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Happy 1st Anniversary, Sysnative.com!


Sysnative.com Anniversary


It was one year ago today that hosting and vBulletin 4 software license were purchased by site owner and fellow Microsoft MVP John Griffith, for the express purpose of BSOD App development at Sysnative.com

A year later and not only was the goal of further development of the Sysnative BSOD App achieved (and ongoing), but also Sysnative has grown into a full-fledged support forum.  A wonderful and talented group of people have contributed to making Sysnative a wonderful place to both provide and obtain help.

If you need help, would like to learn more about analyzing BSOD's or see the amazing work being done solving Windows Update and other computer problems, join us at Sysnative.com!  Membership and help are free.  Only registration is required. 

To get a taste for the wide range of areas covered, see Lots of help here...this tells you where to find it



Additional information:  Sysnative - What is it?


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Adobe Reader and Acrobat Critical Security Update

Adobe
Following the release of Security Advisory (APSA13-02) related to critical security vulnerabilities in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Macintosh, Adobe released an update to those versions today.

Because the vulnerabilities are being exploited in the wild in targeted attacks, it is recommended that users of Adobe Reader and Acrobat apply the update as soon as possible.  These updates address critical vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

Release Details

    Release date: February 20, 2013
    Vulnerability identifier: APSB13-07
    CVE number: CVE-2013-0640, CVE-2013-0641
    Platform: All Platforms

    Update or Complete Download

    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    Enable "Protected View"

    Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

    To enable this setting, do the following:
    • Click Edit > Preferences > Security (Enhanced) menu. 
    • Change the "Off" setting to "All Files".
    • Ensure the "Enable Enhanced Security" box is checked. 

    Adobe Protected View
    Image via Sophos Naked Security Blog
    If you are looking for a replacement for Adobe Reader, consider Replacing Adobe Reader with Sumatra PDF.

    References




    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Tuesday, February 19, 2013

    Critical Oracle Java Security Update

    java


    When Oracle released an out-of-band security update for Java SE, additional updates that had been planned were not included.  As a result, this critical security update was released to add the additional five fixes omitted earlier this month. 

    In an surprising move, Oracle has added two additional dates to the update schedule in order to further accelerate Java security fixes.


    If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

    Java Security Recommendations

    1)  In the Java Control Panel, set the security to high.
    2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

    Java ControlPanel
    (Image via Sophos Naked Security Blog)

    3)  If you use Firefox, install NoScript and only allow Java on those sites where it is required.

    Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

    Download Information

    Download link:  Java Version 7 Update 15

    Verify your version:  http://www.java.com/en/download/testjava.jsp

    Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

    Critical Patch Updates

    For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
    • 16 April 2013
    • 18 June 2013
    • 15 October 2013
    • 14 January 2014

      References





      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Mozilla Firefox 19.0 Released with Built-in PDF Viewer



      Firefox 19.0.0 was sent to the release channel today by Mozilla.  Although the release includes the usual long list of bug fixes, the release does not include security updates.  Firefox 19 does include a new addition, a built-in PDF viewer.

      Using Firefox PDF Viewer

      It is important to note that the addition is just that, a viewer.  It is not possible, for example, to use it for completing fill-in forms.  However, when using the viewer, the option is available in the right-hand corner of the viewed file to "Open with a Different Viewer".

      As illustrated below, the built-in .PDF reader can be enabled or disabled via the Tools > Options > Applications tab. 



      With a default PDF program set on the computer, the first option is presented when clicking a PDF file:

      Firefox PDF Open with


      To select Firefox for viewing the file, navigate to where you have Firefox installed on your computer; i.e., C:\Program Files (x86)\Mozilla Firefox\Firefox.exe and select it.  The PDF will then be viewable in Firefox.



      Firefox PDF View Options

      When the PDF is opened in the built-in PDF viewer there may be a warning in the message bar reading, "This PDF document might not be displaying properly".  It is at this point where you can elect to openthe file with a different viewer.

