Updates 2023-02-14

Posted on February 14, 2023 by Shawn K. Hall

Happy Valentine’s Day, Folks!

Today is Patch Tuesday for February, 2023.

There are a whopping 150+ major hacks and 200+ application updates this month. It’s a big one, with about 6 GB of updates for most users. Microsoft is also pushing out Windows 22H2 (Win10 and Win11) for all supported devices. If you’re not already on the latest builds, expect to be “upgraded” automatically in the coming days.

This Month in Technology

1020 South Main Street Operations LLC, 1st Franklin Financial Corporation Master Welfare Benefit Plan, 225 Evergreen Road Operations LLC, 90 Degree Benefits, Inc., A10 Networks, Aflac, Alkomprar Technology, AmerisourceBergen, an unnamed medical research company, Arizona Health Advantage, Inc., Arnold Clark, Aspire Surgical, Atlassian’s Jira Service Management Server and Data Center, Audifarma, Autotrader, Bahrain’s international airport, Benefit Administrative Systems, LLC, BonqDAO, Brazilian Government, British PM Stewart McDonald, Cacti, Cardiovascular Associates, Casa Ley, Cedar Oaks Surgery Center, Centro Médico Virgen De La Caridad, CircleCi, Cisco IOx, City Council of Durango, City of London, City of Oakland, Community Health Systems, CommuteAir – exposing the TSA no-fly list, Control Web Panel, Costa Rica’s Ministry of Public Works and Transport, Court of Justice of the State of Pará, Datadog, Diligent Corp, DNV (impacting over 1000 ships worldwide), DotHouse Health Incorporated, DPP II, LLC, Dr. Keith Rundle & Dr. Herman Rundle, Edmonds School District, Eurostar, Exclu, FortiOS SSL-VPN, General Treasury of the Republic of Chile, Git, GitHub Atom, GitHub Desktop, GoAnywhere MFT, 130 organizations using GoAnywhere, Google Fi, GoTo, Grand Theft Auto (GTA) Online, Harmony Horizon, Health Plan of San Mateo, Heritage Provider Network, Hive, Home Care Providers of Texas, Howard Memorial Hospital, Indigo Books & Music, Instituto Federal Do Pará, Intelligent Business Solutions, ION Group, iOS, IT Servicios, Italy, Jackson & Joyce Family Dentistry, JD Sports, Jefferson County Health Center, KeePass, KomplettFritid, Kroger, LastPass, League of Legends, LearnPress, Lexmark firmware, LimeVPN, Liquor Control Board of Ontario, Los Angeles Unified School District, Luaces Asesores, Lutheran Social Services of Illinois, macOS, MailChimp, Maternal and Family Health Services, Microsoft-Verified OAuth Apps, a Midwest specialty medical care clinic, Mindpath Health, Minuteman Senior Services, MKS Instruments, Morgan Hill Unified School District, multiple federal civilian executive branch (FCEB) agencies, Namecheap, Nantucket, Massachusetts, Nissan North America, Norton LifeLock (including their password manager), ODIN Intelligence, One Brooklyn Health System, Packman anti-cheat software, PayPal, Pennsburg Manor, PeopleConnect (TruthFinder and Instant Checkmate), Pepsi, Pharma Gestao, Pitt Meadows School District 42, Planet Ice, Politriz, Puma, QNAP NAS, Qualys, Quintana Roo Attorney General’s Office, Qulliq Energy Corporation, Reddit, Regal Medical Group, Rise Interactive Media & Analytics, LLC, Rostelecom, Royal Mail, Rundle Eye Care, Samsung Galaxy App Store, San Francisco Transit Police, Seguros Equinoccial S.A, Sharp HealthCare, Shell, Sistema Integral De Control Alimentario, Skyview Networks, Solaris, Southeast Colorado Hospital District, St. Rose Hospital, Stanford Medicine, Stroke Scan Inc, T-Mobile, Tallahassee Memorial HealthCare, Technion – Israel Institute of Technology, Teijin Automotive Technologies Welfare Plan, The Guardian, Ticketmaster, Toyota’s GSPIMS, Tucson, Arizona, Ukrainian Computer Emergency Response Team, Ukrinform, University of California, University of Colorado Hospital Authority, University of Colorado, University of Duisburg-Essen, University of Maryland Baltimore, University of Miami, UScellular, VMware OpenSLP, VMware vRealize Log Insight, Weee!, Yum! Brands, Zacks Investment Research, and Zurich have reportedly been hacked or compromised this month.

Most federal agencies ignore the GAO cybersecurity recommendations.

Bankdata, Bermuda, The FAA’s NOTAM, Instagram, Microsoft 365, Microsoft Outlook, Tor, Twitter, Verizon, YouTube, and Zelle suffered from significant outages.

Cloudflare managed to prevent an insane 71 million requests per second attack.

Last months updates broke the Windows Start menu, Windows 10 (if a 365 trial was active), and almost 300 MSI motherboard models.

A whopping 12% (minimum) of online stores expose private data or backups. A new strain of point-of-sale malware prevents contactless payments in order to ensure that the skimmer operates unhindered.

Now for the good news:

Impossible Foods are being hit with patent problems across the globe. Hopefully this will lead to a financial incentive to grow real foods again.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly
6 GB in updates today. Let’s get started.

Like it or not, Windows 10 and Windows 11 versions 22H2 are now being pushed out onto all supported devices, so expect it to be installed in the coming days.

Microsoft released updates to address 72 vulnerabilities in .NET and Visual Studio, .NET Framework, 3D Builder, Azure App Service, Azure Data Box Gateway, Azure DevOps, Azure Machine Learning, HoloLens, Internet Storage Name Service, Microsoft Defender for Endpoint, Microsoft Defender for IoT, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office OneNote, Microsoft Office Publisher, Microsoft Office SharePoint, Microsoft Office Word, Microsoft PostScript Printer Driver, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows Codecs Library, Power BI, SQL Server, Visual Studio, Windows Active Directory, Windows ALPC, Windows Common Log File System Driver, Windows Cryptographic Services, Windows Distributed File System (DFS), Windows Fax and Scan Service, Windows HTTP.sys, Windows Installer, Windows iSCSI, Windows Kerberos, Windows MSHTML Platform, Windows ODBC Driver, Windows Protected EAP (PEAP), Windows SChannel, Windows Win32K, and MSRT (~2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Big Sur 11.7.3, macOS Monterey 12.6.3, macOS Ventura 13.2.1, iOS 12.5.7, iOS 15.7.3, iOS 16.3.1, iPadOS 15.7.3, iPadOS 16.3.1, Safari 16.3.1, tvOS 16.3.2 and watchOS 9.3.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 12.5.7, 15.7.3, and 16.3.1 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 15.7.3 and 16.3.1 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 9.3.1 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 16.3.2 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 109.0.5414.125 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

elementary OS 7.0 is a new major version of elementary OS improving app management, controls, defaults, and many other bug fixes. This is not a security update.
https://elementary.io/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Ventura (13.x) means that macOS Catalina (10.15) and older are no longer supported. If you can not install at least macOS Big Sur (11) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.6.0 updates installer, adds option to update driver source to default, and improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DS4Windows 3.2.8 resolves over a dozen bugs. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Garmin Express 7.16.1 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.garmin.com/en-US/software/express/

JACK2 1.9.22 improves compatibility, removes example tools, updates dependencies, and resolves a couple bugs. This is a security update.
https://jackaudio.org/downloads/

NVcleanstall 1.15.1 resolves several bugs. This is not a security update.
https://www.techpowerup.com/download/techpowerup-nvcleanstall/

