Welcome back, Folks!
Today is Patch Tuesday for July, 2022. You know how you say something like “biggest update series in well over a year” and the next month just blows that out of the water? We’re there now.
This Month in Technology
Advocates, Inc., Aerojet Rocketdyne, Alabama Eye & Cataract, P.C., Alameda Health System, Aloha Laser Vision, Amagasaki, Japan, Amazon Photos, AMD, Anker Eufy, Aon, Aruba Networks Switches, ATC Healthcare, Bangladeshi government, Bank of the West, Baptist Medical Center and Resolute Health Hospital, Bayhealth Medical Center, Inc., BeanVPN, Benefit Plan Administrators, Inc., Bookchor, Bourse des Vols, Capital Economics, Carnival Corporation, Carolina Behavioral Health Alliance, Carolina Eyecare Physicians, LLC, Catholic Health System, Center for Sight, Inc., Central Florida Inpatient Medicine, Charlotte Radiology, Cherry Creek Eye Physicians and Surgeons, P.C., CHRISTUS Spohn Health System Corporation, Cisco Secure Email, Cisco VPN routers, Citrix Application Delivery Management, CoDeSys Automation Software, Community of Hope D.C., Crema Finance, Customer.io, Disneyland’s Facebook and Instagram accounts, DivX SubTitles, Django, DTEK Group, ExpressLRS, Fast Shop, Flagstar Bank, Florida Birth-Related Neurological Injury Compensation Association, Foxhall Ob Gyn Associates, Geographic Solutions, Gol Tours LTD, Grab, Harmony, Hillrom Medical, Honda cars, Hudson Regional Hospital, IBM, Ignitis Group, Indian Flood Monitors, Indian government, thousands of industrial devices, Israeli Defense, Kaiser Foundation Health Plan of Washington, Kaiser Permanente, Kernersville Eye Surgeons, P.C., Khouzestan Steel Company, almost a million Kubernetes clusters, La Poste Mobile, Latvian government, Lithuanian government, Long Vision Center, Macmillan Publishing, Mangatoon, Marriott International, Massachusetts Child and Family Services, Inc., Mattax Neu Prater Eye Center, Inc., MCG Health and Eye Care Leaders, Medical University of Innsbruck, MEGA, Michigan Avenue Immediate Care, Microsoft Azure FabricScape, Microsoft Exchange, Microsoft Windows Domain Servers, Mitel VoIP, New Jersey Health Information Management, Nichirin-Flex U.S.A., North American Spine Society, Norway govt sites, OpenSea, OrthoNebraska, Phelps Care Regional Medical Center, Preferred Hospital Leasing Coleman Inc., Professional Finance Company, Renton School District, Resolute Health Hospital, Rodeo Pharmacy Inc, Shanghai National Police, Sharper Vision P.A., SHI International, Shoprite, Sight Partners Physicians, P.C., Sophos Firewall, Southwest Health Center, St Joseph Heritage Health, Stanford University, Stokes Regional Eye Centers, TB Kawashima, The People Concern, The Vicksburg Clinic, LLC, Tosoh America, Inc., UK Army’s Twitter & YouTube, UNC Lenoir Health Care, University of Pisa, University Pediatric Dentistry, US Bank, Walmart, WellDyneRx, LLC, Wiltshire Farm Foods, Yodel, Yuma Regional Medical Center, and Zimbra reportedly been hacked or compromised this month.
Some vendors, like CafePress, simply don’t care about security – and do their best to conceal when they’re hacked. I contacted them to report when they were hacked back in 2014 and they ignored me. Sigh.
Microsoft 365, Cloudflare, Microsoft Teams, Rogers (it was a big one), and Microsoft Office / OneDrive had widespread outages.
Facebook is collecting the patient data of millions, and is also blocking the link to the Facebook settlement class action website. You think they would have learned.
Attackers are using Google Chrome Extension fingerprinting to uniquely identify you. This method works in any Chromium browser.
