Your daily technology class with Professor Randy!!

Randy The Tech Professor

May 29th, 2015 at 10:08 pm

Third Party Program Updates For The Month Of May 2015

adobe flash playerHello everyone,

More patches everyone! As always Adobe Flash and Reader programs are popular targets for drive by downloads and spear phishing attacks. There are patches for Apple Safari, Google Chrome, and Mozilla Firefox which all have potential arbitrary code execution vulnerabilities. Apply these patches if you use these browsers. Finally, apply the patch for Mozilla Thunderbird if this is the email client that is being used.

So, get updated as soon as possible. Here are your May 2015 third party program patches:

Key: 1) Identifier 2) Vendor/Product 3) Product Version Affected 4) Date Released by Vendor 5) Vulnerability Info 6) Severity/Recommendation

APSB15-09
Adobe Flash
Win/Mac 17.0.0.169 and earlier, Win/Mac ESR 13.0.0.281 and earlier, Linux 11.2.202.457 and earlier
5/12/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

APSB15-10
Adobe Reader
Reader/Acrobat 11.0.10 and earlier, Reader/Acrobat 10.1.13 and earlier
5/7/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

8.0.6/7.1.6/6.2.6
Apple Safari
Before Safari 8.0.6/7.1.6/6.2.6
5/6/2015
Arbitrary Code Execution, Denial of Service, Information Disclosure, Spoofing
Update as soon as possible

43.0.2357.65
Google Chrome
Before Chrome 43.0.2357.65
5/19/2015
Arbitrary Code Execution, Denial of Service, Security Bypass
Update as soon as possible

38/ESR.7 31.7
Mozilla Firefox
Before Firefox 38
5/12/2015
Arbitrary Code Execution, Denial of Service, Privilege Escalation, Security Bypass, Information Disclosure
Update as soon as possible

31.7
Mozilla Thunderbird
Before Thunderbird 31.7
5/12/2015
Arbitrary Code Execution, Denial of Service, Privilege Escalation
Update as soon as possible

Best wishes,
Randy The Tech Professor

Tags: , , ,
comments Comments (1)    -
May 1st, 2015 at 5:37 pm

Third Party Program Updates For The Month Of April 2015

java exploit

 

Hello everyone,

Vulnerabilities in third party apps are being exploited like never before. The bad guys have turned away from the Microsoft Operating System (patch Tuesday isn’t perfect but is good enough to force the many exploits in 3rd. party programs). The existence of these third party vendors (Adobe, Oracle, Apple, etc.) is not threatened, so they will never perfect a patching strategy the way Microsoft did. Heck, their so called “automatic updates” don’t even work!

So, get updated as soon as possible. Here are your April 2015 third party program patches:

Key: 1) Identifier 2) Vendor/Product 3) Product Version Affected 4) Date Released by Vendor 5) Vulnerability Info 6) Severity/Recommendation

APSB15-06
Adobe Flash Win/MAC
before 17.0.0.169 / ESR 13.0.0.281 Linux before 11.2.202.457
4/14/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

APSB15-07
Adobe ColdFusion
Version 11 before Update 5 Version 10 before update 6
4/14/2015
Cross Site Scripting
Important: Priority 2/ Upgrade within 30 days

APSB15-08
Adobe Flex
4.6 and earlier
4/14/2015
Cross Site Scripting
Important: Priority 3/ Update at the administrator’s discretion

8.0.5/7.1.5/6.2.5
Apple Safari
Before 8.0.5/7.1.5/6.2.5
4/8/2015
Arbitrary Code Execution, Denial of Service, Security Bypass, Information Disclosure
Update as soon as possible

42.0.2311.90
Google Chrome
Before 42.0.2311.90
4/14/2015
Denial of Service, Security bypass, Information Disclosure
Update at admin’s discretion.