Drivers by Seagull 2023.1 adds support for over 200 new printer models from 20 vendors, RFID unique serial numbers (TID), and updates the license.
https://www.seagullscientific.com/support/downloads/drivers/

Wacom Driver 6.4.1-3 resolves several bugs. This is not a security update.
https://www.wacom.com/en-us/support/product-support/drivers

Xerox Smart Start 1.8.10.0 doesn’t provide a changelog so should be treated as a security update.
https://www.support.xerox.com/en-us/content/143617

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.48.158 is a security update.
https://brave.com/

Google Chrome 110.0.5481.100 is a security update.
https://www.google.com/chrome/

Microsoft Edge 110.0.1587.41 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 110.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/

SeaMonkey 2.53.15 is a security update.
https://www.seamonkey-project.org/

Vivaldi 5.6.2867.62 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

ProtonMail (Android) 3.0.11 improves stability. This is not a security update.
https://proton.me/mail/download

Spark 3.3.3.42970 improves stability. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.3.3.42968 improves stability. This is not a security update.
https://sparkmailapp.com/

Thunderbird 102.7.2 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.1.8 resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

AnyDesk (macOS) 7.0.1 resolves several bugs. This is a security update.
https://anydesk.com/en/downloads

BrowsingHistoryView 2.54 adds whitespace around the QR codes. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

Dropbox 167.4.4719 resolves several bugs and improves performance. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 176.0.0.12.101 is a security update.
https://www.messenger.com/download

FileZilla Client 3.63.1 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FileZilla Server 1.6.6 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 12.0 is a major update and adds several new security profiles, improves timeouts, and resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 71.0 resolves several bugs. This is not a security update.
https://drive.google.com/start

IPInfoOffline 1.61 resolves a crash bug. This is not a security update.
https://www.nirsoft.net/utils/ip_country_info_offline.html

Java 8u361 is a security update.
https://www.java.com/en/download/manual.jsp

Microsoft Teams 1.6.00.376 adds several new features. This is not a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 25.0.3 is a security update.
https://nextcloud.com/

Omada Software Controller 5.8.4 adds global view, mapping, and adds several other features. This is not a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Pocketnet-GUI 0.8.39 adds P2P audio and video calls, improved GUI confirmations, and resolves over a dozen bugs. This is not a security update.
https://pocketnet.app/

Signal 6.5.1 resolves a crash bug. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 6.10.9 improves display of activity. This is not a security update.
https://signal.org/android/apk/

Skype 8.93.0.404 improves translator, color schemes, and resolves several bugs. This is not a security update.
https://www.skype.com/

Syncthing 1.23.1 resolves an upgrade bug. This is not a security update.
https://syncthing.net/

Telegram 4.6.2 resolves several bugs. This is not a security update.
https://telegram.org/

Telegram (Android) 9.4.0 doesn’t provide a changelog so should be treated as a security update.
https://telegram.org/apps

WinSCP 5.21.7 updates Batch Rename extension and resolves a settings change bug. This is not a security update.
https://winscp.net/eng/index.php

Zoom 5.13.7.12602 resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

BasicSR 1.4.2 adds torch and resolves several bugs. This is not a security update.
https://github.com/XPixelGroup/BasicSR/releases/latest

Kodi 20.0 implements over 500 changes. This is a security update.
https://kodi.tv/

Plex Desktop 1.63.3.3523 resolves audio passthrough. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.33.2.3525 resolves audio passthrough. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.31.0.6654 improves season and episode detection, end credit marker detection, scanner, and resolves over a dozen bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Real-ESRGAN-ncnn-vulkan 0.2.0 is a security update.
https://github.com/xinntao/Real-ESRGAN-ncnn-vulkan/releases/latest

TuneIn 1.26.0 doesn’t provide a changelog so should be treated as a security update.
https://tunein.com/radio/home/

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2023.1.0.58 improves installation experience, performance and image editing. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.1.157 adds new objects, improves GDevelop banner behavior, asynchronous objects, updates libraries and extensions. This is not a security update.
https://gdevelop.io/download

Lego Studio 2.23.1.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

Playstation PS5 22.02-06.50.00 adds support for the DualSense Edge wireless controller and improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2023.02.10 resolves dozens of bugs. This should be treated as a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 22.003.20314 resolves several bugs. This is not a security update.
https://get.adobe.com/reader

Adobe After Effects 23.2 and 22.6.4 are security updates.
https://helpx.adobe.com/security/products/after_effects/apsb23-02.html

Adobe Connect 11.4.6 and 12.2 are security updates.
https://helpx.adobe.com/security/products/connect/apsb23-05.html

Adobe FrameMaker 2020.5 and 2022.1 are security updates.
https://helpx.adobe.com/security/products/framemaker/apsb23-06.html

Adobe Bridge 12.0.4 and 13.0.2 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb23-09.html

Adobe Photoshop 23.5.4 and 24.1.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb23-11.html

Adobe InDesign 18.2 and 17.4.1 are security updates.
https://helpx.adobe.com/security/products/indesign/apsb23-12.html

Adobe Premiere Rush 2.7 is a security update.
https://helpx.adobe.com/security/products/premiere_rush/apsb23-14.html

Adobe Animate 22.0.9 and 23.0.1 are security updates.
https://helpx.adobe.com/security/products/animate/apsb23-15.html

Adobe Substance 3D Stager 2.0.0 is a security update.
https://helpx.adobe.com/security/products/substance3d_stager/apsb23-16.html

Audacity 3.2.4 resolves a functional bug. This is not a security update.
https://www.audacityteam.org/download/

LibreOffice 7.4.5 resolves a stability bug. This is not a security update.
https://www.libreoffice.org/

LibreOffice Fresh 7.5.0 resolves over 250 bugs. This is a security update. Be aware that the Fresh line is beta software and should be avoided in favor of the Still line above.
https://www.libreoffice.org/

Nextcloud Desktop 3.7.3 resolves dozens of bugs. This is a security update.
https://nextcloud.com/

Notepad++ 8.4.9 resolves over a dozen bugs. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 5.0.1 is a major update to Paint.net, adds several features, and resolves several bugs. This is not a security update.
https://www.getpaint.net/

Calibre 6.12.0 adds read-aloud, updates libraries, and resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Kindle for PC 1.40.65415 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

Security Software Updates

One or more of these is likely to be of interest to most people.

Chainsaw 2.3.1 resolves a panic bug. This is not a security update.
https://github.com/countercept/chainsaw

DNSQuerySniffer 1.91 resolves stability bug. This is not a security update.
https://www.nirsoft.net/utils/dns_query_sniffer.html

HTTP Toolkit 1.12.3 doesn’t provide a changelog so should be treated as a security update.
https://httptoolkit.tech/

KeePass 2.53.1 resolves several bugs. This is not a security update.
https://keepass.info/

MalwareBytes Anti-Malware 4.5.22 resolves several bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

MalwareBytes Anti-Malware Mac 4.18.11 resolves a couple bugs and removes the built-in browser. This is a security update.
https://www.malwarebytes.com/mac/

OpenSSL 1.1.1t is a security update.
https://www.openssl.org/source/

OpenSSL 3.0.8 is a security update.
https://slproweb.com/products/Win32OpenSSL.html

ProtonVPN (macOS) 3.0.13 resolves several bugs. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.8.0 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Tails 5.9 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.47.0 resolves several bugs and improves performance. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

Camtasia 22.5.0 adds several new transitions, improved recorder, and several other tools. This is not a security update.
https://www.techsmith.com/video-editor.html

Open Broadcaster Software 29.0.2 resolves several bugs. This is not a security update.
https://obsproject.com/

