Your daily technology class with Professor Randy!!

Randy The Tech Professor

January 26, 2016 at 12:22 pm

Third Party Program Updates For The Month Of January 2016

Third Party Vulnerability

Hello everyone,

Third party programs must be patched every month in order to keep your computer safe from malicious entities. Third party software is blamed for 76% of vulnerabilities on the average PC. Here are the latest third party program updates for the month of January 2016. Get updated as soon as possi

Firefox 44.0
27 January 2016

Mozilla has released Version 44.0 of the Firefox browser. The most significant changes in this update include enabling H.264 or WebM/VP9 video decoding depending on system capabilities, improved warning pages, web push notifications, support for Brotli HTTPS compression, along with security and bug fixes.

Chrome 48.0
28 January 2016

Google has released Version 48.0.2564.92 of the Chrome browser. Changes in this version include improved download notifications, redesigned video player, Google Photos added as a default app, and updated recovery screens, as well as security and bug fixes.

Java Runtime Environment 8.71
21 January 2016

Oracle has released an Update 71 to the Java Runtime Environment 8.

Opera 34.0
21 January 2016

The Opera browser has been updated to Version 34.0.2036.50. This version updates Chromium and improves stability and performance by fixing Turbo.

Foxit Reader 7.3.0
21 January 2016

The free Foxit PDF Reader has been updated to Version 7.3.0.0118. Changes include OneDrive and Google Drive integration, Office 2016 support, word count, time stamps, PDF sign improvements, vertical split view, as well as bug fixes.

Skype 7.18
20 January 2016

A new Version 7.18.0.109 of the communications utility Skype has been released. A change log is not yet available.

Flash Player 20.0
19 January 2016

Adobe has released Version 20.0.0.286 of the Flash Player plugin for browsers. To download the full offline installer, use these links depending upon your browser: Internet Explorer or Firefox or Opera. Use Windows Update to update the built-in Flash Player in IE11 under Windows 8 and 10, and Edge under Windows 10. Update to the latest version of Chrome to update its built-in Flash Player.

Acrobat Reader DC 2015
13 January 2016

Adobe has released a new Version 2015.010.20056 of its free software for viewing PDF documents, now known as Acrobat Reader DC. This update contains security and bug fixes.

Opera 34.0
12 January 2016

The Opera browser has been updated to Version 34.0.2036.47. This version updates Chromium, changes the Turbo icon, and provides bug fixes.

Best wishes,
Randy Knowles

Tags: , ,
comments Comments (0)    -
November 25, 2015 at 11:06 pm

Third Party Program Updates For The Month Of November 2015

adobeflashreaderoutdated

Hello everyone,

Unpatched third party programs will open up your system to malicious attacks. Each month (at a minimum), you should check for third party updates in order to keep your system locked down and secure. Here are the November 2015 updates. Get updated as soon as possible.

Key: 1) Identifier 2) Vendor/Product 3) Product Version Affected 4) Date Released by Vendor 5) Vulnerability Info 6) Severity/Recommendation

APSB15-29
Adobe ColdFusion
ColdFusion 10/11
11/17/2015
Cross Site Scripting
Important: Priority 2/ Upgrade within 30 days

APSB15-28
Adobe Flash
Win/Mac 19.0.0.226 and earlier, Win/Mac ES 18.0.0.255 and earlier
Linux 11.2.202.540 and earlier
11/10/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

APSB15-28
Adobe AIR
Win/Mac 19.0.0.213 and earlier
11/10/2015
Arbitrary Code Execution
Critical: Priority 3/ Upgrade at admin’s discretion

APSB15-31
Adobe Premiere Clip
iOS 1.1.1 and earlier
11/17/2015
Input Validation
Important: Priority 3/ Upgrade at admin’s discretion

