Category Archives: Patches and updates

Microsoft pushes February updates to March

February 17, 2017 jrivett 1 Comment

In an unprecedented move, Microsoft has decided to delay all February updates until next Patch Tuesday, which is March 14. It’s still not clear exactly why this is happening, but Microsoft is working on structural changes to the Windows Update system, so presumably something went horribly wrong in testing.

This is bad news for anyone who runs a server that’s vulnerable to a recently-discovered SMB flaw that was expected to be fixed with Tuesday’s updates.

Update 2017Feb23: Meanwhile, Google’s Project Zero went ahead and published the details of another vulnerability (in the GDI graphics library) that was supposed to be fixed this month. This was done in keeping with GPZ’s own policy, but as usual Microsoft isn’t happy about it.

Update 2017Feb28: Yet another vulnerability that was expected to be fixed in the February updates from Microsoft was just revealed by GPZ. This one affects Internet Explorer and Edge, and it’s ranked highly severe.

Adobe, Chrome, Edge, Flash, Internet Explorer, Patches and updates, Security, Windows

Flash update fixes 13 vulnerabilities

February 15, 2017 jrivett Leave a comment

A new version of Flash, released yesterday, addresses at least thirteen vulnerabilities in previous versions.

According to the security bulletin for Flash 24.0.0.221, the new version fixes “critical vulnerabilities that could potentially allow an attacker to take control of the affected system.”

The release notes for Flash 24.0.0.221 describe some new features that are likely only of interest to developers.

As usual, Internet Explorer and Edge will get new versions of their embedded Flash via Windows Update, while Chrome’s embedded Flash will be updated automatically.

Anyone who still uses a web browser with Flash enabled should update it as soon as possible.

Microsoft, Patches and updates

Microsoft Patch Tuesday delayed

February 15, 2017 jrivett Leave a comment

According to this MSRC TechNet post from yesterday, Microsoft “discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.” There’s no word on when this month’s updates will be made available.

Patches and updates, Security, Vivaldi

Vivaldi 1.7

February 9, 2017 jrivett Leave a comment

Apparently the people who develop Vivaldi believe that adding a screen capture feature to the browser is a good use of their time. Perhaps if you don’t use any other web browsers, and you only ever need to capture screenshots of web sites, and never of anything outside the browser, this would be a useful feature. The rest of us will use the much more powerful features of general-purpose screen capture tools like ShareX.

Aside from the arguably pointless addition of screen capture, Vivaldi 1.7 further improves audio handling, and includes tweaks for domain expansion in the address bar. More importantly, Vivaldi now warns users when they navigate to a non-encrypted page that prompts for a password.

You can see the complete list of changes for Vivaldi 1.7 in the official release announcement.

Opera, Patches and updates

Opera 43

February 8, 2017 jrivett Leave a comment

The folks who develop the alternative web browser Opera are working on improving page loading time, and if their own benchmarks are any indication, those efforts have paid off.

Opera 43 shows significant speed gains over Opera 42, due mainly to the introduction of two new technologies: ‘instant page loading’, which predicts the site you’re looking for as you’re typing in the address bar, and PGO, which optimizes the browser code to make it run faster when it’s most important.

The new version also includes improvements to URL highlighting/selecting. Previously, there was no way to highlight linked text. With Opera 43, highlighting linked text works as expected if you use a horizontal motion, and if you use a vertical motion, the entire link is copied, as before.

There are loads of other changes in Opera 43, as you can see from the lengthy change log. However, none of the changes seem to be related to security vulnerabilities.

Chrome, Google, Patches and updates

Chrome 56.0.2924.87

February 4, 2017 jrivett Leave a comment

The change log for Chrome 56.0.2924.87 lists thirty-eight changes in the new version. Of those, only about half involve actual changes to the browser. None of the changes appear to be particularly noteworthy, and none are related to security.

Patches and updates, Security, WordPress and other CMS

WordPress 4.7.2 – security update

January 27, 2017 jrivett Leave a comment

Most WordPress sites are configured to automatically update themselves when a new version becomes available. Still, anyone who manages any WordPress sites should make sure they are up to date with version 4.7.2, released yesterday.

WordPress 4.7.2 addresses three serious security vulnerabilities. You can find all the details in the release announcement.

Update 2017Feb02: Apparently WordPress 4.7.2 included a fix for a fourth security vulnerability, which wasn’t announced until February 2. The vulnerability is so severe that the WordPress developers didn’t want to risk anyone knowing about it until the majority of WordPress sites were updated.

Firefox, Mozilla, Patches and updates

Firefox 51.0.1

January 27, 2017 jrivett Leave a comment

There were a couple of problems with Firefox 51 that prompted Mozilla to push out another new version yesterday. Firefox 51.0.1 resolves the two problems, one of which was related to the new multiprocess features.

Firefox itself seems to take a few days to notice new versions. Click the ‘hamburger’ menu button at the top right, then click the question mark icon, then click ‘About Firefox’ to see the version you’re running. In my experience, Firefox will usually say ‘Firefox is up to date’ until a couple of days after a new release becomes available. This is potentially confusing, but Mozilla doesn’t seem to understand that.

If you don’t want to wait for Firefox to notice the new version, you’ll have to download it directly from Mozilla.

Chrome, Google, Patches and updates, Security

Chrome 56.0.2924.76

January 26, 2017 jrivett 1 Comment

Chrome version 56.0.2924.76 includes fixes for fifty-one security vulnerabilities. But wait, that’s not all. If you want to see what happens when your web browser loads a really big web page, navigate to the change log for Chrome 56.0.2924.76. It’s a behemoth, documenting over ten thousand separate changes.

One change in particular deserves mention: starting with this version, Chrome will show ‘Secure’ at the left end of the address bar if a site is encrypted. When Chrome navigates to a web page that isn’t encrypted, but does include a password prompt, it will show ‘Not Secure’ in the address bar.

Chrome seems to update itself reliably, soon after a new version is released. Still, given the number of security fixes in this release, it’s not a bad idea to check.

Opera, Patches and updates

Opera 42.0.2393.351 and 42.0.2393.517

January 26, 2017 jrivett Leave a comment

Opera 42.0.2393.351 fixes a handful of bugs, several related to the 64-bit version of the browser. See the change log for details.

Opera 42.0.2393.517 fixes four more issues, some of which first appeared in 42.0.2393.351. See the change log for details.

None of the changes in either new version seem to be related to security. Opera will usually update itself shortly after a new version becomes available.

boot13