ScreenToGif 2.37.2 adds translations. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 23.0.3 resolves a couple bugs. This is not a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.9.9 adds support for new encodings, improves compatibility and resolves a couple bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

HandBrake 1.6.1 resolves several bugs. This is not a security update.
https://handbrake.fr/

iMazing HEIC Converter 2.0.5 doesn’t provide a changelog so should be treated as a security update.
https://imazing.com/heic

MakeMKV 1.17.3 adds support for new encodings and improves reliability. This is not a security update.
https://www.makemkv.com/download/

StreamFab 6.1.0.7 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 1.0.1.2 resolves a couple bugs and adds support to merge. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.20 improves performance and resolves several bugs. This is a security update.
https://www.zotero.org/

Zotero (macOS) 6.0.21 resolves several bugs. This is a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.9.15 improves compatibility. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.9.14 adds support to import directly from LastPass. This is not a security update.
https://1password.com/downloads/windows/

8GadgetPack 36.0 updates outdated gadgets. This is not a security update.
https://8gadgetpack.net/

Agent Ransack 2022.3366 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

Beyond Compare 4.4.5.27371 improves performance and resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 2023.1.1 resolves several bugs. This is not a security update.
https://bitwarden.com/

CCleaner 6.09.10300 resolves several bugs. This is not a security update.
https://www.ccleaner.com/

CPU-Z Installer 2.04 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

CurrPorts 2.66 improves stability. This is not a security update.
https://www.nirsoft.net/utils/cports.html

Cygwin 3.4.6 improves compatibility and stability. This should be treated as a security update.
https://cygwin.com/

Dell Command Update 4.8.0 improves BIOS update, self-update, and toast behaviors. This is a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

DesktopOK 10.66 improves auto save icons feature. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Etcher 1.14.3 improves compatibility and resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Everything Toolbar 1.0.2 improves performance, reliability and cosmetics. This is a security update.
https://github.com/stnkl/EverythingToolbar/

Fido 1.43 adds BITS transfer support. This is not a security update.
https://github.com/pbatard/Fido/releases

FileLocator Pro 2022.3366 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Git SCM 2.39.1 is a security update.
https://git-scm.com/

Go 1.20.1 updates the toolchain and improves performance. This is a security update.
https://go.dev/

GoodSync 12.1.7 resolves several bugs and improves compatibility. This is not a security update.
https://www.goodsync.com/

grepWin 2.0.13 adds ability to copy column content, and resolves a couple bugs. This is not a security update.
https://github.com/stefankueng/grepWin/releases/latest

HWMonitor 1.49 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

Memtest86+ 6.10 adds support for Secure Boot signing, headless EFI, various command line options, new hardware and resolves several bugs. This should be treated as a security update.
https://www.memtest.org/

NetworkTrafficView 2.43 improves stability. This is not a security update.
https://www.nirsoft.net/utils/network_traffic_view.html

NTLite 2.3.9.9039 updates components and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSForensics 10.0.1007 improves case management, VM reporting, and resolves dozens of bugs. This is not a security update.
https://www.osforensics.com/download.html

AOMEI Partition Assistant 9.14.0 improves safety of move/resize, resolves several bugs, and improves reliability. This is not a security update.
https://www.diskpart.com/

PointerStick 6.22 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.67.1 improves stability. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

PSAppDeploy 3.9.2 resolves several bugs. This is a security update.
https://psappdeploytoolkit.com/

ScreenConnect 23.1.1.8423 improves compatibility, adds several cosmetic changes, and resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SearchMyFiles 3.23 resolves a couple bugs. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

Sysmon 14.14 resolves a timeout detected deleted files. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TeamViewer 15.38.3 resolves a file resume bug. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

Unified Remote Server 3.13.0.2501 doesn’t provide a changelog so should be treated as a security update.
https://www.unifiedremote.com/

Unity 2022.2.6 resolves several bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

Ventoy 1.0.88 resolves several bugs and improves compatibility. This is not a security update.
https://www.ventoy.net/en/index.html

WhyNotWin11 2.5.0.4 updates hardware compatibility lists. This is not a security update.
https://github.com/rcmaehl/WhyNotWin11

WinGet 1.4.10173 resolves over a hundred bugs and improves stability. This is a security update.
https://github.com/microsoft/winget-cli/releases/latest

WinRAR 6.20 resolves over 20 bugs. This is not a security update.
https://www.rarlab.com/

ZoomIt 6.12 resolves a cosmetic artifact bug when zooming. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/zoomit

Developer Updates

These are unlikely to be of interest to most people.

ADB 34.0.0 resolves several bugs. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Android Studio 2022.1.1.1 resolves several bugs. This is not a security update.
https://developer.android.com/studio

GitHub Desktop 3.1.6 updates libraries, resolves several bugs, and improves compatibility. This is a security update.
https://desktop.github.com/

GitHub includefragment 6.1.1 adds refetch API. This is not a security update.
https://github.github.io/include-fragment-element/

MySQL Server 8.0.32 resolves several bugs. This is not a security update.
https://dev.mysql.com/downloads/installer/

MySQL ConnectorNet 8.0.32 resolves several bugs. This is not a security update.
https://dev.mysql.com/downloads/connector/net/

Node.js 19.6.0 updates libraries and resolves several bugs. This is not a security update.
https://nodejs.org/en/

Node.js 18.14.0 updates libraries and resolves several bugs. This is not a security update.
https://nodejs.org/en/

Redemption 6.3.0.6164 resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/

Rustup 1.25.2 adds SHA-1 support again. This is not a security update.
https://www.rust-lang.org/

TortoiseGit 2.14.0 updates libraries and resolves several bugs. This is a security update.
https://tortoisegit.org/

Visual Studio Code 1.75.1 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 7.0.6 resolves several bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 9.4.11 is a security update.
https://drupal.org/download

Joomla 4.2.7 is a security update.
https://www.joomla.org/

ownCloud Client 3.1.0.9872 resolves several bugs. This is not a security update.
https://owncloud.com/desktop-app/

phpList 3.6.12 updates dependencies and resolves several bugs. This is not a security update.
https://www.phplist.org/

phpMyAdmin 5.2.1 is a security update.
https://www.phpmyadmin.net/

Piwigo 13.5.0 is a security update.
https://piwigo.org/

Antispam Bee 2.11.2 resolves several bugs and improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/antispam-bee/

Autoptimize 3.1.5 improves compatibility and resolves a couple bugs. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

Contact Form 7 5.7.3 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.2.1 improves compatibility and resolves several bugs. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

myStickymenu 2.6.2 improves flow. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/

Postie 1.9.65 removes uname support. This is not a security update.
https://wordpress.org/extend/plugins/postie/

Redirection 5.3.9 is a security update.
https://wordpress.org/extend/plugins/redirection/

W3 Total Cache 2.3.0 improves compatibility and resolves over a dozen bugs. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 7.3.0 resolves almost 100 bugs. This is a security update.
https://wordpress.org/extend/plugins/woocommerce/

WPtouch 4.3.48 is a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2022-08-09

Posted on August 9, 2022 by Shawn K. Hall

Welcome back, Folks!

Today is Patch Tuesday for August, 2022. This is a much lighter month, but there are still over a hundred large hacking victims, two hundred updates and a little over 3.5 GB in updates today.

