Updates 11/13/18 - "Microsoft+Adobe" Tuesday, Panda,PaleMoon

Adobe Flash Player  31.0.0.148 has been released

Adobe has released security updates for Adobe Acrobat DC and Reader DC, for Windows.  

 Version 2019.008.20081

Available via the program's internal updater:   Help / Check for Updates ;  alternatively:

For Reader DC (Document Cloud), or other Reader versions for Windows, you can locate your appropriate update here:  https://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

For Acrobat DC for Windows, you can locate your appropriate update here:  http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

Panda Free "Dome" Antivirus 18.06.01

https://www.neowin.net/news/panda-free-antivirus-180601-offline-installer

Pale Moon has been updated to version 28.2.0, a major development release addressing performance, web compatibility, bugfixes, regressions and security vulnerabilities.

Most important changes/fixes:  https://forum.palemoon.org/viewtopic.php?f=1&t=20852

• Fixed a major performance issue with web workers.
• Fixed a rare crash on local networks with HTTP basic auth and unsupported cipher suites.
• Fixed a performance/timer issue when leaving the browser idle.
• Fixed an issue causing an empty dialog when launching executable files from the browser.
• Fixed an issue preventing making entries to disallow sites to store data for off-line use.
• Removed code to prevent extensions with binary components.
• Fixed an issue with common dialogs being sized incorrectly for their content.
• Fixed an issue with event handling on the tab bar that would cause frustrating behavior when trying to open/close tabs in rapid succession.
• Switched default behavior for scrolling when a context or pop-up menu is open to allow scrolling, like in v27. This also affects scrolling in very long menus, e.g. bookmarks.
• Added experimental Asynchronous Panning and Zooming (APZ) for desktop use.
• Re-enabled the use and parsing of ICC v4 color profiles.
• Removed telemetry code from the caching subsystem.
• Improved full-screen detection for suppressing status messages.
• Made all arguments passed to Init*Event() optional except the first for parity with other browsers.
• Cleaned up some internal installer code.
• Fixed making caret width configurable when dealing with CJK characters (regression).
• Fixed drawing of table borders consistently when zooming a page (regression).
• Exposed the "Save download location per site" pref in about:config.
• Improved media handling (ongoing).
• Added experimental support for AV1 in WebM videos (disabled by default).
  Note: this is for WebM only for now, so MP4 and MSE AV1 streams (e.g. YouTube) will not (yet) play.
• Removed the (defunct and incomplete) in-browser translation code.
• Fixed an issue with CSS Grid layouts unnecessarily shrinking element blocks.
• Fixed notification settings menu entry (opes about:permissions with relevant data now).
• Fixed the launching of an undesirable background content process for capturing page thumbnails.
• Fixed a focus issue in the bookmark properties dialog.
• Changed the setting for reporting CSS errors to the console to false by default, to prevent unnecessary performance loss for recording this data.
• Added control mechanisms for Opportunistic Encryption (both for alternative services and upgrade-insecure-requests) in preferences, and disabled this by default due to potential security and privacy issues with this transitional technology.
• Updated the default reported Firefox version in Firefox Compatibility Mode to prevent "too old Firefox" complaints on websites.
• Updated libnestegg, ffvpx, reader view components and several other modules from upstream.
• Implemented security fixes for CVE-2018-12381, CVE-2017-7797, a better fix for CVE-2018-12386 (DiD), CVE-2018-12401 (DiD), CVE-2018-12398, CVE-2018-12392, several Skia bugs, and several crashes and memory safety hazards that do not have a CVE number.

