Adobe has released a new version of its ubiquitous Flash Player. Version 11.9.900.170 includes fixes for two security vulnerabilities, as well as some other bug fixes.
As usual, Flash in Internet Explorer 10 on Windows 8.x will be updated separately, by way of Microsoft Update. Google Chrome will also get the new version of Flash via its own internal update mechanism.
Yesterday being the second Tuesday in December, another batch of updates was made available by Microsoft. This month there are eleven updates, affecting Windows, Internet Explorer, GDI+ and various server software. Five of the updates are flagged as Critical.
The official Security Bulletin Summary has all the technical details. As usual, there’s a somewhat less technical explanation of this month’s updates over at the MSRC blog. The MSRC post is worth reading, if only for the explanation of the difference between a security advisory and a security bulletin. The short version is that a bulletin is always associated with an update, whereas an advisory usually isn’t.
There’s an interesting hilarious horrifying post over at Ars Technica with some examples of the kind of service we’ve all come to expect in the competition-free world of Internet Service Providers.
Those stories make our ISP (Shaw) look pretty good by comparison with Comcast, Verizon, and Time Warner. Still, our WAN connection has been up and down during the last few days, and I’m still waiting for a service call. It’s up now, but it’s been down for a total of 34 hours in the last week.
People are still staying away from Windows 8, according to the latest sales figures. When compared with historical Windows 7 sales, Windows 8 is selling extremely poorly.
To make matters worse for Microsoft, Windows 7’s current growth rate exceeds that of Windows 8. In other words, Windows 7 sales are increasing faster than Windows 8’s. That problem may actually get worse before it gets better – if it ever does get better – as we move closer to the end of support for Windows XP on April 8, 2014. Standard advice to anyone upgrading from Windows XP is to go with Windows 7: a solid operating system that will continue to receive support until 2020.
Microsoft is obviously aware that Windows 8 is starting to look like Windows Vista or Windows Me: versions of Windows heavily criticized and properly avoided where possible. And as you might expect, they are starting to look at backtracking on some of the most-despised features of Windows 8. Windows 8.1 brought back the Start button, but without the Start menu, that move was mostly pointless. But the next version of Windows may bring back the Start menu.
On December 10, Microsoft will publish eleven bulletins, with associated updates affecting Internet Explorer, Windows, Microsoft Exchange and GDI+.
The official advance notification has the technical details, while a post on the MSRC blog describes the updates in less technical language.
A new version of Google Chrome was released on December 4. Version 31.0.1650.63 includes fifteen security fixes.
Christmas is coming, and along with it, holiday-themed scams, spam and malware. It’s a time for families to come together and celebrate, but it’s also a time to be wary and vigilant.
CERT has provided a handy set of guidelines and tools you can use to avoid being the recipient of one of these unwanted ‘gifts’.
Version 18.0.1284.49 of the Webkit-based (and sadly deficient) Opera web browser improves stability and adds a few new features, including camera/microphone support, the ability to move tabs between windows, custom themes, and custom search engines.
The official announcement and release notes pages have additional details.
Another stealth release of Firefox happened on November 15. Version 25.0.1 apparently fixes some security vulnerabilities and other bugs. With the total lack of any kind of announcement for this release, and the way the release notes include changes in previous releases, it’s difficult to be certain what’s new in this version. For instance, the version 25.0.1 release notes point to the ‘Known vulnerabilities‘ page, but there’s nothing listed there that’s specific to version 25.0.1. The release notes for 25.0.1 also point to Bugzilla (‘complete list of changes‘), but the list of fixed bugs shows everything for version 25, and nothing specific to version 25.0.1. What a mess.
Update 2013Nov23: EWeek has more information about the security vulnerabilities fixed in Firefox 25.0.1 (even if Mozilla doesn’t).
Hot on the heels of version 31.0.1650.48, the latest version of Google’s web browser fixes multiple memory corruption issues as demonstrated by an exploit privately reported to Google.
boot13