boot13Microsoft recently announced that it will double the number of advertisements on the Start page in Windows 10 starting around July 2016. Does anyone still doubt that Microsoft’s long-term strategy is heavily focused on advertising? Or why Microsoft has been pushing people so hard to upgrade to Windows 10 its new advertising platform?
Relief for Windows 7 update headaches
As if in response to my recent post about the joys of updating new Windows 7 installs, Microsoft has just announced a solution. It’s effectively Service Pack 2 for Windows 7, but Microsoft is calling it the Windows 7 SP1 convenience rollup.
The new package will install all post-SP1 updates up to April 2016. After you install Windows 7 with Service Pack 1, you need only install the April 2015 servicing stack update for Windows 7 (KB3020369), a prerequisite for the rollup, then install the rollup, then install any updates published after April 2016.
I haven’t yet tried the new rollup, but it’s difficult to imagine how it could fail to be an improvement.
Microsoft also plans to provide monthly non-security update rollups for Windows 7 and 8.1.
Windows 10 Insider Preview build 14342
I’ve been running build 14342 for a few days now on my test PC. I haven’t experienced any new problems, and it seems to have resolved at least one annoying networking problem left over from the previous build.
What’s New in Build 14342
User Account Control prompts now look different, but their functionality hasn’t changed. There are enhancements for Microsoft Edge, and improvements for the new BASH shell integration. A new setting, Settings > System > Apps for websites doesn’t work yet, but will in the future allow you to designate an app to open specific web sites. The Feedback Hub was also improved in this build.
Build 14342 contains fixes for numerous issues in previous builds, including problems with media playback, Cortana, displays, login, the user interface, apps, location, and anti-virus software compatibility.
Interestingly, the Wi-Fi Sense feature has been disabled. There’s been a lot of debate about the security of this feature since Windows 10 was released. Microsoft says the feature was disabled because nobody was using it. The Verge has more about this, as does Brian Krebs.
Vivaldi 1.1.453.59
The release notes for Vivaldi 1.1.453.59 aren’t exactly overflowing with information. The current version is only referenced in the page URL, while previous versions are listed below, in a series of rather confusingly-titled and somewhat redundant sections that all look like this:
Changelog since 1.1, the fourth release.
Parsing what information is available, I concluded that this version was released to fix one security vulnerability: [Security] Address bar spoofing using HTTP status code 204/205.
It’s a security update, so if Vivaldi is your browser of choice, you should navigate to Help > Check for Updates... on the Vivaldi menu.
Chrome 50.0.2661.102
50.0.2661.102 is the latest version of Chrome, and it includes fixes for five security issues, as well as about thirty other minor changes. See the full change log for details.
Flash zero-day fixed
The Flash zero-day vulnerability we reported a couple of days ago has been fixed. Anyone who uses Flash in a web browser should make sure they’re running version 21.0.0.242.
As usual, Internet Explorer in Windows 8.1 and 10 will receive the new version via Windows Update, and Google Chrome will update itself automatically.
Opera 37.0.2178.43
The latest version of Opera improves the recently-added ad blocking and video detaching features. The new version doesn’t seem to include any new security fixes. See the change log for additional details.
Flash update incoming
Maybe the Flash developers didn’t make the deadline for Patch Tuesday, so they felt left out. Anyway, according to a security advisory published today, Adobe is working on an emergency update for Flash, to address one specific vulnerability, CVE-2016-4117.
That vulnerability is so new, it doesn’t appear in the vulnerability databases. Adobe refers to it as critical, and indeed, exploits have already been observed in the wild (which makes this a good example of a zero-day vulnerability). Adobe expects to publish a new version of Flash that addresses this vulnerability as early as May 12.
Interestingly, the advisory states that the vulnerability exists in Adobe Flash Player 21.0.0.226 and earlier, while the most recent published versions are 21.0.0.213 and 21.0.0.216. Now I’m thinking that Adobe delayed the Flash update scheduled for Patch Tuesday (which presumably would have been version 21.0.0.226) to give them time to fix CVE-2016-4117.
Patch Tuesday for May 2016
This month, besides the usual pile ‘o patches from Microsoft, we have updates for Adobe Reader/Acrobat, but (big surprise) not for Flash.
There are sixteen Microsoft updates, addressing thirty-seven vulnerabilities in Windows, Internet Explorer, Office, Edge, and .NET. There’s also Microsoft Security Advisory 3155527. At least one of the vulnerabilities (CVE-2016-0189) is being actively exploited. This flaw could allow an attacker to execute malicious code if an unpatched computer visits a malicious or compromised web site.
The Adobe Reader update addresses over ninety vulnerabilities, which must set some kind of record. And not the good kind. If you use Reader in any context, you should update it to address these critical security issues.
Free Windows 10 upgrade offer likely ending soon
First, the bad news. The free Windows 10 upgrade offered to Windows 7 and 8.1 users for the past year or so is probably going to conclude at the end of July. If Microsoft sticks with this plan, upgrading to Windows 10 after that will cost about $120 US.
What’s good about this? Those annoying upgrade prompts will apparently disappear as well.