|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Newsletter Archives
-
Recently updated topics you may have missed
It’s possible you may have missed recent security updates that have been made to Chrome, Firefox, Thunderbird, Java and Flash Player. The following topics have now been updated with the US-Cert alerts, with links:
Chrome Security Update: US-CERT (Browser)
Mozilla Security Update: US-CERT (Firefox)
Mozilla Security Update: US-CERT (Thunderbird)
Oracle Security Update: US-CERT (Java etc)
1000002: Links to Flash update resources
Subscribers to those topics should have received emails with details of the new posts. However, we have had some reports that some people are currently not receiving those emails. If your subscription emails aren’t working, please let us know.
Also updated recently is AKB3000005: On the subject of Botnets, which was posted last month, but promptly disappeared in a backup-reset of the site. -
New third party program updates
Randy the Tech Professor has a list of the latest versions of important programs that you may be running:
Chrome, Java, Opera, Foxit, Skype, Flash Player, Acrobat Reader.
Here’s Randy’s listing.
-
Java and Chrome updates
Reader WL posted this in response to the Third Party Updates entry. It’s important, and I wanted to repeat it here, so everybody can see it. Thanks, WL!
::::::::::::::::::::::::
Two more updates
Java JRE 8u40 is the latest.
Yep, it seems like Oracle changed the installer, so it does NOT remove previous versions. Unless you know you need a specific previous version, remove all of them (e.g. Windows Control Panel | Programs and Features, then uninstall previous versions). Or at least use the Java Control Panel to disable previous versions (Java tab, to “View and manage Java Runtime versions and settings for Java applications and applets.)
http://java.com/en/download/installed8.jsp
http://www.oracle.com/technetwork/java/javase/8u40-relnotes-2389089.htmlThe Chrome browser has a MAJOR upgrade from 40 to 41, currently 41.0.2272.76 on March 3, with 51 security fixes and lots of changes.
http://googlechromereleases.blogspot.com/
I think this update introduces one new bug; relaunching after update caused my main/regular Chrome window to lose half its tabs (out of 10 tabs) – never had this happen before. To be safe, you may want to bookmark your tabs before relaunching (or look at your history to recover visited sites). Further restarts didn’t lose any more tabs, so the bug may be in the relaunch function.
BTW, after years of bitching by users, Chrome finally offers “normal” standalone/offline installers. Yes, Google did have crippled ones in the past, but strongly discouraged their use – and “dead-ended” those installations by TAKING AWAY THEIR ABILITY TO UPDATE! Not anymore:
Alternate (offline) Google Chrome installer (Windows)
http://support.google.com/installer/answer/126299?hl=en -
Third party patches
Just in from Randy the Tech Professor…
This year is off to a big start! TWO Adobe Flash patches, an Adobe Air patch, and of course an Oracle Java patch. The remaining patches are for Chrome, Firefox, Thunderbird, and Seamonkey. -
Java Update: Patch It or Pitch It
Another great, short column from Brian Krebs, for every Windows user.
Note that he’s talking about Java inside your browser, not standalone Java, which is working just fine on servers, in particular.
-
Java Updates
EP writes:
Oracle has released Java 7 update 15 and Java 6 update 41 here:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
in other words, they’ve released new fixes for the security fixes that were released earlier this February.
More on these new Java releases mentioned on these Oracle sites:
https://blogs.oracle.com/security/entry/updates_to_february_2013_critical
http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html
I think we’re all better off uninstalling Java altogether. and don’t forget to advise users removing Java to check for the deployjava1.dll and npdeployjava1.dll files in either the \Windows\system32\ or \Windows\syswow64\ folder. Those two files are part of Java and should be deleted manually if they remain after uninstalling Java since Google Chrome detected those files as Java plugins when I typed “chrome://plugins” in the Google Chrome browser address bar.
(Thanks, EP!)
-
Java gets updated again
I just received this question from DS:
Hi Woody thanks for all the great advice. I us FF and java is disabled but I am receiving the update notice again. Seems I just updated a couple weeks ago. Should I just o ahead and update? Usually easier thank trying to completely remove it, never use. Thanks
Java has been updated three times in the past six weeks. On the one hand, that’s a lot of patches. On the other hand, they really need to fix all of the bleeping security holes.
The smartest thing to do is to simply uninstall Java: go into Control Panel, click to Remove a Program, and get rid of Java (all versions) and anything else that might have “Java” in the name.
Once it’s removed, try to live without it. Some of you will have specific programs that require Java – and if you hit one, the program will demand that you install Java. At that point you can decide if you want to allow Java back onto your machine.
There are many different flavors of Java, but you’re bound to encounter two on a Windows PC. First is Java itself – the program behind, oh, parts of LibreOffice, and many other applications. That program is reasonably secure, if you keep up with the Java updates.
The second flavor of Java is the kind that works inside your browsers. If you decide to re-install Java, immediately disable it in all of your browsers. I have detailed instructions in the (free) Top Story for Windows Secrets Newsletter, January 24.
If you absolutely, positively must have Java enabled in a browser, I guess it’s best to use Internet Explorer – simply because disabling Java in IE alone is a massive task. So if you must, must, must use Java inside a browser, install and enable Java in all browsers, use the instructions in the Windows Secrets Top Story to disable it in Firefox and/or Chrome, update IE to version 9 or 10, and get all of the IE patches applied, before you start IE.
