This month’s Microsoft updates are more interesting than usual, in that they are the last for versions of Internet Explorer earlier than 11. No more patches for older IE versions means you should avoid using them if at all possible, since they are likely to become a major target for malicious persons intent on spreading malware and increasing the size of their botnets.
It’s interesting to speculate on how much of a hit Microsoft will take in terms of browser share once people move way from IE 8, 9, and 10. Estimates vary, but I’ve seen recent numbers that show IE 8 at 9%, IE 9 at 7%, and IE 10 at 4%. If everyone does the right thing and switches browsers, Microsoft could lose as much as 20% of their browser market share.
There are ten updates from Microsoft this month, affecting Windows, Internet Explorer, Edge, MS Office, Visual Basic, Silverlight, and Exchange Server. Six of the updates are flagged as Critical. A total of twenty-five vulnerabilities are addressed.
When installed, the Silverlight update will bump the software’s version up to Build 5.1.41212.0. Silverlight’s release notes page has been updated to show what’s changed.
Three security advisories were also published by Microsoft today, the most interesting of which is titled Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program.
Adobe joins the fun once again this month, but this time we only get an update for Reader that addresses fifteen vulnerabilities. Surprisingly, there are no updates for Flash.
Update: Support for Windows 8 has also ended. Anyone still using Windows 8 should upgrade to Windows 8.1 to continue receiving updates.
Clarification: Microsoft will still develop security updates for Internet Explorer 7, 8, 9, and 10, as well as Windows XP, Vista, and Windows 8, because they are still supported for some business clients, and for some Windows Server versions. The updates just won’t be available to regular folks.
Another month, another pile o’ patches from Microsoft and Adobe. This month Microsoft is pushing out twelve updates, affecting 71 vulnerabilities in Windows, Internet Explorer, Edge, Office, .NET and Silverlight. Eight of the updates are flagged as Critical.
Microsoft has also published a few security advisories since the last monthly update.
Adobe’s chimed in this month with a new Flash (aside: how weird would it be if they didn’t?) The new version addresses at least 78 security vulnerabilities in the veritable piece of swiss cheese we know as the Flash player. The new version is designated 18.104.22.168 on most platforms, but the version designed for use in Firefox and Safari on Windows and Mac is 22.214.171.124.
I just ran Edge – Microsoft’s new web browser – on my Windows 10 test computer, and the ‘Favorites’ bar went berserk for a few seconds. At first I thought there was some kind of display bug, but then I clicked the arrow at the far right end of the bar, and could see a lot of new Favorites, including many in folders. Some of those favorites were familiar, and some were not.
I eventually realized that Edge had automatically imported all the Chrome bookmarks from every Google account that had ever logged into Google, using Chrome, while logged into Windows with my Microsoft account. I leave the computer logged in, which is normally not recommended, but this is also my main media computer, and there’s nothing personal on any of its drives. Also I trust my roommate.
Chrome knows when you’re logged in to Google, and shows bookmarks and other settings specific to the current Google user. These settings are stored locally, keeping each Google user’s settings separate, but storing the data in the profile of whichever Windows user is currently logged in.
There are two problems with this. First, I don’t think this import process should be automatic. It’s the kind of thing that I want to do strictly on demand, and in fact you can do that: in Edge’s Settings dialog, click the ‘View favorites settings’ button to see the import feature. Second, Edge should not assume I want to import Chrome bookmarks for all Google profiles. Now I’ve got a mess to clean up, and I can’t be sure it won’t happen again. So I’ll stop using Edge.
I’m running Windows 10 Insider Preview build 10576, which just installed itself earlier this morning. I can’t be sure the Edge problem is related, but it seems likely.