This month’s Ouch! newsletter (PDF) from SANS lists the steps necessary for users to secure their computers. If you’re doing everything on this list, pat yourself on the back. If not, it’s time to take action.
It’s another Patch Tuesday for Microsoft software
This month there are seven bulletins, addressing twelve issues in Windows, Internet Explorer (including IE 10) and Office. The Microsoft Security Response Center has a useful summary. For the gory details, see the official security bulletin for the December updates over at Technet.
Here are the bulletins:
More updates for Flash Player
Adobe has released new versions of Flash for all platforms. Windows users are encouraged to update Flash to the new version: 11.5.502.135.
Internet Explorer 10 and Google Chrome users will get the equivalent patch in the form of updates from Microsoft and Google, respectively.
The new versions fix a serious security issue in Flash.
Chrome 23.0.1271.97: more bug and security fixes
The latest version of Google’s web browser has a few minor fixes, including one for a bug that caused the browser to crash in certain situations. Several security issues are also addressed in this version.
Advance notification for December 2012 Patch Tuesday
Microsoft has issued their monthly heads up for December’s patches.
The associated Security Bulletin outlines seven upcoming bulletins that address eleven security vulnerabilities, affecting Windows, Word and Internet Explorer (including IE 10).
The patches will become available at about 10am PST on December 11, 2012.
More security fixes for Google Chrome
The latest version of Google’s Chrome web browser includes two security fixes and a few minor non-security fixes.
Firefox 17.0.1 fixes bugs, improves performance
The latest version of Firefox includes several bug fixes, as well as some performance tweaks. The most notable changes are listed on the version 17.0.1 release notes page, while the 17.0.1 bug fixes page lists every change.
Windows 8 crapware
Just in case you had any doubt, new PCs loaded with Windows 8 also come pre-bloated with crapware. For those unfamiliar with the term, crapware refers to the software pre-installed on OEM systems that typically adds nothing useful, but uses up system resources and causes slowness and instability.
OEM system builders like Dell, HP, Acer and so on install the software because they make money from it: third-party software companies pay the OEM builders to install trial versions of their software. Other types of crapware originate with the OEM builder: software that delivers advertising, offers to sell more products, reminds the customer to register their software, tracks usage, and a host of other shady purposes, often presented as helpful.
Some builders offer an option to buy systems without the crapware, but that will cost you extra. A better solution is to use the free software PCDecrapifier.
ITWorld has some details on new Windows 8 crapware they’ve encountered.
Google Chrome web browser updated
Version 23.0.1271.91 of Chrome includes several security and other bug fixes.
Holiday malware is on its way to your inbox
With Christmas just over a month away, CERT is reminding us to be wary of holiday-related email. Malware and scam perpetrators use ‘big events’ like Christmas and celebrity deaths to push their wares on unsuspecting people.