Updates 2009-10-13

Hey folks!

Patch Tuesday has come again, including anywhere from three to thirteen updates for Windows and Office. If you haven’t installed these updates already, do so now. These are security updates.
  http://update.microsoft.com/
Please be sure to install all the necessary “optional” updates, which can only be included if you select “Custom” or “view available updates” when the page initially loads.

Yet another critical security vulnerability has been discovered in multiple Adobe products. Exploits are actively being published by malicious websites and are, unfortunately, being promoted through ads and into pages within the “top ten results” on most search engines. If you have ANY Adobe products installed (Adobe Acrobat, Reader, Flash, Shockwave, AIR, or others), you are hereby warned to be *very careful* online and scan your machine often. If it starts to misbehave, or if you are unable to use the updating functionality within any of the programs, you are advised to shut your computer off immediately and seek technical assistance. At least one of these vulnerabilities can be avoided by disabling the Javascript parsing within Adobe Reader (which should be done ANYWAY!), but that will not prevent infection from the other vectors.

Adobe says they “may” release updates to correct this issue today and that they “may” not be able to release patches until next month. In either case, check for updates early and often. Checking on a daily basis until these patches are released does not make you Chicken Little. 🙂

Apple has released quite a few updates this month, including “security, stability and bug fix” updates for:
  Mac OSX 10.6.1
  Patch 2009-005 for all other OSX versions
  iTunes 9.0.1
  QuickTIme 7.6.4
  Various Mac hardware drivers & firmware updates
  iWork 9.0.3
  Logic Express & Pro 9.0.1, and 9.0.2
  Main Stage 2.0.1
  Apple Remote Desktop 3.3
As usual, you can access these updates through the Apple Updater for those applications you have installed, and can access the website below to install additional features and applications:
  http://support.apple.com/downloads/

Trillian released patches for the Yahoo plugin, as well as opening a new beta for the Astra series (4.1). This is a security update. If you are using Trillian you should use the Help, Check for Updates feature to install either the 4.0.118 or 3.1.14 version. Or get it here:
  http://trillian.im/

Skype 4.1.0.179 corrects a security issue within the extras manager, and fixes a freezing bug within the video shortly after video starts to play. If you have Skype installed, install this update before you launch Skype again.
  http://www.skype.com/download/skype/

FileZilla 3.2.8 & FileZilla 3.2.8.1 both came out over the weekend, resolving a couple crash bugs, cosmetic issues and introducing a new method of resuming uploads for certain types of servers. If FileZilla is your FTP client of choice, you can use the internal “Help, Check for Updates” feature, or download the installer here:
  http://filezilla-project.org/download.php?type=client

Notepad++ 5.5.1 fixes some memory leaks, and adds “.txt” to new text documents, among other minor changes. As “simple” text editors go, I’m more and more impressed with Notepad++ each time I explore the features. If you need use Notepad even remotely as often as I do, consider playing with this. It’s a perfectly capable HTML (and many other script) editor, with hundreds of additional features you’ll need – uh – someday. 🙂
  http://notepad-plus.sourceforge.net/uk/site.htm

Google’s browser, Chrome, had another milestone as it released yet another patch for a non-interactive vulnerability. Version 3.0.195.24, update now if you have Chrome installed, corrects this, while the 4.x branch remains in beta.
  http://www.google.com/chrome/

NVidia released the next minor build of their driver platform, Forceware 191.07, with WHQL certification. It’s a large update, but if you’re using any video-intensive games or applications, this could increase performance on your machine, if, of course, you have an NVidia video card.
  http://www.nvidia.com/Download/index.aspx?lang=en-us


Media updates:
Most people only require one or two of the following applications.

