Sign In

Post

Aug 28
Foxit Enterprise Reader Version 8.3.2 Released

Foxit Enterprise Reader 8.3.2has been released by Foxit Software.  Foxit Enterprise Reader is a free PDF reader designed to meet the needs of an enterprise.  It is designed to be fully compatible with Adobe Reader and provides full-fidelity viewing of PDF documents.

 

Issues Addressed in Foxit Reader 8.3.2

  • Fixed an issue where Foxit Reader PDF Printer in version 8.3.1 failed to print certain items normally. 
  • Addressed a potential issue where when the application is not running in Safe-Reading-mode, it could be exposed to command injection vulnerability with abusing the app.launchURL JavaScript call to execute a local program. (ZDI-CAN-4724)
  • Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to an Arbitrary File Write vulnerability with abusing the this.saveAs function call to drop a file to the local file system. (ZDI-CAN-4518)
  • Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to an Arbitrary Write vulnerability with abusing the createDataObject function call to create arbitrary executable file in the local file system.
  • Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to command injection vulnerability with abusing the xfa.host.gotoURL function call to open arbitrary executable file. (ZDI-CAN-5030)

 

 

 

Foxit Enterprise Reader is one of the applications that is managed and updated by ODS.  If you are a current customer who has requested Foxit Enterprise Reader, ODS will automatically update your version over the next few days.  The update will install silently.  No user interaction is required.  There are no additional fees or charges for ODS to update your version of Foxit Enterprise Reader. 

 

If you would like assistance managing and deploying Foxit Enterprise Reader for PCs, please contact H Tech Solutions using the URL below.

 

Creative Commons License
H Tech Solutions Blog by Harris Schneiderman is licensed under a Creative Commons Attribution 4.0 International License.
Permissions beyond the scope of this license may be available at http://www.htechsolutions.biz/contact-us
Aug 08
Adobe Flash Player Version 26.0.0.151 Released

A​dobe Flash Player ​version 26.0.0.151 has been released by Adobe Systems.  Adobe Flash Player is a cross-platform browser-based application runtime that is required for viewing of certain applications, content, and videos.

 

Fixed Issues

  • Graphics vector assets are not rendering properly.(FP-4198401).

  • 2.5D rotation is not working as expected on Windows (FP-4198483)

 

Security Updates

Adobe has released security updates for Adobe Flash Player for Windows. These updates address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure.

  • Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows update to Adobe Flash Player 26.0.0.151.
  • Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 26.0.0.151 for Windows.

  • Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 26.0.0.151.

 

Vulnerability Details

 

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Security BypassInformation DisclosureImportantCVE-2017-3085
Type ConfusionRemote Code ExecutionCriticalCVE-2017-3106

 

Adobe Flash Player is one of the applications that is managed and updated by ODS.  If you are a current customer, ODS will automatically update your version of Adobe Flash Player over the next few days.  ODS will deploy both the ActiveX version and the Plugin version.  This ensures that Adobe Flash Player will function with web browsers including Internet Explorer, Firefox, and Chrome.  The update will install silently.  No user interaction is required.  There are no additional fees or charges for ODS to update your version of Adobe Flash Player. 

 

Creative Commons License
H Tech Solutions Blog by Harris Schneiderman is licensed under a Creative Commons Attribution 4.0 International License.
Permissions beyond the scope of this license may be available at http://www.htechsolutions.biz/contact-us
Jul 26
Java Version 8 Update 144 Released

​Java version 8 update 144 has been released by Oracle.  This is the latest version available for users who run Java on their PCs.  Java is a programming language and computing platform.  It is also a software package that runs on more than 850 million personal computers worldwide.  There are lots of applications and websites that will not work properly unless you have Java installed.

 

Bug Fixes

The following table lists the bug fixes included in JDK 8u144 release:

#JBScomponentsubcomponentDescription
1JDK-8184993security‑libsjava.securityJar file verification failing with SecurityException: digest missing xxx

 

Oracle Java SE Executive Summary

This Critical Patch Update contains 32 new security fixes for Oracle Java SE.  28 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

 

If you would like assistance managing and deploying Java for PCs, please contact H Tech Solutions using the URL below.

