Category Archives: Patches and updates

Patch Tuesday for December

Today, Microsoft published twenty-four updates, addressing thirty-three vulnerabilities in Flash player (for Microsoft browsers), Office, Internet Explorer, Edge, and Windows.

As usual, Microsoft’s announcement is little more than a pointer to the Security Update Guide (SUG). If you’re looking for details about any of these updates, that’s your only official option. The SUG’s user interface is somewhat headache-inducing, but there’s useful information to be had there.

Windows 10 gets these updates whether you want them or not; Windows 7 and 8.1 can be configured for automatic or manual updates. I personally don’t like the idea of updates being installed on my computers at Microsoft’s whim, so I’m sticking with manual updates. And avoiding Windows 10 completely. And gradually switching to Linux.

Firefox 57.0.2

According to the release notes, Firefox 57.0.2 fixes two bugs, neither of which is related to security. And yet there’s also a security advisory for Firefox 57.0.2, which lists two vulnerabilities fixed in the new version.

In the past, Mozilla linked to relevant security advisories on Firefox release notes pages, so presumably someone simply forgot. Fixes for security bugs are a lot more important than fixes for obscure non-security-related bugs, so hopefully this isn’t the new normal for Firefox release notes.

Since this update includes security fixes, it’s a good idea to make sure your Firefox installation is up to date. You can do that by clicking its menu button at the top right (three horizontal lines, sometimes referred to as a ‘hamburger’ button), then choosing Help > About.

Chrome 63.0.3239.84

The change log for Chrome 63.0.3239.84 has ten thousand entries. I’d like to read it, and I might even find something interesting buried there, but instead I’ll assume Google would point out any notable changes in the release notes.

Alas, while the release notes do point out that the new Chrome includes fixes for thirty-seven security vulnerabilities, none of the other changes are discussed. In a way I suppose that’s a good thing: as long as Google isn’t making large changes or adding new features, while they continue to fix vulnerabilities and other bugs, the outcome is almost always going to be a better browser.

Chrome typically updates itself within a few hours or days of a new release, although in the release notes, Google says “This will roll out over the coming days/weeks.” Given the number of security fixes in this version, it’s a good idea to check the version you’re running, and hopefully trigger an update, by clicking Chrome’s menu button (three vertical dots at the top right), then choosing Help > About Google Chrome.

Firefox 57.0.1: a few bug fixes

It’s been two weeks since the release of Firefox 57, the first version of a new generation for the browser dubbed Quantum, and it’s clearly faster, cleaner, and lighter than its predecessors.

Firefox 57.0.1, released on November 29, addresses a few minor problems in 57.0. The release notes mention security fixes, but the linked Security Advisories page shows fixes that were already in Firefox 57.0. So there’s no particular urgency about this update, unless you’re affected by one of the issues the new version fixes.

Vivaldi 1.13 released

A new version of alternative web browser Vivaldi improves window and tab handling, and includes a new window management sidebar panel. Download management is also improved: downloads can now be resumed after interruption. Bookmark handling is slightly improved, although in my opinion there’s still more work to be done in that area.

A variety of bugs were fixed in Vivaldi 1.13 as well. This Vivaldi blog post lists all the significant changes in Vivaldi 1.13.

Vivaldi remains an excellent alternative to the more popular browsers. Although it has some quirks, it also has features not found in other browsers, such as tab stacking. If you’re looking for a different browser, Vivaldi is worth checking out.

Firefox 57: faster and better

I’ve been using Firefox 57 for a few days now, since it was released on November 14. So far, I like what I see. Mozilla is hyping how much faster the browser is, and while it doesn’t feel a lot faster, it is indeed somewhat snappier. Given that Firefox had been getting noticeably sluggish in recent months, this is very welcome.

There are some major changes in Firefox 57: the user interface (UI) has had a major overhaul, using a new set of design guidelines called Photon. Most user interface elements will look familiar, but slightly different. Photon’s main objectives are to improve performance while making the interface consistent across various platforms. You’ll notice new icons throughout (including the main application icon), new positioning of interface elements, new animations, new appearance and behaviour for tabs, cleaned up menus, and new page loading animation.