APSB-30
Adobe LiveCycle DS
Win/Mac/Linux 4.7, 4.6.2, 4.5, 3.1.x, 3.0.x and earlier
11/17/2015
Request Forgery
Important: Priority 2/ Upgrade within 30 days

46.0.2490.86
Google Chrome
Win/Mac/Linux Before 46.0.2490.86
11/10/2015
Information Disclosure, Security Bypass
Update at admin’s discretion

42/ESR38.4
Mozilla Firefox
42/ESR 38.4
11/3/2015
Denial of Service, Security Bypass, Information Disclosure, Cross Site Scripting, Arbitrary Code Execution
Update after testing

Best wishes,
Randy Knowles

Tags: , ,
comments Comments (0)    -
October 31, 2015 at 9:05 pm

Third Party Program Updates For The Month Of October 2015

vulnerability-distribution-by-product-typeHello everyone,

Third-party applications are the most important source of vulnerabilities with over 80% of the reported vulnerabilities in third-party applications. Operating systems are only responsible for 13% of vulnerabilities and hardware devices for 4%. Please get updated as soon as possible.

Key: 1) Identifier 2) Vendor/Product 3) Product Version Affected 4) Date Released by Vendor 5) Vulnerability Info 6) Severity/Recommendation

APSB15-27
Adobe Flash
Win/Mac 19.0.0.207 and earlier
Linux 11.2.202.535 and earlier
10/16/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

APSB15-24
Adobe Acrobat/Reader
DC 2015.008.20082 and earlier
Classic 2015.006.30060
Desktop XI 11.0.12 and earlier
Desktop X 10.1.15 and earlier
10/13/2015
Arbitrary Code Execution
Critical: Priority 2/ Upgrade within 30 days

12.3.1
Apple iTunes
Before 12.3.1
10/21/2015
Arbitrary Code Execution, Denial of Service
Update as soon as possible

9.0.1
Apple Safari
Before 9.0.1
10/21/2015
Arbitrary Code Execution
Update as soon as possible

46.0.2490.80
Google Chrome
Before 46.0.2490.80
10/22/2015
Denial of Service, Security Bypass, Information Disclosure,
Update as soon as possible

41.0.2
Mozilla Firefox
Before 41.0.2
10/15/2015
Security Bypass, Information Disclosure
Update at admin’s discretion

October CPU
Oracle Java
SE 8u60, SE 7u85, SE 6u101, SE Embedded 8u51
10/23/2015
Arbitrary Code Execution
Update as soon as possible

Best wishes,
Randy Knowles

Tags: , ,
comments Comments (1)    -
September 28, 2015 at 9:47 pm

Third Party Program Updates For The Month Of September 2015

stop bugsHello everyone,

Time to update once again. This month we have three Adobe programs, two browsers, and Apple iTunes. If these programs are not updated, your machine becomes much more vulnerable to malicious attacks.

Key: 1) Identifier 2) Vendor/Product 3) Product Version Affected 4) Date Released by Vendor 5) Vulnerability Info 6) Severity/Recommendation

APSB15-23
Adobe Flash
Win/Mac 18.0.0.232 and earlier
Linux 11.2.202.508 and earlier
9/21/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

APSB15-23
Adobe Air
Win/Mac 18.0.0.199 and earlier
9/21/2015
Arbitrary Code Execution
Critical: Priority 3/ Update at admin’s discretion

APSB15-22
Adobe Shockwave
Win 12.1.9.160 and earlier
9/8/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

12.3
Apple iTunes
Before 12.3
9/16/2015
Arbitrary Code Execution, Denial of Service, Information Disclosure
Update as soon as possible

45.0.2454.101
Google Chrome
Win/Mac/Linux Before 45.0.2454.101
9/24/2015
Denial of Service, Arbitrary Code Execution, Information disclosure, Security Bypass
Update as soon as possible

41/ESR 38.3
Mozilla Firefox
Before 41/ESR 38.3
9/22/2015
Arbitrary Code Execution, Denial of Service, Information Disclosure, Security Bypass, Spoofing
Update as soon as possible

Best wishes,
Randy Knowles

Tags: , ,
comments Comments (1)    -
September 6, 2015 at 9:42 pm

Third Party Program Updates For The Month Of August 2015

update all browsersHello everyone,

Malicious entities are trying to get into your computer in any way that they can. If they can’t find “holes” in the Operating System then they will attack the browsers or any third party program that is used by/in/through the browser. You must keep all browsers and third party (non-Microsoft) programs up to date. Here are the latest updates for the past month of August 2015.