 

Creative Commons License
H Tech Solutions Blog by Harris Schneiderman is licensed under a Creative Commons Attribution 4.0 International License.
Permissions beyond the scope of this license may be available at http://www.htechsolutions.biz/contact-us
Jul 25
Adobe Will Discontinue Flash Development by 2020

​On Tuesday, July 25th 2017, Adobe announced that that will discontinue development and distribution of Flash by 2020.  The reason is because Flash is now considered legacy technology.  All modern browsers support HTML5.  This makes Flash Player no longer necessary for most websites.

 

In response to this announcement from Adobe, Microsoft has indicated that they will be phasing out Flash from Internet Explorer and Microsoft Edge web browsers.  H Tech Solutions will discontinue support and distribution of Flash in line with Adobe's support policy. 

 

If you need assistance upgrading your browser to support HTML5 and eliminate the need for Adobe Flash Player, please contact H Tech Solutions for a free consultation.

 

Creative Commons License
H Tech Solutions Blog by Harris Schneiderman is licensed under a Creative Commons Attribution 4.0 International License.
Permissions beyond the scope of this license may be available at http://www.htechsolutions.biz/contact-us
Jul 18
Java Version 8 Update 141 Released

Java version 8 update 141 has been released by Oracle.  This is the latest version available for users who run Java on their PCs.  Java is a programming language and computing platform.  It is also a software package that runs on more than 850 million personal computers worldwide.  There are lots of applications and websites that will not work properly unless you have Java installed.

 

Known Issues


deploy/webstart
JAR file validation changes

After upgrading to the JDK July CPU release (8u141/7u151/6u161), when executing Java Webstart applications, customers may encounter an exception like
“java.lang.SecurityException: digest missing for …” that prevents the application from loading.

The issue is observed in signed JAR files whose manifest contains package version information[1] and does not have a trailing "/" in the name of the package (e.g.: Name: org/apache/xml/resolver). While we work towards resolving this issue, in the interim, users can work-around the issue as follows:

NOTE: We recommend use of this workaround only if the distributor of the JAR files can "re-sign" the JAR files.


1. Extract the contents of the signed JAR file (e.g.: jar xf jar-file ).
2. Modify META-INF/MANIFEST.MF file and add a trailing “/” to the name of the package ( e.g.: Name: org/apache/xml/resolver/).
3. Remove the current signature files ( e.g.: rm -f META-INF/*.SF META-INF/*.RSA META-INF/*.DSA ).
4. Recreate the JAR file ( e,g.: jar cfm jar-file META-INF/MANIFEST.MF input-file(s)). 

NOTE: You must use the jar utility. Other jar creation tools might re-introduce the issue.

5. Re-sign the JAR file.

[1] https://docs.oracle.com/javase/8/docs/technotes/guides/versioning/spec/versioning2.html#wp91706

 



Certificate Changes


New Let's Encrypt certificates added to root CAs

One new root certificate has been added:

ISRG Root X1 
alias: letsencryptisrgx1 
DN: CN=ISRG Root X1, O=Internet Security Research Group, C=US
JDK-8177539 (not public)


New Features


security-libs/java.security
Disable SHA-1 TLS Server Certificates

Any TLS server certificate chain containing a SHA-1 certificate (end-entity or intermediate CA) and anchored by a root CA certificate included by default in Oracle's JDK is now blocked by default. TLS Server certificate chains that are anchored by enterprise or private CAs are not affected. Only X.509 certificate chains that are validated by the PKIX implementation of the CertPathValidator and CertPathBuilder APIs and the SunX509 and PKIX implementations of the TrustManagerFactory API are subject to the restrictions. Third-party implementations of these APIs are directly responsible for enforcing their own restrictions.

To implement this restriction and provide more flexibility for configuring your own restrictions, additional features have been added to the jdk.certpath.disabledAlgorithms and jdk.jar.disabledAlgorithms Security Properties in the java.security file, as follows:

  • jdk.certpath.disabledAlgorithms:

    Three new constraints have been added to this Security Property:

    A new constraint named jdkCA, that when set, restricts the algorithm if it is used in a certificate chain that is anchored by a trust anchor that is pre-installed in the JDK cacerts keystore. This condition does not apply to certificate chains that are anchored by other certificates, including those that are subsequently added to the cacerts keystore. Also, note that the restriction does not apply to trust anchor certificates, since they are directly trusted.

