Adobe, Patches and updates, Security

Adobe Acrobat Reader DC 2018.011.20063

Leave a comment

Adobe logoAdobe usually releases security updates for its software on Patch Tuesday, but they apparently decided that the seven vulnerabilities addressed in Acrobat Reader DC 2018.011.20063 shouldn’t be delayed.

The release annoucement for Adobe Reader 2018.011.20063 provides some details about the vulnerabilities. One of them, CVE-2018-12848, can lead to Arbitrary Code Execution, and is flagged as Critical.

It’s important to keep Acrobat Reader DC up to date, because it’s still being used to deliver malware, embedded in PDF documents. It’s especially important if you’ve enabled Reader in your web browser.

If you use Acrobat Reader DC, you can check whether it’s up to date by navigating its menu to Help > About Adobe Acrobat Reader DC. There’s also a Check for Updates function in the Help menu. On my Windows 8.1 computer, a Windows Task Scheduler task (added by Adobe) updated the software within a few hours of the new version’s release.

Chrome, Google, Patches and updates, Security

Chrome 69.0.3497.100: one security fix

Leave a comment

Another new version of Chrome was released earlier this week: 69.0.3497.100. Although the change log lists twenty-eight total changes, none of them appear to be particularly interesting. Google highlights a single security fix in the release announcement.

You can check whether your install of Chrome is up to date by navigating its menu (click the three-vertical-dots button at the top right) to Help > About Google Chrome. If it’s not current, doing this will usually prompt Chrome to update itself.

Chrome, Google, Patches and updates, Security

Chrome 69.0.3497.92: two security fixes

Leave a comment

The latest Chrome, released on September 11, fixes a pair of security vulnerabilities in the browser. The release announcement for Chrome 69.0.3497.92 does not mention any other changes. There’s a mercifully brief change log, and all the changes appear to be relatively minor.

If Google’s planned “roll out over the coming days/weeks” isn’t fast enough for you, click Chrome’s ‘three dots’ menu button, and select Help > About Google Chrome. If you’re not already up to date, this will usually prompt Chrome to update itself.

Adobe, Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for September 2018

Leave a comment

Analysis of Microsoft’s Security Update Guide shows that this month’s updates address sixty-two security vulnerabilities, ranging from Low to Critical in severity, in the usual suspects, namely Edge, .NET, Internet Explorer, Office, and Windows. There are forty-five updates in all.

If you’re looking for a new way to evaluate Microsoft’s monthly patch offerings, I recommend Microsoft Patch Tuesday by security firm Morpheus Labs. It’s a lot less oppressive — and easier to use — than Microsoft’s Security Update Guide.

Adobe’s providing us with a new version of Flash this month. Flash version 31.0.0.108 fixes a single security vulnerability. As usual, the Flash code embedded in Chrome and Microsoft browsers will update itself through Google’s automatic update process and Windows Update, respectively.

Happy patching!

Firefox, Mozilla, Patches and updates, Security

Firefox 62.0: nine security updates

Leave a comment

Despite the major version increment, Firefox 62.0 doesn’t really have any new features worth mentioning. However, it’s an important update, because it addresses at least nine security vulnerabilities that range from Low to Critical in severity.

One change in Firefox 62.0 is worth pointing out: the Description field for bookmarks has been removed. Any Description information you previously added to your bookmarks can still be exported from Firefox. From the release notes: “Users who have stored descriptions using the field may wish to export these descriptions as html or json files, as they will be removed in a future release.”

You can usually encourage Firefox to update itself by navigating its ‘hamburger’ menu to Help > About Firefox.

Chrome, Google, Patches and updates, Security

Chrome 69.0.3497.81: forty security fixes

Leave a comment

The release announcement for Chrome 69.0.3497.81 says the new version “contains a number of fixes and improvements.” Google hasn’t bothered to highlight any of those, which means it’s up to us users to figure out what has changed by reading the change log. Oh well, sounds easy enough. Until you notice that the change log has 15890 entries. Yeesh.

Google does provide useful information about the forty security fixes in Chrome 69.0.3497.81. They range from Low to High in terms of Severity.

