Anyone running the release version of Windows 10 (build 10240) may have noticed a few updates being installed in the last day or two. Clearly Microsoft is moving ahead with its plans to eschew the monthly Patch Tuesday update cycle for Windows 10. Unfortunately, there’s also not much information available about these updates.
There’s another new version of Firefox. Version 40.0.3 was released yesterday, with the usual total lack of a proper announcement. The release notes make it clear that this is a minor bug fix release, although at least two security vulnerabilities were also fixed.
I don’t usually post about Apple software, but the QuickTime Player is installed on many Windows computers, so it falls into a kind of grey area.
Apple recently released an update for QuickTime to address at least nine vulnerabilities it exposes on Windows 7 and Vista computers. Anyone who uses QuickTime on Windows 7 or Vista should install the new version of QuickTime as soon as possible.
I no longer have QuickTime installed on my main computer. Downloaded QuickTime media files play in a combination of VLC and Windows Media Player. There’s no QuickTime player plugin in my my main web browser, either, but I don’t really mind not being able to see QuickTime media embedded in web pages. If I really need to see that content, I can always download it.
If you’re not sure whether you have QuickTime installed, or want to find out how QuickTime media is played on your computer, you can try playing these QuickTime sample media files.
The latest version of Google’s web browser is 44.0.2403.157. The announcement is again light on details, but the change log shows that this version fixes a few minor bugs, some related to Windows 10. It doesn’t look like there are any fixes for security vulnerabilities.
There’s a new version of Adobe’s Shockwave Player. It’s not clear when the new version appeared, since there was no official announcement. There’s nothing at all on the release notes page, other than the fact that the most recent version of Shockwave is 12.1.9.160.
You can download the new version from the main Shockwave page, which also shows the most recent version as 12.1.9.160. You can check what version of Shockwave is installed (if any) on your computer at the Shockwave Help page.
The latest offering of Java from Oracle is version 8, update 60. This new version adds some uninteresting functionality and fixes a few bugs. Some of the fixes are related to security, but none appear to address critical vulnerabilities, so there doesn’t seem to be any urgency about updating. See the release notes for additional details.
Earlier today, Microsoft issued a special update (MS15-093) to address a critical vulnerability in all versions of Internet Explorer. The new Edge browser is not affected.
Normally, security updates for IE are provided on monthly Patch Tuesdays. Since Microsoft is making this update available outside the regular update cycle, we can assume that exploits for the vulnerability have been observed in the wild.
The vulnerability is a bad one. Merely visiting a specially-crafted web page with Internet Explorer can cause malicious code to execute, leading to the possibility of an attacker installing just about any kind of software or accessing any information on the affected Windows computer.
If you use Internet Explorer, please use Windows Update to install this patch as soon as possible.
There are big improvements to password handling in the newest version of WordPress:
You start out with a strong password by default and you are given the option to keep it or choose your own. A password strength meter is available as well as the option to hide your password from prying eyes. WordPress will no longer send passwords via email and the password reset links will expire in 24 hours. E-mail notifications will be sent out in the event that an e-mail or password is changed.
The release notes for WordPress 4.3 list other changes. There are no security vulnerability fixes in this version, so updating is not urgent, but the password-related changes alone are worth the trouble.
Version 40.0.1 appeared briefly on the Firefox download page yesterday, but it was removed almost immediately. Then 40.0.2 appeared, and it seems to be staying put. The release notes reveal that the new version fixes a few minor bugs, but none of those bugs seem to be related to security. There was, as usual, no proper announcement for this version.
Chrome updates now happen so frequently, and they so rarely cause problems, that I no longer have any qualms about the browser’s auto-update mechanism. Of course, if a Chrome update makes the browser unusable, I can use another browser for however long it takes Google to fix it, which would not be the case for a bad Windows update.
The release announcement for Chrome 44.0.2403.155 doesn’t provide any details, which is starting to become the norm, sadly. And Google was doing so well with this…
Parsing the change log reveals that the new version contains fixes for a few minor issues, including at least one related to stability.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.
boot13