boot13Opera 44.0.2510.1159 fixes a small number of bugs in the browser, including some annoying crashing issues. The change log provides additional details. None of the changes are related to security.
Category Archives: Patches and updates
Vivaldi 1.8.770.54
A few minor issues were identified in the recently-released Vivaldi 1.8 (1.8.770.50), and addressed in yesterday’s release of Vivaldi 1.8.770.54. There’s no urgency about this update unless you’re affected by the problems described in the release announcement.
Vivaldi 1.8
The latest version of Vivaldi sports a reworked browsing history, and better control over audio, as well as several bug fixes. The release announcement lists all the changes. None of the changes appear to be related to security.
Vivaldi 1.8’s new history interface is a real improvement over what’s available in other browsers. Anyone who spends a lot of time reviewing their browsing history will appreciate the new calendar view.
Despite the improvements, I’d rather the Vivaldi development team spend their time fixing issues with the user interface. The sidebar bookmark editor is still weirdly difficult to use, and it’s also now apparently impossible to remove. There are still inconsistencies in the way links and bookmarks are handled, and the browser still lacks options that would allow complete control over whether links and bookmarks open in new tabs.
Update 2017Apr05: the full version number is 1.8.770.50.
Chrome 57.0.2987.133
Five security issues and a few dozen other bugs are addressed in Chrome’s latest release, version 57.0.2987.133. See the full change log for details. Chrome usually does a good job of updating itself, but you can prod it by clicking the ‘three dot’ menu icon and navigating to Help > About Google Chrome.
Firefox 52.0.2
There’s another new Firefox release: 52.0.2. The new version fixes a few minor bugs, none related to security.
Firefox should update itself automatically to the new version, but there’s no particular urgency about this update, unless you’re affected by one of the bugs it fixes. See the release notes for details.
As usual, there was no announcement from Mozilla about Firefox 52.0.2. I learned about this one when Firefox offered to update itself.
Windows 10 cumulative updates hopelessly botched
Recently I noticed that my Windows 10 test PC wasn’t staying logged in. Every morning, despite not having logged out the day before, I was seeing the login screen. A bit of poking around in the Windows 10 settings showed that Windows was trying to install update KB4013429, rebooting to complete the install, failing to complete the install, and rolling back the changes. Rinse and repeat daily, since March 14.
Searching online, I immediately found other people experiencing this problem. No official solution from Microsoft, but plenty from other users, including what turned out to be the only thing that worked for many: a total reinstall of Windows 10.
One user pointed to an interesting tool, available in the TechNet Script Center, called Reset Windows Update Agent. (Note: this script was created and submitted by a non-Microsoft contributor, not by Microsoft.) Since I wasn’t getting anywhere looking for an official solution, I tried the tool’s main feature, which does indeed reset all things Windows Update. After rebooting, Windows successfully installed a few updates, then started to install ‘Cumulative Update for Windows 10 Version 1607 (KB4015438)’, which Microsoft issued on March 20 to address problems with KB4013429. But that update also failed to install, and now we’re back in our daily loop.
I considered contacting Microsoft about this, but then I remembered my previous encounters with Microsoft support, shuddered, and thought better of it. After all, Microsoft already knows my PC is having trouble installing this update, because of all the telemetry in Windows 10, right? If anything, they should be contacting me with a solution. Yeah, right. Like that would ever happen.
I really don’t want Microsoft to be in a position to make my life miserable, especially now that they can do that remotely, without my explicit consent, and usually without my knowledge. At a time when Microsoft should be showing us just how much they’ve learned about managing Windows updates, they seem to be getting worse.
I sympathize with anyone who tries to do anything productive with Windows 10. I only use it for testing and media playback, but even so, this is the end of the line for my relationship with Windows 10. I’ll be installing Linux Mint MATE next.
