Another Patch Tuesday is here, and this time there are nine bulletins, with associated patches affecting most versions of Windows and Microsoft Office. Several of the Windows patches are classified as critical.
Details on the August 2012 patches are posted on the Microsoft Security Bulletin site.
The patches are now available via Microsoft Update. Computers configured for automatic updates should start receiving them overnight.
Another version of Google’s Chrome browser was announced yesterday. Version 21.0.1180.77 addresses one minor problem.
As predicted by many, Microsoft has officially adopted Apple’s “take what we give you and like it” approach to software development. The hopelessly clunky, nameless, tablet-oriented new user interface in Windows 8 will not be avoidable.
Microsoft apparently really does think that everyone will like the new UI, and anyone who doesn’t is just not important. Since that last group of people includes everyone who uses their computer for more than web browsing, Skype and email, as well as everyone who reviews and evaluates software and makes software purchasing recommendations for organizations, I’m calling it now: Windows 8 is going to be a disaster.
On the other hand, intrepid developers out there have found ways around Microsoft’s idiocy before, and they’ll no doubt do it again. With any luck, they’re working right now on ways to make Windows 8 a usable O/S. UPDATE: Indeed they are – see how to bring back the Start menu in Windows 8 and Samsung’s attempt to revive the Start menu.
Blizzard, the company that brought you the Diablo series, as well as World of Warcraft, runs a service called Battle.net. The service ostensibly helps online gamers find servers running their favourite Blizzard games. In fact the service is not much more than DRM: technology used by Blizzard to prevent people from playing their games. And prevent them it does. While Blizzard only really wants to prevent people with ‘pirated’ copies of games from playing, server outages and other technical glitches have caused problems for paying customers since the service began. Even people who purchased Diablo III with no intention of playing online must use Battle.net for the single player game, so they are affected by service outages.
Yesterday, Blizzard added insult to injury when they announced that Battle.net had been hacked. According to Blizzard, no financial (credit card) data was stolen, and although passwords may have been taken, those passwords were encrypted. Still, they are recommending that all Battle.net users change their password as soon as possible.
SANS has a breakdown of the implications to users.
When Blizzard announced that Diablo III would require use of the Battle.net service, even for single player games, I decided to protest by not buying the game, despite having enjoyed the previous two games immensely. That’s starting to look like a wise choice.
Microsoft will be issuing several patches for Windows, Office, and other software on August 14, 2012. According to the advance bulletin, there are nine updates in all, with five affecting various versions of Windows, and three affecting various versions of Office.
A total of 14 vulnerabilities will be addressed by the patches. Five of the bulletins are rated critical.
Additional details will be posted here as they are made available in the lead-up to Patch Tuesday.
And just like that, we’ve got another new version of Google’s web browser: 21.0.1180.75.
This version includes security and stability fixes, as well as some additional improvements to the new Flash player.
According to Google’s Chromium blog, the most recent version of the Chrome web browser (21.0.1180.60) includes a new version of Flash that uses a more stable technology for integration into the browser.
According to Google:
Beyond the security benefits, PPAPI has allowed us to move plug-ins forward in numerous other ways. By eliminating the complexity and legacy code associated with NPAPI, we’ve reduced Flash crashes by about 20%.
That sounds promising. Given the massive, ongoing problems with Flash in all browsers, it’s encouraging to see any kind of progress. Of course, this only affects Chrome. Also, it would be nice to see crashes reduced by a number approaching 100%. Oh well.
If you use Adobe Flash Player on Windows (and who doesn’t, really?) you may have noticed that recent versions include an auto-update system. This software runs on your computer in the background, checks for new versions of Flash, and optionally updates Flash automatically. It’s called the Flash Player Update Service.
Yesterday, Adobe released an update for the Update Service to address a crashing problem in the service. The Flash player itself was not changed, and no other changes were made to the Update Service.
So, despite the fact that this update to the Update Service does not affect Flash itself, Adobe packaged the update in a ‘new’ version of Flash: 11.3.300.270. Confusingly, this ‘new’ version of Flash will not appear on the Product Download Center, although it will appear on various other pages on the Adobe web site. At the time of this posting, the Download Center still shows version 11.3.300.268. Apparently the Update Service crashing issue was so serious that Adobe didn’t have time to get everything right.
Note that this crashing problem is totally unrelated to the ongoing crashing problems of the Flash player itself. In the 11.3.300.270 announcement, Adobe refers to the Flash player crashing problem, asking users to provide crash reports to assist in diagnosing it. A previous Flash player update (11.3.300.268, released July 26, 2012) was Adobe’s most recent attempt to resolve the player’s crashing problems.
Version 12.01 of the Opera web browser was announced yesterday. This is a security and stability release.
The version 12.01 changelog has all the details.
Update 2012Aug03: One of the changes in version 12.01 is a fix for problems using the new Outlook.com email service with Opera.
High profile events like celebrity deaths are seen as opportunities by malicious hackers and other nefarious persons on the Internet. Recent malicious email campaigns focus on the Olympics, trying to lure unsuspecting recipients into clicking web links or opening attachments, both resulting in the installation of backdoor/trojan software.
Please be extremely wary of all Olympic-themed email you receive during the Olympics.
The Sourcefire Vulnerability Research Team has more information on Olympic malmail.