Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Adobe, Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for June 2019

Leave a comment

It’s update time once again, and along with the updates from Microsoft and Adobe, I’m going to annoy you with yet another reminder that Only You Can Prevent Internet Worms. That sounds kind of gross, actually.

Analysis of the Security Update Guide spreadsheet, so thoughtfully provided by Microsoft each month, shows that this month there are thirty-three updates, addressing eighty-eight security vulnerabilities in Windows (7, 8.1, 10, and Server); Flash in Internet Explorer and Edge; Internet Explorer 9 through 11; Edge; and Office 2010, 2016, and 2019. At least twenty-one of the vulnerabilities are categorized as Critical.

If you missed last month’s update festivities, you may not be aware that there’s a very dangerous vulnerability (CVE-2019-0708) in Microsoft’s Remote Desktop feature in Windows XP, Windows 7, and Server 2008. Updates for Windows 7 and Windows Server 2008 computers are available in the usual way, via Windows Update. An update for Windows XP is also available, but you’ll have to download and install it manually, from the Microsoft Update Catalog.

I’m pestering you about this because the last time a vulnerability like this appeared, we got the global WannaCry worm mess. Patch those systems and prevent a similar worm from giving the world another major headache. Here’s Microsoft on the subject, as well as Ars Technica.

As usual, Adobe has released software updates to coincide with Microsoft’s Patch Tuesday, which makes things nice and tidy with Flash being integrated into IE and Edge. Flash 32.0.0.207 fixes a single security vulnerability.

There are a few ways to update Flash on Windows, but starting with the Flash Player Control Panel works for me. On the Flash CP’s Updates tab, you’ll find a Check Now button, which will take you to the Get Adobe Flash page. That will tell you which version you’re running. If you need an update, click the Player Download Center link on that page.

Chrome, Google, Patches and updates, Security

Chrome 75.0.3770.80

Leave a comment

A new version of Chrome includes fixes for forty-two security vulnerabilities.

The full log for Chrome 75.0.3770.80 lists over fourteen thousand changes, so good luck reading all that.

Google did not highlight any of the changes in the announcement for Chrome 75.0.3770.80, which only provides this somewhat cryptic message: “Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 75.”

Check your Chrome version by navigating its ‘three vertical dots’ menu icon (at the top right) to Help > About Google Chrome. If an update is available, it will be offered to you.

Firefox, Mozilla, Patches and updates, Privacy, Security

Firefox 67.0

Leave a comment

Firefox 67.0, released on May 21, improves the browser’s privacy, security, accessibility, performance, and compatibility. There are also twenty-one security fixes in the new version.

You can find all the details on the release notes page, and a related Mozilla blog post.

A couple of the changes are worth highlighting:

  • Firefox can now be configured to block known cryptominers and fingerprinters using Content Blocking preferences.
  • Accessibility improvements: there’s now full keyboard access to toolbar areas, including add-ons, downloads, Page actions, etc.

You can check your current version and trigger an update check by navigating Firefox’s ‘hamburger’ menu to Help > About Firefox.

Chrome, Google, Patches and updates, Security

Chrome 74.0.3729.157

Leave a comment

A new version of Chrome fixes a single security bug. Chrome 74.0.3729.157 was announced and made available on May 14, so it may have already found its way to your computer by way of Google’s rather insistent update mechanisms.

If you’re not sure which version of Chrome you’re running, click that little ‘three vertical dots’ menu button at the top right, and navigate to Help > About Google Chrome. Besides showing you the version of your current installation, this will usually prompt Chrome to check for available updates and offer to install a new version.

Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows, Windows XP

Patch Tuesday for May 2019

Leave a comment

From Microsoft this month, we get forty-six updates, addressing seventy-nine distinct vulnerabilities in the usual gang of idiots, namely Windows, Office, Internet Explorer, Edge, .NET, Flash in Internet Explorer, and Visual Studio. Nineteen of the updates have been flagged with Critical severity. Head over to Microsoft’s Security Update Guide for more details.

Those of you running Windows 10 may actually be satisfied with its automatic updates, despite the problems. Either that or you’ve given up fighting Microsoft. And of course there are plenty of folks running Windows 7 and 8 with automatic updates enabled, in response to which I can only tip my hat and tell you that you’re braver than I. The rest of us will (or should) be making the trudge over to Windows Update today.

Microsoft dons a white hat

One of the updates made available by Microsoft today fixes a serious vulnerability (CVE-2019-0708) in older versions of Windows, including Windows 7, XP, and Server 2008. Despite the fact that official support for these versions has ended, Microsoft decided to make the world a slightly better place, taking the time to develop, test, and publish these updates. Which is good, because the hole being fixed is a bad one, in that it could provide a handy new conduit for malicious software worms to propagate… just like WannaCry did in 2017.

