Category Archives: Edge

Windows 10 Insider Preview Build 14295

Late last week, preview build 14295 started making its way to computers enrolled in the ‘Fast track’ Windows 10 Insider Preview program. Yesterday, the build was made available to computers on the ‘Slow track’.

This latest build actually includes some interesting features. Or it will when the accompanying developer tools become available. With this build, Microsoft is expanding support for Linux tools on Windows 10, including the BASH scripting language.

While not of much interest to regular users, adding Linux tools to Windows 10 shows that Microsoft is actually listening to developers and other power users.

Build 14295 also fixes some minor problems affecting XBox compatibility, the Edge browser, and Kaspersky security software.

Emergency update for Flash

If you use a web browser with Flash enabled, you should stop what you’re doing and update Flash.

According to the associated Adobe security bulletin, Flash fixes twenty-three security vulnerabilities, including one (CVE-2016-1010) that is being actively exploited on the web.

The release notes for Flash provide additional details. The new version fixes several bugs that are unrelated to security, and adds some new features.

As usual, Chrome will update itself with the new version of Flash, and Internet Explorer and Edge on newer versions of Windows will be updated via Windows Update.

Patch Tuesday for March 2016

It’s time once again to roll up the sleeves and get patching. This month we have thirteen security bulletins and associated updates from Microsoft. The updates address at least forty-four security vulnerabilities in Windows, Internet Explorer, Edge, Office, Windows Server, and .NET. Five of the updates are flagged as Critical.

Adobe’s contribution this month is new versions of Acrobat/Reader. You may have noticed that Adobe has confused things by splitting Acrobat/Reader into several variations: classic, continuous, and desktop. According to Adobe, the continuous variant always has all the most recent updates, fixes, and new features. I think it’s safe to assume that’s the variant most people should be using. The new continuous version of Reader is 15.010.20060. All of the new versions include fixes for three security vulnerabilities.

Windows 10 Insider Preview Build 14267

For those of you interested in the Windows 10 Insider Preview builds, the latest is build 14267, which was announced on February 18.

Build 14267 finally fixes the WSClient.dll error dialogs that were popping up in previous builds. Problems with certain front-facing cameras have been fixed. The ‘Reset this PC’ function is once again working properly with this build.

It’s now easier to use Cortana to identify playing music. There are several improvements to Edge, including Favorites management, an option to clear browsing data on exit, and better download management.

End in sight for Java browser plugin

Oracle is finally throwing in the towel for Java browser plugins. A never-ending source of security problems, the Java plugin will be phased out in the near future. Browser software developers like Mozilla and Google made this move inevitable when they started removing plugin functionality in recent months.

This will cause headaches for organizations that use a lot of browser-based Java. They’ll be faced with a decision. Many will presumably stall for time, and continue to use existing Java applets in increasingly-outdated browsers. Others may decide to switch to another platform entirely, which is likely to be very costly. The best alternative is to – where possible – change browser-based Java applets to use the Java Web Start technology. According to a white paper from Oracle (PDF): “The conversion of an applet to a Java Web Start application provides the ability to launch and update the resulting application without relying on a web browser… Desktop shortcuts can also launch the application, providing the user with the same experience as that of a native application.”

Regular users will only notice the loss of the Java browser plugin if they happen to use one or more Java applets. Site operators have been aware that this change is coming for a while, and have been scaling back their use of Java applets, but they may still be found on some banking and financial sites, web site builders, and so on. One Java applet-based service that I find extremely useful is Berkley’s ICSI Netalyzer, which analyzes your network connection and reports on any issues it finds. I’m hoping that Netalyzer’s developers will convert it to use Java Web Start, or do something else to keep the service online.

Duo Security has additional related information.

Two more Windows 10 Insider Preview builds

When Windows 10 updates itself, in the final stages, we’re treated to a series of screen-filling messages, like “We’ve updated your computer”, and “All your files are right where you left them.” I can understand why Microsoft is showing messages like this: to reassure users who would otherwise be wondering what’s going on as their hard drive thrashes away. As a more technically-minded person, I would prefer an indication of exactly what’s happening, and how long it’s going to take, but I can live with these messages instead.

On the other hand, sometimes these messages are misleading. Take this one: “We’ve got some new features to get excited about.” Apart from the grammatical issues, this message simply isn’t usually true. The most recent Preview builds, for example.

Windows 10 Insider Preview Build 11102

Build 11102, released on January 21, includes only one new feature of note, and it’s hardly exciting: you can now “right-click on the back and forward buttons in Microsoft Edge for quick access to your recently visited websites in the current tab.” Woo hoo.

Note that this build still has the problem with WSClient.dll error dialogs popping up at inconvenient times. At least the build announcement describes a workaround.

Windows Insider Preview Build 14251

Build 14251, released on January 27, has the distinction of generating a lot of discussion regarding the large jump in build number. It turns out that the big jump is the result of Microsoft trying to synchronize builds across platforms, which is actually a good thing.

Meanwhile, the announcement for build 14251 actually says “This build doesn’t have notable new features in it”. And sure enough, it’s mostly bug fixes.

More Flash updates

The latest version of Flash is, for most browsers. Microsoft Edge and Internet Explorer on newer versions of Windows are apparently still stuck at Flash

Sadly, the information on the Adobe site related to these updates is inconsistent, confusing, or just missing.