Then use IE to get at the site that demands Java. Close down IE after you go to the site and do your thing. Don’t use IE for anything else. And be careful.
-
More questions about disabling Java
Following my Windows Secrets Newsletter Top Story on disabling Java in Internet Explorer (which is a bear), my inbox overflows…
Q: I use Norton as my AV provider and have recently received an email from them saying that they are on top of this and as long as I’m running Java 7-11 I’m ok. How “ok” am I?
A: With all due respect to Mr. Norton <ahem>, you’re most assuredly not OK. Remove Java if you can (see Susan’s article in Windows Secrets Newsletter). If that won’t work for you, disable Java in all browsers (see my article). And if that won’t work for you, disable it in Firefox and IE, but keep it going in Chrome.
Q: Subject: Java Security Alert / Java is now uninstalled from both my Vista and Win 7 machines. Just wonder if this is the better way to take care of the problem. Would like to have your opinion. Thanks.
A: Absolutely. Uninstall if you can.
Q: Subject: JAVA disable is where? Woody, My Java (32-bit) in the Control Panel, security tab, only shows a button for Certificates. I couldn’t find a tab/window that looked like your example.
A: Susan nailed this one: Check to see if you have ANOTHER java installed too. I found I had both 6 and 7 and once I removed 6 the tab showed up.
Q: Firefox has already blocked Java. It was disabled for me. FYI
A: Mozilla started doing that as a service to Firefox users with older, vulnerable versions of Java – back in August!
Q; Subject: Security alert: Remove Java from your browsers If it is true that “many — if not most PC users — are running Firefox or Chrome” why not just use IE as the browser that you keep Java on. I only use IE when Firefox won’t work. So for me that is the solution. If someone still uses IE as their main browser and wants to remove Java from it, the easy way to do it would be to first remove Java from all browsers, then add it back to your secondary browser that explicitly asks you for permission to run a Java program.
A: Alas, it doesn’t work that way. IE is the most vulnerable browser for Java security breaches. If you remove Java from your machine, then click to install Java inside a browser, it gets installed for all browsers.
Q: Hi Windows Secret. In Denmark the following advise from the locak CERT: Choose Tools, click manage add-ons, right-clik Java(tm) Plug-in SSV Helper & Java ™ Plug-in 2 SSV Helper and disable both.. Nice and Simple..
A: Unfortunately, that doesn’t work! I’m surprised CERT Denmark hasn’t updated their advice….
Q: I had removed Java from my pc and disabled it in Firefox. Do I need to re install and go though the procedure in the last newsletter?
A: If Java is completely removed from your PC – it doesn’t appear in the Remove Programs list – you’re home free.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Ubuntu 25.04 (Plucky Puffin)
by 2 hours, 2 minutes ago
-
24H2 fixed??
by 4 hours, 44 minutes ago
-
Uninstalr Updates
by 7 hours, 11 minutes ago
-
Apple zero days for April
by 12 hours, 35 minutes ago
-
CVE program gets last-minute funding from CISA – and maybe a new home
by 18 hours, 6 minutes ago
-
Whistleblower describes DOGE IT dept rumpus at America’s labor watchdog
by 1 day, 5 hours ago
-
Seeing BSOD’s on 24H2?
by 12 hours, 50 minutes ago
-
TUT For Private Llama LLM, Local Installation and Isolated from the Internet.
by 20 hours, 19 minutes ago
-
Upgrade from Windows 10 to 11
by 1 day, 14 hours ago
-
Microsoft : AI-powered deception: Emerging fraud threats and countermeasures
by 1 day, 17 hours ago
-
0patch
by 18 hours, 24 minutes ago
-
Devices might encounter blue screen exception with the recent Windows updates
by 1 day, 10 hours ago
-
Windows 11 Insider Preview Build 22631.5261 (23H2) released to Release Preview
by 1 day, 20 hours ago
-
Problem opening image attachments
by 1 day, 21 hours ago
-
advice for setting up a new windows computer
by 2 days, 12 hours ago
-
It’s Identity Theft Day!
by 1 day, 17 hours ago
-
Android 15 require minimum 32GB of storage
by 2 days, 17 hours ago
-
Mac Mini 2018, iPhone 6s 2015 Are Now Vintage
by 2 days, 17 hours ago
-
Hertz says hackers stole customer credit card and driver’s license data
by 2 days, 18 hours ago
-
Firefox became sluggish
by 10 hours, 32 minutes ago
-
Windows 10 Build 19045.5794 (22H2) to Release Preview Channel
by 2 days, 22 hours ago
-
Windows 11 Insider Preview Build 22635.5235 (23H2) released to BETA
by 2 days, 22 hours ago
-
A Funny Thing Happened on the Way to the Forum
by 1 day, 19 hours ago
-
Download speeds only 0.3Mbps after 24H2 upgrade on WiFi and Ethernet
by 58 minutes ago
-
T-Mobile 5G Wireless Internet
by 1 day, 20 hours ago
-
Clock missing above calendar in Windows 10
by 1 day, 21 hours ago
-
Formula to Calculate Q1, Q2, Q3, or Q4 of the Year?
by 3 days, 13 hours ago
-
The time has come for AI-generated art
by 2 days, 17 hours ago
-
Hackers are using two-factor authentication to infect you
by 3 days, 3 hours ago
-
23 and you
by 2 hours, 20 minutes ago
Remembering Woody