Update 2017Apr30: I decided to call Microsoft after all. I figured it was only fair to give them one last chance. The call was relatively painless; I was only on hold for a few minutes. The tier one support person I spoke with identified himself as such and was happy to escalate my problem to the next support tier once it became clear he couldn’t help. We arranged a callback from tier two support, which happened yesterday. Both support people I spoke with started by asking if they could start a remote session to the affected computer, which I declined in both cases. I understand being able to control a computer remotely makes support much easier, but I’m just not comfortable with the idea. The tier two guy confirmed that Microsoft knows about this problem and is working on it. He also confirmed that lots of people are reporting the same problem. Unfortunately, the only fix he could provide was to hide the troublesome update, so that it stops trying to install every day. The ability to hide updates exists in the classic Windows Update, but that feature was removed from Windows 10, so a special download was required. The Microsoft support article “How to temporarily prevent a driver update from reinstalling in Windows 10” includes a link to a tool called the Show or hide updates troubleshooter package. I downloaded and ran the tool, and it listed a few pending updates, including the most recent failing cumulative update. I hid that update, and so far so good: the computer no longer tries to install the update daily. According to the tier two support guy, when Microsoft finds a fix, they’ll include it with a subsequent cumulative update, and all will be well with the world. But in the meantime, my Windows 10 PC isn’t getting security updates. So it’s not much of a solution. Linux, here we come.
Firefox 52.0.1
A single security fix is apparently the sole reason Mozilla released Firefox 52.0.1 on March 17. There was no announcement from Mozilla, but as usual, CERT picked up the slack with their own announcement. The release notes for 52.0.1 point to a related security advisory.
Firefox will offer to update itself over the next few days, but you can usually trigger an update by navigating to its About dialog (hamburger menu icon > question mark icon > About Firefox).
Chrome 57.0.2987.110
About twenty bug fixes and minor changes made it into the latest version of Chrome, 57.0.2987.110. None of the changes seem to be related to security. The announcement doesn’t mention anything about what changed, but the full change log — refreshingly small this time — lists all the changes in detail.
Vivaldi 1.7.735.48
A minor security issue in its installer prompted the release of Vivaldi 1.7.735.48 yesterday. The browser itself isn’t changed in this release – only its installer – but its version number was bumped up from 1.7.735.46 anyway. If you’re already running Vivaldi 1.7.735.46, there’s no need to update, and the browser won’t bother to update itself.
Patch Tuesday updates from Microsoft and Adobe
It looks like Microsoft fixed the technical issues that led to February’s updates being postponed until March. Today they announced eighteen updates that address security issues in Windows, Internet Explorer, Edge, Office, Silverlight, as well as Windows Server software, including Exchange.
Critical vulnerabilities for which updates were expected in February, including an SMB flaw in Windows (CVE-2017-0016), and two others that were disclosed by Google’s Project Zero that affect the Windows GDI library (CVE-2017-0038), and Internet Explorer and Edge (CVE-2017-0037), finally get fixes today.
A total of one hundred and forty vulnerabilities are addressed by today’s updates from Microsoft. That’s higher than usual, but of course this is two months’ worth of updates.
Adobe’s contribution to the patching fun this month is new versions of Flash and Shockwave. Flash 25.0.0.127 includes fixes for seven vulnerabilities in earlier versions, while Shockwave 12.2.8.198 resolves a single security issue in versions 12.2.7.197 and earlier.
Chrome will update itself with the new version of Flash in the next day or so, but you can usually trigger the update process by navigating to its About page. Flash updates for Internet Explorer and Edge are included in this month’s updates from Microsoft.
If you’re still using a web browser with a Flash plugin, you should make sure it’s up to date as soon as possible.
Update 2017Mar17: Ars Technica points out — quite rightly — that Microsoft still owes us all an explanation for why the February updates were cancelled. My favourite quote from the Ars article: “when marketers drive communications concerning a reported zero-day exploit, customers lose.” I’d argue that when marketing folk are the only ones talking about technical issues of any kind, we should all be very worried.