This Month in Technology

7-Eleven, 70 Lenovo laptop models, Acts Retirement Services, Inc. and Affiliates, Aetna ACE, alio.lt, Allegheny Health Network, Atlassian Confluence Server, Audius, Avamere Health Services LLC, Avamere Holdings, Axie Infinity, Azure Site Recovery, Bandai Namco, Battlefy, Belgian Ministry of Defense, Bellingham Public Library, Benefit Plan Administrators, Inc., Benson Health, BHG Behavioral Health Group, BHG Holdings, LLC, Black Swan State Theatre Company, Blue Cross and Blue Shield of Alabama, Bronx Accountable Healthcare Network, Cavender Stores, Ltd Health Plan, Center for Primary Care, Centerstone, Central Maine Medical Center, Cisco Small Business VPN routers, City of Newport, Cleartrip, Colorado Springs Utilities, Conifer Value-Based Care, LLC, Creos Luxembourg S.A., Deakin University, deBridge Finance, governments and organizations in the defense industry, DHS Emergency Alert System, DrayTek routers, East Valley Ophthalmology, Elastix VoIP, Entrust, Eskimi, Famm, First Choice Community Health Care, Inc., Florida Springs Surgery Center, German Chambers of Industry and Commerce, Granbury Eye Clinic, Healthback Holdings, LLC, JukinMedia, Klaviyo, Knauf Group, L’Agenzia delle Entrate, La Poste Mobile, Lawson Products, Inc., Lopes, Magie Mabrey Hughes Eye Clinic, P.A., MBDA, Mecho Download, MiCODUS GPS trackers, Minuteman Senior Services, Mooresville Schools, Neopets, NetStandard, Newfoundland and Labrador English School District, Nomad, NuLife Med, LLC, OneTouchPoint, Orthopedic Specialists of North America, PLLC, Perth Festival, Pixlr, Policybazaar, PPCGeeks, Prefeitura Municipal de Itapermirim, Premere Infinity Rehab, LLC, Premint, PrestaShop, Professional Finance Company, QuestionPro, Radiation Oncology Centers of the Carolinas, hundreds of restaurants, Scott County, Iowa, Semikron, Slack, Slope, Solana, Southwest Behavioral & Health Services, Spanish National Research Council, Synergic Healthcare Solutions, LLC, T-Mobile, Taiwanese Government, TAVR Media, The Bronx Accountable Healthcare Network, Tuned Global, Twilio, Twitter, Uniswap Liquidity Pool, US DOJ, Virginia Commonwealth University Health System, WA ballet, WA opera, Washington University School of Medicine, Wooton Upper School, Zenith American Solutions, and Zimbra have reportedly been hacked or compromised this month.

Microsoft 365 (and again), Microsoft Access, Microsoft Exchange Online, Microsoft Outlook, Microsoft Teams (and 365 again), Google, Oracle, Twitter, and the UK NHS have had major outages this month.

Google is blocking the ACM. Microsoft broke USB printing. There’s yet another novel method to extract data from air-gapped systems. And Meta (Facebook) is in hot water again, this time for collecting private medical information from within patient portals.

Now for the good news:

A million disinformation bots have been disabled. This still leaves primarily the MSM to disinform us.

Windows 8.1 only has a few months of support left. Upgrade to Windows 10 now.

Play stupid games, win stupid prizes.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 3.5 GB in updates today. Let’s get started.

Microsoft released updates to address 65 vulnerabilities in .NET Core, Active Directory Domain Services, Azure Batch Node Agent, Azure Real Time Operating System, Azure Site Recovery, Azure Sphere, Microsoft ATA Port Driver, Microsoft Bluetooth Driver, Microsoft Edge, Microsoft Exchange Server, Microsoft Office, Microsoft Office Excel, Microsoft Office Outlook, Microsoft Windows Support Diagnostic Tool (MSDT), Remote Access Service Point-to-Point Tunneling Protocol, System Center Operations Manager, Visual Studio, Windows Bluetooth Service, Windows Canonical Display Driver, Windows Cloud Files Mini Filter Driver, Windows Defender Credential Guard, Windows Digital Media, Windows Error Reporting, Windows Fax Service, Windows Hello, Windows Hyper-V, Windows Internet Information Services, Windows Kerberos, Windows Kernel, Windows Local Security Authority (LSA), Windows Network File System, Windows Partition Management Driver, Windows Point-to-Point Tunneling Protocol, Windows Print Spooler Components, Windows Secure Boot, Windows Secure Socket Tunneling Protocol (SSTP), Windows Storage Spaces Direct, Windows Unified Write Filter, Windows WebBrowser Control, Windows Win32K, and MSRT (~ 3 GB). This includes security updates. A reboot is required.

Apple released updates for Safari 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, tvOS 15.6, and watchOS 8.7. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 15.6 is a security update. Use Settings, General, Software Update to install the most current update.

iPadOS 15.6 is a security update. Use Settings, General, Software Update to install the most current update.

tvOS 15.6 is a security update. Use System, Software Update to install the most current version.

watchOS 8.7 are security updatess. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 104.0.5112.83 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 22.7.1 adds support for newer hardware, resolves several bugs and improves performance. This is not a security update.
https://www.amd.com/en/support

BullZip PDF Printer 14.0.0.2938 adds support for TLS3, updates libraries, and resolves bugs. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Drivers by Seagull 2022.2 adds support for over 240 new printer models, resolves a compatibility bug, and adds support for RFID TID and creating custom printer commands. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/

Display Driver Uninstaller 18.0.5.4 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Logitech Options 9.70.68 resolves several bugs. This is not a security update.
https://support.logi.com/hc/en-us/articles/360025297893

Nvidia Driver 473.81 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.42.88 is a security update.
https://brave.com/

Google Chrome 104.0.5112.81 is a security update.
https://www.google.com/chrome/

Microsoft Edge 104.0.1293.47 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 103.0.2 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 91.12.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 5.3.2679.70 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 102.1.2 is a security update.
https://www.thunderbird.net/en-US/

Mailspring 1.10.4 resolves compatibility issues, adds 64-bit, Apple Silicon M1 and M2 support, and resolves several bugs. This is not a security update.
https://getmailspring.com/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.0.13 resolves a cosmetic bug. This is not a security update.
https://anydesk.com/en/downloads

Dropbox 154.4.5363 improves reliability and consistency, adds external device indication and resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 156.0.0.21.216 is a security update.
https://www.messenger.com/download

FileZilla Client 3.60.2 updates libraries to address stability bug. This is not a security update.
https://filezilla-project.org/

FileZilla Server 1.5.1 improves reliability and resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.23 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 61.0 resolves several bugs. This is not a security update.
https://drive.google.com/start

Java 8u341 is a security update.
https://www.java.com/en/download/manual.jsp

Nextcloud Server 24.0.3 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Omada Software Controller 5.4.6 adds support for new protocols, newer hardware, and resolves several bugs. This is not a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Qbox 4.0.5.20 doesn’t provide a changelog so should be treated as a security update.
https://www.coraltreetech.com/qbox

Rclone 1.59.1 resolves almost two dozen bugs. This is not a security update.
https://rclone.org/

Signal 5.53.0 resolves several bugs. This is not a security update.
https://signal.org/download/windows/

Skype 8.86.0.409 resolves several bugs. This is not a security update.
https://www.skype.com/

Syncthing 1.20.4 resolves a couple bugs and improves CLI support. This is not a security update.
https://syncthing.net/

WinSCP 5.21.2 is a security update.
https://winscp.net/eng/index.php

Zoom 5.11.4.7185 improves reliability and resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 3.0.3 resolves several bugs. This is not a security update.
https://en.3tene.com/

Plex Desktop 1.50.1.3185 resolves several bugs and improves controls. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.22.1.3169 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.28.0.5999 adds support for Apple Silicon, many improvements to music handling, and resolves a compatibility bug with Microsoft’s linker. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

Epic Games 14.1.4 resolves several bugs. This is not a security update.
https://www.epicgames.com/

