Saturday, September 23, 2017

Oracle Java™ Platform, Standard Edition 9 Released

java


Oracle released Java™ Platform, Standard Edition 9, 64-bit only, for Windows 7, Windows 8x, Windows 10 as well as Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016 R and Windows Server 2016 R2.  The update includes security enhancements.

For browser support as well as Linux, Solaris and Mac OS X, see Oracle JDK 9 and JRE 9 Certified System Configurations Contents. Java Version 9 is not compatible with Windows XP or Windows Vista. 

Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.


    Download Information



    Notes:
    • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras". 
    • Verify your versionhttp://www.java.com/en/download/testjava.jsp.

      Note
      :  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

    Critical Patch Updates

    For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
    • 17 October 2017
    • 16 January 2018
    • 17 April 2018
    • 17 July 2018

    "Unwanted Extras"

    Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

    Do the following to suppress the sponsor offers:
    1. Launch the Windows Start menu
    2. Click on Programs
    3. Find the Java program listing
    4. Click Configure Java to launch the Java Control Panel
    5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
    6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
    Java suppress sponsor offers

    Java Security Recommendations

    1)  In the Java Control Panel, at minimum, set the security to high.
    2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

    3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml
     


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Tuesday, September 12, 2017

    Microsoft Security Updates for September, 2017



    The September security release consists of 81 security updates for the following software in which 26 are listed as Critical, 53 are rated Important, and two are Moderate in severity. 
    • Internet Explorer
    • Microsoft Edge
    • Microsoft Windows
    • Microsoft Office and Microsoft Office Services and Web Apps
    • Adobe Flash Player
    • Skype for Business and Lync
    • .NET Framework
    • Microsoft Exchange Server
      The updates address Remote Code Execution, Spoofing, "Defense in Depth", Information Disclosure and Elevation of Privilege. "Defense-in-Depth" is a fix that does not apply to an actively exploitable vulnerability but prevents future vulnerabilities caused by the same code when surrounding code changes expose the problem.

      For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

      A few of the CVEs addressed by Microsoft this month that deserve some extra attention are discussed in Zero Day Initiative — The September 2017 Security Update Review by Dustin Childs.

        Additional Update Notes

        • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
        • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
        • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

        References


          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...





          Adobe Flash Player Critical Security Updates

          Adobe Flashplayer

          Adobe has released Version 27.0.0.130 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

          These updates address vulnerabilities could lead to remote code execution.

          Release date:  September 12, 2017
          Vulnerability identifier: APSB17-28
          CVE Numbers:   CVE-2017-11281, CVE-2017-3106
          Platform: Windows, Macintosh, Linux and Chrome OS

          Update:

          *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

            Verify Installation

            To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

            Do this for each browser installed on your computer.

            To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

            References



            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...