Key: 1) Identifier 2) Vendor/Product 3) Product Version Affected 4) Date Released by Vendor 5) Vulnerability Info 6) Severity/Recommendation

APSB15-19
Adobe Flash
Win/Mac 18.0.0.209 and earlier
ES 13.0.0.309 and earlier
Linux 11.2.202.491 and earlier
8/11/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

APSB15-19
Adobe Air
Win/Mac 18.0.0.180
8/11/2015
Arbitrary Code Execution
Critical: Priority 3/ Update at admin’s discretion

7.7.8
QuickTime
Before 7.7.8
8/20/2015
Arbitrary Code Execution, Denial of Service
Update as soon as possible

8.0.8/7.1.8/6.2.8
Apple Safari
Before 8.08/7.1.8/6.2.8
8/13/2015
Arbitrary Code Execution, Denial of Service, Spoofing, Security Bypass, Information Disclosure
Update as soon as possible

40/ESR38.2
Mozilla Firefox
Before 40/ESR38.2
8/11/2015
Arbitrary Code Execution, Denial of Service, Privilege Escalation, Security Bypass
Update as soon as possible

Best wishes,
Randy Knowles

Tags: , ,
comments Comments (0)    -
August 17, 2015 at 8:43 pm

Third Party Program Updates For The Month Of July 2015

risks-associated-with-third-party-software-2

Hello everyone,

I’m a bit late on this, but here they are: The Third Party Updates For The Month Of July 2015. Get updated as soon as possible!

Key: Identifier, Vendor/Product, Product Version Affected, Date Released by Vendor, Vulnerability Info, Vendor, Severity/Recommendation

APSB15-18
Adobe Flash
Win/Mac 18.0.0.203 and earlier
Win/Mac ESR 13.0.0.302 and earlier
Linux 18.0.0.204 and earlier
7/14/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

APSB15-17
Adobe Shockwave
Win/Mac 12.1.8.158 and earlier
7/14/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

APSB15-15
Adobe Acrobat/Reader
Win/Mac11.0.11 and earlier, 10.1.14 and earlier
7/8/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

APSB15-15
Adobe Acrobat/Reader DC
Win/Mac Continuous 2015.007.20033
Classic 2015.006.30033
7/8/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

7.7.7
Apple Quicktime
Before 7.7.7
6/30/2015
Arbitrary Code Execution, Denial of Service
Update as soon as possible

12.2
iTunes
Before 12.2
6/30/2015
Arbitrary Code Execution, Denial of Service
Update as soon as possible

8.0.7/7.1.7/6.2.7
Safari
Before 8.0.7/7.1.7/6.2.7
6/30/2015
Arbitrary Code Execution, Denial of Service, Cross Site Scripting, Security Bypass,
Update as soon as possible

44.0.2403.107
Google Chrome
Before 44.0.2403.89
7/24/2015
Arbitrary Code Execution, Cross Site Scripting, Denial of Service, Security Bypass, Spoofing,
Update as soon as possible

39/ESR 38.1
Mozilla Firefox
Before 39/ESR 38.1
7/2/2015
Arbitrary Code Execution, Denial of Service, Information Disclosure, Security Bypass, Spoofing
Update as soon as possible

38.1
Mozilla Thunderbird
Before 38.1
7/2/2015
Arbitrary Code Execution, Denial of Service, Security Bypass
Update as soon as possible