        The Release Notes include additional changes and fixed features in version 19.0.  For a complete note of all fixes, see the Bug Fixes in the link below in References.

        Update

        To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

        If you do not use the English language version, Fully Localized Versions are available for download.

        References




        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...


        Friday, February 15, 2013

        Replacing Adobe Reader with Sumatra PDF

        Sumatra PDF

        Following the recent critical security advisory for Adobe Reader, questions have been raised in forums about an alternate PDF software program.

        Although I provide security update information about Adobe Reader, I uninstalled it several years ago.  I switched to the open source software program SumatraPDF.

        SumatraPDF is a free PDF, eBook (ePub, Mobi), XPS, DjVu, CHM, Comic Book (CBZ and CBR) reader for Windows, created by Krzysztof Kowalczyk.  The most recent update added support for FictionBook e-book format as well as support for PDF documents encrypted with Acrobat X.

        I selected SumatraPDF because it has a small footprint, has no added toolbars and is not a target of malware writers. Although I indicated that SumatraPDF is not a target of malware writers like we have seen lately with Adobe Reader, that does not mean that the normal cautions should be thrown away. 

        A SumatraPDF feature I particularly like is that you can select text or an image and copy it.  I have not had any problems opening PDF files at sites that specify "Adobe Reader Required".  Someone mentioned that they heard there is a problem printing from SumatraPDF.  My five year old printer has no problems printing from PDF files from Sumatra PDF. 

        How to Change the SumatraPDF Background Color

        One comment about SumatraPDF is that many people do not care for the bright yellow background.  If you don't like the yellow background, it can be changed to the color of your choice.

        The first thing you need to do is to select the color you want to use to replace the yellow.  There is a simple chart to select a color on this color chart or this list of color codes.  Another source for selecting colors is available here.

        This can be done either via the shortcut or a Command Prompt, both illustrated below:
        1. Locate the SumatraPDF shortcut in Windows' Start menu.
        2. Right-click it and select Properties
        3. Select the Shortcut tab:

          Sumatra Properties
        4. Append the line line below the Target line, substituting the hex code for the color you choose following the # symbol.  (Note the space before -bg and also before #) 
          -bg-color #EEEEEE

          The target line will read something like the following:


          "C:\Program Files\SumatraPDF\SumatraPDF.exe" -bg-color #DDDDDD

          or, on 64-bit systems
          ,

          "C:\Program Files (86)\SumatraPDF\SumatraPDF.exe" -bg-color #DDDDDD

        5. Click Apply and launch SumatraPDF to see the change from yellow to the color you select, in my case gray: Yellow Sumatra
        If you prefer, this can be done via Command Prompt. 
        1. Click Start, type cmd
        2. Right-click cmd.exe and select "Run as Administrator".
        3. Change the path to Sumatra and add the change as shown below.
          Note the space between SumatraPDF and .exe
        Microsoft Windows [Version 6.1.7601]
        Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

        C:\Windows\system32>cd C:\Program Files (x86)\SumatraPDF

        C:\Program Files (x86)\SumatraPDF>SumatraPDF .exe -bg-color #DDDDDD

        C:\Program Files (x86)\SumatraPDF>

        SumatraPDF does not support Windows 8, which has a built in PDF reader.  The currently supported operating systems are Windows 7, Windows Vista, and Windows XP.

        References



        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...


        Thursday, February 14, 2013

        Critical Security Advisory for Adobe Reader and Acrobat (APSA13-02)

        Adobe
         Adobe released Security Advisory (APSA13-02) related to critical security vulnerabilities in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Macintosh.


        Release date: February 13, 2012
        Last updated: February 14, 2012
        Vulnerability identifier: APSA13-02
        CVE number: CVE-2013-0640, CVE-2013-0641
        Platform: All Platforms


        Adobe reported that the vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message.  These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

        Both Windows and Macintosh operating systems are vulnerable, however mitigation is only provided for users of Adobe Reader XI and Acrobat XI for Windows.  