GameMaker Studio 2022.6.1.26 resolves several bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker

Lego Studio 2.22.7.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

Steam 2022.07.27 resolves dozens of bugs and improves compatibility. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Commerce 2.3.7-p4, 2.4.3-p3, 2.4.4-p1, and 2.4.5 are security updates.
https://helpx.adobe.com/security/products/magento/apsb22-38.html

Adobe Acrobat and Reader 22.002.20191, 20.005.30381, and 17.012.30262 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb22-39.html

Adobe Illustrator 26.4 and 25.4.7 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb22-41.html

Adobe FrameMaker 15.0.8 and 16.0.4 are security updates.
https://helpx.adobe.com/security/products/framemaker/apsb22-42.html

Adobe Premiere Elements 20220702 is a security update.
https://helpx.adobe.com/security/products/premiere_elements/apsb22-43.html

Calibre 6.2.1 adds support for newer hardware, improves full text search, and resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Essential Forms 2022.07.20 is the summer data update. This is not a security update.
https://help.ceb.com/en/collections/2482118-essential-forms

Inkscape 1.2.1 resolves several bugs. This is not a security update.
https://inkscape.org/release/

Kindle for PC 1.38.65290 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

LibreOffice Fresh 7.3.5 resolves over 80 bugs. This is not a security update. The Fresh line is beta software. I recommend you use LibreOffice “Still” to get the most stable version.
https://www.libreoffice.org/

Nextcloud Desktop 3.5.4 adds proper silent installation support. This is not a security update.
https://nextcloud.com/

Notepad++ 8.4.4 resolves a find-in-files bug. This is not a security update.
https://notepad-plus-plus.org/

OpenOffice 4.1.13 is a security update. If you’re still using OpenOffice please consider switching to LibreOffice. OpenOffice has only had sporadic security updates for the last several years and there’s no sign of that changing.
https://www.openoffice.org/download/

PDF-XChange Editor 9.4.362.0 adds dozens of new features and resolves a lot of bugs. This is a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

Security Software Updates

One or more of these is likely to be of interest to most people.

FSS 2022.7.18 adds support for newer platforms. This is not a security update.
https://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62

HTTP Toolkit 1.10.0 doesn’t provide a changelog so should be treated as a security update.
https://httptoolkit.tech/

MalwareBytes Anti-Malware 4.5.12 resolves several bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

MalwareBytes Anti-Malware Mac 4.16.7 resolves several bugs. This is not a security update.
https://www.malwarebytes.com/mac/

ProtonVPN 2.0.5 improves stability. This is not a security update.
https://protonvpn.com/download

QubesOS 4.1.1 is a security update.
https://www.qubes-os.org/downloads/

Tails 5.3.1 is a security update.
https://tails.boum.org/install/dvd/index.en.html

YARA 4.2.3 is a security update.
https://github.com/VirusTotal/yara/

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 22.1.1 adds support for WebP, PiP, OBS, resizable arrowheads, and resolves several bugs. This is a security update.
https://download.techsmith.com/snagit/releases/snagit.msi

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.8.1 adds support for new encodings and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

MakeMKV 1.17.1 adds support for new encodings, improves stability, and resolve several bugs. This is not a security update.
https://www.makemkv.com/download/

PDF Creator 4.4.3 updates the associated PDF Architect installer and uses a new application signature. This is not a security update.
https://www.pdfforge.org/pdfcreator

StreamFab 5.0.4.7 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.10 resolves several bugs. This is not a security update.
https://www.zotero.org/

Zotero (macOS) 6.0.11 resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.8.0 improves import support, additional browser support, accessibility improvements, and resolves several bugs. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.8.0 improves import support, additional browser support, accessibility improvements, and resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/

7-Zip 22.01 improves UDF, HFS and APFS support. This is not a security update.
https://www.7-zip.org/

AOMEI Partition Assistant 9.9.0 resolves several bugs and adds PC Cleaner. This is not a security update.
https://www.diskpart.com/

AstroGrep 4.4.8 is a security update.
http://astrogrep.sourceforge.net/

Beyond Compare 4.4.3.26655 is a security update.
https://www.scootersoftware.com/download.php?zz=dl4

BgInfo 4.31 fixes a compatibility bug. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/bginfo

CCleaner 6.02.9938 adds support for cleaning new applications, improvements in existing application cleaning, and resolves several bugs. This is a security update.
https://www.ccleaner.com/

DesktopOK 10.01 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.77 resolves a data export bug. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

Everything CLI 1.1.0.24 improves stability. This is not a security update.
https://www.voidtools.com/

Git SCM 2.37.1 is a security update.
https://git-scm.com/

GoodSync 11.11.7 resolves several bugs. This should be treated as a security update.
https://www.goodsync.com/

Kingston SSD Manager 1.5.2.0 doesn’t provide a changelog so should be treated as a security update.
https://www.kingston.com/us/support/technical/ssdmanager

NTLite 2.3.7.8826 adds support for new builds, new components and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSForensics 10.0.1003 resolves several bugs. This is not a security update.
https://www.osforensics.com/download.html

osquery 5.4.0 resolves several bugs, improves compatibility and adds support for several new engines. This is a security update.
https://osquery.io/downloads

PowerToys 0.61.1 resolves dozens of bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Process Monitor 3.91 fixes a compatibility bug. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

Recuva 1.53.2083 updates license integration. This is not a security update.
https://www.ccleaner.com/recuva

Rufus 3.20 resolves several compatibility bugs. This is not a security update.
https://rufus.ie/en_US/

ScreenConnect 22.6.8722.8249 improves stability and resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SearchMyFiles 3.21 improves high-DPI support. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

Sigcheck 2.90 adds custom code integrity policy checks. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck

TeamViewer 15.32.3 adds remote terminal sessions to the Instant Connect bar, and resolves a couple bugs. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

Unity 2022.1.12 resolves dozens of bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

Windows 11 RCT 1.5.0 adds support for newer hardware and resolves a couple bugs. This is not a security update.
https://bytejams.com/

WinScan2PDF 8.01 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Zoomit 6.01 fixes a compatibility bug. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/zoomit

ZoomText 2022 2022.2207.14.400 resovles several bugs. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 2021.2.1.16 resolves a dozen bugs. This is a security update.
https://developer.android.com/studio

GitHub Desktop 3.0.5 updates libraries and resolves a warning. This is not a security update.
https://desktop.github.com/

Go 1.18.5 and Go 1.19 are security updates. Go 1.19 is a major update adding several new features and improvements, as well as updating libraries.
https://go.dev/

MySQL Server 8.0.30 is a security update.
https://dev.mysql.com/downloads/installer/

MySQL ConnectorNet 8.0.30 is a security update.
https://dev.mysql.com/downloads/connector/net/

Node.js 18.7.0 resolves dozens of bugs. This is a security update.
https://nodejs.org/en/

Rustup 1.25.1 resolves a build order bug. This should be treated as a security update.
https://www.rust-lang.org/

SQLite 3.39.2 is a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.70 adds support for custom folded sections, tree views and filters, terminal improvements and other fixes. This is is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.13.1 resolves several bugs. This is not a security update.
https://ppsspp.org/downloads.html

VirtualBox 6.1.36 resolves dozens of bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Dada Mail 11.18.2 resolves several bugs. This is not a security update.
https://dadamailproject.com/

Drupal 9.3.19 is a security update.
https://drupal.org/download

Drupal 9.4.5 is a library security update.
https://drupal.org/download

HumHub 1.12.0 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

OpenPetra 2022.07 resolves several bugs and improves security checking. This should be treated as a security update.
https://www.openpetra.org/

Akismet 5.0 improves spam detection. This is not a security update.
https://wordpress.org/extend/plugins/akismet/

Autoptimize 3.1.0 is a security update.
https://wordpress.org/extend/plugins/autoptimize/

Contact Form 7 5.6.1 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.4.7.1 is a security update.
https://wordpress.org/plugins/duplicator/#developers

NextScripts Social Networks Auto-Poster 4.3.30 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/social-networks-auto-poster-facebook-twitter-g/

Redirection 5.3.2 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/redirection/

Show IDs 1.1.9 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/wpsite-show-ids/

Social Post Feed 4.1.5 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

Sucuri Security 1.8.33 improves cache cleaning. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

W3 Total Cache 2.2.4 resolves several bugs and improves compatibility. This is a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 6.7.0 resolves dozens of bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Mail SMTP 3.5.1 resolves a bug. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/

WPtouch 4.3.42 resolves a menu bug. This is not a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2021-09-14

Posted on September 13, 2021 by Shawn K. Hall

Welcome back, Folks!

