Category Archives: Patches and updates

Chrome, Google, Patches and updates, Security

Chrome 74.0.3729.108

Leave a comment

According to the release announcement, Chrome 74.0.3729.108 fixes thirty-nine security vulnerabilities. The full change log lists almost fourteen thousand changes in all. Good luck absorbing all that information.

Chrome generally keeps itself up to date whether you want it to or not, which is arguably a good thing, given that a lot of malware makes its way onto computers via unpatched security holes in web browsers. You can check which version you’re currently running, and — if an update is available — trigger the update process by navigating Chrome’s ‘three dot’ menu to Help > About Google Chrome.

Java, Patches and updates, Security

Java 8 Update 211

Leave a comment

Oracle’s quarterly Critical Patch Update for Q2 2019 documents vulnerabilities and updates for its entire product line. As usual, it’s the updates to Java that are important to most users.

The Patch Update details five distinct security vulnerablities in Java 8 Update 202 and earlier versions. A new release, Java 8 Update 211, addresses these vulnerabilities. The new version includes numerous other changes, most of which are of little interest to anyone aside from developers.

Keeping Java up to date is less urgent than in the past, since most of the major web browsers stopped supporting it in recent years.

If you do use a web browser with Java enabled, which is still possible with Internet Explorer and older, unsupported versions of many other browsers, you should make sure to install the new version as soon as possible.

The simplest way to update Java is to head to the Windows Control Panel, look for the Java icon, and — if you see one — open it, then go to the Update tab and click the Update Now button. Follow the prompts to complete the process.

Microsoft, Patches and updates, Windows 10

Microsoft relents; cedes more Windows 10 update control to users

Leave a comment

Microsoft is finally waking up to what we’ve all been saying since before Windows 10 was released: forcing operating system updates on users is not a good idea. Amusingly, they are presenting their findings and announcing related changes as if these things were previously unknown to the world of computing.

Microsoft refers to the process of installing Windows updates as an ‘experience’, and uses adjectives like ‘great’ when describing what they want the experience to be like for users. I don’t know about you, but I’ve never thought about installing updates as a ‘great experience’. Nightmarish, never-ending, endurable, and dreaded are more familiar ways to describe my update experiences. The word I’d most like to use in connection with updates is ‘uneventful’.

Note: phrases like ‘great update experience’ were no doubt vetted by some Microsoft committee. Microsoft writers are presumably encouraged to use these phrases — and avoid negative terminology — when discussing Windows updates.

Microsoft still seems unable to understand what people actually want to ‘experience’ from a Windows update:

  1. We don’t want updates at all, really. We want software to not be full of security holes in the first place. But that’s a fantasy, and will never happen (sigh).
  2. We want updates to not cause problems. Ever.
  3. Updates should install quickly, and with minimal fuss. Giant downloads, massive storage requirements, lengthy update durations, and high CPU usage are unacceptable.
  4. It should be possible to easily, quickly, and effectively revert updates.
  5. Automatic updates are a nice option, but only if we have full control over when they occur.

Upcoming Windows Update changes

  • Download and install now option: a new option on the Windows Update page that installs ‘feature updates’, which provide new or improved functionality. Using this option effectively updates Windows 10 to the latest version in terms of features, without installing any bug or security fixes. According to Microsoft, it’s a way to get the latest features without installing anything potentially risky.
  • Extended ability to pause updates. This further extends your ability to delay installation of updates, although it’s still limited: you can delay an update up to 35 days (seven days at a time, up to five times). This one is important for Windows 10 Home users, because the feature was previously unavailable on that version.
  • Intelligent active hours. The ‘active hours’ setting, which was added in the Anniversary Update, allows you to specify a window of time during which updates should never occur. This will now adjust itself automatically, based on when it thinks the computer is actually being used. This sounds good, but in practise, it may cause more problems than it solves. We’ll see.
  • Improved update orchestration. This new feature will detect device usage, and attempt to install updates when utilization is low, such as when there is no user activity.

For additional details on the upcoming changes, see Microsoft’s recent Windows blog post, titled “Improving the Windows 10 update experience with control, quality and transparency“.

Other Windows Update changes are being tested and may appear in upcoming releases of Windows 10, such as the ability to automatically roll back a problematic update.

These are all welcome changes, but I’m hoping Microsoft goes even further. If the Windows 10 update process improves enough, I may even consider installing it again. For now, there are still too many problems, such as Windows Update’s excessive use of disk space.

At least Microsoft is listening to the complaints about update dialogs popping up over important presentations, and worse. And they’re being surprisingly transparent during this current round of Windows improvements. Several recent Windows update problems (like this one in March and the known issues with this April update and this one) were probably the main impetus behind the changes, though.

Update 2019Jun03: The May update has arrived, and Windows 10 Home users are not impressed with the minor improvements to Windows Update.

Adobe, Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Shockwave, Windows

Patch Tuesday for March 2019

Leave a comment

You know, it’s theoretically possible that we could get a Patch Tuesday with no updates to install. We’ve had months like that for Adobe products. Not for Microsoft, though, at least not in my memory.

