Microsoft Patch Tuesday Preview, October 2013

Today, in keeping with its usual schedule,  Microsoft released the Security Bulletin Advanced Notification for October 2013, previewing the security bulletins and associated patches it intends to release on Tuesday, October 8, 2013.   This month there are eight bulletins in all; four of these have a maximum security rating of Critical; the others are rated Important.  Four of the bulletins affect Windows and its components.  Three bulletins affect Microsoft Office (including Office for Mac); one of these also affects Microsoft’s SharePoint server.  A final bulletin affects Microsoft’s Silverlight.   More details on specific versions are given in the Advanced Notification.

All supported desktop versions of Windows have at least one Critical bulletin.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version	Critical	Important	Moderate
Windows XP+SP3	4	—	—
Windows Vista	4	—	—
Windows Server 2003	3	—	1
Windows Server 2008	3	—	1
Windows 7	4	—	—
Windows Server 2008 R2	3	—	1
Windows 8	4	—	—
Windows RT	2	1	—
Windows Server 2012	3	—	1
Windows Server 2012 R2	—	1	—
Windows 8.1	1	—	—
Windows RT 8.1	1	—	—
Windows Server Core	3	—	—

The bulletins for Office and Slverlight are rated Important.

Microsoft says that three of the bulletins will definitely require a restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins on Tuesday.  If there are significant changes, I will post a note here once the actual updates are available.

Google Releases Chrome 30

Yesterday, Google released version 30.0.1599.66 of its Chrome browser, for all platforms: Linux, Mac OS X , Windows, and Chrome Frame.  According to Google’s Release Announcement, the new version incorporates some new capabilities:

• Easier searching by image
• A number of new apps/extension APIs
• Lots of under the hood changes for stability and performance

The new release also incorporates 50 security fixes.  Google’s announcement highlights 19 of these; of these, Google rates 10 as High severity.  More details are available in the announcement.

Because of its security content, I recommend that you update your systems as soon as you conveniently can.   Windows and Mac users should get the new version via Chrome’s built-in update system.  Linux users should check their distribution’s repositories for the new version.

Mozilla Updates Firefox, Thunderbird

Earlier this week, the Mozilla organization released new versions of its Firefox browser and Thunderbird E-mail client, for all platforms: Mac OS X, Linux, and Windows.

The new version, 24.0, of Firefox includes fixes for 17 identified security vulnerabilities, including seven that Mozilla rates as Critical, and four that it rates as High  severity.  It also includes several performance and stability improvements; more information is available in the Release Notes.  You can obtain the new version of FIrefox via the built-in update mechanism, or download a complete installation package, in a variety of languages.

The new version of Thunderbird, also 24.0, has fixes for 13 security vulnerabilities; Mozilla rates six of these as Critical, and three as High severity.  It also includes some new capabilties, including the ability to watch or ignore message threads, and the ability to zoom the composition window.  There are also some miscellaneous bug  fixes.  More detail is available in the Release Notes.   As with Firefox, you can get the new version using the built-in update capability, or download a complete installation package.

Because of the security fixes included in these releases, I recommend that you update your systems as soon as you conveniently can.

Google Releases Chrome 29.0.1547.76

Google has released a new stable version, 29.0.1547.76, of its Chrome browser, for all platforms: Windows, Linux, Mac OS X, and Chrome Frame.  This is primarily a bug fix release, which addresses some display issues, as well as a problem with Flash on some Windows devices.  More information is available in the Release Announcment.

Windows and Mac users should be able to get the new version via the built-in update mechanism. Linux users should check their distribution’s repositories for the new version.

Adobe Fixes Flash Player

Adobe Systems has released a new version of its Flash Player for all platforms: Windows, Mac OS X, Linux, and Android.  The new version fixes four serious security vulnerabilities identified in Adobe’s Security Bulletin [APSB13-21]; the affected versions of the Flash Player software are:

• Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.297 and earlier versions for Linux
• Adobe Flash Player 11.1.115.69 and earlier versions for Android 4.x
• Adobe Flash Player 11.1.111.64 and earlier versions for Android 3.x and 2.x
• Adobe AIR 3.8.0.870 and earlier versions for Windows and Android
• Adobe AIR 3.8.0.910 and earlier versions for Macintosh
• Adobe AIR 3.8.0.870 SDK & Compiler and earlier versions for Windows
• Adobe AIR 3.8.0.910 SDK & Compiler and earlier versions for Macintosh

Further details are given in the Security Bulletin.

Windows, Linux, and Mac OS X users can get the new release from Adobe’s download page.  For Windows and Mac OS X, the new version is 11.8.800.168; the new version for Linux is 11.2.202.310.  (Windows users should note that they may require two updates: one for Internet Explorer, and one for all other browsers.) Details of the new Android versions are given in the Security Bulletin.

The Flash Player bundled with Google’s Chrome browser should be updated automatically to version 11.8.800.170, according to a post on the “Chrome Releases” blog.

Windows, Linux, and Mac OS X  users can check the version of Flash Player installed on their systems by visiting Adobe’s About Flash Player page.

Microsoft Patch Tuesday Preview, September 2013

Today, in keeping with its usual schedule,  Microsoft released the Security Bulletin Advanced Notification for September 2013, previewing the security bulletins and associated patches it intends to release on Tuesday, September 10, 2013.   This month there are fourteen bulletins in all; four of these have a maximum security rating of Critical; the other ten are rated Important.  Seven of the bulletins affect Windows and its components.  Seven bulletins affect Microsoft Office (including Office for Mac); one of these also affects Microsoft’s SharePoint server.  More details on specific versions are given in the Advanced Notification.

All supported desktop versions of Windows have at least one Critical bulletin.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version	Critical	Important	Moderate
Windows XP+SP3	2	3	—
Windows Vista	1	3	—
Windows Server 2003	1	3	1
Windows Server 2008	—	3	1
Windows 7	1	4	—
Windows Server 2008 R2	—	4	1
Windows 8	1	3	—
Windows RT	1	2	—
Windows Server 2012	—	3	1
Windows Server Core	—	4	—

Two of the bulletins for Office are rated Critical; the other five are rated Important.

Microsoft says that three of the bulletins will definitely require a restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins on Tuesday.  I will post a note here once the actual updates are available.