The release of Firefox 33 snuck past my radar on October 13. In my conversations with Mozilla workers, it was explained to me that only major releases would be announced. But there was no announcement for Firefox 33. Clearly I need to keep bugging them about this. At least the release notes have improved.
The version number would seem to indicate that there are a lot of changes in this new version, and the release notes do list several new features. But none of those features are likely to be of much interest to regular users, aside from some improvements to searching.
A new version of Google’s web browser was announced yesterday. Version 38.0.2125.104 includes the latest Flash update. It also includes some other changes, but presumably none of them are security-related, otherwise the changes would have been mentioned in the announcement. Unfortunately, the full change log is in a form that is essentially unreadable to non-programmers.
Yesterday saw eight security bulletins and associated patches from Microsoft, as well as two new versions of Java from Oracle, and a new version of Adobe Flash.
The Microsoft updates include three flagged Critical. The updates address twenty-four CVEs in Windows, Office, .NET Framework, .ASP.NET, and Internet Explorer. A post on the MSRC blog provides a good overview.
Two new versions of Java from Oracle address as many as 25 security vulnerabilities in Java 7 and 8. If you’re using a web browser with Java enabled, you should install Java SE 8 Update 25 and/or Java SE 7 Update 72 as soon as possible. Unfortunately, Oracle has made things a bit confusing by saying that you should install SE 7 Update 72 only if you are being affected by the issues fixed in that version, and otherwise to install Update 71. Our recommendation is to install Update 72.
The new version of Flash is 15.0.0.189, and it includes fixes for at least three security vulnerabilities. If you’re like most people and use a browser with Flash enabled, you should update to the new version as soon as possible.
A lot of the criticism of Windows 8 focused on its lack of support for enterprise users. Most notably, the new user interface was spectacularly unsuited to business use. Enterprises stayed away from Windows 8, preferring to upgrade to – or stay with – Windows 7.
Microsoft seems to have given up on Windows 8. Although the Start menu was scheduled to reappear in Windows 8, plans for that change were later scrapped. Microsoft’s efforts are now firmly centered on Windows 10, where the Start menu will once again appear.
There’s more good news for enterprise users in Windows 10. According to a recent report from Ars Technica, the update process will have some new options that allow system administrators to control which updates are distributed to enterprise computers. This is already possible with Windows Server Update Services, but the new options promise to simplify things greatly.
Next week’s Patch Tuesday will see nine bulletins and associated updates from Microsoft. Three of the updates are flagged Critical. The updates will affect Windows, Internet Explorer, .NET, Office and ASP.NET.
A new version of Google’s web browser was announced on Tuesday. Version 38.0.2125.101 fixes a whopping 159 security issues in Chrome, and includes a number of other fixes and stability improvements.
We recently reported a new potential security threat in the form of hacked USB device firmware.
The details of the original hack were not reported by its discoverers, since it seemed likely that the vulnerability was widespread and difficult to fix.
This is probably going to get a lot worse before it gets better. There’s currently no way to detect whether a USB device has been hacked. Traditional anti-malware software is useless for this purpose.
Hopefully you were already exercising caution when using thumb drives, viewing drives from unknown sources with suspicion. With this new vulnerability, there’s probably no way to be perfectly safe unless you stop using thumb drives completely. Since that’s not practical for many users, you can stay relatively safe by making sure that your thumb drives are always on your person or stored in a secure location when not in use. So much for convenience.
Anyone interested in looking at an early version of Windows 10 can sign up to the ‘Windows Insider Program’ at preview.windows.com. Signing up is free, but you are encouraged to think of this software in terms of short term testing only.
The accompanying preview document (ed: no longer available) describes some important features of the upcoming O/S, including the new Start menu, window snapping and multiple desktops. Interestingly, it also steers clear of calling the next version ‘Windows 10’.
Microsoft’s recent announcements about Windows 9 10 may have been the death knell for Windows 8. It seems people are happy to wait for the next Windows or switch to Windows 7 rather than take on the task of learning a user interface better suited to mobile phones than desktop computers.
According to the latest stats posted by Ars Technica, Windows 8 sales slipped slightly in the last month, while Windows 7 sales increased and Windows XP held steady.
October’s Ouch! newsletter from SANS explains the five most important factors in staying secure. It’s a useful overview for non-technical computer users.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.
boot13