The ‘new tab’ page has also been improved, and is more customizable. There are some new search engines to choose from, and Google is now the default for search. The on-page search feature now includes an option to highlight all matches on a page.

Numerous other changes in Firefox 57 were made to improve performance, including a new CSS engine called Stylo. CSS stands for Cascading Style Sheets, and it’s a set of standards used by web developers to define the style and layout of web sites. Stylo is faster than its predecessors because it uses available processing power more sensibly.

The upgrade process for Firefox 57 is no different than for earlier versions, and you don’t need to do anything special. As always, your existing Firefox profile (which contains your settings, bookmarks, login credentials, history, etc.) will be used by the new version. You may notice that your toolbar has been rearranged slightly, but that’s easy to fix using the Customize feature. You may also see blank spacer elements on either side of the address box, but these can be removed.

I noticed one possible problem: the contents of the address bar drop-down list occupy a narrow section in the middle of the list. The width of that section matches the width of the address box itself. This may have been done intentionally, but in my opinion it looks weird and severely limits the displayable length of addresses in the list.

With version 57, Firefox is no longer quite as sensitive about the use of Windows accessibility features. Previously, running the Windows On-Screen Keyboard would trigger Firefox to disable multi-process mode, resulting in reduced performance. That no longer happens in Firefox 57.

Firefox 57 also includes fixes for fifteen security vulnerabilities, so even if you’re not sure about the new user interface, you should really go and ahead and upgrade.

All in all, it’s good news for Firefox fans: Firefox 57 is faster, and has a cleaner, tighter, and more consistent user interface. I don’t see any reason to hold off on upgrading.

Firefox 57 may even be good enough to slow the recent wave of users, fed up with Firefox’s increasing bloat and decreasing performance, and feeling abandoned after Mozilla recently orphaned thousands of useful add-ons, who have been switching to Chrome and other browsers.

November updates for Adobe products

Adobe logoYesterday, Adobe announced updates for several of its main products, including Flash, Acrobat Reader, and Shockwave.

Flash 27.0.0.187 addresses five critical vulnerabilities in earlier versions. You can download the new desktop version from the main Flash download page. That page usually offers to install additional software, which you should avoid. Chrome will as usual update itself with the new version, and both Internet Explorer and Edge will get their own updates via Windows Update.

Acrobat Reader 11.0.23 includes fixes for a whopping sixty-two vulnerabilities, all flagged as critical, in earlier versions. Download the full installer from the Acrobat Reader Download Center.

Shockwave Player 12.3.1.201 addresses a single critical security issue in earlier versions. Download the new version from the Adobe Shockwave Player Download Center.

If you use Flash, Reader or Shockwave to view content from untrusted sources, or if you use a web browser with add-ons enabled for any of these technologies, you should update affected systems immediately.

Patch Tuesday for November 2017

According to Microsoft’s announcement, the November updates include patches for Internet Explorer, Edge, Windows, Office, and .NET. As usual, you have to dig into the rather awkward Security Update Guide to find additional details.

My analysis of the SUG reveals that there are fifty-three bulletins, addressing fifty-four vulnerabilities across the usual range of products. Sixteen of the vulnerabilities are flagged Critical.

If you’re interested in performing your own analysis, I strongly suggest avoiding the cumbersome SUG interface. Instead, locate the almost hidden ‘Download’ link at the top right of the updates grid and click that to open the data in Excel. From there you can use Excel’s filtering tools to wrestle the update information into more manageable lists.

Opera 49 released

A new version of alternative web browser Opera sports new features that may be of interest to some users, but aren’t likely to excite much interest in most.

Opera’s developers have added a screen shot feature to the browser, apparently in response to similar features being added to other browsers recently. I still don’t understand the point, especially since the feature can’t be used outside the context of the browser. You’re better off using a screen capture tool that works in any context.

There’s also a new Virtual Reality player, something that looks cool but likely isn’t particularly useful for most people.

Opera 49 includes numerous other enhancements, but most seem cosmetic in nature. The full change log has all the details. Note that the log includes changes made to Opera 49 while it was still only available as a ‘developer’ version.