It’s Patch Tuesday and Microsoft has released seven security bulletins, affecting Windows, Word, Internet Explorer and other Microsoft software. A total of 20 vulnerabilities are addressed by the updates. We covered the details in a previous post. As always, we encourage everyone running affected software to apply the updates as soon as possible.
More security fixes for Adobe Flash
Released yesterday, version 11.4.402.287 addresses security, performance and stability issues in the previous versions of Flash. Users are encouraged to install the new Flash as soon as possible.
Note that at the time of this post, the Flash Player Update Announcement on Adobe’s site shows the wrong version in the first paragraph. It should show the new version as 11.4.402.287 but instead shows it as 11.4.402.278.
Updates for Internet Explorer 10 and Google Chrome, containing associated fixes for Adobe Flash, were also released yesterday.
Google Chrome Version 22.0.1229.92 released
There’s another new version of Google’s Chrome web browser. Version 22.0.1229.92 addresses several security holes and includes a new version of Flash. The full details are available in the update announcement.
Options for bringing the Start menu back to Windows 8
ITWorld has posted an article reviewing several methods for reviving the Start menu in Windows 8.
Two of the solutions are open source (free), and the third costs about $5. Each has various pros and cons, as described in the article.
October 2012 Patch Tuesday Advance Notice
Another month, another batch of updates from Microsoft. On October 9, starting at about 10 am PDT, Microsoft will release patches that address a total of twenty vulnerabilities in Windows and Office. Seven security bulletins will cover the defects being patched, one of which is a critical vulnerability in Word.
Also included in the upcoming updates will be Microsoft Security Advisory (2661254): Update For Minimum Certificate Key Length. This update is the final step in a series of actions taken by Microsoft to improve Internet-based security for its products. This update will force RSA-encrypted communications in Internet Explorer and Outlook to use keys that are 1024 bits in length or greater. If you access secure web sites with Internet Explorer or use encrypted email with Outlook, this update may cause those services to stop working. For further details, see:
Poll shows Windows 8 users prefer Windows 7
While it may be too early for definite conclusions, a recent survey of 50,000 Windows 8 users shows that a huge proportion of early adopters would rather be using Windows 7.
Apparently people like how fast the new O/S boots up, but they are not enjoying the new Metro Windows 8 style (whatever) user interface.
Another Java vulnerability revealed
As if things weren’t bad enough for Java on the web, security researcher Adam Gowdiak of Security Explorations yesterday announced yet another critical security flaw.
The new flaw apparently affects all versions of Java, including the most recent updates of Java 5, 6 and 7.
How does this affect users? Nothing has really changed: users are strongly urged to disable Java in their web browsers, since web sites are the most likely vector for attacks based on Java vulnerabilities. If that isn’t possible or practical for you, then your best course of action is to be extremely cautious when deciding whether to click any kind of link, in email or anywhere else. Simply visiting a web site can be enough to infect your computer.
Oracle has not responded to this latest report, and they have yet to respond to the previous Java vulnerability reports.
Another new version of Google Chrome
Google’s been busily fixing security holes and adding interesting new features to its web browser.
The latest version of Chrome is 22.0.1229.79, and it includes fixes for at least forty-two vulnerabilities, as well as some enhancements specific to Windows 8, and a new ability for Javascript called ‘Pointer Lock‘.
New version of Flash
Version 11.4.402.278 of Flash for Internet Explorer and other major Windows web browsers was released on September 18 with little or no fanfare. No release notes are yet available, so it’s unclear what changes were made in the new version. Additional information will be posted here as it becomes available.
Google Apps dropping support for Internet Explorer 8
Google recently announced that it will be dropping support for version 8 and earlier of Internet Explorer in Google Apps.
The change will occur shortly after the release of Internet Explorer 10, on November 15, 2012.
Internet Explorer 8 is the most recent version of the web browser that runs on Windows XP, so anyone who uses Internet Explorer on Windows XP to access Google Apps will need to switch to a different web browser, or upgrade to Windows 7 or 8 after November 15.