If you use a web browser with Flash enabled, you should stop what you’re doing and update Flash.
According to the associated Adobe security bulletin, Flash 21.0.0.182 fixes twenty-three security vulnerabilities, including one (CVE-2016-1010) that is being actively exploited on the web.
The release notes for Flash 21.0.0.182 provide additional details. The new version fixes several bugs that are unrelated to security, and adds some new features.
As usual, Chrome will update itself with the new version of Flash, and Internet Explorer and Edge on newer versions of Windows will be updated via Windows Update.
Fixes for three serious security vulnerabilities make Chrome 49.0.2623.87 an important update. Check your version to make sure it’s up to date, by navigating to chrome://help/. Chrome will offer to update itself if you’re running an older version.
The good people at CERT once again alerted me to a new version of Firefox, 45.0. Apparently Mozilla still can’t manage to announce new versions consistently.
According to the official release notes for Firefox 45.0, the new version includes minor improvements to syncing, searching, and HTML5 support. It also fixes several bugs, including at least twenty-two related to security vulnerabilities. On my main computer, Firefox’s About screen already offers to install the new version, but if yours doesn’t, you should grab it from the main Firefox download page ASAP.
It’s time once again to roll up the sleeves and get patching. This month we have thirteen security bulletins and associated updates from Microsoft. The updates address at least forty-four security vulnerabilities in Windows, Internet Explorer, Edge, Office, Windows Server, and .NET. Five of the updates are flagged as Critical.
Adobe’s contribution this month is new versions of Acrobat/Reader. You may have noticed that Adobe has confused things by splitting Acrobat/Reader into several variations: classic, continuous, and desktop. According to Adobe, the continuous variant always has all the most recent updates, fixes, and new features. I think it’s safe to assume that’s the variant most people should be using. The new continuous version of Reader is 15.010.20060. All of the new versions include fixes for three security vulnerabilities.
A new, free, web-based service from cyscon GmbH tests your web browser and reports any security issues it finds.
Check-and-secure starts by checking your computer for open ports, then compares your IP address against a list of addresses associated with botnet activity.
Next, you have the option of checking your browser version and looking for out of date plugins like Java, Flash, and Silverlight. This is arguably the most useful part of the service, and you can get to it directly, which is handy.
The remainder of the service consists of offers to install various local security software packages. I haven’t yet tried the Cyscon Vaccination software, so can’t comment on its efficacy.
In February, a security researcher discovered that a Silverlight exploit – patched by Microsoft in January – is now being distributed through the Angler hacking kit. The researcher also found web sites using the exploit to infect site visitors who have not yet installed the Silverlight patch.
Comodo Internet Security, a highly-rated security package, was found to include features that actually make the host computer less secure. Most notably, that included a VNC server running without a password. VNC is a remote desktop application. The problems were resolved in subsequent updates from Comodo.
Brian Krebs wrote about serious security issues found in some Internet-connected Trane thermostats, and warns buyers to use caution when purchasing ‘smart’ devices.
Improvements to Cortana are featured in the latest Windows 10 preview build. Cortana now understands Spanish (Mexico), Portuguese (Brazil) and French (Canada), and it’s now easier to set reminders without a specific date or time.
Build 14279 also includes fixes for a few stability issues, including problems experienced by some users when installing driver updates.
The latest solid state hard drive from Samsung isn’t just the biggest SSD drive, it’s currently the biggest drive of any type available. While the drive is apparently shipping, there’s no published price as yet. You can expect it to be in the range of $8,000 to $10,000.
There are fixes for at least twenty-six security issues in the latest version of Chrome, 49.0.2623.75.
The release announcement lists the most important security fixes, while making it clear that the full details may not be made available until the majority of users have had a chance to update.
The full change log for Chrome 49 seems to go on forever. I tried to find the end of it, but gave up after a few pages. At least it doesn’t try to load in one page, since that would probably crash most browsers. Presumably if Google had made any really interesting changes in Chrome 49, they would have been mentioned in the announcement.
A few minor bug fixes and performance improvements found their way into version 35.0.2066.92, the latest release of Opera ‘Stable’.
None of the changes are related to security, so there’s no rush to update, although if you’ve been experiencing problems with Opera on Windows 10, the new version should help.
The full change log doesn’t provide any additional information this time.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.
boot13