New SkyDrive Photo Timeline And More!

SkyDrive was already a great application.  Recent additional improvements have made it even better.

The major change that was recently added is Photo Timeline.  Like me, you may have your photos saved in descriptive folders.  However, unless you look at the picture properties, it wasn't easy to locate pictures by date.  Problem solved with the new Sky Drive Photo Timeline!

Viewing the pictures I have saved to SkyDrive, I was surprised to discover that I have pictures from ten (and more) years ago saved.  The example below is of a close friend's cats.  Sadly, they have since crossed Rainbow Bridge but aren't forgotten and my friend now has two other cats.

Additional SkyDrive Improvements 

Photo Timeline isn't the only change to SkyDrive.  According to internal Microsoft tests, changes to both the Desktop SkyDrive app and the server code have resulted in an improvement in upload times for photos by two or three-fold!

Another nice addition is thumbnail view for your Word documents and PowerPoint presentations.  To change to thumbnail view, just click on the icon in the upper right corner.

Finally, full resolution uploads of photos and videos wherever Windows Phone 8 is now available.

See more details and image examples in the SkyDrive blog article linked below.

~   ~   ~   ~   ~   ~

As a SkyDrive Insider, I am excited to share information about SkyDrive.  If you have a question about this post, please leave a comment and I'll do my best to assist.

Learn more about the SkyDrive Insiders program here.

References

• SkyDrive Blog: New SkyDrive photo timeline and uploads 2x faster
• Download SkyDrive Desktop App for Windows
• Download SkyDrive Apps
• SkyDrive Help & How-to 
• SkyDrive Status: https://status.live.com/
   

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Microsoft Security Updates for May 2013

Microsoft released ten (10) bulletins.  Two bulletins are identified as Critical with eight bulletins rated Important.

The bulletins address 33 vulnerabilities in Internet Explorer, Microsoft Windows, Microsoft Office, Server and Tools, and .NET Framework.

MS13-038 addresses the issues in Security Advisory 2847140.

Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.

Bulletin Number	Bulletin Title	Bulletin KB
MS13-037	Cumulative Security Update for Internet Explorer	2829530
MS13-038	Security Update for Internet Explorer	2847204
MS13-039	Vulnerability in Microsoft Windows	2829254
MS13-040	Vulnerabilities in .NET Framework*	2836440
MS13-041	Vulnerability in Microsoft Lync	2834695
MS13-042	Vulnerabilities in Microsoft Office	2830397
MS13-043	Vulnerability in Microsoft Office	2830399
MS13-044	Vulnerability in Microsoft Office	2834692
MS13-045	Vulnerability in Microsoft Windows	2813707
MS13-046	Vulnerabilities in Microsoft Windows	2840221

*If you have had problems with .NET Framework updates in the past, it is advised that you install MS13-040 separately including a shutdown/restart.

Support

The following additional information is provided in the Security Bulletin:

• The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
• Security solutions for IT professionals: TechNet Security Troubleshooting and Support
• Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
• Local support according to your country: International Support

References

• MSRC: Microsoft Customer Protections for May 2013
• TechNet: Microsoft Security Bulletin Summary for May 2013
• Security and Safety Center:  Microsoft security updates for May 2013 
• Tech Net Advisory: Microsoft Security Advisory (2847140): Vulnerability in Internet Explorer Could Allow Remote Code Execution

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Adobe Flash Player Security Update

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

With today's Windows Update, Internet Explorer 10 in Windows 8 and Windows RT is also updated.

Update Information

The newest versions are as follows:

Windows and Macintosh:  11.7.700.202
Linux: 11.2.202.285
Adobe AIR 3.7.0.1860

Release date: May 14, 2013
Vulnerability identifier: APSB13-14
Priority: See table below
CVE number: CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335
Platform: All platforms

Flash Player Update Instructions

Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install Google Drive.

It is recommended that you either use the auto-update mechanism within the product when prompted, or my preference, the direct download links.

• Non-IE (Opera, Firefox, Etc.):  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_plugin.exe
   
• Windows XP, Vista and 7:
  Flash Player For Internet Explorer 7, 8, 9, 10:  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_active_x.exe
  
  Windows 8:
  Flash Player for Internet Explorer 10: Microsoft updated Security Advisory 2755801.  If you do not have Automatic Updates enabled, the Flash Player update can be downloaded from the Download Center at Update for Internet Explorer Flash Player for Windows 8 Release Preview (KB2758994).
  
  
• Flash Player Uninstaller:  http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe

Notes:

• If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
• Uncheck any toolbar offered with Adobe products if not wanted.
• If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
• The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.

Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.   

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

References

• Adobe Priority Ratings
• Adobe Security Advisory: Security updates available for Adobe Flash Player
• AIR Download Center
• PSIRT Blog: Adobe Security Bulletins Posted
• Release Notes:  Flash Player® 11.7 AIR® 3.7

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Adobe Reader and Acrobat Critical Security Update

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.02) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.4 and earlier 9.x versions for Linux.  These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.



