Category Archives: Patches and updates

Firefox, Patches and updates, Privacy, Security

Firefox 42 improves private browsing, fixes numerous bugs

Leave a comment

Mozilla seems determined to keep us guessing with new versions of Firefox. New versions that are not assigned a major new version number (e.g. 41, 42) are not announced in any way. When a new version is (apparently arbitrarily) assigned a major new version number, Mozilla publishes a post on the Mozilla blog. This post never includes any mention of the new version identifier, and typically doesn’t even say that there’s a new version.

For example, the post associated with Firefox 42 says this: “We’re releasing a powerful new feature in Firefox Private Browsing called Tracking Protection” and “We hope you enjoy the new Firefox!” What new version? When will it be released? We’re left guessing the answers to these rather obvious questions.

According to the release notes for Firefox 42, it was released on November 3. The Mozilla blog post describes changes to Firefox’s Private Browsing mode, including the new Tracking Protection, which “actively blocks content like ads, analytics trackers and social share buttons that may record your behavior without your knowledge across sites.”

Firefox 42 adds a small speaker icon that appears next to the caption for any tab that’s currently playing audio. You can mute a tab’s audio by clicking the speaker icon. The Login Manager has been improved in several ways. Performance has also been beefed up for sites that perform a lot of restyling. HTML5 support was improved.

Firefox 42 includes fixes for at least eighteen security bugs, according to the Security Advisories page. Recommendation: update Firefox to version 42 as soon as possible.

Microsoft, Patches and updates, Windows 10, Windows 7, Windows 8.x

If you don’t want Windows 10, disable Automatic Updates

Leave a comment

Microsoft is really ramping up the annoyance factor lately. The latest is that some time in 2016, Windows 7 and 8.x computers will start seeing Windows 10 as a ‘Recommended’ update in Windows Update. If you have Windows Automatic Updates enabled, your computer will be upgraded to Windows 10 on some arbitrary night in early 2016, while you’re asleep.

This is bad for several reasons. Here are a few:

  • For anyone not interested in upgrading to Windows 10, this renders Automatic Updates unusable. Yes, there are people who want to use Automatic Updates, but don’t want to upgrade to Windows 10. Lots of them. Including a lot of grandparents.
  • There have already been reports of problems with Windows 10 being installed when it wasn’t wanted. If Microsoft messes this up somehow, a lot of people are going to be mighty annoyed when they wake up to Windows 10 on their computer.
  • There are loads of reasons not to upgrade to Windows 10, including incompatible software and hardware. An unwanted Windows 10 upgrade could mean a lot of time wasted downgrading or looking for alternatives.
  • Microsoft has started talking about Windows 10 in business and education settings, saying they’ll provide workarounds for these types of problems. But it can’t be very encouraging to business IT folks to hear announcements like this.

The Verge has more.

Edge, Microsoft, Patches and updates, Windows 10

Edge automatically imports Chrome bookmarks for all users

Leave a comment

I just ran Edge – Microsoft’s new web browser – on my Windows 10 test computer, and the ‘Favorites’ bar went berserk for a few seconds. At first I thought there was some kind of display bug, but then I clicked the arrow at the far right end of the bar, and could see a lot of new Favorites, including many in folders. Some of those favorites were familiar, and some were not.

I eventually realized that Edge had automatically imported all the Chrome bookmarks from every Google account that had ever logged into Google, using Chrome, while logged into Windows with my Microsoft account. I leave the computer logged in, which is normally not recommended, but this is also my main media computer, and there’s nothing personal on any of its drives. Also I trust my roommate.

Chrome knows when you’re logged in to Google, and shows bookmarks and other settings specific to the current Google user. These settings are stored locally, keeping each Google user’s settings separate, but storing the data in the profile of whichever Windows user is currently logged in.

There are two problems with this. First, I don’t think this import process should be automatic. It’s the kind of thing that I want to do strictly on demand, and in fact you can do that: in Edge’s Settings dialog, click the ‘View favorites settings’ button to see the import feature. Second, Edge should not assume I want to import Chrome bookmarks for all Google profiles. Now I’ve got a mess to clean up, and I can’t be sure it won’t happen again. So I’ll stop using Edge.

I’m running Windows 10 Insider Preview build 10576, which just installed itself earlier this morning. I can’t be sure the Edge problem is related, but it seems likely.

Adobe, Flash, Patches and updates, Security, Shockwave

Shockwave update adds latest Flash

Leave a comment

Adobe finally noticed all the warnings about Shockwave using an old, less-secure version of Flash. The latest new version of Shockwave (12.2.1.171) fixes one specific security issue, while also adding support for the latest Flash using a new feature called ‘Flash Asset Xtra’.

The release notes for Shockwave 12.2.1.171 and the corresponding security bulletin have additional details.

If you use a web browser with a Shockwave plugin, you should install Shockwave 12.2.1.171 as soon as possible. You should also configure the plugin to prompt you before displaying any content, as long as your browser supports doing so.

Adobe, Chrome, Flash, Google, Patches and updates, Security

Flash update for Chrome

Leave a comment

Chrome has been updated to include the latest Flash, itself recently updated (outside the normal monthly update cycle) to fix a critical vulnerability. Luckily, if you use Chrome with Flash enabled, you don’t have to do anything; it will update itself.

