Category Archives: Patches and updates

Edge, Microsoft, Patches and updates, Windows 10

Windows 10 Insider Preview Build 14267

Leave a comment

For those of you interested in the Windows 10 Insider Preview builds, the latest is build 14267, which was announced on February 18.

Build 14267 finally fixes the WSClient.dll error dialogs that were popping up in previous builds. Problems with certain front-facing cameras have been fixed. The ‘Reset this PC’ function is once again working properly with this build.

It’s now easier to use Cortana to identify playing music. There are several improvements to Edge, including Favorites management, an option to clear browsing data on exit, and better download management.

Android, Hardware, Internet, Linux, Patches and updates, Security, Things that are bad

Critical security flaw affects millions of systems

Leave a comment

Here we go again. Researchers have discovered (actually more like rediscovered) a very bad flaw in the commonly-used GNU C Library, also known as glibc.

The flaw has existed, undiscovered, since 2008. It was discovered and reported to the glibc maintainers in July of 2015 (CVE-2015-7547), but nothing was done about it until Google researchers re-discovered the flaw and reported it on a public security blog.

The glibc maintainers reacted to the Google revelations by developing and publishing a patch. It’s not clear why such a serious vulnerability was not fixed sooner.

But that’s not the end of the story. Any computer or device that runs some flavour of Linux, including most of the world’s web servers and many routers, is potentially vulnerable. Individual software applications that are compiled with glibc are also potentially vulnerable.

Although it’s safe to assume that diligent sysadmins will update their Linux computers, tracking down all the affected software will take time. The Linux firmware running on routers and other network devices will be updated much more slowly, if at all. All of this opens up many exploitation possibilities for the foreseeable future.

The good news is that there are several mitigating factors. Many routers don’t use glibc. In some cases, default settings will prevent exploits from working. Android devices are not vulnerable. Still, this problem is likely to get worse before it gets better.

Update 2016Feb20: Dan Kaminsky just posted his analysis of the glibc vulnerability. It’s very technical, but if you’re looking for a deeper dive into this subject, it’s a great place to start. Dan helpfully explains why it’s difficult to predict just how bad things will get.

Opera, Patches and updates, Security

Opera 12 isn’t dead yet

Leave a comment

It’s been ages since Opera updated the classic (pre-Webkit) version of their browser. Although still available for download and still technically supported, the old version is obviously not Opera’s focus. Before yesterday, the latest version of classic Opera was 12.17, and hadn’t changed since April 2014.

Yesterday, in response to recent web-wide changes affecting security, Opera released a new version of the 12-series browser: 12.18. The associated announcement explains why this was done. Sadly, the new version isn’t even mentioned on the change logs page. There is still a link to the 12.17 change log, but that link is still broken.

In related news, Opera (the company that develops the Opera browser) is expected to be sold to a Chinese consortium in the near future. It’s difficult to predict how the new owners will influence the browser, but I’m not optimistic. I had begun switching from Firefox to Opera as my main browser, but that’s on hold for now.

Meanwhile, I’m looking at Vivaldi, an alternative browser developed by former Opera employees. So far it looks promising.

Microsoft, Patches and updates, Windows 10

Windows 10 Insider Preview Build 14257

Leave a comment

My Windows 10 testing computer is still on the Windows Insider Preview ‘Fast Ring’, which means it gets the very latest Windows 10 preview builds as soon as they become available.

The test machine was just updated to preview build 14257. This build includes a lot of bug fixes, including one for a nasty app crashing problem related to memory management. The WSClient.dll error dialog box problem has not yet been resolved.

Firefox, Patches and updates, Security

Firefox 44.0.1 and 44.0.2

Leave a comment

Two stealth releases this week for Firefox. Version 44.0.1 was released on February 8 to fix a handful of minor bugs. Version 44.0.2 was released yesterday to fix a startup hanging problem and to address one security issue.

Most installations of Firefox will offer to update themselves automatically, but since 44.0.2 includes a security fix, you should check your version and trigger an update if you’re still running an older version.

If you’re wondering where Mozilla hid the ‘About’ box:

  1. Click the ‘hamburger’ button (three stacked horizontal lines) at the top right.
  2. Click the question mark button at the bottom of the menu.
  3. Click ‘About Firefox’.
Microsoft, Patches and updates, Security, Windows 10

Microsoft finally providing Windows 10 update history

Leave a comment

Responding to a steady stream of complaints since the launch of Windows 10, Microsoft has finally relented and will now provide useful notes to accompany changes to the operating system.

The Windows 10 update history page shows changes to release versions, starting with the initial release (build 10240.16683) in July, and ending with the most recent release version, 10586.104.

The notes for release 10586.104 show that a serious security flaw related to InPrivate browsing in the Edge browser has now been fixed.

Adobe, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for February 2016

Leave a comment

Thirteen security updates from Microsoft this month address over forty issues in Windows, Internet Explorer, Edge, Office, server software and .NET. Six are flagged as Critical.

In keeping with their recent practise of tagging along with Microsoft, Adobe also just released several updates, most notably for Flash. The latest version of Flash is now 20.0.0.306. As usual, Internet Explorer on Windows 8.1 and 10 and Edge on Windows 10 will get their new Flash via Windows Update, and Chrome will update itself with the latest Flash. The associated security bulletin gets into all the technical details. A total of 22 vulnerabilities are addressed in the new version.