July CPU
Java
Before 6u95, 7u80, 8u45
7/17/2015
Arbitrary Code Execution
Update as soon as possible

Best wishes,

Randy Knowles

Tags: , , ,
comments Comments (1)    -
June 26, 2015 at 10:38 pm

My Recipe For Comcast Wireless Success

Comcast modem-routerHello everyone,

I have been getting many comments/questions about Comcast wireless connectivity (see two previous posts here and here). Here is my “quick and dirty” recipe for Comcast wireless sucess:

1) Disable the router function of your Comcast modem/router and get into bridge mode.

2) Connect your Comcast modem (now in bridged mode), to a good 802.11ac router (connect using Cat6 cable). 802.11ac is the most current wireless networking standard. It has taken something good (802.11n), and made it even better. 802.11ac is a faster and more scalable version of 802.11n. It couples the freedom of wireless with the capabilities of Gigabit Ethernet. Another nice thing about 802.11 routers is that you can use open source firmware (DD-WRT, Tomato, OpenWrt). You’ll receive quicker patches (code updates) from these open sources. Awesome!

3) Position your router in a central area of the house/apt./office if possible.

4) Properly configure your 802.11ac router. Here is an example of the basic set-up.

5) If your receiving device is not 802.11ac capable (most new computers, tablets and phones are 802.11ac compatible), don’t worry too much. According to tests performed by SmallNetBuilder.com , 802.11ac routers connecting to 802.11n devices delivered significant wireless improvement. So, you can stay with your 802.11n device or even better, upgrade the receiving device to 802.11ac (wireless NIC, dongle, etc.).

6) Enjoy gigabit wireless speeds!

Best wishes for wireless success,

Randy The Tech Professor

 

Tags: , , , , , ,
comments Comments (4)    -
June 22, 2015 at 9:31 pm

Third Party Program Updates For The Month Of June 2015

Security Vulnerability Disclosures

Hello everyone,

Patch time again everybody! As always Adobe Flash and Adobe Air have many vulnerabilities that could open you up to arbitrary code execution. The updated Google Chrome browser includes an updated version of Flash. Adobe has also patched Photoshop and Bridge this month, which should protect you from possible arbitrary code execution. Below are your June 2015 third party patches. Get updated as soon as possible.

Key: 1) Identifier 2) Vendor/Product 3) Product Version Affected 4) Date Released by Vendor 5) Vulnerability Info 6) Severity/Recommendation

APSB15-11
Adobe Flash
Win/Mac 17.0.0.188 and earlier, Win/Mac ESR 13.0.0.289 and earlier, Linux 11.2.202.460 and earlier
6/9/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

APSB15-11
Adobe Air
Win/Mac 17.0.0.172 and earlier
6/9/2015
Arbitrary Code Execution
Critical: Priority 3/ Upgrade at admin’s discretion

APSB15-12
Adobe Photoshop
Win/Mac Before 16.0 (2015.0.0)
6/16/2015
Arbitrary Code Execution
Critical: Priority 3/ Upgrade at admin’s discretion

APSB15-13
Adobe Bridge
Win/Mac Before 6.11
6/16/2015
Arbitrary Code Execution
Critical: Priority 3/ Upgrade at admin’s discretion

43.0.2357.124
Google Chrome
Win/Mac Before 43.0.2357.124, Linux 43.0.2357.125
6/11/2015
Arbitrary Code Execution (Updated Flash)
Update as soon as possible

Best wishes,
Randy Knowles

Tags: , , ,
comments Comments (3)    -
May 29, 2015 at 10:08 pm

Third Party Program Updates For The Month Of May 2015

adobe flash playerHello everyone,

More patches everyone! As always Adobe Flash and Reader programs are popular targets for drive by downloads and spear phishing attacks. There are patches for Apple Safari, Google Chrome, and Mozilla Firefox which all have potential arbitrary code execution vulnerabilities. Apply these patches if you use these browsers. Finally, apply the patch for Mozilla Thunderbird if this is the email client that is being used.