Picasa 3.5 was released last week, introducing better image tagging and tag management, as well as what Google describes as “better sync support.” While I wouldn’t rely on most software-based image synchronization tools, Picasa has proven itself within my own toolset, so I do intend to give it a chance. If you’re just now getting into digital photography, this would probably be the best way to go.
  http://picasa.google.com/

CDBurnerXP 4.2.6.1706 was released earlier this month, adding support for additional audio formats and CD-Text. This is not a security update.
  http://cdburnerxp.se/en/download

Vista Codecs 5.4.6 was released, correcting issues with certain AVI subtypes, MKV and patching the Gabests and ffdshow filters. Since it includes the ffdshow patch, it should be considered a security update – but should ONLY be installed if you’re using a previous version of this codec package, or none at all.
  http://shark007.net/

ImgBurn 2.5.0.0 is a free, powerful and quite extensive media burner. While CDBurnerXP supports many of the same features, some things are just simpler in ImgBurn:
  http://www.imgburn.com/index.php?act=download

DVDFab 6.0.7.0 was released a couple weeks ago, primarily performance updates. This is not a security update.
  http://www.dvdfab.com/download.htm

If you don’t trust Apple anymore than I do, you’re probably using QuickTime Alternative – and they’ve released version 3.0.0 this last week. This is an update to the core processing, so it could correct issues you are having with newer quicktime-based files. However, it is not a security update, and since it’s the first release of the 3.x branch, I would be wary of installing it until the first patch is released.
  http://www.filehippo.com/download_quicktime_alternative/


Utility updates:
These are unlikely to be of interest to most people.

Filehippo has released UpdateChecker 1.035, again, touting “internal performance improvements.” Had I not seen and used this myself months ago – and experienced problems with the UpdateChecker program as a result, I’d have a little more faith. The bytes are different, so it could be that they simply mis-labeled something at some point. It seems to be stable enough, now:
  http://www.filehippo.com/updatechecker/

Sun has released VirtualBox 3.0.8.53140, correcting more than thirty issues, though most are things few people would experience. It does include security updates. If you’re using VirtualBox, you should install the update – especially if you’re one of the few that had it stop working on them completely when installing 3.0.6. Oops. 🙂
  http://www.virtualbox.org/wiki/Downloads

I released Syncaid 1.1.0.4 two weeeks ago, introducing several new features and correcting a bug that affected the use of both the “child” and “extract” options simultaneously. New features include “last”, “limit”, “type” as an alias for “extensions”, “assume” is now treated as an array (as are several others). Read more here:
  https://saferpc.info/syncaid/

The SysInternals team has released several updates to their tools package including an important update to Autoruns, and a new feature “Disk2vhd” which enables you to create a virtual machine from the *running* operating system on your computer! This is something that will save me hours of porting machines through various P2V and VM applications. If you have been keeping an older machine around because the new one just doesn’t support one of the applications you “need” to run on it – consider using this tool as an alternative. It’ll save you electricity, space, and frustration.
  http://sysinternals.com/

MyDefrag 4.2.2, yet another defragmentation tool, was released last week. While I normally don’t pay any attention to defragmentation tools anymore (they’re rarely really necessary on newer computers – and can take quite a while to run if you’re using even a significant portion of your newer hard drive), this one really got my attention when I read that it can run as a screen saver. Quite an ingenious use of processing time, while making sure it’s as hands-off as you want it to be.
  http://www.filehippo.com/download_MyDefrag/

MemTest86+ released their first major version, 4.0, in years. This version reduces the time for the first pass, which is often all that is necessary if you suspect bad memory on a machine. It can reduce the detection time from an hour to only a few minutes if RAM is bad, and still provides the “let it run forever” mode to give you the peace of mind that can only be obtained from running memory diagnostics iteratively for several hours and numerous passes.
  http://www.memtest.org/


Web Package Updates
These are likely to be of interest only to web developers.

phpMyAdmin 3.2.2.1 and 2.11.9.6 were released yesterday. These are security releases for an attack that is active and in the wild. If you have phpMyAdmin installed, update NOW:
  http://www.phpmyadmin.net/home_page/downloads.php

eCommerceTemplates 5.8.3 was released for both ASP and PHP, including over 20 updates, several of them directly related to correct processing of payments. You should update immediately to correct validation and potentially failed transaction issues…however, be aware that some users are complaining that this patch is preventing some of their customers from accessing their own profiles. That might be enough to make me wait for 5.8.4. 🙂
  http://www.ecommercetemplates.com/updaters.asp

Whew. Isn’t that enough for now? Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Subscribe To Our Newsletter
Sign up to receive notifications of our new posts.

Leave a Reply

Your email address will not be published.