Version 46.0.2490.80’s release notes don’t add much to the conversation, but predictably, the full change log is loaded with useless details. Nothing much of interest there, anyway.

Java, Patches and updates, Security

Updates for Java

1 Comment

On October 20, Oracle released Java 8 Update 65. Hours later, they apparently released Java 8 Update 66.

It looks like there may have been some kind of screwup at Oracle, because the two versions seem to address many of the same issues. When I use the Java control panel to update to the most recent version, I end up with 8u65, and I’m never prompted to install 8u66. Presumably this confusion will be cleared up by Oracle in the next day or so.

Meanwhile, if you’re still using a web browser with Java enabled, you should install Java 8u65 as soon as you can. Java 8 Update 65 fixes a few bugs, including some related to security.

References:

Update 2015Nov05: According to a post on The Java Source, a Java blog maintained by Oracle, “Java SE 8u66 is a patch-set update, including all of 8u65 plus additional features.” If you want the new features, you’ll have to download and install 8u66 manually, because Java’s own internal updater won’t do it.

Adobe, Chrome, Flash, Internet Explorer, Patches and updates, Security

Adobe releases fix for new zero-day exploit

Leave a comment

Yesterday, Adobe released an update for the recently-discovered Flash security vulnerability CVE-2015-7645. Kudos to Adobe for acting quickly to fix this bug, which is being actively exploited on the web.

The new version of Flash (19.0.0.226) addresses the CVE-2015-7645 vulnerability and two others. Additional details are available in the associated security bulletin. Other changes in this version of Flash are described in a post on the Flash runtime announcement site.

As usual, Internet Explorer on newer versions of Windows will get the new version of Flash via Windows Update, and Chrome will update itself via its own auto-updater.

If you’re still using Flash in a web browser, you need to install this update as soon as possible.

Microsoft, Patches and updates, Windows 10, Windows 7, Windows 8.x

Microsoft breaking Windows 7 & 8 so you’ll upgrade to Windows 10

Leave a comment

In the couple of months since the release of Windows 10, there have been plenty of reports of strange, unexpected, and unwanted behaviour on Windows 7 and 8.x computers. At least one high profile writer dismissed these reports, but recanted after witnessing the behaviour themselves.

I ran into one such problem yesterday when I tried to install October’s Patch Tuesday updates on my Windows 7 computer. Although auto updates are disabled on that computer, I had previously decided to install all updates flagged as ‘Important’. The idea was to see what happened if I allowed Microsoft to push whatever they wanted to that computer, putting myself into the same situation as most typical users.

The first thing I noticed was the ‘Get Windows 10’ icon that started appearing in the notification area. At the time, I provided instructions for uninstalling the update that caused this icon to appear, and did that myself as well. But the icon – and the update that enables it – kept appearing. Even ‘hiding’ the update (KB3035583) in Windows Update could not prevent the damned thing from reappearing.

Fast forward to yesterday, and when I tried to install updates on that Windows 7 PC, I was able to check for updates, and see the pending updates, but there was no way to install them! Instead, all I could see was a panel urging me to upgrade to Windows 10 and a ‘Get Started’ button.

The borked Windows Update screen on my Windows 7 computer.
The borked Windows Update screen on my Windows 7 computer.

I eventually discovered a rather amusing article on The Inquirer’s site, which provided some useful insight into the problem. Besides singling out the writer who had previously pooh-poohed claims of this unwanted behaviour, the article pointed to a Microsoft Knowledge Base article that provides instructions for getting rid of all the Windows 10 upgrade prompts.

I followed the procedures in that KB article, and sure enough all the upgrade prompts vanished, the KB3035583 update stopped reappearing, and Windows Update once again allowed me to install updates.

That's better. The normal Windows Update screen.
That’s better. The normal Windows Update screen.

Anyone using Windows 7 or 8.x who is seeing any of this unwanted and unwelcome behaviour is urged to follow the instructions in the KB3080351 article. If you’re unwilling or unable to do so yourself, ask your friendly local support person to do it.

Meanwhile, a message to Microsoft: are you serious? Are you so eager to push everyone to Windows 10 that you are now literally trying to trick or even force users to upgrade? This is not acceptable. You need to step down from this or the backlash is going to get serious. There is already discussion around the idea of a class action lawsuit.

Update 2015Oct18: I’m not the only person seeing this kind of thing. Some Windows 7 and 8.x users have reported the Windows 10 upgrade installing without any confirmation at all.

Chrome, Google, Patches and updates, Security

24 security fixes in latest version of Chrome

Leave a comment

Chrome 46.0.2490.71 includes fixes for a variety of issues, including at least 24 security vulnerabilities.

As usual, the details are buried in the rather technical change log. Go ahead and take a look, but set aside several hours, because that log is 245,986 lines long. That’s not a typo. I started reading the log, and after scrolling down about 20 pages, I noticed that my browser’s scrollbar hadn’t even moved. There may some interesting stuff in there, but life’s too short to read that monstrosity.