Tuesday, November 12 will see a modest batch of updates from Microsoft. There will be eight bulletins in total, with five Critical updates addressing vulnerabilities in Windows and Internet Explorer, and three Important updates addressing vulnerabilities in Windows and Office.
The recently-discovered vulnerability in Office running on Vista will not get a patch on November 12, but Microsoft is working on it and will release it as soon as it’s ready.
Version 3.7.1 fixes several minor issues that arose in the recent version 3.7 release, including some issues with the new auto-update feature. The official announcement of version 3.7.1 lists the changes.
The release of WordPress 3.7.1 provides a useful test of the new auto-update feature. I administer five WordPress sites, which I updated to version 3.7 the day it became available. Of those five sites, only two have updated themselves to 3.7.1 in the two days since its release. I will continue to update this post as the other three update themselves. Then I’ll decide whether to leave auto-updates enabled or continue to handle updates manually. Update 2013Nov01: two more sites updated themselves in the last day or so. One remains at version 3.7. Update 2013Nov04: one of the sites never updated itself, despite passing the auto-update tests. I updated it manually. I’ve concluded that the auto-update feature is useful, but not to be relied upon – at least not yet.
There have been a lot of reports of problems with the new auto-update feature. Most of these problems relate to hosting providers and limitations they impose on WordPress sites. Some of those problems were resolved in 3.7.1. In any case, you can diagnose auto-update problems using the new plugin Background Update Tester.
Another new plugin named Update Control allows you to control the way auto-updates work, including disabling them completely.
WordPress Tavern has a useful post about the new auto-update feature, titled “WordPress Automatic Updates – No Options For You!” There’s also a post on WordPress.org: “The definitive guide to disabling auto updates in WordPress 3.7.”
Mozilla released Firefox 25 on October 29, with the usual lack of any kind of announcement. I was alerted to the new version via posts on the SANS ISC Diary and the CERT alerts list.
The only thing even close to an announcement of the new version from Mozilla is a blog post from the 29th that describes one of the new features in Firefox 25. The blog post never even mentions the new version.
The version 25 release notes list the changes in this version, which consist of several security vulnerability fixes, a few other bug fixes, Web Audio support, and some CSS and HTML standards tweaks.
The Known Vulnerabilities page shows the security-related fixes in version 25.
The latest version of WordPress adds a few new features, including automated security and plugin updates. Although there are no security fixes in this release, overall security is improved through security auto-updates and improved password complexity requirements. Highly recommended for anyone running a WordPress site.
The Opera development team is working on the next major revisions of the Webkit-based version of the browser, which we will eventually see in the form of Opera 18 and Opera 19. The current stable version is 17, meaning that Opera 17 is not undergoing active development. However, the developers are fixing bugs in Opera 17, and that’s the reason for this update. Version 17.0.1241.53 includes fixes for several crashing problems in the previous release.
Windows 8 Service Pack 1 Windows 8.1 is now available. If you’re not already running Windows 8, you can purchase 8.1 from the Windows Store. If you are using Windows 8, you should start seeing prompts in the Windows Store to upgrade to 8.1 (a free download).
In the past, when a Windows Service Pack became available, savvy users tended to stay away until the inevitable problems were resolved. I don’t see any particular reason to charge blindly into Windows 8.1 either. My advice is to wait for at least two weeks and monitor this and other tech blogs for reports from early adopters.
Ars Technica and The Verge have additional information:
As part of a massive quarterly ‘CPU’ (Critical Patch Update), Oracle recently announced Java 7, Update 45 (7u45).
This new version of Java includes several security enhancements, mostly related to Java component deployment. A new button on the Security tab of the Java Control Panel, labeled ‘Restore Security Prompts’, allows the user to completely clear the list of allowed Java applications.
As for the contentious ‘Issue 69‘ Java security vulnerability reported by security researcher Adam Gowdiak: according to Mr. Gowdiak’s latest research, this issue was resolved in Java 7, Update 40 (7u40).
Another new version of Google Chrome was announced yesterday. The new version includes fixes for five security vulnerabilities, many of which were reported to Google via its ongoing vulnerability rewards program.
Patches from Microsoft and Adobe were announced today, along with a new version of Flash.
Eight bulletins from Microsoft fix security vulnerabilities in Windows, Internet Explorer, .NET, Office, Windows Server and Silverlight.
The Microsoft Security Research Center as usual provides a more friendly overview of this month’s patches, while the SANS Internet Storm Center provides a wealth of technical details.
Two bulletins from Adobe fix security vulnerabilities in Adobe Reader/Acrobat and Robohelp.
Flash 11.9.900.117 includes a long list of bug fixes. Chrome will be updated silently to match the new version of Flash. An update for Internet Explorer 10 on Windows 8 is also on the way.
Development continues on the new Webkit-based version of the Opera web browser. Version 17 was announced today. This version adds pinned tabs, startup options and custom search engine support.
Purists can still download the classic version 12.x Opera. It remains to be seen how many of the features lost in the transition from the Presto-based browser will be added to the Webkit-based browser. So far there’s plenty missing, including bookmarks, the sidebar and proper tab control.
boot13