The latest version of Opera includes security and stability improvements.
Anyone who hasn’t yet tried Opera is encouraged to do so. A lot of people who reflexively stay away from Internet Explorer use Firefox instead, but that browser has had some issues lately. Google Chrome is a good alternative, but lacks some features that many users like. Opera is an excellent fourth option.
Another month, another Patch Tuesday. As discussed in the advance warning post, this month’s crop consists of six patches with nineteen fixes for Windows (including Windows 8), Office, Internet Explorer and .NET:
Windows users are encouraged to install the critical updates as soon as possible via Microsoft Update.
More details at the Microsoft Security Response Center.
It’s that time of the month again. Microsoft has issued its advance warning for this month’s Patch Tuesday. The patches themselves will become available, as usual, on the second Tuesday of the month. That’s November 13, 2012, at approximately 10 a.m. PST.
The patches this month affect Windows, Internet Explorer, Office and the .NET Framework. There are six planned bulletins, with 19 total issues being addressed. Four of the bulletins are rated Critical. For all the details, see the related Technet security bulletin.
As always, Windows users should install these patches as soon as possible on or after November 13.
Yesterday, Adobe announced a new version of Flash that includes fixes for several security holes in earlier versions. Anyone who uses Flash to view web-based video, which includes anyone who uses YouTube, should install the latest version of Flash as soon as possible.
The latest version of Flash for Windows is 11.5.502.110. Adobe also made available updates for older versions of Flash that address the same security vulnerabilities, but we recommend updating to the latest version.
A new version of Google Chrome, also announced yesterday, includes these security fixes. A similar patch for Internet Explorer 10 in Windows 8 was made available by Microsoft.
These updates resolve buffer overflow vulnerabilities that could lead to code execution, memory corruption vulnerabilities that could lead to code execution, and a security bypass vulnerability that could lead to code execution.
Another new version of Google’s web browser was announced today. Version 23.0.1271.64 contains some new features, as well as several bug and security fixes. A new version of Adobe Flash for Chrome, containing several security fixes, is also included.
A new version of the Opera web browser was announced recently. Version 12.10 includes integration improvements for both Windows and Mac.
Version 16.0.2 of Firefox fixes three critical security flaws in the previous version. Users are encouraged to upgrade as soon as possible.
With the pile of post-SP1 updates for Windows 7 growing and no end in sight (at least until 2020), Microsoft has decided to forsake IT workers by cancelling plans for SP2. This means that installing Windows 7 is going to become increasingly tedious: install Windows 7, install SP1, then install 100+ (and growing) patches.
Is this yet another attempt by Microsoft to get IT administrators to throw in the towel and upgrade to Windows 8? Maybe. Luckily, IT workers have plenty of tools available to create new, slipstreamed installation media for Windows 7. That means one unattended install for Windows 7, SP1 and all the updates available at the time the media was created. Microsoft stopped officially supporting slipstreaming in Vista and Windows 7, so the process is a bit more difficult, but it’s both possible and worth the effort.
Those of you running Windows 8 already should head over to Microsoft Update and install a new out-of-cycle patch for Adobe Flash in Internet Explorer 10.
Oracle has released updates for all of its Java packages. The updates include a variety of bug and security fixes across all the affected Java products.
You can download the Java Runtime Environment (JRE) or Java Developer Kit (JDK) appropriate for your computing environment from the Java downloads page.
Java browser plugins that are not updated as part of a JRE update will require separate updates, in some cases from the web browser developer (Chrome, Internet Explorer).
It is unclear whether these updates include fixes for the vulnerabilities reported in late September 2012. Update 2012-Oct-25: Apparently they do not, according to security researcher Adam Gowdiak.