Spam is still the #1 method of exploiting users. Whether it is a fake renewal notice, fake copyright complaints, or fake invoice, most spams will include a fake login form or a fake support number. In both cases they depend on the user to actually enter the login details or call the scammer to fall prey to their attacks. Online development environments are even being used for these attacks.
Counterfeit hardware can be far more dangerous than the real thing. Even though some vendors only support their hardware a few years before you have to replace it, counterfeits are never supported and often have malicious implants.
Microsoft has rolled back (temporarily) their decision to block macros by default.
MITRE staff didn’t understand that publishing vulnerable sites, not just vulnerability information was bad, while a HackerOne employee was selling exploits before they were published, and an Amazon employee installed cryptominers on Capital One servers. Adobe is using malware traits to block antivirus software from scanning PDF files. How quickly these organizations can shatter their trust.
Here’s a great example of how a single vulnerability will be used to get far deeper into your network and hardware.
Storing your password directly in the browser is dangerous. Use a password manager.
Now for the good news:
Let’s Get Busy
Now back to our regularly scheduled program.
Patch Tuesday is huge this month. The typical computer should see roughly 3 GB in updates today. Let’s get started.
Microsoft released updates to address 74 vulnerabilities in Azure Site Recovery, Azure Storage Library, DNS Server, Microsoft Defender for Endpoint, Microsoft Edge, Microsoft Graphics Component, Microsoft Lync, Microsoft Office, Open Source Software, Skype for Business, Windows Active Directory, Windows Advanced Local Procedure Call, Windows BitLocker, Windows Boot Manager, Windows Client/Server Runtime Subsystem, Windows Connected Devices Platform Service, Windows Credential Guard, Windows Fast FAT Driver, Windows Fax and Scan Service, Windows Fax Service, Windows Group Policy, Windows Hyper-V, Windows IIS, Windows Kernel, Windows Media, Windows Network File System, Windows Performance Counters, Windows Point-to-Point Tunneling Protocol, Windows Portable Device Enumerator Service, Windows Print Spooler Components, Windows Remote Procedure Call Runtime, Windows Security Account Manager, Windows Server Service, Windows Shell, Windows Storage, XBox, and MSRT (~3 GB). This includes security updates. A reboot is required.
Google Chrome OS 103.0.5060.114 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.
Important Notes
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.
The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com
Driver Updates
If you’re using this hardware – these updates are for you.
AMD Adrenalin 22.6.1 adds support for newer hardware. This is not a security update.
https://www.amd.com/en/support
Crucial Storage Executive 7.12 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive
Display Driver Uninstaller 18.0.5.2 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu
Intel Driver and Support Assistant 22.4.26 improves user interface. This is not a security update.
https://www.intel.com/p/en_US/support/detect
Samsung DeX 2.4.0.29 doesn’t provide a changelog so should be treated as a security update.
https://www.samsung.com/us/apps/dex/
Browser Updates
One or more of these are likely to be of interest to everyone.
Brave 1.41.96 is a security update.
https://brave.com/
SeaMonkey 2.53.13 is a security update.
https://www.seamonkey-project.org/
Google Chrome 103.0.5060.114 is a security update.
https://www.google.com/chrome/
Microsoft Edge 103.0.1264.51 is a security update.
https://www.microsoft.com/en-us/edge/business/download
Firefox 102.0.1 is a security update.
https://www.mozilla.org/en-US/firefox/new/
Firefox ESR 91.11.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/
Vivaldi 5.3.2679.68 is a security update.
https://vivaldi.com/
Email Updates
One or more of these are likely to be of interest to everyone.