        Enable "Protected View"

        In order to minimize vulnerability it is recommended Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Unfortunately, neither the Protected Mode or Protected View option is available for Macintosh users.

        To enable this setting, do the following:
        • Click Edit > Preferences > Security (Enhanced) menu. 
        • Change the "Off" setting to "All Files".
        • Ensure the "Enable Enhanced Security" box is checked. 

        Adobe Protected View
        Image via Sophos Naked Security Blog
        If you haven't updated to the latest version of Adobe Reader it is strongly advised that you do so and enable the settings as illustrated above.  On other hand, if you are looking for a replacement for Adobe Reader, consider Replacing Adobe Reader with Sumatra PDF.

        References




        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...


        Tuesday, February 12, 2013

        Another Critical Adobe Update, Includes Flash Player, AIR and Shockwave

        Adobe
        Although a critical security update was released for Adobe Flash Player just last week, yet another critical security update has been released today.

        The updates released are for Adobe Flash Player, Adobe AIR and Adobe Shockwave Player. Details and update instructions are included below.



        Adobe Flash Player was again updated to address critical security vulnerabilities.  These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

        Update Information

        The newest versions are as follows:

        Product Updated version Platform Priority rating
        Adobe Flash Player 11.6.602.168 Windows 1

        11.6.602.167 Macintosh 2

        11.2.202.270 Linux 3

        11.1.115.37 Android 4.x 3

        11.1.111.32 Android 3.x and 2.x 3
        Adobe AIR 3.6.0.597 Windows, Macintosh and Android 3
        Adobe AIR SDK 3.6.0.599 Windows, Macintosh and Android 3


        Release date: February 12, 2013
        Vulnerability identifier: APSB13-05
        Priority: Critical
        CVE number: CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-0649, CVE-2013-1365, CVE-2013-1374, CVE-2013-1368, CVE-2013-0642, CVE-2013-0644, CVE-2013-0647, CVE-2013-1367, CVE-2013-0639, CVE-2013-0638, CVE-2013-0637
        Platform: All Platforms

        Flash Player Update Instructions


        Flash Player for Windows, Macintosh and Linux

        Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, direct download links are available.

        Notes:
        • For Adobe AIR see Determine version | Adobe AIR runtime
        • Beginning with Adobe Flash Version 11.3, the universal 32-bit installer will include the 32-bit and 64-bit versions of the Flash Player.  
        • If you use the Adobe Flash Player Download Center, be careful to uncheck the optional McAfee Security Plus box.  It is not needed for the Flash Player update.
        • Uncheck any toolbar offered with Adobe products if not wanted.
        • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
        • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
        Adobe Flash Player for Android

        The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

        Verify Installation

        To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

        Do this for each browser installed on your computer.

        To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

        Shockwave Player
        The update to Adobe Shockwave Player for both Windows and Macintosh systems addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.
        Release date: February 12, 2013
        Vulnerability identifier: APSB13-06
        Priority: Critical
        CVE number: CVE-2013-0635, CVE-2013-0636
        Platform: Windows and Macintosh

        Update Information

        The newest version of Shockwave Player 12.0.0.112 is available here:  http://get.adobe.com/shockwave/.

        Notes:
        • Please remember to uncheck any unwanted 3rd party toolbars or other programs during installation. 
        • For information on how to disable the auto-update setting in Shockwave Player, see http://kb2.adobe.com/cps/166/tn_16683.html.  (This must be set every time Shockwave Player is updated if you do not want auto-updating.)

        Verify Installation

        To test the Adobe Shockwave Player installation on your computer, go to the Test Authorware Web Player page.

        References







        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...


        Microsoft Security Bulletin Release for February 2013


        Microsoft released twelve (12) bulletins addressing 57 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Exchange and .NET Framework*. Five bulletins are identified as Critical and seven as Important. 


