Microsoft will be issuing several patches for Windows, Office, and other software on August 14, 2012. According to the advance bulletin, there are nine updates in all, with five affecting various versions of Windows, and three affecting various versions of Office.
A total of 14 vulnerabilities will be addressed by the patches. Five of the bulletins are rated critical.
Additional details will be posted here as they are made available in the lead-up to Patch Tuesday.
And just like that, we’ve got another new version of Google’s web browser: 21.0.1180.75.
This version includes security and stability fixes, as well as some additional improvements to the new Flash player.
According to Google’s Chromium blog, the most recent version of the Chrome web browser (21.0.1180.60) includes a new version of Flash that uses a more stable technology for integration into the browser.
According to Google:
Beyond the security benefits, PPAPI has allowed us to move plug-ins forward in numerous other ways. By eliminating the complexity and legacy code associated with NPAPI, we’ve reduced Flash crashes by about 20%.
That sounds promising. Given the massive, ongoing problems with Flash in all browsers, it’s encouraging to see any kind of progress. Of course, this only affects Chrome. Also, it would be nice to see crashes reduced by a number approaching 100%. Oh well.
If you use Adobe Flash Player on Windows (and who doesn’t, really?) you may have noticed that recent versions include an auto-update system. This software runs on your computer in the background, checks for new versions of Flash, and optionally updates Flash automatically. It’s called the Flash Player Update Service.
Yesterday, Adobe released an update for the Update Service to address a crashing problem in the service. The Flash player itself was not changed, and no other changes were made to the Update Service.
So, despite the fact that this update to the Update Service does not affect Flash itself, Adobe packaged the update in a ‘new’ version of Flash: 11.3.300.270. Confusingly, this ‘new’ version of Flash will not appear on the Product Download Center, although it will appear on various other pages on the Adobe web site. At the time of this posting, the Download Center still shows version 11.3.300.268. Apparently the Update Service crashing issue was so serious that Adobe didn’t have time to get everything right.
Note that this crashing problem is totally unrelated to the ongoing crashing problems of the Flash player itself. In the 11.3.300.270 announcement, Adobe refers to the Flash player crashing problem, asking users to provide crash reports to assist in diagnosing it. A previous Flash player update (11.3.300.268, released July 26, 2012) was Adobe’s most recent attempt to resolve the player’s crashing problems.
Version 12.01 of the Opera web browser was announced yesterday. This is a security and stability release.
The version 12.01 changelog has all the details.
Update 2012Aug03: One of the changes in version 12.01 is a fix for problems using the new Outlook.com email service with Opera.
High profile events like celebrity deaths are seen as opportunities by malicious hackers and other nefarious persons on the Internet. Recent malicious email campaigns focus on the Olympics, trying to lure unsuspecting recipients into clicking web links or opening attachments, both resulting in the installation of backdoor/trojan software.
Please be extremely wary of all Olympic-themed email you receive during the Olympics.
The Sourcefire Vulnerability Research Team has more information on Olympic malmail.
Microsoft has completed preparations for the release of Windows 8. System builders and participants in various related programs will get access in the next few weeks, and retail copies will appear on store shelves on October 26.
Technet subscribers will get access to the new O/S on August 15.
Ars Technica and The Verge have more details.
Version 21.0.1180.60 of Google Chrome was released yesterday. The new version includes several security updates as well as some new features.
Since I originally posted this, I learned that Adobe released version 11.3.300.268 to address this problem. It remains to be seen whether the problem has actually been resolved.
The latest version (11.3.300.265) of the ubiquitous Flash plugin found in most web browsers seems to be causing web browsers running on Windows 7 and Vista to crash. A quick search of Google shows that there are reports of this happening in Firefox, Chrome and Opera. Internet Explorer seems unaffected so far, possibly due to the fact that IE uses a separate (ActiveX) version of the Flash player.
Reports indicate that Mozilla is working with Adobe to resolve this problem, and presumably the other browser developers are doing the same. Meanwhile, if you’re running Windows 7 and you watch video on the web, you may run into this problem. As awful as it sounds, the only useful workaround at this point is to switch – temporarily – to Internet Explorer.
Update 2012Jul31:
I’ve been digging through reports from all over the web, and it looks like this problem has actually been going on since as far back as 2009 and Flash 10.0.42.34. Internet Explorer may also be affected, although recent reports seem to exclude IE. Some reports imply that only 64 bit versions of Windows are affected. There are even reports that Windows XP and Mac OSX are affected. But it seems clear that something happened to Flash in version 10 that made it unstable in web browsers on Windows 7 and Vista, and the problem still exists in the most recent version of Flash, 11.3.300.265. It’s possible we’re looking at more than one problem, or one that has morphed somewhat as the Adobe developers try to fix it. An old problem that was previously fixed may have reappeared when Adobe changed something in a later version. Clearly, not all Windows 7 users are affected; if everyone who uses Youtube (the highest-profile Flash video source) on Windows 7 was having this problem, we would have heard more about it by now.
The problem seems to take slightly different forms: it may crash the browser; the plugin itself may crash, leaving the browser running; and in some cases Windows may crash. The web browser may freeze for a few minutes before any crash occurs, and Windows may become unresponsive. In most cases, the problem occurs after two or three minutes of Flash video, but it make take up to fifteen minutes. The most common scenarios involve long Youtube videos and Facebook games (both use Flash).
Here are some of the more interesting problem reports I’ve found:
Possible solutions:
Prediction: if Adobe doesn’t figure this out, and Google has heard enough complaints about it, Google might be inclined to switch Youtube from Flash to HTML5. Everyone else in the world will follow Youtube, and then Flash will disappear forever and not be missed.
Update 2012Aug03: Adobe snuck a Flash update past me on July 26. Version 11.3.300.268 attempts to address crashing problems that occur on Windows and Mac computers when playing Flash content. Adobe doesn’t seem to be convinced that the problem is resolved, however: in the version announcement, they ask users for assistance in troubleshooting the problem.
ZeroAccess appeared in the wild in early 2012 and shows no signs of slowing down. This insidious malware is part of a botnet which is apparently focused on clickfraud: infected computers simulate clicking on web advertisements, thereby generating ad revenue for the botnet’s perpetrators and their customers.
What makes ZeroAccess particularly nasty is that it can use a lot of bandwidth, causing infected computers to reach and surpass bandwidth caps. Unsuspecting users may find bandwidth overage charges on their ISP’s bills.
Most up to date anti-malware software can detect and remove ZeroAccess, so if you’re not already using such software, you should start. If you’ve noticed a spike in your Internet bandwidth usage, you should scan your computer immediately. Free on-line scanners such as Housecall, as well as free offline scanners like Microsoft Security Essentials will do the job.
Additional details:
boot13