Category Archives: Patches and updates

Firefox 14.0.1 – security fixes and secure search

July 18, 2012 jrivett Leave a comment

A new version of Firefox was released yesterday: 14.0.1. You can download the new version from the Mozilla site.

This new version contains fixes for several security vulnerabilities, as outlined on the Firefox security advisories page.

The new version also sports several new features, including secure search, which changes the search bar to use secure searching if available. This follows Google’s recent change to use secure search by default for users logged in to Google. Secure browsing is now shown by a lock icon at the far left of the address bar, which replaces the favicon previously shown there.

The official release announcement for version 14.0.1 contains all the details.

Chrome, Flash, Patches and updates

New version of Google Chrome fixes several vulnerabilities

July 13, 2012 jrivett Leave a comment

Google has released a new version of its Chrome web browser: 20.0.1132.57, for Windows, Mac and Linux. The new version includes several security fixes, an update to Flash player and some stability/bug fixes.

The details of this new version are in the Google Chrome Releases blog.

Chrome typically updates itself with minimal fuss when it detects that a new version is available. You can also download the current version from the Chrome site.

Adobe, Flash, Patches and updates

New versions of Adobe Flash player

July 13, 2012 jrivett Leave a comment

Adobe has released new versions of its Flash player. Both the ActiveX version (used by Internet Explorer) and the Plug-in version (used by most other browsers) are now at version 11.3.300.265.

Adobe Flash – current version list

Adobe Flash – downloads

Patches and updates

Patch disables Sidebar & Gadgets on Vista and Windows 7

July 11, 2012 jrivett Leave a comment

One of the updates in the July 2012 Patch Tuesday collection was actually a ‘Fix-It’ that simply disables the ‘Sidebar’ and ‘Gadgets’ features of Windows Vista and Windows 7.

This drastic step was taken by Microsoft to address the general vulnerability of the Sidebar and Gadgets. Anyone who uses these features must choose between a) disabling them; and b) continuing to use them and risking the security of their computer.

The details are in Microsoft Security Advisory 2719662.

Internet Explorer, Patches and updates, Windows

July 2012 Patch Tuesday is here!

July 10, 2012 jrivett Leave a comment

Windows computers configured for auto update should receive these patches in the next 24 hours. If you are responsible for any Windows computers that don’t use auto update, you should run Microsoft Update on those computers as soon as possible. If you’d like to avoid using Internet Explorer (required for Microsoft Update), you can download the updates as a disc image. For the technical details, here are links to all eleven of this month’s bulletins:

MS12-043 – Critical : Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479) – Version: 1.0

MS12-044 – Critical : Cumulative Security Update for Internet Explorer (2719177) – Version: 1.0

MS12-045 – Critical : Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365) – Version: 1.0

MS12-046 – Important : Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960) – Version: 1.0

MS12-047 – Important : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523) – Version: 1.0

MS12-048 – Important : Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442) – Version: 1.0

MS12-049 – Important : Vulnerability in TLS Could Allow Information Disclosure (2655992) – Version: 1.0

MS12-050 – Important : Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502) – Version: 1.1

MS12-051 – Important : Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015) – Version: 1.0

Microsoft Security Advisory (2719662): Vulnerabilities in Gadgets Could Allow Remote Code Execution – Version: 1.0

Microsoft Security Advisory (2728973): Unauthorized Digital Certificates Could Allow Spoofing – Version: 1.0

Patches and updates

Advance notification of July 2012 updates from Microsoft

July 5, 2012 jrivett Leave a comment

Microsoft has released its monthly “head’s up” for the Windows and Office updates scheduled to arrive on July 10, 2012.

There are nine bulletins/updates in total, ranging in impact from Important to Critical, affecting Windows (XP and newer) and Office (2003 and newer). One of the critical updates affects only Internet Explorer 9. Another addresses the Windows XML Core Services (MSXML) vulnerability that has been exploited increasingly in recent weeks. A total of 16 vulnerabilities will be addressed by these updates. An updated version of the Malicious Software Removal Tool is also included. A system restart will be required.

Windows computers configured for auto update should start seeing these patches in the early hours of July 10. If you are responsible for any Windows computers that don’t use auto update, you should run Microsoft Update on those computers as soon as possible after July 10. If you’d like to avoid using Internet Explorer (required for Microsoft Update), you can download the updates as a disc image. Microsoft no longer provides a web-based resource for system administrators to download offline updates.

boot13