        Bulletin NumberBulletin TitleBulletin KB
        MS13-009Cumulative Security Update for Internet Explorer 2792100
        MS13-010Vulnerability in Internet Explorer 2797052
        MS13-011Vulnerability in Microsoft Windows 2780091
        MS13-012Vulnerabilities in Microsoft Exchange 2809279
        MS13-013Vulnerabilities in Microsoft Office 2784242
        MS13-014Vulnerability in Microsoft Windows 2790978
        MS13-015*Vulnerability in .NET Framework 2800277
        MS13-016Vulnerabilities in Microsoft Windows 2778344
        MS13-017Vulnerabilities in Microsoft Windows 2799494
        MS13-018Vulnerability in Microsoft Windows 2790113
        MS13-019Vulnerability in Microsoft Windows 2790113
        MS13-020Vulnerability in Microsoft Windows 2802968

        *Note:  If you have problems with .NET Framework updates, it is recommended that you install this update separately with an shutdown/restart.

        Support

        The following additional information is provided in the Security Bulletin:

        References





        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...


        Thursday, February 07, 2013

        Critical Adobe Flash Player Security Update



        Adobe Flash Player was updated to address critical security vulnerabilities.  These updates address vulnerabilities currently being exploited in the wild.
        The vulnerability described by CVE-2013-0633 is designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit targets the ActiveX version of Flash Player on Windows.

        CVE-2013-0634 relates to a buffer overflow vulnerability that could lead to code execution.  Attacks are delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform.  Attacks are also designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.


        Update Information

        The newest versions are as follows:
        Windows and Macintosh:  11.5.502.149
        Linux: 11.2.202.262
        Android 4.x:  11.1.115.37
        Android 3.x and 2.x:  11.1.111.32

        Release date: February 7, 2013
        Vulnerability identifier: APSB13-04
        CVE number: CVE-2013-0633, CVE-2013-0634
        Platform: All Platforms

        Flash Player Update Instructions


        Flash Player for Windows, Macintosh and Linux

        Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, direct download links are available.

        Notes:
        • Adobe AIR 3.5.0.880 and earlier versions for Windows, Adobe AIR 3.5.0.890 and earlier versions for Macintosh and Adobe AIR 3.5.0.880 for Android.  See Determine version | Adobe AIR runtime
        • Beginning with Adobe Flash Version 11.3, the universal 32-bit installer will include the 32-bit and 64-bit versions of the Flash Player.  
        • If you use the Adobe Flash Player Download Center, be careful to uncheck the optional McAfee Security Plus box.  It is not needed for the Flash Player update.
        • Uncheck any toolbar offered with Adobe products if not wanted.
        • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
        • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
        Adobe Flash Player for Android

        The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

        Verify Installation

        To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

        Do this for each browser installed on your computer.

        To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

        References







        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...


        Security Bulletin Advance Notice for February 2013

        Security Bulletin
        On Tuesday, February 12, 2013, Microsoft is planning to release twelve (12) bulletins addressing twelve (57) vulnerabilities.

        Five bulletins are identified as Critical and address vulnerabilities in Microsoft Windows, Internet Explorer and Exchange Software.  The seven remaining bulletins are rated Important and will address issues in Microsoft Windows, Office, .NET Framework, and Microsoft Server Software.

        In the event you have had problems installing .NET Framework updates in the past, please consider installing those updates separately with a shutdown/restart included, regardless of whether or not it is required.

        As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

        References



        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...


        Tuesday, February 05, 2013

        Mozilla Firefox 18.0.2 Release Includes Massive Bug Fixes



        Firefox 18.0.2 was sent to the release channel today by Mozilla.  Although this update does not include any security updates, the massive list of bug fixes suggests that it is advisable to install this update sooner rather than later.

        Update:  Thanks to a tip from a friend, I discovered that the update to version 18.0.2 added a check to the option to allow 3rd party cookies.  If you, like me, do not want to accept 3rd party cookies, you can reverse the change at Firefox > Options > Privacy.