37.0.2
Mozilla Firefox
Before 37.0.2
4/20/2015
Arbitrary Code Execution, Denial of Service, Security Bypass, Spoofing
Update as soon as possible

April
CPU Java
Java SE 5.0u81, Java SE 6u91, Java SE 7u76, Java SE 8u40
4/15/2015
Arbitrary Code Execution, Security Bypass
Update as soon as possible

Best wishes,
Randy The Tech Professor

Tags: , ,
comments Comments (6)    -
April 5th, 2015 at 12:00 am

My 2015 Easter Belief In Video And Song

Hello everyone,

This video and song express what I believe to be the true meaning of Easter. Enjoy the day!

Professor Randy quotes Clarence W. Hall: “Easter says you can put truth in a grave, but it won’t stay there.”

Tags:
comments Comments (0)    -
April 3rd, 2015 at 8:09 pm

Third Party Program Updates For The Month Of March 2015

patch 3rd. party softwareHello everyone,

Adobe Flash had a critical update (arbitrary code execution) for the month of March. All of the browsers listed below had multiple vulnerabilities (all arbitrary code executions except for Chrome) that were fixed. This post takes into consideration updates as of about a week ago – there may have been even more recent updates since then. Get updated as soon as possible.

1)Identifier
2)Vendor/Product
3)Product Version Affected
4)Date Released by Vendor
5)Vulnerability Info
6)Severity / Recommendation

APSB15-05
Adobe Flash
Win/MAC 16.0.0.30 and earlierLinux11.2.202.44 And earlier
3/12/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

41.0.2272.101
Google Chrome
Win/Mac/Linux before 41.0.2272.101
3/19/2015
Denial of Service, Security Bypass, Information Disclosure,
Update at admin’s discretion.

36.0.4/ESR 31.5.3
Mozilla Firefox
Before 36.0.4/31.5.3
3/20/2015
Arbitrary Code Execution, Privilege Escalation
Update as soon as possible

2.33.1
Mozilla SeaMonkey
Before 2.33.1
3/20/2015
Arbitrary Code Execution, Privilege Escalation
Update as soon as possible

8.0.4/7.1.4/6.2.4
Apple Safari
Before 8.0.4/7.1.4/6.2.4
3/17/2015
Arbitrary Code Execution, Denial of Service,
Update as soon as possible

Best wishes,
Randy Knowles

Tags: , ,
comments Comments (3)    -
February 28th, 2015 at 1:19 pm

How I Fixed: “Windows cannot be installed to this disk…..”

Windows cannot be installed...

Hello everyone,

A client gave me a Dell 660s Windows 8.1 desktop that would not boot. It was stuck in an automatic repair loop, but nothing was being repaired.
Just for good measure, I installed a new SATA hard drive and I was set to reinstall the 8.1 operating system. Piece of cake right?
Not quite. Every time that I attempted to clean install Windows 8 these messages appeared:

Windows cannot be installed to this disk.
This computers hardware may not support booting to this disk.
Ensure that the disk’s controller is enabled in the computers BIOS menu.

Here is how I solved the problem:

1) I went into the Dell BIOS (at the Dell logo during restart, tap the <F2> key repeatedly).

2) I disabled UEFI Secure Boot

3) I disabled Fast Startup

4) I changed the Boot Mode from UEFI to Legacy

5) And finally the clincher (in my case): I changed the SATA mode from AHCI to ATA

I booted the machine back up with the Windows 8 installation disk in the CD/DVD drive and the Windows 8 operating system installed as it should. Success!

Best wishes,
Randy The Tech Professor

Tags: , , , , ,
comments Comments (0)    -
February 26th, 2015 at 6:33 pm

Third Party Program Updates For The Month Of February 2015

most-common-to-patch

Hello everyone,

It’s just not enough to keep your Operating System patched. Many malicious exploits are finding entrance into your machine through third party programs. Below are the February 2015 third party patches. I recommend removing local admin rights on your computer (#4 here) to lower the risk of being bit by software like Adobe, Chrome, and Firefox. Get updated/patched as soon as possible!