This is for Patch Tuesday for September, 2021.

I’m running late with the newsletter this month. I needed to focus on our clients since there was simply so much to do. In the typical month we usually see 85-90 updated applications (some several times). This month there have been over 160. An increase in application release frequency is typical when other major software releases are impending, and the next month will bring Windows 11, iOS 15, a new build of Windows 10, a new version of Microsoft Office, iPhone 13, and Windows Server 2022.

This Month in Technology

Accenture, Apple devices, and Apple iCloud, AT&T (more than once), various airline and IAB staff, Bangkok Airways, Banksy, Beaumont Health, Blackbaud (more information about a previous hack), Boston Public Library, Brooklyn Technical High School, Campbell Conroy & O’Neil, P.C., Chase Bank, thousands of Coinbase accounts, Comcast/Xfinity remotes, 29% increase in attacks targeting the education sector, Cream Finance, Dallas Police Department, Dallas School District, Desert Wells Family Medicine, DuPage Medical Group, Epik, EskyFun, Ford, ForHousing and Liberty, over 80,000 Fortinet FortiGate VPN devices, Fortinet FortiWeb, Fortress Home Security, the French Visa Program, Guntrader (including data of over 100,000 UK gunowners), Howard University, HP Omen Hub, Indiana Department of Health (Contact Tracing System), Imavex, Evin (Iranian Prison), Jenkins, John Deere, JP Morgan Chase, over 1,200 K-12 schools, Kaseya Unitrends, Lithuanian Ministry of Foreign Affairs, Marketron, 60,000 domains with MarkMonitor, McDonald’s, Memorial Health System, Microsoft Power Apps (38 million records!), MikroTik routers, MyRepublic, NEW Cooperative, a NY Credit Union, Olympus, Parallels Desktop, Peterborough, New Hampshire, Razer mouse driver (and pretty much all other drivers), Republican Governors Association, Revere Health, SAC Wireless, Sonic, various NAS drives, PayPal is sharing user data and transactions with the ADL, pNetwork, RazorPay, various routers from over a dozen vendors, various Russian phones, South Africa’s Department of Justice, Spotify data leak, Syracuse University, T-Mobile, Texas GOP, Tokio Marine, the United Nations, UPS, the US Census, the US State Department, hundreds of US financial systems, almost half of all US hospitals, dozens of US government websites, the US Terrorist Screening Center, Valve, Walgreens, the WordPress Gutenberg Template Library Plugin, and Zoho ManageEngine have been hacked this month.

I separated the Microsoft-specific hacks this month mostly to shame them. The month they claim that “the cloud” is more secure they should absolutely have their noses rubbed in it. Microsoft suffered from yet another nasty, epic, world-wide Exchange attack, but defended their own hosted product by claiming “Microsoft’s Office 365 wasn’t swept up in the breach because it runs in the cloud, which offers more protection,” even though only hours later a critical vulnerability in Microsoft’s Azure Cosmos DB service was confirmed — one of the largest cloud hacks of all time, affecting thousands of service providers. The vulnerability existed for months, so there’s simply no way to know if your accounts were compromised or if permanent access to any victim’s Microsoft Azure services occurred months prior, and Microsoft patched it only two weeks before making the claim above that “the cloud…offers more protection.” As if hammering the point home, yet another series of vulnerabilities in Microsoft’s Azure cloud services were discovered this week which expose millions more endpoints, with thousands already infected. Microsoft’s 365 Cloud PC, IIS, Microsoft Teams event data, WSL, and MSHTML used by Microsoft Office have all been hacked this month. Microsoft’s PrintNightmare still isn’t over. In fact, the “fix” breaks printing and printer installation on at least 5% of computers. To top it all off, with all of these incidents they are removing features and they still feel their software is worth a 20% price increase based on the improved security and reliability of their products. Sigh.

The Ragnarok ransomware gang has released a master decryption key. So has REvil (accidentally).

The US Senate is working to make encryption meaningless. Facebook is, too. And Facebook just got slapped by the German Supreme Court for violating free speech rights in Germany. Hypocrisy is their codeword. Facebook actually hid their transparency report. That kinda says it all, doesn’t it? If not, then Apple “considering” removing Facebook for their ties to human trafficking should at least raise an eyebrow. Really, the question should be, why didn’t they? Google geofence warrants are up 1,167%.

Anyone can post a job for any company on LinkedIn. A new fake Captcha tricks the user into keeping malware. ProtonMail, once a beacon of hope for privacy advocates, has shared IP addresses and device information of a user in violation of their own privacy assertions.

Dogfooding is usually a good thing. Not always.

On hardware – GPU-level malware is a thing. Hacking strict hardware security through a silly design flaw. ASUS has made a few serious mistakes with their $2,000 GeForce RTX graphics cards. If you ever wondered why you shouldn’t borrow someone’s charging cable or wall wart, wonder no more. Samsung has acknowledged that they can disable any Samsung TV using a “feature” (read: backdoor) installed on all their televisions. Do you think they limited this “feature” to their TVs?

Apple is still pushing their Jedi Mind Tricks. They want you to use your phone as your ID, but a recent iOS update even broke the “phone” part of iPhones. Why would anyone trust their identity to their phones?

The Epic v Apple case finally has a ruling. One of the two most significant issues, that Apple forbade any payments not through the App Store, was (rightly) ruled illegal. All other counts were dismissed. It’s being appealed, of course. This could cost Apple a huge chunk of a $20+ billion pie. There are some great reads from discovery. South Korea has passed a new law with similar implications. Epic v Google is really shaping up.

Be careful how you treat your employees – they might turn out to be the “evil insider” for a ransomware gang.

If you’re a government employee and the scope of your abuse was just to use your boss’s computer then you’re really thinking small potatoes.

Oh, and don’t photograph the moon. You might get sued by UMG.

All technology carries risk, but Wi-Fi is probably the most significant risk to your privacy.

Microsoft broke OneDrive for Business, has some major issues with Outlook 365 right now, and VoIP.ms has been extorted by a DDoS attack.

Apple has dropped it’s lawsuit against Corellium over virtual iPhones, lost their Optis trial, and settled with small developers who publish on the App Store, but it still in bed with Big Brother. The US is pushing a bill right now to prevent App Stores from being the sole source of apps and content for their platforms and the EU is pushing for a minimum of seven years of hardware support.

There is no Section 230 in Australia…and it shows. Until social media companies are slapped by the Supreme Court, they will continue to get away with acting on behalf of government while claiming to be independent.

Since nobody is working “full time” anyway, they’re planning to force employers to cut their hours even more.

