Highlighted
7 Gold

Updates 5/10/16 - "Microsoft Tuesday", Reader, PaleMoon

DISCLAIMER:  This thread is currently "under construction", and will be edited for the remainder of today.   Please excuse any blank spaces or crossed-out "placeholders" for items expected to be announced.

Today is Microsoft Tuesday --- the SECOND Tuesday of the month --- on which Microsoft is expected to release its monthly cycle of Windows critical/security updates.   Based on previous history, they should become available at 1 P.M. [USA - Eastern Standard Time]

Please use Windows/Automatic Updates to determine which updates are applicable to your particular system.

===================================================

Please note that Microsoft has recently separated-out OFFICE NON-security updates (i.e. bug fixes, or enhancements for modified features) to have a day of its own, the FIRST Tuesday of the month (i.e., last week)... so that should cut-down on the totality of new security updates offered today.
http://windowsitpro.com/microsoft-office/microsoft-adds-patch-day-regular-monthly-update-schedule-of...

http://windowsitpro.com/microsoft-office/welcome-microsoft-office-patch-tuesday-may-2016

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
14 Replies
Highlighted
7 Gold

RE: Updates 5/10/16 - "Microsoft Tuesday"

Adobe has released security updates for Adobe Acrobat and Reader, for Windows.  

These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system:

 

 

Adobe Reader XI, sequential update (starting from any Windows 11.x version) to 11.0.16

https://www.adobe.com/support/downloads/detail.jsp?ftpID=6062

=========================

Remark:   For people using Reader DC (Document Cloud), or other Reader versions for Windows, you can locate your appropriate update here:  https://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

 

For people using Acrobat  for Windows, you can locate your appropriate update here:  http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

============

Documentation will be released as https://helpx.adobe.com/security/products/acrobat/apsb16-14.html

and https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/11/11.0.16.html

 

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
Highlighted
7 Gold

RE: Updates 5/10/16 - "Microsoft Tuesday"

Reminder:  The Adobe Reader/Acrobat updates insist on reactivating several associated StartUp programs (registry entries) that you might have previously disabled.

I've found the most effective way to stop them is to use CCleaner, select Tools / Startup , and then click-on and DISABLE each of the Adobe entries (if present):

Acrotray (Adobe Assistant)

ARM

SpeedLauncher

[ Not sure why, but CCleaner is doing a better job on these Adobe "pests" than WinPatrol.... ]

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
Highlighted
7 Gold

RE: Updates 5/10/16 - "Microsoft Tuesday"

PaleMoon 26.2.2 (2016-05-10) https://www.palemoon.org/releasenotes.shtml

This is mainly a security update.

Changes/fixes:

  • Added a detection routine for dark window colors on Windows 8 and later (system themes using dark window frames) to better adapt to dark system colors. Theme developers can take advantage of this by checking for darkwindowframe="true" on #main-window in CSS selectors.
  • CSS classes prefixed with "--" no longer stop parsing of the selectors.
  • Several crash fixes.

Security fixes:

  • Made GC suppression more aggressive to prevent issues when actually out of memory.
  • Fixed a memory safety hazard in jpeg decoding.
  • Fixed a potentially exploitable crash when using bi-directional text.
  • Updated NSS to 3.19.4.2-PM, fixing CVE-2016-1938 among other things.

--------------------------------------------------------------------------------------------------------

Update via the internal Updater:   Help / About Pale Moon ; or full downloads:

32-bit version https://www.palemoon.org/palemoon-win32.shtml

x64-bit version https://www.palemoon.org/palemoon-win64.shtml

Atom Processor [ Win XP compatible] version https://www.palemoon.org/palemoon-atom.shtml

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
Highlighted
7 Gold

RE: Updates 5/10/16 - "Microsoft Tuesday", Reader, PaleMoon

from https://technet.microsoft.com/library/security/ms16-may

The following 8 updates are rated CRITICAL:

MS16-051 Cumulative Security Update for Internet Explorer (3155533)

MS16-052 Cumulative Security Update for Microsoft Edge (3155538)

MS16-053 Cumulative Security Update for JScript and VBScript (3156764)

MS16-054 Security Update for Microsoft Office (3155544)

MS16-055 Security Update for Microsoft Graphics Component (3156754)

MS16-056 Security Update for Windows Journal (3156761)

MS16-057 Security Update for Windows Shell (3156987)

MS16-064 Security Update for Adobe Flash Player (3157993)   

                  [ This updates Flash (ActiveX) to 21.0.0.241 in Windows 8.1/10 ]   

=================================

The following 8 updates are rated IMPORTANT:

MS16-058 Security Update for Windows IIS (3141083)

MS16-059 Security Update for Windows Media Center (3150220)

MS16-060 Security Update for Windows Kernel (3154846)

MS16-061 Security Update for Microsoft RPC (3155520)

MS16-062 Security Update for Windows Kernel-Mode Drivers (3158222) 

MS16-065 Security Update for .NET Framework (3156757)

MS16-066 Security Update for Virtual Secure Mode (3155451)

MS16-067 Security Update for Volume Manager Driver (3155784) 

 

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
Highlighted
7 Gold

RE: Updates 5/10/16 - "Microsoft Tuesday", Reader, PaleMoon

On this particular Win7x64 SP1 system, I was offered 17 updates (14 Windows [including the MSRT], plus 3 Office) totaling 132 MEG.

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
Highlighted
7 Gold

RE: Updates 5/10/16 - "Microsoft Tuesday", Reader, PaleMoon

WARNING:  The link for this separate download of the MSRT is now pre-checking a box to also download "MSN default homepage & Bing default search engine".    Be sure to uncheck this, unless you really want it!

 

Malicious Software Removal Tool (MSRT, MRT) for May, version 5.36

http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx 

Reminder:   Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
Highlighted
7 Gold

RE: Updates 5/10/16 - "Microsoft Tuesday", Reader, PaleMoon

This month's MSRT adds detection/removal of:

Kovter - "a malware family [that] is well known for being tricky to detect and remove because of its file-less design after infection. They infect your PCs so malware perpetrators can perform click-fraud and install additional malware on your machines. 

It relies on you to run them on your PC by mistake, or visit a hacked or malicious webpage.

They can steal your personal information, download more malware, or give a malicious hacker access to your PC."

and

Win32/Locky - "ransomware [that] can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

This threat uses an infected Microsoft Office file to download the ransomware onto your PC. It can arrive on your PC as spam email attachment, usually as a Word file (.doc)."

 

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
Highlighted
7 Gold

RE: Updates 5/10/16 - "Microsoft Tuesday", Reader, PaleMoon

Kovter is a malware family that is well known for being tricky to detect and remove because of its file-less design after infection.

Kovter carried out this attack campaign using a technique called malvertising, masquerading as a fake Adobe Flash update.

Users from United States are nearly exclusively being targeted, and infected PCs are used to perform click-fraud and install additional malware on your machine.

https://blogs.technet.microsoft.com/mmpc/2016/05/10/large-kovter-digitally-signed-malvertising-campa...

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
Highlighted
4 Ruthenium

RE: Updates 5/10/16 - "Microsoft Tuesday", Reader, PaleMoon

14 MS updates reluctant to download on my Windows 7 machine....and that includes the small definitions update. Will try again tomorrow.

And I am not a robot...I mean....seriously? On every reply...oh my!