    A new constraint named denyAfter, that when set, restricts the algorithm if it is used in a certificate chain after the specified date. The restriction does not apply to trust anchor certificates, since they are directly trusted. Also, code signing certificate chains as used in signed JARs are treated specially as follows:

    • if the certificate chain is used with a signed JAR that is not timestamped, it will be restricted after the specified date

    • if the certificate chain is used with a signed JAR that is timestamped, it will not be restricted if it is timestamped before the specified date. If the JAR is timestamped after the specified date, it will be restricted.

    A new constraint named usage, that when set, restricts the algorithm if it is used in a certificate chain for the specified use(s). Three usages are initially supported: TLSServer for TLS/SSL server certificate chains, TLSClient for TLS/SSL client certificate chains, and SignedJAR for certificate chains used with signed JARs.

Multiple constraints can be combined to constrain an algorithm when delimited by '&'. For example, to disable SHA-1 TLS Server certificate chains that are anchored by pre-installed root CAs, the constraint is "SHA1 jdkCA & usage TLSServer".

  • jdk.jar.disabledAlgorithms:

    A new constraint has been added named denyAfter, that when set, restricts the algorithm if it is used in a signed JAR after the specified date, as follows:

    • if the JAR is not timestamped, it will be restricted (treated as unsigned) after the specified date

    • if the JAR is timestamped, it will not be restricted if it is timestamped before the specified date. If the JAR is timestamped after the specified date, it will be restricted.

    For example, to restrict SHA1 in JAR files signed after January 1st 2018, add the following to the property: "SHA1 denyAfter 2018-01-01". The syntax is the same as the certpath property, however certificate checking will not be performed by this property.




Changes


core-svc/java.lang.management
JMX Diagnostic improvements

com.sun.management.HotSpotDiagnostic::dumpHeap API is modified to throw IllegalArgumentException if the supplied file name does not end with “.hprof” suffix. Existing applications which do not provide a file name ending with the “.hprof” extension will fail with IllegalArgumentException. In that case, applications can either choose to handle the exception or restore old behavior by setting system property 'jdk.management.heapdump.allowAnyFileSuffix' to true.

JDK-8176055 (not public)


security-libs/javax.net.ssl
Custom HostnameVerifier enables SNI extension

Earlier releases of JDK 8 Updates didn't always send the Server Name Indication (SNI) extension in the TLS ClientHello phase if a custom hostname verifier was used. This verifier is set via the setHostnameVerifier(HostnameVerifier v) method in HttpsURLConnection. The fix ensures the Server Name is now sent in the ClientHello body.



xml/jax-ws
Tighter secure checks on processing WSDL files by wsimport tool

The wsimport tool has been changed to disallow DTDs in Web Service descriptions, specifically:

  • DOCTYPE declaration is disallowed in documents
  • External general entities are not included by default
  • External parameter entities are not included by default
  • External DTDs are completely ignored

To restore the previous behavior:

  • Set the System property com.sun.xml.internal.ws.disableXmlSecurity to true
  • Use the wsimport tool command line option –disableXmlSecurity
    NOTE: JDK 7 and JDK 6 support for this option in wsimport will be provided via a Patch release post July CPU
JDK-8182054 (not public)

 

 

Bug Fixes


#JBScomponentsubcomponentDescription
1JDK-8179014client‑libsjava.awtJFileChooser with Windows look and feel crashes on win 10
2JDK-8174729core‑libsjava.lang:reflectRace Condition in java.lang.reflect.WeakCache
3JDK-8165231core‑libsjava.niojava.nio.Bits.unaligned() doesn't return true on ppc
4JDK-8180582core‑libsjava.rmiAfter updating to Java8u131, the bind to rmiregistry is rejected by registryFilter even though registryFilter is set
5JDK-8139870core‑svcjava.lang.managementsun.management.LazyCompositeData.isTypeMatched() fail for composite types with items of ArrayType
6JDK-8174164hotspotcompilerSafePointNode::_replaced_nodes breaks with irreducible loops
7JDK-8165342javafxscenegraphNPE when JavaFX loads default stylesheet or font families if CCL is null
8JDK-8179321javafxwebWebEngine.getDocument().getDocumentURI() no longer returns null for loading a String of HTML
9JDK-8175251security‑libsjava.securityFailed to load RSA private key from pkcs12
10JDK-8176536security‑libsjava.securityImproved algorithm constraints checking
121JDK-8144566security‑libsjavax.net.sslCustom HostnameVerifier disables SNI extension

 

Oracle Java SE Executive Summary

This Critical Patch Update contains 32 new security fixes for Oracle Java SE.  28 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

 

If you would like assistance managing and deploying Java for PCs, please contact H Tech Solutions using the URL below.

