Updates 1/14/20 - 'Microsoft Tuesday', Flash, Java

Question

Today is 'Microsoft Tuesday' --- the SECOND Tuesday of the month --- on which Microsoft is expected to release its monthly cycle of Windows security updates. Based on previous history, they should become available at 1 P.M. [USA - Eastern STANDARD Time] ------------------ Please use Windows/Automatic Updates to determine which updates are applicable to your particular system. For more information, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary ----------------- As a reminder, today's updates should be the LAST ones for Windows 7; it then goes 'End-of-Life'  https://www.bleepingcomputer.com/news/microsoft/windows-7-reminder-get-a-free-windows-10-upgrade-while-you-can/

ky331 · Answer

Adobe Flash Player  32.0.0.314 has been released   Direct downloads (no bundled junk) for Windows 7 and earlier [as well as Win 8.1/10 NPAPI & PPAPI ]   Revised installer links located toward bottom of:  https://helpx.adobe.com/flash-player/kb/installation-problems-flash-player-windows.html ) . Internet Explorer -  https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe  . NPAPI/Plugin-based browsers (Firefox, PaleMoon, MyPal &etc) - https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe   . PPAPI/Pepper-Chromium based browsers -https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe  . Uninstaller (if needed) : http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe    ===========   Remark:   The embedded ActiveX Flash for Windows 8.1/10 remains at 32.0.0.255

RoHe · Answer

Windows 10 updates today for v1909:

ky331 · Answer

Oracle Java SE Runtime Environment 8u241https://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

RoHe · Answer

Seems the US NSA found the security hole in Win 10 that was supposedly fixed by today's updates. Microsoft and NSA declined to say when the agency privately notified the company.

The agency shared the vulnerability with Microsoft “quickly and responsibly”, Neal Ziring, technical director of the NSA's cybersecurity directorate, said in a blog post Tuesday.

An advisory sent by NSA on Tuesday said “the consequences of not patching the vulnerability are severe and widespread”.

Microsoft said an attacker could exploit the vulnerability by spoofing a code-signing certificate so it looked like a file came from a trusted source. The company said it has not seen any evidence hackers have used the technique.

Computers will get the fix automatically, if they have the automatic update option turned on. Others can get it manually by going to Windows Update in the computer's settings.

Make sure you get today's updates asap...

Virus & Spyware

Was this post helpful?