Problems with recent updates from Microsoft

August 18, 2014 jrivett Leave a comment

Microsoft has removed the download links for several Windows updates that were released on August 12 for Patch Tuesday. Users have been reporting BSOD (Blue Screen Of Death) errors after installing the updates. Not all Windows computers received these updates, and not all computers where the updates were installed are affected negatively.

The updates in question are all related to the MS14-045 bulletin, which refers to a set of security updates for the Windows kernel. Microsoft is advising users to avoid installing the related updates and to uninstall them if already installed. The KB2982791 update notes have been amended to include information about the problem and how to remove the affected updates.

The affected updates are:

KB2982791 MS14-045: Description of the security update for kernel-mode drivers: August 12, 2014
KB2970228 Update to support the new currency symbol for the Russian ruble in Windows
KB2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
KB2975331 August 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012

You can discover whether any of these updates exist on your Windows 7 or 8 computer by opening the Programs and Features item in the Control Panel, and clicking View installed updates. Enter a KB number in the search box at the top right to search for it.

Chrome, Flash, Google, Patches and updates, Security

Chrome 36.0.1985.143: security fixes and new Flash

August 13, 2014 jrivett Leave a comment

Another new version of Chrome was released on August 12. Version 36.0.1985.143 closes twelve security holes and includes a new version of Flash.

Adobe, Flash, Patches and updates, Security

August Patch Tuesday for Adobe software

August 12, 2014 jrivett Leave a comment

Adobe’s monthly updates continue to coincide with Microsoft’s. This month there are updates for Adobe Acrobat/Reader and Flash.

The new version of Flash is 14.0.0.176, unless you’re using Flash in a browser other than Internet Explorer, in which case it’s 14.0.0.179. Regardless, the new version includes several bug and security fixes, and adds some new features that are mainly of interest to developers.

The latest version of Adobe Reader is 11.0.0.8. This version fixes a specific vulnerability that allows attackers to circumvent security protections. According to Adobe, attacks based on this vulnerability have been seen in the wild.

Internet Explorer, Microsoft, Patches and updates, Security, Windows

August Patch Tuesday for Microsoft software

August 12, 2014 jrivett Leave a comment

Time once again to crank up Windows Update and patch your Windows computers. As expected, this month’s batch includes nine bulletins with associated updates for SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer. Two Critical updates affect Windows and Internet Explorer.

Related information from Microsoft:

Java, Patches and updates

Java 7 Update 67 fixes problems caused by previous release

August 12, 2014 jrivett Leave a comment

Apparently Java 7 Update 65 created problems for some Java installations, preventing certain applications from launching.

On August 4, Oracle released Update 67 for Java 7. The new version fixes the problems introduced in Update 65. Anyone experiencing problems with their Java 7 installation should install Update 67. This is not a security update.

Internet, Security

Latest Ouch! newsletter: all about encryption

August 8, 2014 jrivett Leave a comment

This month’s Ouch! newsletter (PDF) from SANS provides a useful overview of encryption, and what it means in the context of the web. Recommended reading for anyone hazy on the subject.

Uncategorized

Microsoft will only support most recent Internet Explorer after January 2016

August 8, 2014 jrivett Leave a comment

If you want to keep receiving security and bug fixes for Internet Explorer after January 12, 2016, you’ll have to upgrade to the most recent version first. For now, that means IE 11. But if IE 12 is ready before January 12, you’ll be forced to update to that version.

Microsoft is doing this mainly to reduce support costs. But this is also the approach used by Google for its Chrome browser, and Mozilla is moving in that direction for Firefox.

Additional reading:

Security, WordPress and other CMS

Another WordPress plugin with critical security issues

August 8, 2014 jrivett Leave a comment

WordPress is still an extremely attractive target for malicious hackers. One of the ways they can gain access to WordPress sites is to examine third-party WordPress plugins, looking for security vulnerabilities. Plugins aren’t subject to any kind of approval or auditing process; anyone can develop and publish them.

Many of the most famous WordPress hacks were actually hacks of plugins, not the WordPress core software. The TimThumb graphics library is a good example.

Now there’s news that the popular Custom Contacts Form plugin is vulnerable, and sites using unpatched versions leave them exposed to complete takeover by nefarious persons.

Anyone who runs a WordPress site that uses Custom Contacts Form should immediately update the plugin to version 5.1.0.4 or higher.

Internet, Internet crime, Privacy, Security

What we know about the recent theft of 1.2 billion passwords

August 8, 2014 jrivett Leave a comment

On August 5, the New York Times ran a story calculated to cause panic among Internet users. According to the story, a Russian gang had obtained up to 1.2 billion (yes, billion) login credentials.

The source of the story was Alex Holden, of Hold Security. Unfortunately, Holden didn’t provide much in the way of details, which has given rise to a lot of speculation about the facts, and of Holden’s motives.

Hold Security followed up the story by announcing that they planned to offer a fee-based service that would allow anyone to check whether an email address or user id was in the database of stolen credentials. Many took this as a sign that Hold Security was involved in some kind of scam, but well-known security blogger Brian Krebs came to Holden’s defense in a recent post.

Bruce Schneier, another famous security analyst, isn’t sure. He says – and we agree – that there’s something squirrely about this story.

In any case, it’s simply too soon to know for sure what’s going on. Until someone starts using the purloined information for something other than spam, all we can do is wait. Hopefully Hold Security will either create a free tool for checking credentials, or they’ll hand the database over to someone else who will.

In the meantime, our advice remains the same: use complex, unique passwords, especially for critical accounts like online banking.

Internet Explorer, Microsoft, Patches and updates, Security, Windows

Advance notification: Microsoft updates for August

August 8, 2014 jrivett Leave a comment

Another month, another pile of patches from Microsoft. This month the updates will become available starting about 10am PST on August 12. According to the official advance notification, there will be nine security bulletins, with associated updates for Windows, Internet Explorer, .NET, SharePoint, OneNote and SQL Server. Two are rated critical.

boot13

Problems with recent updates from Microsoft

Chrome 36.0.1985.143: security fixes and new Flash

August Patch Tuesday for Adobe software

August Patch Tuesday for Microsoft software

Java 7 Update 67 fixes problems caused by previous release

Latest Ouch! newsletter: all about encryption

Microsoft will only support most recent Internet Explorer after January 2016

Another WordPress plugin with critical security issues

What we know about the recent theft of 1.2 billion passwords

Advance notification: Microsoft updates for August

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.