OutlookAttachView 3.45 adds a command-line option to control columns in exports. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html
Thunderbird 102.0.2 is a security update.
https://www.thunderbird.net/en-US/
Internet Updates
One or more of these are likely to be of interest to everyone.
curl 7.84.0 resolves over a hundred bugs. This is a security update.
https://curl.haxx.se/windows/
Dropbox 152.4.4880 resolves several bugs. This is not a security update.
https://www.dropbox.com/
Facebook Messenger 153.0.0.19.110 is a security update.
https://www.messenger.com/download
FreeFileSync 11.22 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php
Google Drive 60.0 resolves several bugs. This is not a security update.
https://drive.google.com/start
Nextcloud Server 24.0.2 updates libraries, and resolves over 50 bugs. This is a security update.
https://nextcloud.com/
Npcap 1.70 resolves several bugs. This is not a security update.
https://nmap.org/npcap/
Rclone 1.59.0 adds support for new backends, metadata framework, resolves several bugs, and updates libraries. This is not a security update.
https://rclone.org/
Signal 5.49.0 doesn’t provide a detailed changelog so should be treated as a security update.
https://signal.org/download/windows/
Skype 8.85.0.409 improves their propaganda tools and resolves several bugs. This is not a security update.
https://www.skype.com/
Syncthing 1.20.3 resolves several bugs. This is not a security update.
https://syncthing.net/
Technitium DNS Server 8.1.4 resolves several bugs. This is not a security update.
https://technitium.com/dns/
Telegram 4.0.2 resolves several bugs. This is not a security update.
https://telegram.org/
WinSCP 5.21.2 is a security update.
https://winscp.net/eng/index.php
Zoom 5.11.1.6602 resolves several bugs. This is not a security update.
https://zoom.us/
Media Updates
These are unlikely to be of interest to most people.
3tene 3.0.2 updates libraries and resolves several bugs. This is not a security update.
https://en.3tene.com/
darktable 4.0.0 is a major update. This version improves color space, exposure, contrast controls and hundreds of other features, as well as resolving over 100 issues. This should be treated as a security update.
https://www.darktable.org/
Picard 2.8.2 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/
Plex Desktop 1.48.2.3124 adds option to disable some Discover features, resolves several bugs with Search and Watchlist. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app
Plex Home Theater 1.20.2.3110 resolves a stability bug. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app
Plex Media Server 1.27.2.5929 improves logging, adds support for Musicbrainz tags, and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server
Game Updates
These are unlikely to be of interest to most people.
Epic Games 14.1.2 resolves several bugs. This is not a security update.
https://www.epicgames.com/
GameMaker Studio 2022.6.0.23 adds Feather support, room editor filters, additional extension features, and resolves dozens of bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker
Lego Studio 2.22.6.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd
PlayStation PS5 22.01-05.50.00 resolves several bugs and improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/
PlayStation PS4 9.60 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps4/system-software/
Office Updates
One or more of these are likely to be of interest to most people.
Adobe RoboHelp RH2020.0.8 is a security update.
https://www.adobe.com/support/robohelp/downloads.html
Adobe Acrobat and Reader 22.001.20169, 20.005.30362, and 17.012.30249 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb22-32.html
Adobe Character Animator 22.5 is a security update.
https://www.adobe.com/creativecloud/catalog/desktop.html
Adobe Photoshop 22.5.8 and 23.4.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb22-35.html
Artweaver 7.0.13 resolves several bugs. This is not a security update.
https://www.artweaver.de/
Calibre 6.0 is a major update. This version adds full text search, new hardware support and performance improvements, a new URL scheme, and read-aloud support. It also removed 32-bit support. This is not a security update.
https://calibre-ebook.com/
Gimp 2.10.32 adds HiDPI, high bit-depth and multi-threading support, dark theme, improved color control, masking, and warp. This is not a security update.
https://www.gimp.org/
Kindle for PC 1.37.65274 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc
Nextcloud Desktop 3.5.2 resolves over a dozen bugs. This is not a security update.
https://nextcloud.com/
Notepad++ 8.4.3 adds option to limit search results to one line per file, adds EOL customization, adds new document shortcuts, and resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/
Security Software Updates
One or more of these is likely to be of interest to most people.
