Including Mac OS X, and applications from Adobe, Oracle, Google, Mozilla, Citrix,. Join us this month as we recap the Microsoft and 3rd Party security patches. Downpour of CVEs, including zero-days and other critical vulnerabilities. A fix for a known Office exploit and a host of patches to tackle the Meltdown.
Alan, Kamil and others, please read the posted question before you start posting answers that have nothing to do with the question. So far it seems the only options are: 1) Buy 3DSMAX. Blender has nothing to do with.max for anyone else like myself and EBR who are trying to convert the large number of *.max models out there to a more widely used format. Is there an fbx file/model viewer for mac free. EBR was asking out.max files, not 3ds or fbx. To Kamil, what you posted makes no sense at all, sorry.
Adobe and Microsoft both on Tuesday released patches to plug critical security vulnerabilities in their products. Microsoft’s patch bundles fix close to 80 separate security problems in various versions of its Windows operating system and related software — including two vulnerabilities that already are being exploited in active attacks.
Adobe’s new version of its Flash Player software tackles two flaws that malware or attackers could use to seize remote control over vulnerable computers with no help from users. Of the two being fixed this week, the one in Microsoft’s ubiquitous.NET Framework is perhaps the most concerning. Despite this flaw being actively exploited, it is somehow labeled by Microsoft as “important” rather than “critical” — the latter being the most dire designation. More than two dozen flaws Microsoft remedied with this patch batch come with a “critical” warning, which means they could be exploited without any assistance from Windows users — save for perhaps browsing to a hacked or malicious Web site. Regular readers here probably recall that I’ve often recommended installing.NET updates separately from any remaining Windows updates, mainly because in past instances in which I’ve experienced problems installing Windows updates, a.NET patch was usually involved. For the most part, Microsoft now bundles all security updates together in one big patch ball for regular home users — no longer letting people choose which patches to install. One exception is patches for the.NET Framework, and I stand by my recommendation to install the patch roll-ups separately, reboot, and then tackle the.NET updates.
Your mileage may vary. Another vulnerability Microsoft fixed addresses “, which is a flaw in the Bluetooth wireless data transmission standard that attackers could use to snarf data from Bluetooth-enabled devices that are physically nearby and with Bluetooth turned on. For more on this month’s Patch Tuesday from Microsoft, check out Microsoft’s, as well as from Ivanti (formerly Shavlik). Adobe’s newest Flash version — v. 126.96.36.199 for Windows, Mac and Linx systems — corrects.
For those of you who still have and want Adobe Flash Player installed in a browser, it’s time to update and/or restart your browser. Windows users who browse the Web with anything other than Internet Explorer may need to apply the Flash patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.). Chrome and IE should auto-install the latest Flash version on browser restart (users may need to manually check for updates and/or restart the browser to get the latest Flash version). Chrome users may need to restart the browser to install or automatically download the latest version. When in doubt, click the vertical three dot icon to the right of the URL bar, select “Help,” then “About Chrome”: If there is an update available, Chrome should install it then.
Chrome will replace that three dot icon with an up-arrow inside of a circle when updates are ready to install). Better yet, consider removing or at least hobbling Flash Player, which is.
Most sites have moved away from requiring Flash, and Adobe itself (albeit not for another long two more years). Windows users can get rid of Flash through the Add/Remove Programs menu, unless they’re using Chrome, which bundles its own version of Flash Player. To get to the Flash settings page, type or cut and paste “chrome://settings/content” into the address bar, and click on the Flash result. After I’d installed the MS patches on my Win7 Ultimate desktop (in batches, holding the.NET for last) and rebooted, everything seemed to go nominally for the remainder of Tuesday, and at the end of the day it shut down normally.
Wednesday morning on boot the “Configuring Windows” screen came up with a 100% indicator and the usual warning not to turn it off, but it seemed to have hung up because that screen stayed unchanged for far too long. Rather than force the issue, I used a laptop (Win10 that had absorbed/processed the previous day’s downloads and installed everything okay) to see what best to do in such circumstances, and was still reading through various options about 15 minutes later when that ‘configuring Windows’ screen finally disappeared and the normal login screen was presented. I logged in without issue and have not seen evidence of any further glitches or odd OS behavior, but it was certainly an unusual pattern for a Patch Tuesday. BLUETOOTH VULNERABILITY AFFECTS ALL MAJOR OS Security researchers from Armis Labs recently published a whitepaper unveiling eight critical 0-day Bluetooth-related vulnerabilities, affecting Linux, Windows, Android and iOS operating systems. These vulnerabilities alone or combined can lead to privileged code execution on a target device. The only requirement is: Bluetooth turned on. No user interaction is necessary to successfully exploit the flaws, the attacker does not need to pair with a target device nor the target device must be paired with some other device.
The research paper, dubbed BlueBorne (what’s a vulnerability, or a bunch, without a cool name nowadays?), details each vulnerability and how it was exploited. BlueBorne is estimated to affect over five billion devices. Some vendors, like Microsoft, have already issued a patch while others, like Samsung, remain silent.
Despite the patches, some devices will never receive a BlueBorne patch since they are outside of their support window. Armis estimates this accounts for around 40% of all Bluetooth enabled devices.
I must give you all a warning that the Armis BlueBorne Scanner Android app is not fully effective at detecting devices around you that may be vulnerable. It can only detect devices that are actively in discover mode. The BlueBorne vulnerability however is able to spread (they claim) to any device that has bluetooth turned on, not just in discover mode.
I have confirmed this scanner cannot detect all bluetooth devices. Here is something I wrote in another forum: I installed this on an unused Motorola that the scanner claims is not vulnerable (my phone is so I didn’t want to use it). After testing out this scanner I do not recommend using it to see if there are vulnerable phones around you.
Because it can only detect phones (or other devices) that are in discover mode. Yet the BlueBorne vulnerability also can attack (or so claimed) devices that are NOT in discovery mode. So this scanner cannot even detect most devices. I can confirm, that I had to put 3 cell phones I posses into discover mode before the Armis scanner even saw them.
Same with my car’s Sync, I had to start a discover session before it was found. Also I went to the cafeteria at work where there were about 25 people and the scanner didn’t detect a single phone. I then took a long way back to my office and the scanner only detected 4 devices: Two bluetooth enabled pedometers, a laptop and one Samsung phone.
Microsoft Tackles Critical Flaws In Office For Mac
November 10, 2010 Microsoft has released the first security update to their suite of productivity applications for Mac, Office 2011. The update fixes critical flaws including issues that could cause Office 2011 applications to stop responding or unexpectedly quit while in use. The update brings the current Office 2011 version to 14.0.1.
To install, be sure to quit any open Microsoft Office 2011 applications, Microsoft Messenger, and Office Notifications as they may interfere with the update process. Users can download the update from Microsoft directly Link Removed due to 404 Error or use the Microsoft AutoUpdate application, included with Microsoft Office 2011.