 

Creative Commons License
H Tech Solutions Blog by Harris Schneiderman is licensed under a Creative Commons Attribution 4.0 International License.
Permissions beyond the scope of this license may be available at http://www.htechsolutions.biz/contact-us
Jul 15
How to Create an Exchange Connector to Route All Outbound Email Through Office 365

​I recently configured an Exchange hybrid environment for a customer who was running Exchange 2010.  The customer was using a 3rd party mail filtering service to route all outbound email.  The customer wanted to discontinue paying for the 3rd party service and route all outbound email via Office 365.

 

To set up the hybrid environment, I ran the Exchange Hybrid Configuration Wizard (HCW).  The HCW creates an Exchange outbound connector to route all email for your hybrid domain via Office 365.  It also creates inbound and outbound email connectors in Office 365. 

 

By design, the HCW does NOT change all outbound mail flow.  It only affects mail flow for the email domain that is part of the hybrid configuration.  All other outbound email works as it did before running the HCW.  This means that the client was still using their 3rd party mail filtering service.

 

In order to route ALL outbound email via Office 365, I had to do the following:

1) Create a new outbound connector on the Exchange Server

2) Delete the outbound connector that routes email to the 3rd party mail filtering service

3) Delete the outbound connector that was created by the HCW

 

Here are the connector settings required to route all outbound email via Office 365:

 

  • Name   My company to Office 365

  • FQDN   mail.contoso.com

  • SmartHosts   contoso-com.mail.protection.outlook.com

If you want to set this up in your own environment, you will need to replace contoso with the name of your hybrid domain.

 

If you would like to set up a hybrid environment between your Exchange Server and Office 365, please contact H Tech Solutons for assistance.

 

 

Creative Commons License
H Tech Solutions Blog by Harris Schneiderman is licensed under a Creative Commons Attribution 4.0 International License.
Permissions beyond the scope of this license may be available at http://www.htechsolutions.biz/contact-us
Jul 11
Adobe Flash Player Version 26.0.0.137 Released

A​dobe Flash Player ​version 26.0.0.137 has been released by Adobe Systems.  Adobe Flash Player is a cross-platform browser-based application runtime that is required for viewing of certain applications, content, and videos.

 

Fixed Issues

  • FileReference size and creationDate throws IO Error (FP-4198482)

 

Known Issues

  • 2.5D rotation: rotationX and rotationY rendering issues (FP-4198483) 

 

Security Updates

Adobe has released security updates for Adobe Flash Player for Windows. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. 

  • Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows update to Adobe Flash Player 26.0.0.137
  • Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 26.0.0.137 for Windows

  • Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 26.0.0.137.

 

Vulnerability Details

 

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Security BypassInformation DisclosureImportantCVE-2017-3080
Memory CorruptionRemote Code ExecutionCriticalCVE-2017-3099
Memory CorruptionMemory address disclosureImportantCVE-2017-3100

 

 

Adobe Flash Player is one of the applications that is managed and updated by ODS.  If you are a current customer, ODS will automatically update your version of Adobe Flash Player over the next few days.  ODS will deploy both the ActiveX version and the Plugin version.  This ensures that Adobe Flash Player will function with web browsers including Internet Explorer, Firefox, and Chrome.  The update will install silently.  No user interaction is required.  There are no additional fees or charges for ODS to update your version of Adobe Flash Player. 

 

Creative Commons License
H Tech Solutions Blog by Harris Schneiderman is licensed under a Creative Commons Attribution 4.0 International License.
Permissions beyond the scope of this license may be available at http://www.htechsolutions.biz/contact-us
Jul 04
Foxit Enterprise Reader Version 8.3.1 Released

Foxit Enterprise Reader 8.3.1 has been released by Foxit Software.  Foxit Enterprise Reader is a free PDF reader designed to meet the needs of an enterprise.  It is designed to be fully compatible with Adobe Reader and provides full-fidelity viewing of PDF documents.

