Category Archives: Security

aka infosec

Chrome 75.0.3770.90

The latest Chrome release features a fix for one security vulnerability. There are about forty-five actual changes listed in the full change log, none of which are particularly noteworthy.

There’s not much of interest in the release announcement for Chrome 75.0.3770.90, although it does point out that the vulnerability was discovered and reported by a non-Google researcher.

Unless you’ve gone to the trouble of disabling Google’s persistent automatic update processes, your installation of Chrome will likely update itself over the next few days.

You can check your version and trigger any pending updates by navigating Chrome’s menu (the ‘three-vertical-dots’ button at the top right) to Help > About Google Chrome.

Patch Tuesday for June 2019

It’s update time once again, and along with the updates from Microsoft and Adobe, I’m going to annoy you with yet another reminder that Only You Can Prevent Internet Worms. That sounds kind of gross, actually.

Analysis of the Security Update Guide spreadsheet, so thoughtfully provided by Microsoft each month, shows that this month there are thirty-three updates, addressing eighty-eight security vulnerabilities in Windows (7, 8.1, 10, and Server); Flash in Internet Explorer and Edge; Internet Explorer 9 through 11; Edge; and Office 2010, 2016, and 2019. At least twenty-one of the vulnerabilities are categorized as Critical.

If you missed last month’s update festivities, you may not be aware that there’s a very dangerous vulnerability (CVE-2019-0708) in Microsoft’s Remote Desktop feature in Windows XP, Windows 7, and Server 2008. Updates for Windows 7 and Windows Server 2008 computers are available in the usual way, via Windows Update. An update for Windows XP is also available, but you’ll have to download and install it manually, from the Microsoft Update Catalog.

I’m pestering you about this because the last time a vulnerability like this appeared, we got the global WannaCry worm mess. Patch those systems and prevent a similar worm from giving the world another major headache. Here’s Microsoft on the subject, as well as Ars Technica.

As usual, Adobe has released software updates to coincide with Microsoft’s Patch Tuesday, which makes things nice and tidy with Flash being integrated into IE and Edge. Flash 32.0.0.207 fixes a single security vulnerability.

There are a few ways to update Flash on Windows, but starting with the Flash Player Control Panel works for me. On the Flash CP’s Updates tab, you’ll find a Check Now button, which will take you to the Get Adobe Flash page. That will tell you which version you’re running. If you need an update, click the Player Download Center link on that page.

Chrome 75.0.3770.80

A new version of Chrome includes fixes for forty-two security vulnerabilities.

The full log for Chrome 75.0.3770.80 lists over fourteen thousand changes, so good luck reading all that.

Google did not highlight any of the changes in the announcement for Chrome 75.0.3770.80, which only provides this somewhat cryptic message: “Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 75.”

Check your Chrome version by navigating its ‘three vertical dots’ menu icon (at the top right) to Help > About Google Chrome. If an update is available, it will be offered to you.

Firefox 67.0

Firefox 67.0, released on May 21, improves the browser’s privacy, security, accessibility, performance, and compatibility. There are also twenty-one security fixes in the new version.

You can find all the details on the release notes page, and a related Mozilla blog post.

A couple of the changes are worth highlighting:

  • Firefox can now be configured to block known cryptominers and fingerprinters using Content Blocking preferences.
  • Accessibility improvements: there’s now full keyboard access to toolbar areas, including add-ons, downloads, Page actions, etc.

You can check your current version and trigger an update check by navigating Firefox’s ‘hamburger’ menu to Help > About Firefox.

Chrome 74.0.3729.157

A new version of Chrome fixes a single security bug. Chrome 74.0.3729.157 was announced and made available on May 14, so it may have already found its way to your computer by way of Google’s rather insistent update mechanisms.

If you’re not sure which version of Chrome you’re running, click that little ‘three vertical dots’ menu button at the top right, and navigate to Help > About Google Chrome. Besides showing you the version of your current installation, this will usually prompt Chrome to check for available updates and offer to install a new version.

Patch Tuesday for May 2019

From Microsoft this month, we get forty-six updates, addressing seventy-nine distinct vulnerabilities in the usual gang of idiots, namely Windows, Office, Internet Explorer, Edge, .NET, Flash in Internet Explorer, and Visual Studio. Nineteen of the updates have been flagged with Critical severity. Head over to Microsoft’s Security Update Guide for more details.

Those of you running Windows 10 may actually be satisfied with its automatic updates, despite the problems. Either that or you’ve given up fighting Microsoft. And of course there are plenty of folks running Windows 7 and 8 with automatic updates enabled, in response to which I can only tip my hat and tell you that you’re braver than I. The rest of us will (or should) be making the trudge over to Windows Update today.

Microsoft dons a white hat

One of the updates made available by Microsoft today fixes a serious vulnerability (CVE-2019-0708) in older versions of Windows, including Windows 7, XP, and Server 2008. Despite the fact that official support for these versions has ended, Microsoft decided to make the world a slightly better place, taking the time to develop, test, and publish these updates. Which is good, because the hole being fixed is a bad one, in that it could provide a handy new conduit for malicious software worms to propagate… just like WannaCry did in 2017.

So, two things: first of all, thanks Microsoft! Second, if you run Windows 7 or Windows Server 2008 computers, please check Windows Update and install the May 2019 monthly security rollup as described on this Microsoft page. For any computers running Windows XP, you’ll have to download the appropriate update from the Microsoft Update Catalog, as decribed on this Microsoft page.

More about Microsoft’s unusual move

Adobe

Adobe logoAdobe’s contribution this month consists of new versions of Flash and Acrobat Reader. Flash 32.0.0.192 addresses a single security vulnerability, while Acrobat Reader DC 2019.012.20034 addresses a whopping eighty-four vulnerabilities in earlier versions.

Reader will generally update itself, but you can make sure by navigating its menu to Help > Check for Updates.... The easiest way to update Flash is to look for it in the Windows Control Panel. Go to the Updates tab of the Flash control panel widget and click Check Now. This will take you indirectly to the download page for Flash. Make sure you opt out of any additional software offered for install on that page.

Chrome 74.0.3729.131

The latest Chrome browser, version 74.0.3729.131, includes fixes for a pair of security vulnerabilities. Fifty-four changes are listed in the full change log, of which about half are actual changes and not just bookkeeping.

As usual, you can let Chrome update itself on its own mysterious schedule, or trigger an update by navigating its ‘three dots’ menu to Help > About Google Chrome. There are other ways to obtain the latest version, but that’s the most straightforward.

Chrome 74.0.3729.108

According to the release announcement, Chrome 74.0.3729.108 fixes thirty-nine security vulnerabilities. The full change log lists almost fourteen thousand changes in all. Good luck absorbing all that information.

Chrome generally keeps itself up to date whether you want it to or not, which is arguably a good thing, given that a lot of malware makes its way onto computers via unpatched security holes in web browsers. You can check which version you’re currently running, and — if an update is available — trigger the update process by navigating Chrome’s ‘three dot’ menu to Help > About Google Chrome.