January 13, 2014
In keeping with its customary schedule, Microsoft on Thursday released its Security Bulletin Advance Notification for January 2014, summarizing the security bulletins, and associated patches, that it plans to release Tuesday, January 14. This will apparently be a relatively light month, with only four bulletins slated for release; all four have an Important severity rating.
Two of the bulletins are for Windows itself. One affects Windows XP and Server 2003; the other affects Windows 7, Server 2008R2, and Server Core. Other versions of Windows (Vista, Server 2008/SP2, 8, 8.1, RT, RT 8.1, and Server 2012) are not affected at all.
One bulletin affects Microsoft Office and server software: Word, Word Viewer, Share Point Server, and WebApps. The final bulletin affects Microsoft ERP package, Dynamics AX.
Microsoft says that the two Windows bulletins will require a system restart; the others may require one, depending on your system’s configuration.
As always, this information is subject to change in the final release. I will post another note here if there appear to be significant changes.
Comments Off on Microsoft Patch Tuesday Preview, January 2014 | Internet, Security Patches, Software | Tagged: Dynamics AX, Microsoft, Office, patch Tuesday, security vulnerabilities, Share Point, Windows, Word | Permalink
Posted by Rich
December 10, 2013
The Mozilla organization today released a new version, 26.0, of its Firefox Web browser, for all platforms: Windows, Linux, and Mac OS X. The new version includes fixes for 14 identified security vulnerabilities, five of which Mozilla rates at Critical severity. There are also some other bug fixes:
- Text rendering on Windows 7 or 8
- Improved page load times
- MP3 back end on OS X
This version also incorporates some new features:
- Java plugins default to “click to play”
- H.264 is supported on Linux
- Password manager supports script-generated password fields
More details are available in the Release Notes.
Because of its security content, I recommend that you update your system as soon as you conveniently can. You can get the new version using the built-in update mechanism, or you can get a complete installation package, in any of 70+ languages, from the download page.
Comments Off on Mozilla Releases Firefox 26.0 | Internet, Security Patches, Software | Tagged: browser, Firefox, Linux, Mac OS X, Mozilla, releases, security vulnerabilities, Windows | Permalink
Posted by Rich
June 25, 2013
Today the Mozilla organization released a new version, 22.0, of its Firefox browser for Linux, Windows, and Mac OS X. The new version includes some new features:
- HTML5 audio/video playback rate can now be changed
- Social services management implemented in Add-ons Manager
- The WebRTC communications API is now enabled by default
There are also several miscellaneous improvements, and fixes for 14 identified security vulnerabilities, four of which Mozilla categorizes as Critical. Further information is available in the Release Notes.
Because of its security content, I recommend that you update your Firefox installations as soon as you conveniently can. You can obtain the new version via the built-in update mechanism, or you can download a complete installation package, in your choice of language(s).
Update Tuesday, 25 June, 16:25 EDT
This blog post on the Mozilla Blog explains some of the new features in more detail.
Comments Off on Mozilla Releases Firefox 22 | Internet, Security Patches, Software | Tagged: Firefox, Linux, Mac OS X, Mozilla, releases, security vulnerabilities, Windows | Permalink
Posted by Rich
April 23, 2013
Two new reports have just been released dealing with the state of Internet security; one is from Microsoft, and the other from Verizon. If you are interested in security, I recommend both reports as interesting, if sometimes rather depressing, reading.
Since 2008, Verizon’s RISK Team has published an annual report summarizing security and data breach incidents, and categorizing them on various criteria (e.g., who did it? how was it done?). The 2013 Data Breach Investigations Report [PDF] analyzes data from more than 47,000 security incidents, and 621 confirmed data breaches. This year, the report attempts to assess the prevalence and origins of “espionage” attacks: those whose primary motivation was not mischief, or financial gain, but theft of trade secrets and other intellectual property. There is also an Executive Summary [PDF] available.
I have not had a chance to read these reports yet, but will post further comments here when I have. An essential part of any sensible security analysis is an evaluation of the threats one is guarding against. These reports should provide some information useful in that exercise.
Comments Off on Microsoft, Verizon Release Security Reports | Internet, Security | Tagged: data breach, Microsoft, security vulnerabilities, threat analysis, Verizon | Permalink
Posted by Rich
February 19, 2013
The Mozilla organization released a new major version, 19.0, of its Firefox Web browser, for Linux, Mac OS X, and Windows. In addition to the customary updates to the Gecko rendering engine in a major release, this version incorporates several new features and improvements. Probably the most significant change for most users is the inclusion of the new, built-in PDF viewer. (The plan to include a viewer was first discussed back in October, 2011.) Other significant changes include:
- Improved start-up performance
- Better HTML 5 support for cascading style sheet (CSS) capabilities
- Fixes to bugs in WebGL processing, plug-in rendering, and private mode startup
- Fixes for eight identified security vulnerabilities, four of which are rated Critical
Further information is available from the Release Notes.
You can get the new version using the update mechanism built into the browser, either automatically or via Help / About Firefox / Check for Updates. Alternatively, you can get a complete installation package, available in more the 70 languages, from the download page.
Update Wednesday, 20 February, 14:53 EST
The “Webmonkey” blog at Wired has a short article on the new version of Firefox.
1 Comment | Internet, Security Patches, Software | Tagged: Firefox, Linux, Mac OS X, Mozilla, PDF viewer, releases, security vulnerabilities, Windows | Permalink
Posted by Rich
January 22, 2013
Google today released a new version, 24.0.1312.56, of its Chrome browser for all platforms: Windows, Linux, Mac OS X, and Chrome Frame. This is a bug fix release, and includes fixes for three specific problems:
- Performance of mouse Wheel scrolling
- Visited links bug
- Windows installation as admin
The new version also includes fixes for five identified security vulnerabilities, three of which Google rates as High severity. More details on the changes are available in the Release Announcement.
Because of the security content of this release, I recommend that you update your systems as soon as you conveniently can. Windows and Mac users can get the new version via the built-in update mechanism; Linux users should check their distribution’s repositories for the new version.
Comments Off on Google Updates Chrome to 24.0.1312.56 | Internet, Security Patches, Software | Tagged: Chrome, Chrome Frame, Google, Linux, Mac OS X, releases, security vulnerabilities, Windows | Permalink
Posted by Rich