Intel CSMEVDT 7.0.2.0 resolves a documentation error. This is not a security update.
https://www.intel.com/content/www/us/en/download/19392/28632/intel-converged-security-and-management-engine-version-detection-tool-intel-csmevdt.html
FSS 2022.6.14 doesn’t provide a changelog so should be treated as a security update.
https://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
Gpg4win 4.0.3 is a security update.
https://www.gpg4win.org/download.html
HTTP Toolkit 1.9.0 improves issue tracking and feedback. This is not a security update.
https://httptoolkit.tech/
MalwareBytes Anti-Malware 4.5.10.200 is a security update.
https://www.malwarebytes.org/antimalware/
OpenSSL (SLP) 3.0.5 is a security update.
https://slproweb.com/products/Win32OpenSSL.html
OpenSSL 1.1.1q is a security update.
https://www.openssl.org/source/
ProtonVPN 2.0.3 resolves several bugs. This is not a security update.
https://protonvpn.com/download
ProtonVPN (macOS) 3.0.1 resolves several bugs. This is not a security update.
https://protonvpn.com/download
SanDisk PrivateAccess 6.3.10 does not provide a changelog so should be considered a security update.
https://kb.sandisk.com/app/answersweb/detailweb/a_id/21996
Tails 5.2 is a security update.
https://tails.boum.org/install/dvd/index.en.html
YARA 4.2.2 is a security update.
https://github.com/VirusTotal/yara/
Capture Updates
These are unlikely to be of interest to most people.
SnagIt 22.1.0 adds several new features, improves performance, and resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/releases/snagit.msi
Converter Updates
These are unlikely to be of interest to most people.
DVDFab 12.0.7.8 adds support for new encodings and resolves several stability bugs. This is not a security update.
https://www.dvdfab.cn/download.htm
iMazing HEIC Converter 2.0.0 doesn’t provide a changelog so should be considered a security update.
https://imazing.com/heic
IsoBuster 5.0 is a major update that adds a 64-bit version, high-DPI scaling, themes, improved media support and resolves several bugs. This is not a security update.
https://www.isobuster.com/download.php
MakeMKV 1.17.0 improves reliability, adds support for new encodings, and resolves several bugs. This is not a security update.
https://www.makemkv.com/download/
Education updates
One or more of these are likely to be of interest to most people.
Zotero 6.0.9 adds PDF rotation and resolves several bugs. This is not a security update.
https://www.zotero.org/
Utility Updates
These are unlikely to be of interest to most people.
1Password for Windows 8.7.3 is a major update adding several new cosmetic and integration improvements, and search and filter options. This is a security update.
https://1password.com/downloads/windows/
1Password for Mac 8.7.3 is a major update adding several new cosmetic and integration improvements, and search and filter options. This is a security update.
https://1password.com/downloads/mac/
7-Zip 22.00 adds support for APFS, pax, adds zone.id, and resolves several bugs. This is not a security update.
https://www.7-zip.org/
8GadgetPack 35.0 improves compatibility, adds keyboard shortcuts, and resolves several bugs. This is not a security update.
https://8gadgetpack.net/
Agent Ransack 2022.3335 adds new columns, improves view state restoration, and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/
CCleaner 6.01.9825 adds support for new apps and resolves several bugs. This is not a security update.
https://www.ccleaner.com/
Dell OS Recovery Tool 2.3.7012.0 doesn’t provide a changelog so should be treated as a security update.
https://www.dell.com/support/home/uk/en/ukbsdt1/drivers/osiso/recoverytool
DesktopOK 9.97 expands toolset. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK
dnGrep 3.0.84.0 adds personalization, search statistics, Excel row numbers, and resolves several bugs. This is not a security update.
https://dngrep.github.io/
dupeGuru 4.3.1 resolves a false duplication detection bug. This should be treated as a security update if you use dupeGuru to remove duplicate files.
https://dupeguru.voltaicideas.net/
FileLocator Pro 2022.3335 adds new columns, improves view state restoration, and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download
Git SCM 2.37.0 resolves several bugs and improves CLI support. This is a security update.
https://git-scm.com/
GoodSync 11.11.5 resolves dozens of bugs. This is a security update.
https://www.goodsync.com/
Intel CPU Diagnostic 4.1.7.39 adds tests for newer hardware, resolves several bugs, and updates components. This is not a security update.