A federal court has ruled that the HHS can not force doctors to perform transgender surgeries or abortions. If you were concerned about the damage someone might do to your wedding cake, why would you want them holding a scalpel between your legs?

When the MSM has to resort to blatant lies to support their position and the people eat it up you have to acknowledge that they’re the enemy of honesty. The only real pandemic is a curious series of deaths only affecting those leaders opposed to mandates and ignoring the blatantly obvious data. This isn’t the first time. Sadly, absolute fraud passes for science today. There really are proven treatments available.

The science behind face masks demonstrates that this has never been an honest conversation. Instead, politicized (and ineffective) tests and treatments are more lethal
than the disease. Those required to do so are failing or simply refusing to report injuries (does this mean they lose protection under NVICP?) and the events that are reported still resemble a certain climate change “hockey stick.” They’re maliciously and negligently ignoring the data, actual health and safety concerns, committing fraud, and cherry-picking sources so they can make tiktok videos. They’re intentionally falsifying data to coerce and terrorize the public. George Orwell would be proud. The spews media, and by extension, their loyal vidiots, aren’t interested in the truth. They mindlessly support “Jab Crow,” racism, rape, tyranny, dehumanizing people, and sweep the scandals under the rug with their massive propaganda machine.

If they were honest and their goals were actually in line with reality, then isolation and replication would be required *before* the creation of a cure, but they’re still pushing tests that can’t distinguish Coronavirus from Influenza. The “vaccines” intentionally, permanently alter your DNA. Claims of effectiveness have repeatedly been disproven, as have their false claims of FDA license “approval.” So they push illegal mandates that aren’t intended to protect your health, even going so far as to ban students from online classes. Politicians ignoring mathematics isn’t really anything new. Especially when there’s an “important” agenda. It’s time for a human rights commission for war crimes over this bio weapon. After all, more servicemembers have died from the vaccines than the disease.

The anti-privacy passports are not designed to prove you’re immune. They’re not designed to prove you’re not a carrier.

Whether there’s sufficient evidence to determine the cause of any deaths over the last 18 months, one thing is sure: Science no longer has any validity.

At least some regions are waking up to the insanity of a group of super-governmental multi-national corporations with total immunity from any and all liability. Or else. It’s time to opt out.

The FBI admits no one (else!) orchestrated the Jan 6 protest. Nevertheless, it was, according to “experts,” the darkest day in American history. (And they don’t mean the subsequent human rights violations.) Odd that the same agenda is unfolding through Big Pharma.

A real President doesn’t abandon their people, or commit war crimes when they’re embarrassed, the Speaker shouldn’t be silencing the names of those who died on their watch, and the FCC, the FDA, OSHA, and other government agencies should actually study what they approve. Companies that only answer to consumers do.

Only after the last year of humans treating other humans as trash, and validating it by dumbing down the rest, could a flight attendant say, matter-of-factly, that “we don’t follow federal law” and expect her victim to just roll over and comply.

It makes perfect sense, then, that the Constitution and Declaration of Independence would be labeled “harmful content” by the National Archives. Not to be outdone, the UK – once the standard to measure an open press – will now punish reporters who “embarrass” the government with up to 14 years in prison.

Now for the good news:

Inexpensive batteries are on the horizon and Starlink satellites are being fitted with lasers.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 3.5 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, Internet Explorer, and MSRT (~2.5 GB). This includes security updates. A reboot is required.

Apple released updates for iOS 15 and 14.8, iPadOS 15 and 14.8, tvOS 15, macOS Big Sur 11.6, watchOS 8 and 7.6.2, Safari 15, Safari 14.1.2, Xcode 13, iTunes 12.12 for Windows and Security Update 2021-005 Catalina. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 15 and 14.8 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 15 and 14.8 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 8 and 7.6.2 are security updates. Use the Watch app on your iPhone to install the most current version.

tvOS 15 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 93.0.4577.63 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

The release of macOS Big Sur (11.x) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H1) is very large, for the first time it’s actually smaller than the previous release, but it will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Driver Updates

If you’re using this hardware – these updates are for you.

Citizen Driver 2021.1 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.seagullscientific.com/support/downloads/drivers/citizen/download/

Display Driver Uninstaller 18.0.4.3 improves removal. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

HP Laserjet Stub 13.3.3 doesn’t provide a changelog so should be treated as a security update.
https://123.hp.com/us/en/devices/LASERJET

Nvidia 472.12 adds support for Windows 11, CUDA 11.4, and resolves several bugs. This is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.29.81 adds more advertising, improves IPFS support, resolves several crashes and other bugs. This is not a security update.
https://brave.com/

Google Chrome 94.0.4606.54 is a security update.
https://www.google.com/chrome/

Microsoft Edge 93.0.961.52 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 92.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.14.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 4.2.2406.48 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.9.2 resolves several bugs. This is not a security update.
https://getmailspring.com/

Thunderbird 91.1.1 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Skype 8.75.0.140 resolves several bugs. This is not a security update.
https://www.skype.com/

Telegram 3.1.0 resolves several bugs. This is not a security update.
https://telegram.org/

Trillian 6.5.0.17 updates libraries and resolves upload bug. This is not a security update.
https://www.trillian.im/

AnyDesk 6.3.3 improves connection reliability. This is not a security update.
https://anydesk.com/en/downloads

AnyDesk (macOS) 6.3.2 adds a URL handler and adds a warning for permissions. This is not a security update.
https://anydesk.com/en/downloads

aria2 1.36.0 updates libraries and resolves several bugs. This is not a security update.
https://aria2.github.io/

BrowsingHistoryView 2.50 improves menu sorting behavior. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 7.79.0 is a security update.
https://curl.haxx.se/windows/

DNSDataView 1.61 resolves an international compatibility bug. This is not a security update.
https://www.nirsoft.net/utils/dns_records_viewer.html

Dropbox 130.4.4978 doesn’t provide a changelog, so should be treated as a security update.
https://www.dropbox.com/

FileZilla Server 1.0.1 (wow! I honestly thought they’d never release a major version) adds ACME Let’s Encrypt support, logging improvements, library updates and resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.14 adds OpenSSL 3.0 support, resolves several bugs, adds ability to manage filter settings, and improves cross-platform compatibility. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 51.0 improves reliability and stability. This is not a security update.
https://drive.google.com/start

Npcap 1.55 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Omada Software Controller 4.4.4 resolves several bugs. This is not a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Rclone 1.56.1 improves reliability and resolves several bugs. This is not a security update.
https://rclone.org/

Technitium DNS Server 6.4.1 resolves several bugs. This is not a security update.
https://technitium.com/dns/

Zoom 5.7.8.1247 resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

darktable 3.6.1 improves hardware support and resolves over a dozen bugs. This is not a security update.
https://www.darktable.org/install/

Flickr Downloadr 3.4.3.1 updates libraries. This is not a security update.
https://flickrdownloadr.com/downloads/

iTunes 12.12.0.6 is a security update. Use Apple Software Update to install the most current version.
https://www.apple.com/itunes/download/

MediaMonkey 5.0.3 resolves a duplication bug. This is not a security update.
https://www.mediamonkey.com/windows#download

Plex Home Theater 1.5.1.2629 updates libraries, improves hardware support, and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.24.3.5033 adds support for new hardware, updates libraries, resolves stability and reliability bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

Steam 2021.09.20 resolves dozens of bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Nintendo Switch 13.0.0 adds Bluetooth Audio, the ability to install Dock updates, and preserve the Internet connection in sleep mode. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

PlayStation PS5 21.02-04.00.00 adds M.2 SSD expansion support, 3D audio, and resolves several bugs. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Audacity 3.0.4 resolves a stability bug. This is not a security update.
https://www.audacityteam.org/download/

