Windows 8 Service Pack 1 Windows 8.1 is now available. If you’re not already running Windows 8, you can purchase 8.1 from the Windows Store. If you are using Windows 8, you should start seeing prompts in the Windows Store to upgrade to 8.1 (a free download).
In the past, when a Windows Service Pack became available, savvy users tended to stay away until the inevitable problems were resolved. I don’t see any particular reason to charge blindly into Windows 8.1 either. My advice is to wait for at least two weeks and monitor this and other tech blogs for reports from early adopters.
Ars Technica and The Verge have additional information:
As part of a massive quarterly ‘CPU’ (Critical Patch Update), Oracle recently announced Java 7, Update 45 (7u45).
This new version of Java includes several security enhancements, mostly related to Java component deployment. A new button on the Security tab of the Java Control Panel, labeled ‘Restore Security Prompts’, allows the user to completely clear the list of allowed Java applications.
As for the contentious ‘Issue 69‘ Java security vulnerability reported by security researcher Adam Gowdiak: according to Mr. Gowdiak’s latest research, this issue was resolved in Java 7, Update 40 (7u40).
Another new version of Google Chrome was announced yesterday. The new version includes fixes for five security vulnerabilities, many of which were reported to Google via its ongoing vulnerability rewards program.
Security researchers recently attempted to take down the ZeroAccess botnet, but the malware network proved more resilient than expected and is still in operation.
This month’s ‘Ouch!’ newsletter from SANS covers password managers. A password manager is a small program that stores all of your passwords, in an encrypted form. When you forget a password, you only need to remember the password manager’s password to access your collection.
I’ve been using the freeware Password Corral for years and recommend it.
On October 3, 2013, Adobe announced that their network and some of their servers had been breached. Their investigation continues, and the full scope and impact of the breach has yet to be determined.
However, we do know the following:
The intruders obtained Adobe customer data, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. According to Adobe, “At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems.” Adobe reset the passwords for all affected user accounts, and has been sending out alerts to those users. If you have never purchased software from Adobe directly, you should be safe. If you receive an alert from Adobe, follow their instructions to change your password.
The intruders also obtained source code for at least one product: Acrobat/Reader. Reader is already a popular target for malware perpetrators, and having access to the source code can only make things easier for them. Stay tuned for a fresh new crop of Reader security issues.
Patches from Microsoft and Adobe were announced today, along with a new version of Flash.
Eight bulletins from Microsoft fix security vulnerabilities in Windows, Internet Explorer, .NET, Office, Windows Server and Silverlight.
The Microsoft Security Research Center as usual provides a more friendly overview of this month’s patches, while the SANS Internet Storm Center provides a wealth of technical details.
Development continues on the new Webkit-based version of the Opera web browser. Version 17 was announced today. This version adds pinned tabs, startup options and custom search engine support.
Purists can still download the classic version 12.x Opera. It remains to be seen how many of the features lost in the transition from the Presto-based browser will be added to the Webkit-based browser. So far there’s plenty missing, including bookmarks, the sidebar and proper tab control.
Next Tuesday, October 8, will see patches from Microsoft (for Internet Explorer, Windows, .NET, Office and Silverlight) and Adobe (for Reader/Acrobat).
boot13