Microsoft Patch Tuesday Preview, January 2014

January 13, 2014

In keeping with its customary schedule, Microsoft on Thursday released its Security Bulletin Advance Notification for January 2014, summarizing the security bulletins, and associated patches, that it plans to release Tuesday, January 14.  This will apparently be a relatively light month, with only four bulletins slated for release; all four have an Important severity rating.

Two of the bulletins are for Windows itself.  One affects Windows XP and Server 2003; the other affects Windows 7, Server 2008R2, and Server Core.  Other versions of Windows (Vista, Server 2008/SP2, 8, 8.1, RT, RT 8.1, and Server 2012) are not affected at all.

One bulletin affects Microsoft Office and server software: Word, Word Viewer, Share Point Server, and WebApps.  The final bulletin affects Microsoft ERP package, Dynamics AX.

Microsoft says that the two Windows bulletins will require a system restart; the others may require one, depending on your system’s configuration.

As always, this information is subject to change in the final release.  I will post another note here if there appear to be significant changes.

Comments Off on Microsoft Patch Tuesday Preview, January 2014 | Internet, Security Patches, Software | Tagged: , , , , , , , | Permalink
Posted by Rich

Mozilla Releases Firefox 26.0

December 10, 2013

The Mozilla organization today released a new version, 26.0, of its Firefox Web browser, for all platforms: Windows, Linux, and Mac OS X.  The new version includes fixes for 14 identified security vulnerabilities, five of which Mozilla rates at Critical severity.  There are also some other bug fixes:

  • Text rendering on Windows 7 or 8
  • Improved page load times
  • MP3 back end on OS X

This version also incorporates some new features:

  • Java plugins default to “click to play”
  • H.264 is supported on Linux
  • Password manager supports script-generated password fields

More details are available in the Release Notes.

Because of its security content, I recommend that you update your system as soon as you conveniently can.  You can get the new version using the built-in update mechanism, or you can get a complete installation package, in any of 70+ languages, from the download page.

Comments Off on Mozilla Releases Firefox 26.0 | Internet, Security Patches, Software | Tagged: , , , , , , , | Permalink
Posted by Rich

Mozilla Releases Firefox 22

June 25, 2013

Today the Mozilla organization released a new version, 22.0, of its Firefox browser for Linux, Windows, and Mac OS X.  The new version includes some new features:

  • HTML5 audio/video playback rate can now be changed
  • Social services management implemented in Add-ons Manager
  • The WebRTC communications API is now enabled by default
  • Additional optimizations for JavaScript

There are also several miscellaneous improvements, and fixes for 14 identified security vulnerabilities, four of which Mozilla categorizes as Critical.  Further information is available in the Release Notes.

Because of its security content, I recommend that you update your Firefox installations as soon as you conveniently can.  You can obtain the new version via the built-in update mechanism, or you can download a complete installation package, in your choice of language(s).

Update Tuesday, 25 June, 16:25 EDT

This blog post on the Mozilla Blog explains some of the new features in more detail.

Comments Off on Mozilla Releases Firefox 22 | Internet, Security Patches, Software | Tagged: , , , , , , | Permalink
Posted by Rich

Microsoft, Verizon Release Security Reports

April 23, 2013

Two new reports have just been released dealing with the state of Internet security; one is from Microsoft, and the other from Verizon.  If you are interested in security, I recommend both reports as interesting, if sometimes rather depressing, reading.

Since 2008, Verizon’s RISK Team has published an annual report summarizing security and data breach incidents, and categorizing them on various criteria (e.g., who did it?  how was it done?).  The 2013 Data Breach Investigations Report [PDF] analyzes data from more than 47,000 security incidents, and 621 confirmed data breaches.  This year, the report attempts to assess the prevalence and origins of “espionage” attacks: those whose primary motivation was not mischief, or financial gain, but theft of trade secrets and other intellectual property.  There is also an Executive Summary [PDF] available.

Microsoft’s Security Intelligence Report (Vol. 14) [PDF], which covers the period July through December, 2012, is (as you might expect) more focused on software security issues.  The report looks at the software security vulnerabilities that have been disclosed, and the exploits that have been detected, and attempts to identify particular problem areas and trends.  As has been true for some time, the most common type of exploit is one involving HTML and JavaScript; document-based and Java-based exploits, two other hardy perennials, showed a significant increase in the second half of 2012.   There is also a Key Findings [PDF] summary of this report.

I have not had a chance to read these reports yet, but will post further comments here when I have.   An essential part of any sensible security analysis is an evaluation of the threats one is guarding against.  These reports should provide some information useful in that exercise.

Comments Off on Microsoft, Verizon Release Security Reports | Internet, Security | Tagged: , , , , | Permalink
Posted by Rich

Mozilla Releases Firefox 19

February 19, 2013

The Mozilla organization released a new major version, 19.0, of its Firefox Web browser, for Linux, Mac OS X, and Windows.  In addition to the customary updates to the Gecko rendering engine in a major release, this version incorporates several new features and improvements.  Probably the most significant change for most users is the inclusion of the new, built-in PDF viewer.  (The plan to include a viewer was first discussed back in October, 2011.)  Other significant changes include:

  • Improved start-up performance
  • Better HTML 5 support for cascading style sheet (CSS) capabilities
  • Fixes to bugs in WebGL processing, plug-in rendering, and private mode startup
  • Fixes for eight identified security vulnerabilities, four of which are rated Critical

Further information is available from the Release Notes.

You can get the new version using the update mechanism built into the browser, either automatically or via Help / About Firefox / Check for Updates.  Alternatively, you can get a complete installation package, available in more the 70 languages, from the download page.

Update Wednesday, 20 February, 14:53 EST

The “Webmonkey” blog at Wired has a short article on the new version of Firefox.

1 Comment | Internet, Security Patches, Software | Tagged: , , , , , , , | Permalink
Posted by Rich

Google Updates Chrome to 24.0.1312.56

January 22, 2013

Google today released a new version, 24.0.1312.56, of its Chrome browser for all platforms: Windows, Linux, Mac OS X, and Chrome Frame.  This is a bug fix release, and includes fixes for three specific problems:

  • Performance of mouse Wheel scrolling
  • Visited links bug
  • Windows installation as admin

The new version also includes fixes for five identified security vulnerabilities, three of which Google rates as High severity.  More details on the changes are available in the Release Announcement.

Because of the security content of this release, I recommend that you update your systems as soon as you conveniently can.   Windows and Mac users can get the new version via the built-in update mechanism; Linux users should check their distribution’s repositories for the new version.

Comments Off on Google Updates Chrome to 24.0.1312.56 | Internet, Security Patches, Software | Tagged: , , , , , , , | Permalink
Posted by Rich

%d bloggers like this: