It’s update time again.
Analysis of Microsoft’s Security Update Guide shows that this month there are seventy updates for Windows, Office, Internet Explorer, .NET, Edge, Excel, Outlook, PowerPoint, and Visual Studio. A total of sixty security bugs are addressed, twenty of which are categorized as Critical.
Adobe, meanhwile, has released new versions of Flash and Acrobat Reader. Flash 22.214.171.124 includes fixes for five security issues, all of which are ranked as Important. Acrobat Reader 2018.011.20058 addresses two Critical security vulnerabilities.
Remember, folks: although updating software is perhaps not the most exciting thing you’ll do today, it’s entirely worthwhile, as it limits the damage that can be done by any stray malware that may find itself on your computer… from that attachment you opened without thinking, or that web site you visited when you accidentally clicked that link.
Vivaldi is based on the open source Chromium browser engine. When Chromium gets security updates, Vivaldi’s developers have to ‘backport’ those changes to Vivaldi, or leave Vivaldi users exposed to known security threats.
The Vivaldi developers do a good job of staying on top of this, and sometimes release a new version of Vivaldi in which the only changes are security fixes backported from Chromium. Vivaldi 1.15.1147.64 is the most recent example of this.
You can check your verison of Vivaldi by clicking the menu button at the top left of the browser, then selecting
About. If you’re not running the latest version, Vivaldi should offer to update itself.
The latest version of Chrome includes fixes for forty-two security vulnerabilities. It’s also the first version that will display Not Secure in the address bar for all non-encrypted web pages. When that indicator appears, traffic to and from the viewed page is not being encrypted.
Viewing a non-encrypted web page is not particularly risky, as long as no private information is being transmitted. That means user names, passwords, email addresses, credit card numbers, and so on. However, as discussed here previously, unencrypted sites open up a world of possibilities for intercepting and modifying web traffic.
The release announcement for Chrome 68.0.3440.75 provides additional details regarding the security issues addressed.
The simplest way to update Chrome is also the best way to determine which version you’re running: click the three-vertical-dots icon at the top right, then select
About Google Chrome. If your browser isn’t already up to date, this will usually trigger an update.
Oracle’s latest Critical Patch Update (CPU) Advisory — for July 2018 — as usual includes a section about Java.
A new version of Java (8 Update 181) addresses eight security vulnerabilities in earlier versions. The Release Highlights page for Java 8 provides additional details on changes in Update 181, most of which are likely only of interest to developers.
If you use Java, and in particular if you use a web browser that has Java enabled, you should install Java 8 Update 181 as soon as possible. Note that the only modern browser that still runs Java applications is Internet Explorer. The easiest way to update Java is to run the Java applet in the Windows Control Panel: on the
Update tab, click the
Update Now button.
Adobe and Microsoft have issued their monthly updates for July, so even if you’d rather be doing anything else, you should be patching your computers.
We’ll start with Microsoft. As usual, this month’s Security Update Release bulletin serves as little more than a link to the Security Update Guide (SUG), Microsoft’s labyrinthine replacement for the individual bulletins we used to get.
In my experience, the SUG is much easier to digest in the form of a spreadsheet, so the first thing I do there is click the small
Download link at the right edge of the page, to the right of the Security Updates heading. If you have Excel — or something compatible — installed, you should be able to open it directly.
Once the spreadsheet is loaded, I recommend enabling the Filter option. In Excel 2007, that setting is in the Sort & Filter section of the Data ribbon (toolbar). This makes every column heading a drop-down list, which allow you to select a particular product or platform, and hide everything else.
Analysis of this month’s updates from the SUG spreadsheet shows that there are sixty-two distinct updates, addressing fifty-three security vulnerabilities in Flash, Internet Explorer, SharePoint, Visual Studio, Edge, Office applications, .NET, and all supported versions of Windows. Seventeen of the updates are flagged as Critical.
As for Adobe, there are updates for Flash (version 126.96.36.199) and Acrobat Reader DC (version 2018.011.20055). The Flash update fixes two vulnerabilities, one of which is Critical. The Acrobat Reader DC update includes fixes for over one hundred security bugs.
The latest Firefox release features faster page load times and tab switching, improvements to search provider setup, an improved dark theme, better bookmark syncing, and at least eighteen security fixes.
Settings related to the home page and ‘new tab’ page are now in their own section on Firefox’s Options pages. You can access the new section directly using this URL: about:preferences#home.
The Firefox 61.0 release notes provide additional details.
On most computers, Firefox will update itself. You can encourage it by visiting the About page: click the hamburger button, then select
A new version of Google’s web browser was announced on June 12. Chrome 67.0.3396.87 (change log) is a bug fix release; a single security vulnerability is addressed. Check your version by navigating Chrome’s menu to
About Google Chrome.
The June 2018 Security Update Release bulletin on Microsoft’s TechNet blog is almost devoid of useful information, but if you click the link to the Security Update Guide, then click the big Go To Security Update Guide button, you’ll see a link to the release notes for this month’s updates.
According to the release notes, this month’s updates affect Internet Explorer, Edge, Windows, Office, Office Services and Web Apps, Flash embedded in IE and Edge, and ChakraCore. Analysis of the information in the SUG reveals that there are forty updates, fixing fifty-one separate vulnerabilities. Eleven of the vulnerabilties are flagged as Critical.
When first published on June 6, the release notes for Firefox 60.0.2 didn’t mention anything about security, but they’ve since been updated to include a reference to a single vulnerability that is fixed in the new version.
The vulnerability fixed in Firefox 60.0.2 is flagged as having both Critical and High impact by Mozilla, and since there are as yet no details in the official vulnerability database for CVE-2018-6126, it’s difficult to know which is correct.
Regardless, if you use Firefox, you should update it as soon as possible. Depending on how it’s configured, Firefox will usually at least let you know that a new version is available within a few hours after it’s published. If not, you can usually trigger an update by clicking the ‘hamburger’ menu icon at the top right, then selecting
The latest version of Chrome includes a fix for a single security vulnerability with High severity.
The change log for Chrome 67.0.3396.79 includes a few dozen changes, but none that Google considered worth highlighting in the release announcement, aside from the single vulnerability.
To check your Chrome version, click the vertical-ellipses icon at the top right of its window, then select
About Google Chrome. If an update is available, it will usually start downloading automatically.