Key: 1)Identifier 2)Vendor/Product Version Affected 3)Date Released by Vendor 4)Vulnerability Info. 5)Vendor Severity/Recommendation

APSB15-04
Adobe Flash Win/MAC before 16.0.0.305, Linux before 11.2.202.442
2/19/2015
Arbitrary Code Execution Critical: Priority 1
Upgrade within 72 hours

40.0.2214.115
Google Chrome Win/Mac/Linux before 40.0.2214.115
2/19/2015
Privilege Escalation, Denial of Service, Security Bypass,
Update after testing

35
Mozilla Firefox Before 34
2/5/2015
Arbitrary Code Execution,
Denial of Service
Update after testing

Best wishes,
Randy The Tech Professor

Tags: , ,
comments Comments (4)    -
January 26th, 2015 at 10:05 pm

Third Party Program Updates For The Month Of January 2015

adobe flash

 

Hello everyone,

It’s just not enough to keep your Operating System patched. Most malicious exploits are finding entrance into your machine through third party programs. Below are the January 2015 third party patches. Get updated as soon as possible!

Key: 1) Identifier 2) Vendor/Product 3) Product Version Affected 4) Date Released by Vendor 5) Vulnerability Info 6) Severity/Recommendation

APSB15-01
Adobe Flash
Win/Mac before 16.0.0.257
1/13/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours

APSB15-01
Adobe Air
Win/Mac before 16.0.0.245
1/13/2015
Arbitrary Code Execution
Critical: Priority 3/ Upgrade at administrators discretion

APSB15-02
Adobe Flash
Win/Mac before 16.0.0.287, Linux before 11.2.202.438
1/22/2015
Security Bypass
Update as soon as possible

Oracle CPU January 2015
Java
Java SE 5.0u75, Java SE 6u85, Java SE 7u72, Java SE 8u25
1/20/2015
Arbitrary Code Execution
Update as soon as possible

40.0.2214.91
Google Chrome
Win/Mac/Linux before 40.0.2214.91
1/21/2015
Denial of Service, Spoofing, Security Bypass,
Update after testing

35/ESR 31.4
Mozilla Firefox
Before 35/ESR 31.4
1/13/2015
Arbitrary Code Execution, Privilege Escalation, Security Bypass, Denial of Service, Cross-Site Request Forgery, Data Leak
Update after testing

2.32
Mozilla Seamonkey
Before 2.32
1/13/2015
Privilege Escalation, Security Bypass, Denial of Service, Cross-Site Request Forgery, Data Leak
Update after testing

31.4
Mozilla Thunderbird
Before 31.4
1/13/2015
Security Bypass, Cross-Site Request Forgery
Update after testing

Best wishes,
Randy The Tech Professor

 

Tags: , ,
comments Comments (7)    -
December 23rd, 2014 at 10:29 pm

Third Party Program Updates For December 2014

patch third party programsHello everyone,

There is nothing quite like a securely patched machine. Windows does a good job patching their Operating System but you must also keep up to date with all non-Microsoft programs. Below are the critical third party updates for the month of December 2014. Get updated as soon as possible to avoid opening up your system to malicious intruders.

APSB14-29 Adobe ColdFusion: 10/11 12/9/2014 Denial of Service Important: Priority 2/ Upgrade within 30 days

APSB14-28 Adobe Reader: 11.0.09 and earlier, Acrobat: 10.1.12 and earlier 12/4/2014 Arbitrary Code Execution Critical: Priority 1/ Upgrade within 72 hours

APSB14-27 Adobe Flash Player: Windows 15.0.0.242 and earlier, Mac 13.0.0258 and earlier, Linux 11.2.202.424 and earlier 12/9/2014 Arbitrary Code Execution Critical:Priority 1/ Upgrade within 72 hours

8.0.1/7.1.1/ 6.2.1 Apple Safari Browser: Before 8.0.2, 7.1.2, and 6.2.2 12/11/2014 Security Bypass Upgrade at admin’s discretion

39.0.2171.95 Google Chrome: Before 39.0.2171.95 12/9/2014 Update for Adobe Flash Upgrade within 72 hours

34/ESR 31.3 Mozilla Firefox: Before  34/ESR 31.3 12/2/2014 Arbitrary Code Execution, Denial of Service, Information Disclosure Upgrade at admin’s discretion