As with most Google desktop software, Chrome will silently update itself in the background when it gets around to it. It’s possible to disable Google’s automatic update software, but doing that can cause other problems, so it’s not recommended. If you want to encourage Chrome to update itself — not a bad idea considering the security fixes — you can point the browser to chrome://settings/help.

Update 2018Sep07: If you’re using Chrome 69.0.3497.81, you may have noticed something different in the address bar: some common subdomains — particularly www. — are no longer displayed. It looks like this change was not particularly well tested, and it’s causing problems for some users and sites. Here’s the associated bug report.

Adobe, Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for August 2018

Leave a comment

It’s update time again.

Analysis of Microsoft’s Security Update Guide shows that this month there are seventy updates for Windows, Office, Internet Explorer, .NET, Edge, Excel, Outlook, PowerPoint, and Visual Studio. A total of sixty security bugs are addressed, twenty of which are categorized as Critical.

Adobe, meanhwile, has released new versions of Flash and Acrobat Reader. Flash 30.0.0.154 includes fixes for five security issues, all of which are ranked as Important. Acrobat Reader 2018.011.20058 addresses two Critical security vulnerabilities.

Remember, folks: although updating software is perhaps not the most exciting thing you’ll do today, it’s entirely worthwhile, as it limits the damage that can be done by any stray malware that may find itself on your computer… from that attachment you opened without thinking, or that web site you visited when you accidentally clicked that link.

Patches and updates, Security, Vivaldi

Vivaldi 1.15.1147.64: security fixes

Leave a comment

Vivaldi is based on the open source Chromium browser engine. When Chromium gets security updates, Vivaldi’s developers have to ‘backport’ those changes to Vivaldi, or leave Vivaldi users exposed to known security threats.

The Vivaldi developers do a good job of staying on top of this, and sometimes release a new version of Vivaldi in which the only changes are security fixes backported from Chromium. Vivaldi 1.15.1147.64 is the most recent example of this.

You can check your verison of Vivaldi by clicking the menu button at the top left of the browser, then selecting Help > About. If you’re not running the latest version, Vivaldi should offer to update itself.

Microsoft, Windows 10

Microsoft finally making Windows 10 updates less disruptive

Leave a comment

One of Windows 10’s most frustrating features is the way it installs updates. Unless you’re using an enterprise version, updates are almost completely out of your control. You can’t prevent them from installing, and there’s very little you can do to control when they install, or when your computer restarts to complate installation.

While developing Windows 10, Microsoft somehow failed to understand that downloading, installing, and rebooting for updates automatically at potentially inconvenient times might be annoying to users.

The good news is that Microsoft is finally going to do something about this. What did it take to get Microsoft to look at the problem? A steady stream of customer complaints, starting immediately after Windows 10 was released.

The bad news is that you still won’t have any real control over when updates happen. Instead, Microsoft is planning to improve Windows 10’s ability to detect that a computer is in use before it automatically reboots. This is from the recent post Announcing Windows 10 Insider Preview Build 17723 and Build 18204:

“We trained a predictive model that can accurately predict when the right time to restart the device is. Meaning, that we will not only check if you are currently using your device before we restart, but we will also try to predict if you had just left the device to grab a cup of coffee and return shortly after.”

It’s too early to know how well this will work in practise, but at least it’s a (small) step in the right direction.

Chrome, Google, Patches and updates, Security

Chrome 68.0.3440.75: security fixes, address bar changes

Leave a comment

The latest version of Chrome includes fixes for forty-two security vulnerabilities. It’s also the first version that will display Not Secure in the address bar for all non-encrypted web pages. When that indicator appears, traffic to and from the viewed page is not being encrypted.

Viewing a non-encrypted web page is not particularly risky, as long as no private information is being transmitted. That means user names, passwords, email addresses, credit card numbers, and so on. However, as discussed here previously, unencrypted sites open up a world of possibilities for intercepting and modifying web traffic.

The release announcement for Chrome 68.0.3440.75 provides additional details regarding the security issues addressed.

The simplest way to update Chrome is also the best way to determine which version you’re running: click the three-vertical-dots icon at the top right, then select Help > About Google Chrome. If your browser isn’t already up to date, this will usually trigger an update.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.