          What's New



            • FIXED --18.0.2: Fix JavaScript related stability issues
            • FIXED --18.0.1: Problems involving HTTP Proxy Transactions (Associated bugs)
            • FIXED --18.0.1: Unity player crashes on Mac OS X (bug 828954)
            • FIXED --18.0.1: Disabled HIDPI support when using external monitors to avoid rendering glitches (bug 814434)
            • NEW --Faster JavaScript performance via IonMonkey compiler
            • NEW --Support for Retina Display on OS X 10.7 and up
            • NEW --Preliminary support for WebRTC
            • CHANGED --Experience better image quality with our new HTML scaling algorithm
            • CHANGED --Performance improvements around tab switching
            • DEVELOPER --Support for new DOM property window.devicePixelRatio
            • DEVELOPER --Improvement in startup time through smart handling of signed extension certificates
            • HTML5 --Support for W3C touch events implemented, taking the place of MozTouch events
            • FIXED --Disable insecure content loading on HTTPS pages (62178)
            • FIXED --Improved responsiveness for users on proxies (769764)

            View the incredibly long list of Bug Fixes for version 18.0.2 in the link listed below.

            Update

            To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

            If you do not use the English language version, Fully Localized Versions are available for download.

            References




            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...


            Monday, February 04, 2013

            Safer Internet Day, Connect With Respect #SID2013

            Safer Internet Day 2013

            Safer Internet Day is marking its tenth year in promoting safer and more responsible use of online technology and mobile phones, especially among children and young people across the world.

            The annual February event is organized by Insafe and co-sponsored by the European Union.  The theme for the event this year is "Online rights and responsibilities", with the goal to encourage everyone to Connect With Respect.

            Children and Teens Online

            It is important for parents to ensure that your children understand that after information is made public on the Internet, it cannot be taken back.  Be sure they understand the dangers that lurk not only in the form of computer viruses but also child predators.

            Review the information at How to help your kids use social websites more safely and ensure that household rules are established and followed.

            Cyber Bullying

            As reported by Microsoft, 37% of children indicated in a survey that they have been bullied online.  Another 24% admitted that they have bullied someone online.

            Take a couple of minutes to go through the following quiz which includes five online-bullying scenarios.  Follow the "learn more" links for helpful tips on correcting negative and reinforcing positive behaviors.



            Safer Online Teen Challenge

            With cyber bullying a continuing problem, parents of youths between the ages of 13-18 are encouraged to point those teenagers to the Microsoft-sponsored Safer Online Teen Challenge.

            The Teen Challenge is designed to enable teens to learn about online safety issues. It’s a fun way to get creative and talk with others about important digital topics.

            Take the challenge to make every day a Safer Internet Day for you and your family to Connect With Respect.

            Additional information about Safer Internet Day is available in the references below.

            References

            Insafe:  Safer Internet Day
            Microsoft:  Safer Internet Day
            Safer Internet Day
            Home
            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...


            Friday, February 01, 2013

            Accelerated Java Critical Update

            java


            The scheduled February Java critical patch update was accelerated due to active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers.

            The new Java release is Java™ SE Development Kit 7, Update 13 (JDK 7u13), with the full version string for this update release being 1.7.0_13-b20 (where "b" means "build") and the version number is 7u13.

            If you have uninstalled Java due to recent critical vulnerabilities and have not missed it, my suggestion is to bypass re-installing it until or unless it is needed.  See Java, The Never-Ending Saga for additional information on removing or disabling Java.

            Should there be software programs you use or websites that you visit that require Java, it is strongly advised that the update be applied as soon as possible.  

            Java Security Recommendations

            1)  In the Java Control Panel, set the security to high.
            2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

            Java ControlPanel
            (Image via Sophos Naked Security Blog)

            3)  If you use Firefox, install NoScript and only allow Java on those sites where it is required.

            Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

            Download Information

            Download link:  Java Version 7 Update 13

            Verify your version:  http://www.java.com/en/download/testjava.jsp

            Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

            Critical Patch Updates

            For Oracle Java SE Critical Patch Updates, the next scheduled dates are:
            • 18 June 2013
            • 15 October 2013
            • 14 January 2014

              References




              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...