Because the vulnerabilities are being exploited in the wild in targeted attacks, it is recommended that users of Adobe Reader and Acrobat apply the update as soon as possible.  These updates address critical vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

Release date: May 14, 2013
Vulnerability identifier: APSB13-15
Priority: See Table Below
CVE number: CVE-2013-2549, CVE-2013-2550, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-2737, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3342
Platform: All

Update or Complete Download

Update checks can be manually activated by choosing Help > Check for Updates.

• Adobe Reader XI (11.0.03) for Windows is available here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.
• Adobe Reader XI (11.0.03) for Macintosh is available here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.
• Adobe Reader 9.5.5. for Linux is available here: ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/.

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Enable "Protected View"

Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

To enable this setting, do the following:

• Click Edit > Preferences > Security (Enhanced) menu. 
• Change the "Off" setting to "All Files".
• Ensure the "Enable Enhanced Security" box is checked. 

Image via Sophos Naked Security Blog

If you are looking for a replacement for Adobe Reader, consider Replacing Adobe Reader with Sumatra PDF.

References

• PSIRT Blog
• Release Notes | Acrobat, Reader
• Security Bulletin
• System Requirements

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Mozilla Firefox 21.0 Released

Mozilla sent Firefox Version 21.0 to the release channel. The current update information does not indicate that security updates are included.  

Update:  The security updates were posted after this was published.  The update includes eight (8) security updates, in which three are critical, four high and one moderate.  The security updates are listed below.  

Fixed in Firefox 21

MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-43 File input control has access to full path
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)

What’s New

• NEW -- The Social API now supports multiple providers
• NEW -- Enhanced three-state UI for Do Not Track (DNT)
• NEW -- Firefox will suggest how to improve your application startup time if needed
• NEW -- Preliminary implementation of Firefox Health Report
• CHANGED -- Ability to restore removed thumbnails on New Tab Page
• CHANGED -- CSS -moz-user-select:none selection changed to improve compatibility with -webkit-user-select:none (bug 816298)
• CHANGED -- Graphics related performance improvements (bug 809821)
• CHANGED -- Removed E4X support from Spidermonkey
• FIXED -- Some function keys may not work when pressed (833719)
• FIXED -- Browsing and Download history clearing needs unification to avoid confusion on clearing download history (847627) 

Known Issues

• Unresolved-- If you try to start Firefox using a locked profile, it will crash (see 573369)
• Unresolved-- Download statusbar add-on continues downloading files from Normal Browsing, when switching to Private Browsing (see 853463)

Update

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

If you do not use the English language version, Fully Localized Versions are available for download.

References

• Common questions after updating Firefox
• Security Updates
• Mozilla Firefox Release Notes
• Bug Fixes 

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Security Bulletin Advance Notice for May 2013

On Tuesday, May 14, 2013, Microsoft is planning to release ten (10) bulletins.  Two bulletins are identified as Critical with eight bulletins rated Important.

The critical bulletins will address vulnerabilities in Microsoft Windows and Internet Explorer. The bulletins rated Important and will address issues in Microsoft Windows, Microsoft Office, Server and Tools, and .NET Framework. 

Microsoft is also working to have the Internet Explorer Security Update address the issue for Internet Explorer 8 as described in Security Advisory 2847140.  This anticipated update will supplement the Fix it solution as detailed yesterday here:  Microsoft FixIt for Security Advisory 2847140.

As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

References

• MSRC Blog:  Advance Notification Service for May 2013 Security Bulletin Release
• TechNet: Microsoft Security Bulletin Advance Notification for May 2013

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Microsoft FixIt for Security Advisory 2847140

Microsoft released a Microsoft Fix it solution for Security Advisory 2847140, which relates to a vulnerability for IE8.

Although it is anticipated that there will be an update included with next week's security updates, anyone with IE8 installed is advised to install the Fix it solution.  The Fix it uses the Windows application compatibility toolkit to make a small change at runtime to mshtml.dll every time IE is loaded. 

Below are the links to both apply and uninstall the Fix it solution: 
 

Apply Fix it	Uninstall Fix it
Microsoft Fix it 50992	Microsoft Fix it 50991

Another option is to install the Enhanced Mitigation Experience Toolkit (EMET), described in the "workarounds" section of the Tech Net Advisory.

If you have Windows Vista or Windows 7 installed, you should have updated to IE9 or IE10.  In the event you haven't, it is strongly advised that you update!

References:

• MSRC: Security Advisory 2798897 released, Certificate Trust List updated
• Tech Net Advisory: Microsoft Security Advisory (2847140): Vulnerability in Internet Explorer Could Allow Remote Code Execution

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More