Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Adobe, Flash, Patches and updates, Security

Flash 29.0.0.113

Leave a comment

Adobe logoA new version of Flash, released on March 13 by Adobe, fixes two security vulnerabilities as well as a few other bugs.

If you use a browser with Flash enabled, you should update it as soon as possible. Most browsers no longer play Flash content automatically, or at least have options to make Flash content play only when explicitly allowed. Still, it’s best to be up to date if you use Flash at all.

Internet Explorer and Edge will get their Flash updates via Windows Update, and Google Chrome will update itself on its own mysterious schedule. You can force the issue by visiting the main Flash download page, or the About Flash page, which will prompt you to update if you’re not running the latest version. Don’t forget to disable installation of any additional software, including McAfee security products.

You can find more details in the release announcement, release notes, and the associated security bulletin.

Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Microsoft updates for March

Leave a comment

I count forty-seven separate bulletins in this month’s batch of updates, which means there are roughly that same number of updates. Over seventy security vulnerabilities in Windows, Internet Explorer, Edge, Office, and .NET are addressed in the updates. There’s a Flash update in there as well, for Edge and recent versions of Internet Explorer.

This month we also get more fixes for Spectre and Meltdown, including firmware updates for somewhat older processors (Skylake, Kaby Lake, and Coffee Lake). There’s still not much available for processors that are more than a few years old.

While Microsoft continues to push people to enable automatic updates, the more cautious among us (including myself) prefer to control what is updated and when. Windows 10 users still have effectively no control over Windows updates.

You can extract additional details for this month’s updates from Microsoft’s Security Update Guide.

Adobe, Cloud, Patches and updates, Security

Adobe Acrobat Reader updates

Leave a comment

Adobe logoFirst, a few words about nomenclature…

Acrobat Reader is the name of Adobe’s free PDF viewer software. It was formerly referred to as Adobe Reader, but its full official name is now Adobe Acrobat Reader. It’s basically a stripped-down version of Acrobat, Adobe’s commercial PDF authoring tool, with most of Acrobat’s authoring capabilities removed. Acrobat Reader is free software, while Acrobat is not. If you need to author new PDF files, you need Acrobat. If you merely wish to view existing PDF files, all you need is Acrobat Reader, although Acrobat also does that.

At one point, there was only one version of Acrobat and one corresponding version of Reader. Sadly, those simpler days ended in 2015 when Adobe introduced ‘Document Cloud’ (DC) variations: Acrobat DC and Acrobat Reader DC. These new variants include cloud storage capabilities, making PDF viewing and editing more convenient for folks who work on multiple computers and platforms.

Confusing things further was a new split in the Acrobat/Reader catalog, between Continuous and Classic release tracks. They differ mainly in release priorities and update schedules. Classic variants are updated quarterly, and occasionally at other times; updates are limited to bug and security fixes. Continuous variants are updated more frequently, and besides bug and security fixes, updates include new features and enhancements.

On October 15, 2017, Adobe stopped producing the original Acrobat/Reader software in favour of the new Acrobat/Reader DC. The old software’s last version was 11.0.23. Adobe now officially recommends the DC variants over anything else. This should have simplified things, and it did, to some extent.

Adobe is also still making desktop-only versions of Acrobat and Acrobat Reader, which they refer to as Acrobat 2017 and Acrobat Reader 2017.

There’s more headache-inducing details on the Document Cloud Product Tracks page on the Adobe web site.

Which one?

Okay, so which version of Acrobat Reader do I install if I just want to view PDF files? For regular folks, it’s easiest to just stick with what Adobe wants you to use, which in most cases is Acrobat Reader DC (Continuous). The desktop-only version and the DC Classic versions exist mostly for IT staff who have very specific reasons for not wanting to run DC Continuous. For them, it comes down to a choice between having access to the latest features, and being somewhat less likely to encounter problems. For example, if ‘stable and secure’ is the goal, Acrobat Reader DC Classic Track is the right choice.

February 2018 updates

With that out of the way, let’s talk about the new versions of Acrobat Reader that were released earlier this week.

A February 13 security bulletin from Adobe lists forty-one vulnerabilities, affecting earlier versions of all Acrobat Reader variants, including Acrobat Reader DC (Continuous Track) 2018.009.20050, Acrobat Reader 2017 2017.011.30070, and Acrobat Reader DC (Classic Track) 2015.006.30394.

New Acrobat Reader versions addressing those vulnerabilities are:

Acrobat Reader DC (Continuous Track) 2018.011.20035
Acrobat Reader DC (Classic Track) 2015.006.30413
Acrobat Reader 2017 2017.011.30078

There are additional details on the main release notes page for Acrobat and Acrobat Reader.

