Thunderbird 60.5.1

Another set of security vulnerabilities was recently addressed by Mozilla with the release of Thunderbird 60.5.1. All four security issues are rated as having High impact, and are likely to affect Thunderbird’s confidentiality (leak private data), integrity (cause crashes), and/or availability (prevent normal operation).

To update Thunderbird, click its hamburger menu icon at the top right, then select Help > About Thunderbird to show your installed version. If a newer version is available, you should see a button offering to install it.

Patch Tuesday for February 2019

Analysis of Microsoft’s Security Update Guide for February 2019 reveals that there are sixty-one distinct updates and corresponding articles in Microsoft’s support knowledge base.

At least seventy-seven vulnerabilities in Windows, Office, .NET, Internet Explorer, Edge, and Visual Studio are addressed by the updates. Twenty of the updates are flagged as Critical. Included in the updates is a new version of Flash for Internet Explorer and Edge.

As always, the easiest way to update Microsoft software is to use Windows Update, found in the Control Panel or System settings of your version of Windows.


Adobe once again adds to the patching load with new versions of Flash and Reader. Flash 32.0.0.142 addresses a single security vulnerability in earlier versions. The easiest way to check your Flash version and grab an update is to visit the Flash Help page.

Adobe Reader DC 2019.010.20091 includes fixes for at least seventy security bugs in earlier versions. Newer versions of Reader support auto-updates, but you can check for new versions by running Reader, and selecting Help > Check for Updates from its menu. If there’s a new version available, you’ll be prompted to install it.

Chrome 72.0.3626.96

A single security fix prompted the release of Chrome 72.0.3626.96 last week. The full change log for this release lists forty-one changes in all, but most of them are not significant.

Chrome usually updates itself, but on its own mysterious schedule. So if you want to make sure you’re up to date, navigate its menu to Help > About Google Chrome to see the version you’re running and install any available updates.

Thunderbird 60.5: four security fixes

Mozilla remains committed to Thunderbird, the company’s full-featured yet free email client for Windows, Mac, and Linux. Which is good news, because it’s getting increasingly difficult to find good email client software.

I’ve never been a fan of web-based email. It’s handy in certain situations, but leaves much to be desired for long-term use. I’ve been using Outlook for years, but it’s more than most people need; for them, there’s Thunderbird.

Thunderbird 60.5 plugs at least four security holes in previous versions.

To update Thunderbird, click its ‘hamburger’ menu icon at the top right, hover your mouse over Help, and click About Mozilla Thunderbird. If an update is available, you’ll be prompted to install it.

Chrome 72.0.3626.81: loads of security fixes

There are at least fifty-eight security fixes in the latest Chrome browser, version 72.0.3626.81. Released on January 29, the new version contains more than fourteen thousand changes in all. If you have a few days to kill, you can read the full change log.

Chrome will generally update itself whether you want it to or not, but if you’re not sure, navigate its menu (three dot icon) to Help > About Google Chrome to see which version you have installed, and trigger an update if one is available.

I’m not sure why Google didn’t see fit to mention any of the changes in this version on the announcement page, but it’s hard to imagine that none of them were at all interesting. Besides listing about thirty of the security fixes, all they’ve done is point to the Chrome blog, which currently doesn’t show any posts related to this new version.

Firefox 65.0: security improvements and bug fixes

The latest Firefox version, released by Mozilla on January 29, is 65.0. The new version includes fixes for seven security vulnerabilities, as well as some security-related improvements and new features.

Firefox 65 makes it even easier to detect and control the tracking a web site is doing. At the far left end of the address bar, click the small ‘i’ with a circle around it. This will show the site information window. The new Content Blocking section in this window allows you to see the cookies and trackers being used by a site. There’s also a shortcut to the Content Blocking settings, where you can set global preferences for blocking: Strict, Standard, or Custom.

Firefox 65.0 adds support for a video compression technology called AV1, which is expected to provide improvements in video streaming performance for 64-bit Firefox users.

Depending on how you’ve configured Firefox’s update settings, it may prompt you to install the new version. If it doesn’t, try navigating Firefox’s menu (that ‘hamburger’ icon) to Help > About Firefox. You’ll be able to see the current version and update it from there if a new version is available.

