It’s a relatively light month for Microsoft, with only six bulletins, and associated updates affecting Windows, Windows Server, Internet Explorer, Office, and the new Windows 10 browser Edge. Three of the bulletins are flagged as Critical. The bulletin summary has all the details, and it includes a link to Microsoft’s Security Advisories page for 2015, which may be of some interest.
Meanwhile, Adobe’s contribution to this month’s patch pile is more updates for Flash and Reader/Acrobat. The new version of Flash is 19.0.0.207, and it addresses thirteen vulnerabilities. The release notes get into the details of what was changed, which includes a few bug fixes unrelated to security. As always, Chrome will update itself and Internet Explorer on newer versions of Windows will get the new Flash via Windows Update.
The newest versions of Adobe Reader are 11.0.13 for Reader XI, and 2015.009.20069 for Acrobat Reader DC. At least fifty-six vulnerabilities are addressed in these updates. Check out the related security bulletin for additional information.
A strange – and possibly harmful – update started being delivered to Windows computers yesterday. Early speculation ranged from problems with the Windows Update infrastructure to the service being compromised by attackers.
Microsoft eventually weighed in, saying that the update was part of a test, and that it was never intended to end up on user computers.
Apparently the update was installed on some Windows 7 computers, at least one of which was rendered nearly inoperable, according to the user.
Presumably there will be additional followup from Microsoft. This is the kind of problem that makes people (including myself) justifiably nervous about the forced automatic updates in Windows 10.
The latest Firefox fixes a few bugs that caused crashes and hangs in relation to Flash, bookmarks, and Facebook. There are no security-related changes in this release.
It looks like Mozilla finally decided to stop putting all previous release notes for the associated major version on every release notes page. Instead, they’re adding a link to the major version’s release notes at the top of the What’s New list. Unfortunately, they managed to mess that up with this release, because the Reference: Release notes for Firefox 41.0 link actually points to the notes for Firefox 40.0. Here’s a link to the Firefox 41 notes.
A new version of the Webkit-based Opera browser was announced earlier today. Opera 32.0.1948.69 fixes a few minor bugs, none of which are related to security.
Note that Opera’s own update checker (menu > About Opera) typically won’t notice a new release for a couple of days after it’s announced. If you want to install a new version, head over to the Opera web site and install it from there.
The usual lack of a coherent version announcement accompanied yesterday’s release of Firefox 41. A post on the Mozilla blog refers vaguely to the ‘latest Firefox’, and provides a brief overview of changes to Firefox accounts and synchronization in the new version.
The release notes for Firefox 41 provide more details on the changes, although nothing listed there is of much interest.
There’s a new version of Flash. Version 19.0.0.185 addresses almost two dozen security vulnerabilities in previous versions. Yes, as fast as Adobe can plug one hole, another opens up. Happily, the web is already moving away from Flash. With any luck, five years from now Flash will be a distant memory.
If you still use a web browser with Flash enabled, you need to update Flash and any related browser extensions as soon as possible.
As usual, Internet Explorer on newer versions of Windows will get its own Flash updates via Windows Update, and Chrome will auto-update itself with the latest Flash.
Not long ago, I expressed my disappointment with BitTorrent‘s 2.0 release of their Sync software. My main beef was that they had introduced a ten-folder limit on the free version, thereby rendering it almost useless.
Well, apparently BitTorrent listened to the complaints, because the just-released Sync 2.2 removes the ten-folder limit from the free version.
This is great news, especially since I’ve been unable to find a reliable replacement for Sync. Kudos to BitTorrent for listening to users and reverting the earlier decision.
boot13