Anyway… this month from Microsoft we have thirty-four updates, addressing seventy-five security vulnerabilities in Internet Explorer, Edge, Flash in Microsoft browsers, Office, and Windows. At least that’s what my analysis shows. The source of this information, Microsoft’s Security Update Guide, is a complex beast.

Reminder: these updates are only for versions that are still supported. Windows XP is no longer supported, and Windows 7 won’t be for much longer. Versions of Office older than 2010 are no longer supported, and Office 2010 support will end later in 2019.

It was a busy month for Adobe, with updates to Flash, Reader, and Shockwave.

Flash 32.0.0.171 includes fixes for two vulnerabilities in earlier versions.

Acrobat Reader DC, the variant of Adobe’s Acrobat/Reader product line you probably use, is up to version 2019.010.20099. The new version addresses twenty-one vulnerabilities in earlier versions.

Shockwave Player 12.3.5.205 addresses seven security bugs in earlier versions. You’re slightly less likely to have this software installed on your computer, but it’s worth checking if you’re not sure.

There are links to download the new versions on all the release announcement pages linked to above.

Mozilla, Patches and updates, Security, Thunderbird

Thunderbird 60.6.1

Leave a comment

Mozilla released a new version of their email client Thunderbird recently: 60.6.1. The new version includes fixes for two security vulnerabilities.

The fixed vulnerabilities are unlikely to pose a threat to Thunderbird users. According to the related security advisory:

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

In other words, since Thunderbird does not allow scripts embedded in email to execute, users are generally much safer than if the same email is displayed in a web browser.

Firefox, Mozilla, Patches and updates, Security

Firefox 66.0 and 66.0.1

Leave a comment

The latest major release of Firefox is version 66, which was announced on March 19th. The new version includes some welcome improvements and twenty-one security fixes.

What’s new in Firefox 66?

  • Audio is now prevented from playing by default. You can override this behaviour with a global setting, or add specific web sites to an exclusion list.
  • When you have a lot of tabs open, Firefox now shows a down-arrow button at the end of the tab bar. Clicking this button shows a list of all open tabs, and provides a special search function, allowing you to search your open tabs.
  • Scroll Anchoring tries to keep your content in place even as advertising and other images try to push what you’re reading off the page.
  • Extensions get a slight speed boost.
  • It’s now a bit easier to configure keyboard shortcuts for extensions.
  • HTTPS certificate error pages are easier to understand.
  • Additional performance and stability improvements, especially during page loading.
  • AV1 video support was added to the 32-bit version of Firefox.

Firefox 66.0.1 addresses two security issues in earlier versions, and was released on March 22nd.

You can check which version you’re running by clicking Firefox’s ‘hamburger’ menu, and navigating to Help > About Firefox. If you’re not yet up to date, you should see an Update button that allows you to install the latest version.

Chrome, Google, Patches and updates, Security

Chrome 73.0.3683.75

Leave a comment

The release announcement for Chrome 73.0.3683.75 links to a list of sixty security issues which are fixed in the new version.

Many of the vulnerabilities addressed in Chrome 73.0.3683.75 were discovered by external security researchers, once again demonstrating the value of Google’s open attitude towards bug submissions.

Although Chrome usually updates itself within a few days of a new release, you can expedite this process by checking for available updates. Do that by navigating Chrome’s three-dot menu (by default at the top right), to Help > About Google Chrome. This will trigger an update, if one is available.

Opera, Patches and updates, Security

Opera 58.0.3135.90

Leave a comment

A security update in the Chrome engine prompted last week’s release of Opera 58.0.3135.90. Opera is built on Google’s Chrome engine (also known as Blink), so when there’s a security update in Chrome, it usually finds its way into Opera within days.

Aside: The Blink engine forms the core of many popular browsers. I use Chrome, Vivaldi, Opera, Firefox, Internet Explorer and Edge for different tasks, based on my experience with those browsers. Opera, Vivaldi, and of course Chrome are built on the Blink engine. Internet Explorer is being phased out. Edge will soon be built using Blink instead of Microsoft’s own engine. The Blink engine seems poised to take over completely, which has some people concerned.

To check Opera’s version, click its ‘O’ menu (usually at the top left), then select Update & Recovery, then click Check for Update.

Edge, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for March, 2019

Leave a comment

According to Microsoft’s Security Update Guide, March’s updates, twenty-eight in all, include fixes for at least sixty-five security vulnerabilities in .NET, Flash Player (in IE and Edge), Internet Explorer, Edge, Office, Visual Studio, and Windows.

Even if you have automatic updates enabled on Windows 7 and 8 computers, it’s a good idea to check for and install the new updates. If you’re running Windows 10, auto-updates can’t be disabled, but you can still check for updates, and get them sooner that way.

There are no updates for Flash or Reader from Adobe so far in March.

Chrome, Google, Patches and updates, Security

Chrome 72.0.3626.121

Leave a comment

The latest Chrome browser release is version 72.0.3626.121, and it fixes a security vulnerability for which exploits have been observed ‘in the wild’. So this is an important update.

When I try to look at the full change log using the link provided by Google, I get a blank page. Not sure what’s going on there.

If you use Chrome, it’s almost certainly updating itself on Google’s somewhat mysterious schedule. But you can check your version and initiate an update by navigating its ‘three dot’ menu to Help > About Google Chrome.