Problems with Windows 7 shares

Do you still run a Windows 7 computer that has shared folders? If you do, and those shares are set up so that they require user authentication, and the user involved is a member of the Administrators group on the Windows 7 computer, then you may find that those shares stopped working recently.

This problem was triggered by one of the Windows 7 updates from January 2019. Uninstalling that update fixes the problem, but doing that also rolls back some important security updates. So that’s not really a viable option.

Thankfully, Microsoft issued a fix for the problem. I’ve tested this fix and confirmed that it does work. To install it on your affected Windows 7 computer, locate the appropriate update (KB4487345 for 32-bit computers; KB4487345 for 64-bit computers) on this Windows Update Catalog page, click to download it, run the download and respond to the prompts. You’ll probably need to restart the computer.

Born’s Tech and Windows World has additional details.

Java 8 Update 201 fixes five security bugs

Oracle just released their first quarterly Critical Patch Update Advisory for 2019.

These advisories cover a lot of Oracle software, most of which is likely of very little interest for ordinary users. But buried in each of these reports you’ll usually find a reference to a new version of Java.

It’s increasingly unlikely that you have a shared Java installation on your Windows computer. You may run Java applications, such as Minecraft and some network and Internet tools, but these often include their own, separate installs of Java now.

The easiest way to see whether you have a shared install of Java on your Windows 7 or 8.x computer is to go to the Control Panel and look for a Java entry. If you see one, open it up and go to the Update tab, then click the Update Now button. If there’s an update available, you’ll be able to install it from there.

You can also visit the Verify Java Version page, but unless you’re using Internet Explorer, it won’t be able to tell you if you’re even running Java. If you’re on Windows 10, that’s also the easiest way to check your version.

Java 8 Update 201 addresses five security vulnerabilities in earlier versions. The details are listed in the quarterly advisory.

Patch Tuesday for January 2019

Patch Tuesday: the gift that keeps on giving. Imagine a world where the second Tuesday in a month came and went, with no updates to install. Something to celebrate. Meanwhile, back in the real world, there’s an apparently infinite supply of software bugs out there, most as-yet undiscovered.

But back to the matter at hand. Microsoft’s Security Update Guide is still annoying to use on the web, so I recommend downloading this month’s patch details in the form of a spreadsheet. Navigate to the SUG, which by default will show the updates for this month. You should see a ‘Download’ link to the far right of the Security Updates heading. Click that link and open the spreadsheet in Excel or something compatible. In Excel, depending on the version, you should be able to enable the Filter feature, which makes each column heading a drop-down control, allowing you to filter and sort on any column. Very handy.

This month Microsoft is issuing seventy-three bulletins, each corresponding to an update for one or more security vulnerabilities. Forty-eight vulnerabilities are addressed by the updates, which affect the usual targets, namely Windows, Internet Explorer, Edge, Office, .NET, Flash (in IE and Edge), Visual Studio, and Exchange Server.

Windows 10 users will get relevant updates whether they want them or not, as will anyone using older versions of Windows with automatic updates enabled. The rest of us will need to head to Windows Update and click the Check for Updates button.

Adobe logoFrom Adobe, we get a new version of Flash, to go along with last week’s new version of Reader.

The latest Flash is version 32.0.0.114, and it includes fixes for feature and performance bugs, but — surprisingly — none for security bugs.

As usual, the Flash embedded in Chrome will update itself along with the browser, while IE and Edge updates are provided via Windows Update. Your Flash installation may be configured to install updates automatically, but if not, head to the main Flash Player page, which will let you know if you need an update, and provide links.

The new version of Reader (Acrobat Reader DC), made available by Adobe on January 3, is A2019.010.20069. Flash 2019.010.20069 includes fixes for two Critical security issues.

Newer installations of Reader seem to keep themselves up to date, but you can grab the latest version at the Get Reader page. Remember to disable the optional applications, or you’ll get what is likely unwanted software such as McAfee antivirus products.

News for me, stuff that matters… to me. Windows, Linux, security, tools & miscellany.