https://www.intel.com/content/www/us/en/download/15951/intel-processor-diagnostic-tool.html
IsMyHdOK 3.66 improves compatibility and SSD/SSHD detection. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK
NTLite 2.3.6.8804 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/
PointerStick 5.88 improves support for virtual desktops and multiple screens. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick
PowerToys 0.60.0 resolves several bugs and improves compatibility. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest
RoboForm 9.3.3 adds (and resolves bugs within) OTP feature, improves search, and resolves several bugs. This is not a security update.
https://www.roboform.com/
Rufus 3.19 adds an option for setup customization, updates drivers, and resolves several bugs. This is not a security update.
https://rufus.ie/en_US/
SearchMyFiles 3.20 adds filename length filter. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html
Synergy 1.14.5 resolves several bugs. This is not a security update.
https://symless.com/synergy/
TeamViewer 15.31.5 improves video experience and adds remote terminal to the Computers & Contacts list. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/
Unity 2022.1.8 updates libraries and resolves dozens of bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive
WhyNotWin11 2.5.0.1 resovles several bugs. This is not a security update.
https://github.com/rcmaehl/WhyNotWin11
WifiInfoView 2.77 improves high-DPI support. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html
ZoomText 2022.2206.7.400 adds languages and resolves several bugs. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText
Developer Updates
These are unlikely to be of interest to most people.
GitHub Desktop 3.0.3 resolves several bugs. This is not a security update.
https://desktop.github.com/
Node.js 18.5.0 is a security update.
https://nodejs.org/en/
Node.js 16.16.0 is a security update.
https://nodejs.org/en/
Node.js 14.20.0 is a security update.
https://nodejs.org/en/
Rustup 1.25.0 adds support for arm64, improved integration and resolves several bugs. This is not a security update.
https://www.rust-lang.org/
Redemption 6.2.0.6122 resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/
SQLite 3.39.0 adds support for right and full outer join, distinct from, and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html
Visual Studio Code 1.69.1 adds 3-way merge, improved command center UI for search, DND mode, and resolves several bugs. This is a security update.
https://code.visualstudio.com/
Web Package Updates
These are likely to be of interest only to web developers.
Drupal 9.3.18 is a security update.
https://drupal.org/download
Drupal 9.4.0 is a security update.
https://drupal.org/download
HumHub 1.11.4 is a security update.
https://www.humhub.com/en/download
Joomla 4.1.5 resolves several bugs. This is the last of the 4.1 series. This is not a security update.
https://www.joomla.org/
jQuery 3.6.0
https://code.jquery.com/
MailEnable 10.40 updates libraries and resolves over a dozen bugs. This is a security update.
https://www.mailenable.com/
Piwigo 12.3.0 resolves several bugs. This is not a security update.
https://piwigo.org/
WordPress 6.0.1 resolves over two dozen bugs. This is not a security update.
https://wordpress.org/
Akismet 4.2.5 resolves a bug. This is not a security update.
https://wordpress.org/extend/plugins/akismet/
Antispam Bee 2.11.1 cleans up code. This is not a security update.
https://wordpress.org/extend/plugins/antispam-bee/
Contact Form 7 5.6 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/
Duplicator 1.4.7 improves compatibility. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers
Interactive World Map 3.2.0 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/interactive-world-map/
Postie 1.9.61 resolves a MIME warning. This is not a security update.
https://wordpress.org/extend/plugins/postie/
NextScripts Social Networks Auto-Poster 4.3.26 is a security update.
https://wordpress.org/extend/plugins/social-networks-auto-poster-facebook-twitter-g/
Slider Revolution 6.5.25 resolves a dozen bugs. This is not a security update.
https://revolution.themepunch.com/
Sucuri Security 1.8.32 is a critical security update.
https://wordpress.org/extend/plugins/sucuri-scanner/
W3 Total Cache 2.2.3 is a security update.
https://wordpress.org/extend/plugins/w3-total-cache/
WooCommerce 6.6.1 resolves dozens of bugs. This is a security update.
https://wordpress.org/extend/plugins/woocommerce/
That’s all for now folks. Keep it clean out there. 😉
Regards,
Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/