So, two things: first of all, thanks Microsoft! Second, if you run Windows 7 or Windows Server 2008 computers, please check Windows Update and install the May 2019 monthly security rollup as described on this Microsoft page. For any computers running Windows XP, you’ll have to download the appropriate update from the Microsoft Update Catalog, as decribed on this Microsoft page.

More about Microsoft’s unusual move

Adobe

Adobe logoAdobe’s contribution this month consists of new versions of Flash and Acrobat Reader. Flash 32.0.0.192 addresses a single security vulnerability, while Acrobat Reader DC 2019.012.20034 addresses a whopping eighty-four vulnerabilities in earlier versions.

Reader will generally update itself, but you can make sure by navigating its menu to Help > Check for Updates.... The easiest way to update Flash is to look for it in the Windows Control Panel. Go to the Updates tab of the Flash control panel widget and click Check Now. This will take you indirectly to the download page for Flash. Make sure you opt out of any additional software offered for install on that page.

Firefox, Mozilla, Patches and updates, Things that are bad

Firefox 66.0.4 fixes major add-on problem

Leave a comment

On May 3, Firefox users all over the world noticed that the browser’s add-ons suddenly stopped working and disappeared from the toolbar. This caused major consternation, as you might imagine. Mozilla has previously made changes to Firefox which disabled some add-ons, so there was initially some concern that this was intentional. However, it turns out that someone at Mozilla failed to renew a critical security certificate, which then expired on May 3rd.

Mozilla added certificate checking to Firefox’s add-ons (extensions, themes, search engines, language packs) some time ago to weed out malicious add-ons and prevent them from being used. When the main certificate expired, Firefox suddenly identified all add-ons as invalid, and disabled them.

Many people use Firefox without add-ons, and those people were unaffected by this problem. Some people, including myself, use add-ons to provide functionality without which Firefox is almost unusable. For example, I use uBlock Origin to prevent Javascript from running on all web pages by default, and Dark Reader to make dark-themed web pages readable.

Once people started noticing the problem, they naturally tried to find workarounds, some of which did more harm than good. Mozilla scrambled to solve the problem, and on May 4 pushed out an official, temporary workaround using a little-known Firefox feature called Studies. Once installed, this fix did re-enable add-ons for many users, but didn’t help if the Studies feature was disabled, and was only effective for desktop versions of the browser.

On May 5 a new version of Firefox was released by Mozilla. Firefox 66.0.4 includes a single change that fixes the certificate expiry problem. There are a few caveats: some add-ons may need to be re-enabled manually. Certain add-ons will remain disabled. Other add-ons may need to be reconfigured.

This was a major (and embarassing) blunder, but Mozilla handled it reasonably well, although the information they published was occasionally somewhat misleading. There’s a useful record of what happened on this Mozilla blog post.

Update 2019May10: Yesterday, Mozilla published a followup/apology post.

Chrome, Google, Patches and updates, Security

Chrome 74.0.3729.131

Leave a comment

The latest Chrome browser, version 74.0.3729.131, includes fixes for a pair of security vulnerabilities. Fifty-four changes are listed in the full change log, of which about half are actual changes and not just bookkeeping.

As usual, you can let Chrome update itself on its own mysterious schedule, or trigger an update by navigating its ‘three dots’ menu to Help > About Google Chrome. There are other ways to obtain the latest version, but that’s the most straightforward.

Chrome, Google, Patches and updates, Security

Chrome 74.0.3729.108

Leave a comment

According to the release announcement, Chrome 74.0.3729.108 fixes thirty-nine security vulnerabilities. The full change log lists almost fourteen thousand changes in all. Good luck absorbing all that information.

Chrome generally keeps itself up to date whether you want it to or not, which is arguably a good thing, given that a lot of malware makes its way onto computers via unpatched security holes in web browsers. You can check which version you’re currently running, and — if an update is available — trigger the update process by navigating Chrome’s ‘three dot’ menu to Help > About Google Chrome.

Java, Patches and updates, Security

Java 8 Update 211

Leave a comment

Oracle’s quarterly Critical Patch Update for Q2 2019 documents vulnerabilities and updates for its entire product line. As usual, it’s the updates to Java that are important to most users.

The Patch Update details five distinct security vulnerablities in Java 8 Update 202 and earlier versions. A new release, Java 8 Update 211, addresses these vulnerabilities. The new version includes numerous other changes, most of which are of little interest to anyone aside from developers.

Keeping Java up to date is less urgent than in the past, since most of the major web browsers stopped supporting it in recent years.

If you do use a web browser with Java enabled, which is still possible with Internet Explorer and older, unsupported versions of many other browsers, you should make sure to install the new version as soon as possible.

The simplest way to update Java is to head to the Windows Control Panel, look for the Java icon, and — if you see one — open it, then go to the Update tab and click the Update Now button. Follow the prompts to complete the process.