 

New Feature and Improvements in Foxit Reader 8.3.1

  • Easy and Secure File-sharing
    Provides a plugin to share your file by generating a file link and sending it via email or to social media, under your full control by advanced settings to share content quickly, easily, and securely.

  • Some ease of use enhancements.

 

Issues Addressed in Foxit Reader 8.3.1

  • Fixed some issues that could cause Foxit Reader launch slowly.
  • Fixed some security and stability issues.

 

Vulnerability details

  • Addressed potential issues where the application could be exposed to a Null Pointer Read or Null Pointer Deference vulnerability, which could lead to unexpected crash.
  • Addressed potential issues where the application could still execute JavaScript functions even when the JavaScript Actions in Trust Manager had been disabled.
  • Addressed potential issues where the application could be exposed to Use-After-Free vulnerabilities, which could be exploited by attackers to execute remote code.
  • Addressed potential issues where the application could be exposed to an Out-of-Bounds Read vulnerability, which could lead to information disclosure.
  • Addressed a potential issue where the application could be exposed to an Arbitrary Write vulnerability, which could be leveraged by attackers to execute remote code.
  • Addressed a potential issue where the application could be exposed to a Use-Before-Initialization vulnerability, which could lead to unexpected crash.

 

 

Foxit Enterprise Reader is one of the applications that is managed and updated by ODS.  If you are a current customer who has requested Foxit Enterprise Reader, ODS will automatically update your version over the next few days.  The update will install silently.  No user interaction is required.  There are no additional fees or charges for ODS to update your version of Foxit Enterprise Reader. 

 

If you would like assistance managing and deploying Foxit Enterprise Reader for PCs, please contact H Tech Solutions using the URL below.​

 

Creative Commons License
H Tech Solutions Blog by Harris Schneiderman is licensed under a Creative Commons Attribution 4.0 International License.
Permissions beyond the scope of this license may be available at http://www.htechsolutions.biz/contact-us
Jun 24
How to View Exchange 2010 Connector Settings in ADSI Edit

I recently had to view the Exchange 2010 Connector settings for a customer's server in ADSI Edit.  The reason I had to do this is because not every Exchange connector setting is visible in the Exchange 2010 Admin Center UI.  Some settings can only be viewed in ADSI Edit.

Here are the steps to view Exchange 2010 connector settings in ADSI Edit:

  1. Open ADSI Edit with admin credentials
  2. Open the Configuration Container
  3. Browse the following path:

CN=Configuration

CN=Services

CN=Microsoft Exchange

CN=First Organization

CN=Administrative Groups

CN=Exchange Administrative Group

CN=Routing Groups

CN=Exchange Routing Group

CN=Connections

 

You can view the Exchange 2010 connectors on the right hand side in ADSI Edit.

 

If you need help configuring Exchange connectors to and from Office 365, please contact H Tech Solutions.

 

Creative Commons License
H Tech Solutions Blog by Harris Schneiderman is licensed under a Creative Commons Attribution 4.0 International License.
Permissions beyond the scope of this license may be available at http://www.htechsolutions.biz/contact-us
Jun 16
Adobe Flash Player Version 26.0.0.131 Released

A​dobe Flash Player ​version 26.0.0.131 has been released by Adobe Systems.  Adobe Flash Player is a cross-platform browser-based application runtime that is required for viewing of certain applications, content, and videos.

 

Fixed Issues

  • Buttons can't be clicked in some AS2 content (FP-4198473)

 

Known Issues

  • 2.5D rotation: rotationX and rotationY rendering issues (FP-4198483) 

 

Adobe Flash Player is one of the applications that is managed and updated by ODS.  If you are a current customer, ODS will automatically update your version of Adobe Flash Player over the next few days.  ODS will deploy both the ActiveX version and the Plugin version.  This ensures that Adobe Flash Player will function with web browsers including Internet Explorer, Firefox, and Chrome.  The update will install silently.  No user interaction is required.  There are no additional fees or charges for ODS to update your version of Adobe Flash Player. 

 

Creative Commons License
H Tech Solutions Blog by Harris Schneiderman is licensed under a Creative Commons Attribution 4.0 International License.
Permissions beyond the scope of this license may be available at http://www.htechsolutions.biz/contact-us
1 - 10Next