It’s time once again to roll up the sleeves and get patching. This month we have thirteen security bulletins and associated updates from Microsoft. The updates address at least forty-four security vulnerabilities in Windows, Internet Explorer, Edge, Office, Windows Server, and .NET. Five of the updates are flagged as Critical.
Adobe’s contribution this month is new versions of Acrobat/Reader. You may have noticed that Adobe has confused things by splitting Acrobat/Reader into several variations: classic, continuous, and desktop. According to Adobe, the continuous variant always has all the most recent updates, fixes, and new features. I think it’s safe to assume that’s the variant most people should be using. The new continuous version of Reader is 15.010.20060. All of the new versions include fixes for three security vulnerabilities.
In February, a security researcher discovered that a Silverlight exploit – patched by Microsoft in January – is now being distributed through the Angler hacking kit. The researcher also found web sites using the exploit to infect site visitors who have not yet installed the Silverlight patch.
Comodo Internet Security, a highly-rated security package, was found to include features that actually make the host computer less secure. Most notably, that included a VNC server running without a password. VNC is a remote desktop application. The problems were resolved in subsequent updates from Comodo.
Brian Krebs wrote about serious security issues found in some Internet-connected Trane thermostats, and warns buyers to use caution when purchasing ‘smart’ devices.
Improvements to Cortana are featured in the latest Windows 10 preview build. Cortana now understands Spanish (Mexico), Portuguese (Brazil) and French (Canada), and it’s now easier to set reminders without a specific date or time.
Build 14279 also includes fixes for a few stability issues, including problems experienced by some users when installing driver updates.
There are fixes for at least twenty-six security issues in the latest version of Chrome, 49.0.2623.75.
The release announcement lists the most important security fixes, while making it clear that the full details may not be made available until the majority of users have had a chance to update.
The full change log for Chrome 49 seems to go on forever. I tried to find the end of it, but gave up after a few pages. At least it doesn’t try to load in one page, since that would probably crash most browsers. Presumably if Google had made any really interesting changes in Chrome 49, they would have been mentioned in the announcement.
A few minor bug fixes and performance improvements found their way into version 35.0.2066.92, the latest release of Opera ‘Stable’.
None of the changes are related to security, so there’s no rush to update, although if you’ve been experiencing problems with Opera on Windows 10, the new version should help.
The full change log doesn’t provide any additional information this time.
Windows 10 preview builds are being pushed out more frequently these days. Build 14271 doesn’t include anything particularly exciting, consisting mostly of minor bug fixes. The associated announcement provides details.
The Opera web browser is based on Google’s Chromium ‘engine’ – the same core software that powers the Chrome browser. Aside: the Chromium browser engine is not to be confused with the other ‘Chromium’ – Google’s operating system, ChromiumOS. What is it with big corporations and confusing names?
Anyway… when Chrome gets a security fix, an Opera release with the same fix will soon follow. Opera 35.0.2066.82, announced on February 23, contains the same updated version of Chromium as Chrome 48.0.2564.116, which was released on February 18.
The Chromium security issue addressed in the latest versions of Opera and Chrome is CVE-2016-1629. The bug potentially allows attackers to bypass Same Origin Policy (SOP) measures that normally prevent scripts on other hosts from running.
If you use Chrome or Opera, or any other web browser based on the Chromium engine, you should update it as soon as possible. Chrome and Opera have self-updating features which can be triggered by navigating to their respective ‘About’ pages.
There’s no particular need to install the very latest Java, version 8 Update 74. According to Oracle, “Java SE 8u74 is a patch-set update, including all of 8u73 plus additional features (described in the release notes).” The release notes don’t shed much light on the differences between 8u73 and 8u74, but they don’t appear to be of any importance for regular users.
In other words, if you’re already running Java 8 Update 73, you’re fine.
For those of you interested in the Windows 10 Insider Preview builds, the latest is build 14267, which was announced on February 18.
Build 14267 finally fixes the WSClient.dll error dialogs that were popping up in previous builds. Problems with certain front-facing cameras have been fixed. The ‘Reset this PC’ function is once again working properly with this build.
It’s now easier to use Cortana to identify playing music. There are several improvements to Edge, including Favorites management, an option to clear browsing data on exit, and better download management.
The newest version of Chrome includes a fix for one security issue and a few other minor bug fixes. The version 48.0.2564.116 announcement provides additional details, as does the full change log.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.
boot13