-----------------------------------------------------------------

Update via the internal Updater:   Help / About Pale Moon ; or full downloads:

https://www.palemoon.org/download.shtml

When I clicked the button to download/install today's updates for Win 7 Pro+SP1, 32-bit, I got a box saying:

Windows Malicious Software Removal Tool - November 2018 (KB890830)
Prerelease Version of Service Pack 2 for Microsoft Windows XP Professional, Home, Media Center, or Tablet PC Edition
END-USER LICENSE AGREEMENT FOR PRERELEASE CODE...(followed by whole lot of legalese about ...installing one copy solely to test the Software internally, test the compatibility of your application or other  product(s) that operate in conjunction with the Software,  and to evaluate the Software for the purpose of providing feedback thereon to Microsoft....)

Say what?? What does Windows XP have to do this? I had XP Pro+SP3 on this PC years ago but legally upgraded it to Win 7 Pro that was installed on a brand new HDD, so why does MS think I'd be interested in anything related to XP now??

I canceled that update, but what am I missing about this?? :TongueTied:

Ron,

No idea what's happening there.   XP should be "dead" at this point... at least, in terms of any support... so I can't imagine there being a "Pre-release" of anything XP-based.   Indeed, as you noted, XP had a SP 3... so why would there be a pre-release now of SP 2 ????

I download/run the M(S)RT from the direct link (rather than through Windows Updates), since I like to append the /N parameter on the command line.

@ky331Thanks for the quick response.  I decided to cancel all today's updates and closed WU.  I then went back and had WU search for updates again, and it offered MSRT again along with the others.

When I clicked the update button, I got the same EULA box again so it obviously wasn't just a one-time oopsy on Microsoft's server. But why would they be offered a "prerelease" version of anything via WU, and for XP makes absolutely zero sense ? (I saved the EULA (14 pages!) to a pdf and took a screen shot of the WU page to document what I experienced.)

And I just posted over in the MS forum so I'll update this thread if I hear anything "official" from Redmond.

Ron,

I can now confirm what you said... getting the same message on Win7 systems when I try to run the MSRT from Windows Update.

If I UN-select MSRT, I can then install the remaining updates without getting that message.

And I can download/run MSRT from the direct link I cited above, without getting any strange message.

Thanks for that feedback. Is your Win 7 PC 32- or 64-bit?

I unselected the Nov. MSRT update and successfully installed all the other updates on my Win 7 PC (32-bit) last night without any strange messages. Just haven't gotten around to installing MSRT from the direct link.

My thread about this issues in the MS forum has gotten 17 "Have the same question" clicks but no posts from any MVPs, MS engineers or anyone else.  The silence is deafening! :Stickouttongue:

And for the record, my Win 10 (1803; 64-bit) lappy installed all its updates including Nov. MSRT last night without any strange messages.

Ron wrote:

When the quick scan finished, the progress box said "Files infected: 7" but the summary box (and the log file) said "No infection found" and all the malware items listed said "not infected".

I didn't take note of it this time... but yes, I've encountered that in the past.   If memory serves me, I read somewhere that this is normal... probably indicates that the scan encountered a few "suspicious" files, that required deeper analysis... and upon doing so, concluded they were in fact clean.

Suddenly got a bunch of responses from other users on the MS forum with the same XP SP2 EULA issue when trying to install MSRT through Windows Update.  And there's a second thread about the same thing on the MS forum and one on another forum too. Misery loves company! :Wink:

As for the 7 "infected" files MSRT claimed to have found on my PC, it appears MSRT ends up ignoring those files and doesn't submit them to the MS server for verification because they aren't on the list of infections it's searching for. Sure would be good if MSRT listed those suspicious files so the user could investigate, even if they're false positives.

Ran full scans with Malwarebytes, SuperAntiSpyware and MSE overnight. SAS found one tracking cookie and promptly ate it, but nothing else was found by any of them. So I guess this PC is clean...

Just to add that I have religiously used and run MSRT, from both WU and from the standalone download site, since its inception years ago. It has never detected anything on any of my systems. I never bothered to use the /N switch, and never regretted this practice.

Tonight for the first time I ran a full on-demand MSRT scan, which took a few hours. The only thing it detected was a trace remnant of an EICAR test file.

Just an FYI. As always, YMMV.

(post removed intentionally)