The About Flash page doesn’t seem to agree with the announcement page. The former shows “Internet Explorer (embedded – Windows 8.x) – ActiveX”, while the latter shows “Flash Player 20 for Internet Explorer on Windows 8.1:”.

The Flash runtime announcement says “Security update details can be found here: Security Bulletin (APSB16-01)”. But the APSB16-01 bulletin is for the previous Flash updates. The linked URL is also wrong; it points to an even older bulletin: APSB15-32. And to top it off, the security bulletin that should exist (APSB16-02) for this update currently generates an error.

Hopefully Adobe will fix this mess ASAP.

Meanwhile, although the announcement doesn’t mention any security fixes in the new versions, it’s safe to assume they exist, so you should update Flash in any browser where it’s enabled.

As usual, Internet Explorer on new versions of Windows will receive these updates via Windows Update, and Chrome will get its new Flash automatically.

Update 2016Feb02: I reported the announcement and bulletin problems (noted above) to the author of the announcement. He replied that the About page would be fixed, and that he had fixed the link to the bulletin on the announcement page. Unfortunately, that link now goes to the bulletin for the previous Flash release. The author claims that bulletin still applies, but it really doesn’t, since it recommends the previous version of Flash.

Update 2016Feb04: According to the author of the announcement, there were effectively no changes in this Flash update. Certainly there were no security fixes. A link to the previous security bulletin was included simply because it was the most recent bulletin. The link text will be changed to make this more clear.

Patch Tuesday for January 2016

This month’s Microsoft updates are more interesting than usual, in that they are the last for versions of Internet Explorer earlier than 11. No more patches for older IE versions means you should avoid using them if at all possible, since they are likely to become a major target for malicious persons intent on spreading malware and increasing the size of their botnets.

It’s interesting to speculate on how much of a hit Microsoft will take in terms of browser share once people move way from IE 8, 9, and 10. Estimates vary, but I’ve seen recent numbers that show IE 8 at 9%, IE 9 at 7%, and IE 10 at 4%. If everyone does the right thing and switches browsers, Microsoft could lose as much as 20% of their browser market share.

There are ten updates from Microsoft this month, affecting Windows, Internet Explorer, Edge, MS Office, Visual Basic, Silverlight, and Exchange Server. Six of the updates are flagged as Critical. A total of twenty-five vulnerabilities are addressed.

When installed, the Silverlight update will bump the software’s version up to Build 5.1.41212.0. Silverlight’s release notes page has been updated to show what’s changed.

Three security advisories were also published by Microsoft today, the most interesting of which is titled Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program.

Adobe joins the fun once again this month, but this time we only get an update for Reader that addresses fifteen vulnerabilities. Surprisingly, there are no updates for Flash.

Update: Support for Windows 8 has also ended. Anyone still using Windows 8 should upgrade to Windows 8.1 to continue receiving updates.

Clarification: Microsoft will still develop security updates for Internet Explorer 7, 8, 9, and 10, as well as Windows XP, Vista, and Windows 8, because they are still supported for some business clients, and for some Windows Server versions. The updates just won’t be available to regular folks.

Patch Tuesday for December 2015

Another month, another pile o’ patches from Microsoft and Adobe. This month Microsoft is pushing out twelve updates, affecting 71 vulnerabilities in Windows, Internet Explorer, Edge, Office, .NET and Silverlight. Eight of the updates are flagged as Critical.

Microsoft has also published a few security advisories since the last monthly update.

Adobe’s chimed in this month with a new Flash (aside: how weird would it be if they didn’t?) The new version addresses at least 78 security vulnerabilities in the veritable piece of swiss cheese we know as the Flash player. The new version is designated on most platforms, but the version designed for use in Firefox and Safari on Windows and Mac is

Edge automatically imports Chrome bookmarks for all users

I just ran Edge – Microsoft’s new web browser – on my Windows 10 test computer, and the ‘Favorites’ bar went berserk for a few seconds. At first I thought there was some kind of display bug, but then I clicked the arrow at the far right end of the bar, and could see a lot of new Favorites, including many in folders. Some of those favorites were familiar, and some were not.

I eventually realized that Edge had automatically imported all the Chrome bookmarks from every Google account that had ever logged into Google, using Chrome, while logged into Windows with my Microsoft account. I leave the computer logged in, which is normally not recommended, but this is also my main media computer, and there’s nothing personal on any of its drives. Also I trust my roommate.

Chrome knows when you’re logged in to Google, and shows bookmarks and other settings specific to the current Google user. These settings are stored locally, keeping each Google user’s settings separate, but storing the data in the profile of whichever Windows user is currently logged in.

There are two problems with this. First, I don’t think this import process should be automatic. It’s the kind of thing that I want to do strictly on demand, and in fact you can do that: in Edge’s Settings dialog, click the ‘View favorites settings’ button to see the import feature. Second, Edge should not assume I want to import Chrome bookmarks for all Google profiles. Now I’ve got a mess to clean up, and I can’t be sure it won’t happen again. So I’ll stop using Edge.

I’m running Windows 10 Insider Preview build 10576, which just installed itself earlier this morning. I can’t be sure the Edge problem is related, but it seems likely.