Updates 2010-09-05

Hey folks!

Microsoft has released a registry changeset that enables Windows PC’s to alter the search order for DLL’s, eliminating the current working directory from the search path. This will very effectively eliminate the vast majority of the vulnerabilities that might be exploited from the current series of errant DLL calls in popular applications. While this specific issue has been known for over a decade, it is only recently that this mehodology has been widely exploited. Using the registry changes at the link below CAN break existing applications, so MAKE A BACKUP! However, the altered behavior really is how DLL’s have been used in most applications for years, so it is unlikely that it will negatively affect your computing environment. Use the “Fix It” at the link below to install or change this behavior.
  http://support.microsoft.com/kb/2264107

MacBook firmware corrects freeze and crash issues. This is not a security update. Use the Apple Updater to install this update.

iWork 9.0.4 fixes several issues, particularly within table formatting and certain other layout issues. This is not a security update. Use the Apple Updater to install this update.

Adobe Shockwave 11.5.8.612 is a security update. If you have Shockwave installed (and you probably do), please update ASAP. This is a security update. Be sure to UNCHECK any optional toolbars and addons both during download AND during installation.
  http://get.adobe.com/shockwave

Silverlight 4.0.50826.0 corrects several stability and performance issues, and a potential security vulnerability when used through RDP. This is a security update. You’ll need to close ALL browsers before installing the update.
  http://www.microsoft.com/getsilverlight/

Time Lost is Never Recovered

I’ve been using a password management tool for about a year now that I truly doubt I could live without. When I initially learned of Roboform, I was very hesitant to even give it a chance. After all, I already have all my passwords recorded, painstakingly, and extremely well organized. And this didn’t allow me to add other information to the records that I might someday need (like the specific email address tied to an account). Nevertheless, I gave it a chance, just in case it really did make my web working any faster. You should too.

I now have over 400 logins stored within Roboform. Website management is greatly eased – instead of having to retype my username (if I can remember it) and password, I’m now using completely (and I mean COMPLETELY) random passwords generated by Roboform, storing the passwords in an encrypted vault and in a free backup online. I can login to any of these sites with literally one click. If I don’t remember the URL for one of the sites I need to access, that information is stored within the ‘login’, as are any other ‘notes’ you wish to include as well.

You can also add other details, contacts, notes, bookmarks, identity profiles and more – all within the same interface. If you are filling out a form online (such as creating an account on a site), it’ll actually prompt you to save the information. The next time you’re back to the site it provides direct access to the stored login you created minutes, or even years before. Click it, you’re logged in. Whew.

That’s all cool, but what if you’re one of us that uses multiple computers and devices. Great! Roboform is cross-platform, works in most browsers (Internet Explorer, Firefox, Chrome and others), works on most mobiles (iPhone, BlackBerry, Windows Mobile, Android and more), and directly within any web browser that supports JavaScript. Yes, seriously. Did I mention it actually synchronizes the data between each device for you? Talk about a time saver!

Check it out!
  https://12pd.com/click?roboform

Yes, there is a free version – and it supports up to ten logins. If you need more than that, the full version is on sale this holiday weekend.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Driver Updates

If you’re using this hardware – these updates are for you.

ATI Catalyst 10.8 adds OpenGL ES 2.0 support, and other performance improvements. This is not a security update.
  http://game.amd.com/us-en/drivers_catalyst.aspx

MS IntelliPoint 8.0.225.0 (MS mouse drivers) is a major version update, but with little along the details. Due to timing, I expect this to be a security update related to the DLL hijacking issues seen prominently today. Treat as a security update.
  http://www.microsoft.com/hardware/download/download.aspx?category=MK

MS IntelliType 8.0.225.0 (MS keyboard drivers) is a major version update. Like IntelliPoint, I expect this to be a security update related to the DLL hijacking issues. Treat as a security update.
  http://www.microsoft.com/hardware/download/download.aspx?category=MK

Email Updates

One or more of these are likely to be of interest to everyone.

Redemption 5.0.0.2174 adds 64-bit support, and a dozen other nifty developer capabilities, such as an onProgress event and account ordering. This is not a security update.
  http://www.dimastr.com/redemption/

Internet Updates

One or more of these are likely to be of interest to everyone.

uTorrent 2.0.4 fixes a DLL hijack exploit, peer exchange exploit, WebUI security issues, adds grouping, and other cosmetic changes. This is a security update.
  http://www.utorrent.com/downloads

Google Earth 5.2 improves embeddable functionality, adds track, multitrack functions, elevation profiles and improves file import capabilities. This is not a security update.
  http://earth.google.com/

Codec Updates

One or more of these are likely to be of interest to everyone.

Win x64 Codec Support 2.6.6 updates included codecs and corrects several bugs. This is likely a fix related to the popular DLL injection security issues going on, so should be treated as a security update. This applies only to 64-bit computers, and requires either the Win7 Codec Package or the Windows Vista Codec package.
  http://shark007.net/x64components.html

Win7 Codec Package 2.6.2 updates included codecs and corrects several bugs. This is likely a fix related to the popular DLL injection security issues going on, so should be treated as a security update. To install the update, you must uninstall and reinstall the application.
  http://shark007.net/win7codecs.html

Media Updates

These are unlikely to be of interest to most people.

iTunes 10.0 is a major version release, and adds several long-awaited features, including Win7 taskbar support (about time!), album grouping, and native media key support. Finally, these features offered in competing products for the last decade grace the “cosmetically” superior iTunes interface. This is a security update. Use the Apple Updater to obtain and install the most recent version.

ImgBurn 2.5.2.0 adds dozens of new features, performance, reliability and cosmetic improvements, including the removal of the ‘forced’ Uniblue marketing, and a couple potential security vulnerabilities. This is a security update.
  http://imgburn.com/index.php?act=download

VLC Media Player 1.1.4 fixes the DLL security issue facing many applications today. This is a security update.
  http://www.videolan.org/vlc/download-windows.html

Google Sketchup 8.0 adds geo-location modeling, color terrain maps, photo-matching, and a Building Maker plugin that helps speed the process of modeling buildings. This is not a security update.
  http://www.sketchup.com/

Security Software Updates

One or more of these is likely to be of interest to most people.

SuperAntiSpyware 4.42.1000 resolves a compatibility issue with McAfee, updates detection libraries. This is not a security update.
  http://www.superantispyware.com/download.html

Utility Updates

These are unlikely to be of interest to most people.

CCleaner 2.35.1223 adds session cleaning, additional browser variants and newer applications, improves include/exclude, startup functionality, and accuracy, as well as other minor changes. This is not a security update.
  http://www.piriform.com/ccleaner

Speccy 1.04.173 adds 64-bit support, multiple-user installation option, improved version detection and better stability on Win7. This is not a security update.
  http://www.piriform.com/speccy

Goodsync & Goodsync2Go 8.3.3.3 adds several options to facilitate cleanup of the archive data, corrects multiple crash bugs, improves performance and adds several additional tracking options. This is not a security update.
  http://www.goodsync.com/download/affs/goodsync-x12pd.exe

GPU-Z 0.4.6 corrects temperature detection, broken BIOS parsing and improves support for various hardware. This is not a security update.
  http://www.techpowerup.com/downloads/SysInfo/GPU-Z/

Web Package Updates

These are likely to be of interest only to web developers.

phpMyAdmin 3.3.6 corrects several minor bugs. This is not a security update.
  http://www.phpmyadmin.net/home_page/news.php
That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Subscribe To Our Newsletter
Sign up to receive notifications of our new posts.
icon

Leave a Reply

Your email address will not be published. Required fields are marked *