31.3 Mozilla Thunderbird: Before 31.3 12/2/2014 Arbitrary Code Execution, Denial of Service, Information Disclosure Upgrade at admin’s discretion

2.31 SeaMonkey: Before 2.31 12/2/2014 Arbitrary Code Execution, Denial of Service, Information Disclosure Upgrade at admin’s discretion

Merry Christmas,

Randy The Tech Professor

Tags: , ,
comments Comments (1)    -
December 3rd, 2014 at 9:54 pm

Third Party Program Updates For The Month Of November 2014

third party patches

Hello everyone,

Only three non-Microsoft updates this month (November 2014), but all critical. The Adobe patch fixes 18 vulnerabilities that include arbitrary code execution vulnerabilities. Google released an update to Chrome that fixes several denial of service vulnerabilities and this patch should be applied as soon as possible.

APSB14-24
Adobe Flash
Win/Mac 15.0.0.189 and earlier
Linux 11.2.202.411 and earlier
11/11/2014
Arbitrary Code Execution, Denial of Service
Critical: Priority 1/ Upgrade within 72 hours

APSB14-24
Adobe Air
15.0.0.293 and earlier
11/11/2014
Arbitrary Code Execution, Denial of Service
Critical: Priority 3/ Upgrade at admins discretion

39.0.2171.65
Google Chrome
Before 39.0.2171.65
11/18/2014
Denial of Service, Security Bypass
Upgrade at admins discretion

Best wishes,
Randy The Tech Professor

Tags: , , ,
comments Comments (0)    -
October 27th, 2014 at 9:03 pm

Third Party Program Updates For The Month Of October 2014

patch 3rd. party softwareHello everyone,

Microsoft Windows Update does a good job of keeping your Operating System up to date, but what about those third party programs? Here are the October 2014 third party program patches. Get updated as soon as possible.

Identifier Vendor/Product Product Version Affected/ Date Released by Vendor/ Vulnerability Info/ Vendor Severity / Recommendation

APSB14-22 Adobe Flash Player Win/Mac 15.0.0.167 and earlier 13.0.0.244 and earlier 13.x Linux 11.2.202.406 and earlier 10/14/2014 Arbitrary Code Execution Critical: Priority 1/ Upgrade within 72 hours

APSB14-22 Adobe Air Win  15.0.0.249 and earlier 10/14/2014 Arbitrary Code Execution Critical: Priority 3/ Upgrade at admins discretion

APSB14-23 Adobe ColdFusion ColdFusion 11, 10, 9.0.2, 9.0.1 and 9.0 10/14/2014 Security Bypass, Cross Site Scripting Important: Priority 2/ Upgrade within 30 days

12.0.1 Apple iTunes Before 12.0.1 10/16/2014 Arbitrary Code Execution, Denial of Service Recommended: Upgrade after testing

7.7.6 Apple QuickTime Before 7.7.6 10/22/2014 Arbitrary Code Execution, Denial of Service Recommended: Upgrade after testing

38.0.2125.104 Google Chrome Win/Mac/Linux Before 38.0.2125.104 10/14/2014 Denial of Service, Information Disclosure, Security Bypass Upgrade at admin’s discretion

33/ESR 31.2 Mozilla Firefox Before 33/ESR 31.2 10/14/2014 Arbitrary Code Execution, Information Disclosure, Security Bypass, Denial of Service Recommended: Upgrade after testing

31.2 Mozilla Thunderbird Before 31.2 10/14/2014 Arbitrary Code Execution, Information Disclosure, Security Bypass, Denial of Service Recommended: Upgrade after testing

October CPU Java Java SE 6u81, Java SE 7u67, Java SE 8u20, Java SE Embedded 7u60 10/47/2014 Arbitrary Code Execution Recommended: Upgrade after testing

Best wishes,

Randy The Tech Professor

 

 

Tags: , ,
comments Comments (1)    -