Yesterday, Oracle announced that it will soon issue a significant update for Java. The update will include fixes for forty-two known security vulnerabilities, including thirty-nine that may be remotely exploitable without authentication. Apparently the update will also introduce some new general security improvements.
Ars Technica has additional details.
The update is scheduled for release later today (April 16, 2013).
Ars Technica reports on evidence of a worldwide attack on WordPress web sites.
The attack seems to focus mainly on brute-force login attempts using the WordPress ‘admin’ account. Successful password guesses allow the attacker to gain full control over the site and install back-door software.
Anyone who operates a WordPress web site should quickly check their admin password and change it to something complex: no dictionary words; use of mixed case letters, numbers and punctuation; at least 10 characters long.
Apparently some Windows users are encountering problems after installing last Tuesday’s Microsoft updates. One of the updates, KB2823324 (aka MS13-036), is causing system errors on some Windows computers.
Affected users are advised to follow the instructions in a new bulletin, KB2839011 – You receive an Event ID 55 or a 0xc000021a Stop error in Windows 7 after you install security update 2823324.
The original update has been pulled from the Windows Update site, and is no longer being pushed out to Windows computers with Autoupdate enabled.
Update: Microsoft is now saying that the update in question (KB2823324) should be removed from ALL Windows 7 computers. See bulletin KB2839011.
A new version of Chrome was made available today. Included in version 26.0.1410.64 is a new version of Flash (11.7), and some stability improvements.
Today, Adobe announced the latest version of Flash, 11.7.
The new version includes security improvements related to Firefox, and fixes several bugs.
The changes in Flash 11.7 will find their way into Internet Explorer 10 and Google Chrome in the near future, in the form of separate updates for those programs.
There are nine updates this month. They should be available from Windows Update by the time you read this. The updates fix security issues in Windows, Internet Explorer, Office and server software. Two of the updates are flagged as critical. If you want all the technical details, see the security bulletin for this month’s updates.
It’s that time again. Microsoft has posted its usual notification about the next Patch Tuesday. This month’s patch day is on April 9. Anyone using Windows Autoupdate will start seeing the patches around 10am on that day.
There will be nine bulletins/updates this month, two of which are Critical, addressing Windows, Internet Explorer, Office, and server software. The technical details are available in the associated Security TechCenter post.
Version 12.15 of the Opera web browser was announced this morning. The new version contains fixes for several security issues. The complete list of changes can be seen in the version 12.15 release notes.
Microsoft is moving toward a release system for Windows that more closely resembles Apple’s OS releases. The reason is fairly obvious: money. With major new operating system releases from Microsoft separated by several years, and every other release being largely ignored (think Windows Me and Vista), Microsoft just isn’t making enough money on Windows.
So, Microsoft has been working away on their next Windows release, code-named ‘Windows Blue’, and they plan to produce additional releases on a yearly basis. Pricing remains unclear, but apparently the upgrades will be “low-cost”. If Microsoft can make this work, they will have a steady inflow of cash from Windows sales.
In the past, incremental releases were provided in the form of service packs, which were always available for free. Microsoft insists that the new releases will do much more than the old service packs, but that remains to be seen. For now, the simplest way to think about this is that Microsoft is going to start charging for service packs.
The Verge has a series of posts about Windows Blue that are worth reading.
On Tuesday, Mozilla released another new version of Firefox, version 20.
The new version includes several security fixes, as well as private browsing, changes to the download system, performance improvements, and several other bug fixes and enhancements.
As usual, the release notes and complete list of changes for this release are a jumbled mess of old and new information, making the job of figuring out what has actually changed needlessly difficult. Will they ever fix this?
boot13