So, get updated as soon as possible. Here are your May 2015 third party program patches:

Key: 1) Identifier 2) Vendor/Product 3) Product Version Affected 4) Date Released by Vendor 5) Vulnerability Info 6) Severity/Recommendation

APSB15-09
Adobe Flash
Win/Mac 17.0.0.169 and earlier, Win/Mac ESR 13.0.0.281 and earlier, Linux 11.2.202.457 and earlier
5/12/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

APSB15-10
Adobe Reader
Reader/Acrobat 11.0.10 and earlier, Reader/Acrobat 10.1.13 and earlier
5/7/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

8.0.6/7.1.6/6.2.6
Apple Safari
Before Safari 8.0.6/7.1.6/6.2.6
5/6/2015
Arbitrary Code Execution, Denial of Service, Information Disclosure, Spoofing
Update as soon as possible

43.0.2357.65
Google Chrome
Before Chrome 43.0.2357.65
5/19/2015
Arbitrary Code Execution, Denial of Service, Security Bypass
Update as soon as possible

38/ESR.7 31.7
Mozilla Firefox
Before Firefox 38
5/12/2015
Arbitrary Code Execution, Denial of Service, Privilege Escalation, Security Bypass, Information Disclosure
Update as soon as possible

31.7
Mozilla Thunderbird
Before Thunderbird 31.7
5/12/2015
Arbitrary Code Execution, Denial of Service, Privilege Escalation
Update as soon as possible

Best wishes,
Randy The Tech Professor

Tags: , , ,
comments Comments (1)    -
May 1, 2015 at 5:37 pm

Third Party Program Updates For The Month Of April 2015

java exploit

 

Hello everyone,

Vulnerabilities in third party apps are being exploited like never before. The bad guys have turned away from the Microsoft Operating System (patch Tuesday isn’t perfect but is good enough to force the many exploits in 3rd. party programs). The existence of these third party vendors (Adobe, Oracle, Apple, etc.) is not threatened, so they will never perfect a patching strategy the way Microsoft did. Heck, their so called “automatic updates” don’t even work!

So, get updated as soon as possible. Here are your April 2015 third party program patches:

Key: 1) Identifier 2) Vendor/Product 3) Product Version Affected 4) Date Released by Vendor 5) Vulnerability Info 6) Severity/Recommendation

APSB15-06
Adobe Flash Win/MAC
before 17.0.0.169 / ESR 13.0.0.281 Linux before 11.2.202.457
4/14/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

APSB15-07
Adobe ColdFusion
Version 11 before Update 5 Version 10 before update 6
4/14/2015
Cross Site Scripting
Important: Priority 2/ Upgrade within 30 days

APSB15-08
Adobe Flex
4.6 and earlier
4/14/2015
Cross Site Scripting
Important: Priority 3/ Update at the administrator’s discretion

8.0.5/7.1.5/6.2.5
Apple Safari
Before 8.0.5/7.1.5/6.2.5
4/8/2015
Arbitrary Code Execution, Denial of Service, Security Bypass, Information Disclosure
Update as soon as possible

42.0.2311.90
Google Chrome
Before 42.0.2311.90
4/14/2015
Denial of Service, Security bypass, Information Disclosure
Update at admin’s discretion.

37.0.2
Mozilla Firefox
Before 37.0.2
4/20/2015
Arbitrary Code Execution, Denial of Service, Security Bypass, Spoofing
Update as soon as possible

April
CPU Java
Java SE 5.0u81, Java SE 6u91, Java SE 7u76, Java SE 8u40
4/15/2015
Arbitrary Code Execution, Security Bypass
Update as soon as possible

Best wishes,
Randy The Tech Professor

Tags: , ,
comments Comments (6)    -