You can install Acrobat Reader by visiting the official download page at get.adobe.com/reader. That page will offer the version it thinks is best suited to your device, which for my Windows 8.1 PC is Acrobat Reader DC (Continuous Track) version 2018.011.20035. That’s also the version Adobe wants us all to use.

If you want a variant other than the one offered in the Download Center, you’ll have to navigate Adobe’s labyrinthine FTP site.

To install Acrobat Reader 2017 for Windows, go to the Acrobat2017 folder on the Adobe FTP site. Click the topmost folder, then click the installer EXE file in that folder to download it. Once installed, Acrobat Reader 2017 will keep itself updated, and you can check for any pending updates by selecting Help > Check for updates on its menu.

To install Acrobat Reader DC Classic for Windows, go to the Acrobat2015 folder on the Adobe FTP site. Click the topmost folder, then click the installer EXE file in that folder to download it. Once installed, Acrobat Reader DC Classic will keep itself updated, and you can check for any pending updates by selecting Help > Check for updates on its menu.

Chrome, Google, Patches and updates, Security

Chrome 64.0.3282.167

Leave a comment

A single security bug was fixed in Chrome 64.0.3282.167, released by Google on February 13.

The new version will find its way to your desktop automatically, unless you’re diligent about killing Google’s pesky auto-update processes. If that describes you, or you just don’t want to wait, you can usually encourage Chrome to update itself by navigating to > Help > About Google Chrome.

There’s additional information in the full change log for Chrome 64.0.3282.167.

Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

February updates from Microsoft

Leave a comment

Earlier today, Microsoft released forty-two updates to address fifty-four vulnerabilities in Windows, Internet Explorer, Edge, Flash, and Office software. Fourteen of the vulnerabilities are flagged as critical, and have the potential to be used for remote code execution.

This information was extracted from Microsoft’s Security Update Guide, the rather opaque reservoir into which Microsoft now dumps its update information. Of course Microsoft would be happier if we all just enabled auto-updates, and in fact the monthly patch bulletins are now little more than a link to the SUG and a recommendation to enable auto-updates.

Opera, Patches and updates

Opera 51 released

Leave a comment

The latest version of alternative web browser Opera features numerous improvements, including:

  • faster browsing performance
  • new: click a page’s tab to jump back to the top of the page; click it again to return
  • new: added import and export buttons to the bookmark manager
  • new: collapsible lists of opened and closed tabs in the tabs menu
  • new: ‘Back to tab’ button for video pop-out windows
  • new: global Flash allow
  • new: safely and easily reset browser settings
  • new: preferences backup
  • new: use your desktop wallpaper as Opera’s background

The release announcement and change log for Opera 51 provide additional information. Note that the log includes changes made while Opera 51 was only available in beta and developer versions.

Adobe, Flash, Patches and updates, Security

Flash 28.0.0.161 fixes two critical vulnerabilities

Leave a comment

Adobe logoAs expected, Adobe has released a new version of Flash that addresses CVE-2018-4878 and another critical vulnerability, CVE-2018-4877. A new security bulletin (APSB18-03) provides additional details.

The new version was made available on February 6. The release notes show that at least one other bug was fixed in Flash 28.0.0.161.

Anyone still using a web browser with Flash enabled should make sure that it’s up to date. CVE-2018-4877 is already being actively exploited.

As usual, Chrome will update itself automatically, and Internet Explorer and Edge will get the new Flash via Windows Update.

Chrome, Google, Patches and updates, Security

Chrome 64.0.3282.140 released

Leave a comment

There are about twenty changes in Chrome 64.0.3282.140. One of the changes is a fix for a security issue, and the rest are minor tweaks and other bug fixes.

As usual, the release announcement says that the new version “will roll out over the coming days/weeks”. Since this release includes a security fix, it’s a good idea to check what version you’re running by navigating to the About Chrome page ( > Help > About Google Chrome).

Adobe, Flash, Security

New Flash vulnerability already being exploited

1 Comment

Adobe logoOn February 1, Adobe published a security advisory about a critical vulnerability (CVE-2018-4878) in Flash Player 28.0.0.137 and earlier versions. Successful exploitation could allow an attacker to take control of an affected system.

An exploit for CVE-2018-4878 already exists, and is being used in targeted attacks against Windows users. So far, attacks based on this vulnerability have been delivered via Office documents with malicious Flash content as email attachments.

Adobe plans to address this vulnerability next week. Meanwhile, use extreme caution when deciding whether to open email attachments, especially if they appear to be Office documents.

Flash is gradually disappearing from use, but it’s still used enough to make it a tempting target for malicious hackers.

Duo Security: No Patch Yet: Flash Vulnerability Exploited in the Wild