boot13Google has pushed out a new version of Chrome that fixes a graphics-related bug.
Google Chrome 27.0.1453.93 released
The latest version of Google’s web browser includes several security and other bug fixes, better spell checking, improved search predictions, improved web page loading times and the latest Adobe Flash for Chrome (11.7.700.203).
Microsoft confirms name and price for next version of Windows
After much speculation, Microsoft has finally announced a name for the next version of Windows: Windows 8.1. Up until now, the working name for the new version was Windows Blue.
Anyone currently using Windows 8 will be able to install the new version as an update for free. This sounds a lot like what Microsoft used to call a Service Pack. Well, whatever they want to call it, as long as it’s free, I’m all for it.
The new version is expected to bring back some aspects of the Start button, the Start menu and the traditional desktop, but the details remain unclear.
Firefox version 21 released
Another new version of Firefox was released today. Version 21.0 fixes several security vulnerabilities and other bugs.
As usual, the release notes for version 21 don’t mention the version except in a note about contributors, but the list of fixes seems to be relevant to the new version.
Clicking the ‘complete list of changes‘ link on the release notes page now goes to the Firefox bug tracking site, but the list of bugs shown includes issues that were resolved long before version 21 appeared, which is still very confusing.
On a brighter note, the release notes page now includes this entry:
21.0: Security fixes can be found here
Clicking the associated link shows a page titled “Known Vulnerabilities”, which clearly shows the version in which particular security vulnerabilities were fixed.
Adobe issues updates for Reader and Acrobat
Updates for Adobe’s PDF Reader product line were issued today. The updates fix vulnerabilities that could cause instability or allow unwanted remote access on affected computers. The updates bring Reader up to version 11.0.03.
Update for Adobe Flash
Adobe just announced an update for Flash, version 11.7.700.202. As usual, the update fixes vulnerabilities in Flash that could cause instability or allow remote control of affected computers.
Microsoft, which maintains Flash separately for Internet Explorer 10, released an update for that browser with the latest fixes. The patch is available from Windows Update.
Likewise for Google, which released a corresponding patch for its Chrome browser. Chrome will update itself automatically.
Patch Tuesday for May 2013
The month’s updates include fixes for vulnerabilities in Windows, Internet Explorer, .NET and Office. The main bulletin has all the technical details, and the Microsoft Security Response Center has a more reader-friendly summary, entitled “Microsoft Customer Protections for May 2013”.
The expected patch for recently-discovered vulnerabilities in Internet Explorer 8 is included in this month’s patches as MS13-038. According to Microsoft, you can install this patch whether or not you previously installed the emergency “Fix-It” released by Microsoft.
Advance notification for May 2013 Patch Tuesday
As usual, Microsoft has issued an advance notification for this month’s Patch Tuesday. The updates will become available on Tuesday, May 14 at about 10am PST.
There are ten bulletins this month, two of them flagged Critical. In total, 34 vulnerabilities in Windows, Office, Internet Explorer, .NET and server software will be addressed.
Update 2013May11: The upcoming patches will include a fix for the Internet Explorer 8 vulnerability recently discovered.
Latest SANS Ouch! newsletter: passwords
The latest edition of Ouch! (warning: PDF) from SANS is all about passwords, answering questions like: What’s the difference between a strong password and a weak one? What’s a passphrase?
Internet Explorer 8 vulnerable to new web-based attack
Update 2013May09: Microsoft has issued a ‘Fix-It’ for this problem. This is a temporary, band-aid solution to the problem. It will be superseded by an actual patch at some point. The original bulletin about this issue has been updated to include information about the ‘Fix-It’.
Microsoft recently announced a new attack, targeted at a specific version of Internet Explorer, being exploited in the wild. More details are provided in the associated security advisory from Microsoft.
Only Internet Explorer version 8 is vulnerable to this attack, which begins when someone using IE8 is tricked into visiting a compromised web site. Once infected, the user’s computer can be remotely controlled by the attacker.
Anyone using Internet Explorer 8 is strongly urged to upgrade to IE9, or – if using Windows 7 or 8 – to IE10. If upgrading Internet Explorer is not an option, you can reduce the risk of infection by increasing the level of protection provided by the browser, as follows:
Set Internet and local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones. This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones. This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
Ars Technica has additional details.