Blender 2.93.4 resolves dozens of bugs. This is not a security update.
https://www.blender.org/download/

Gimp 2.10.28 is a major update ported to GEGL, adds multithreading, GPU-side processing, hi-DPI support, and improved user interface, selection tools and more. This is not a security update.
https://www.gimp.org/

IcoFX 3.6.1 resolves a startup bug. This is not a security update.
https://icofx.ro/

Krita 4.4.8 resolves several bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.2.1 resolves over 400 bugs. This is a security update. The “Fresh” line is beta software, and should be avoided in favor of the “Still” version for most users.
https://www.libreoffice.org/

LibreOffice Still 7.1.6 resolves 44 bugs. This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.3.4 resolves several bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.1.4 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Adobe XMP Toolkit SDK 2021.08 is a security update.
https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html

Adobe Photoshop 21.2.12 and 22.5.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb21-84.html

Adobe Experience Manager 6.5.10.0 is a security update.
https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html

Adobe Genuine Service 7.4 is a security update.
https://helpx.adobe.com/security/products/integrity_service/apsb21-81.html

Adobe Digital Editions 4.5.11.187658 is a security update.
https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html

Adobe Premiere Elements 20210809.daily.2242976 is a security update.
https://helpx.adobe.com/security/products/premiere_elements/apsb21-78.html

Adobe Photoshop Elements 20210811.m.158081 is a security update.
https://helpx.adobe.com/security/products/photoshop_elements/apsb21-77.html

AdobeCreative Cloud Desktop Application 5.5 is a security update.
https://helpx.adobe.com/security/products/creative-cloud/apsb21-76.html

Adobe ColdFusion 2018.12 and 2021.2 are security updates.
https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html

Adobe Framemaker 2019.8 and 2020.3 are security updates.
https://helpx.adobe.com/security/products/framemaker/apsb21-74.html

Adobe InDesign 16.4 is a security update.
https://helpx.adobe.com/security/products/indesign/apsb21-73.html

Adobe SVG-Native-Viewer 20210914 is a security update.
https://helpx.adobe.com/security/products/svg-native-viewer/apsb21-72.html

Adobe InCopy 16.4 is a security update.
https://helpx.adobe.com/security/products/incopy/apsb21-71.html

Adobe Premiere Pro 15.4.1 is a security update.
https://helpx.adobe.com/security/products/premiere_pro/apsb21-67.html

Adobe Acrobat and Reader 2021.007.20091, 2020.004.30015, and 2017.011.30202 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb21-55.html

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.22 resolves several stability bugs with Tor. This is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

BelArc Advisor 11.1 adds support for new software and operating systems. This is not a security update.
https://www.belarc.com/products_belarc_advisor

Hashcat 6.2.4 improves performance, adds hash modes, and resolves several bugs. This is not a security update.
http://hashcat.net/hashcat/#downloadlatest

KeePass 2.49 improves accessibility, reliability, and resolves several bugs. This is not a security update.
https://keepass.info/

OnionShare 2.3.3 adds dark mode, updates libraries, and resolves several bugs. This is not a security update.
https://onionshare.org/

OpenSSL 1.1.1l and 3.0.0 are security updates.
https://curl.se/windows/
https://slproweb.com/products/Win32OpenSSL.html

RogueKiller 15.1.0 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.38.0 adds Node.js support and resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

WebBrowserPassView 2.11 adds a new export/import option, Firefox CSV. This is not a security update.
https://www.nirsoft.net/utils/web_browser_password.html

Capture Updates

These are unlikely to be of interest to most people.

Elgato Game Capture HD 3.70.55 adds Facecam support and resolves several bugs. This is not a security update.
https://www.elgato.com/en/game-capture-software

SnagIt 2021.4.4 resolves several bugs. This is a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

HandBrake 1.4.1 resolves several bugs. This is not a security update.
https://handbrake.fr/

PDF Creator 4.4 resolves several bugs, adds CS Script action, page numbers, and a couple more actions. This is not a security update.
https://www.pdfforge.org/pdfcreator

Education updates

One or more of these are likely to be of interest to most people.

Zotero 5.0.96.3 resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.8.7 resolves dozens of bugs and compatibility issues. This is not a security update.
https://1password.com/downloads/mac/

Autoruns 14.01 resolves a bug with VirusTotal and adds a dark theme. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Beyond Compare 4.4.0.25886 adds support for TLS 1.3, improves SFTP and resolves several bugs. This should be treated as a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 1.28.2 resolves several bugs. This is not a security update.
https://bitwarden.com/

CPU-Z Installer 1.97 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 9.21 improves support for Windows 11 and resolves bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 2.9.378.0 adds several new features and resolves several bugs. This is a security update.
https://dngrep.github.io/

Drive Snapshot 1.49 adds support for new operating systems and improves encryption. This should be treated as a security update.
http://www.drivesnapshot.de/en/

Etcher 1.5.122 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Everything Toolbar 0.7.2 resolves a display bug. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

Fido 1.24 adds UEFI Shell downloads and command line support. This is not a security update.
https://github.com/pbatard/Fido/releases

GoodSync 11.8.2 resolves several bugs. This is not a security update.
https://www.goodsync.com/

LessMSI 1.8.2 resolves a CAB parsing bug. This is not a security update.
https://lessmsi.activescott.com/

NTLite 2.3.0.8330 adds support for Windows 11 and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

osquery 5.0.1 adds several new tables and queries, updates libraries and resolves several bugs. This is not a security update.
https://osquery.io/downloads

PowerToys 0.45.0 improves stability and resolves dozens of bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Process Monitor 3.84 adds dark theme. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

Process Explorer 16.43 resolves a memory leak and other bugs. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

Synergy 1.14.1 resolves several bugs, improves reliability and adds new operating system support. This is not a security update.
https://symless.com/synergy/

Sysmon 13.24 improves stability and event handling. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TCPView 4.14 adds dark theme. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview

TeamViewer 15.21.8 resolves a license warning bug. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

WhyNotWin11 2.4.1 improves compatibility detection. This is not a security update.
https://github.com/rcmaehl/WhyNotWin11

WifiChannelMonitor 1.70 adds 802.11ac monitoring mode. This is not a security update.
https://www.nirsoft.net/utils/wifi_channel_monitor.html

WifiInfoView 2.71 improves internationalization. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

Windows 11 RCT 1.1.0 improves compatibility detection. This is not a security update.
https://bytejams.com/

WinScan2PDF 7.31 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 4.03 is a massive update. This version adds zoom, improved search controls and organization, Explorer interaction and improved cosmetic controls. This is not a security update.
https://wiztreefree.com/

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.33.10 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

Godot 3.3.3 resolves dozens of bugs. This is not a security update.
https://godotengine.org/

Node.js v12 12.22.6 is a security update.
https://nodejs.org/en/

Node.js v14 14.17.6 is a security update.
https://nodejs.org/en/

Node.js v16 16.9.1 updates libraries, resolves several bugs, and improves error handling. This is a security update.
https://nodejs.org/en/

Unreal Engine 4.27 resolves several bugs. This is not a security update.
https://unrealengine.com/en-US/

Visual Studio Code 1.60 adds debug watch values, improves cosmetics, and resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

OpenCart 3.0.3.8 resolves an RTL bug. This is not a security update.
https://www.opencart.com/

Coppermine Gallery 1.6.13 is a security update.
https://coppermine-gallery.net/

Dada Mail 11.15.1 updates libraries and resolves several bugs. This is a security update.
https://dadamailproject.com/

Docker Desktop 4.0.1 introduces the new licensing scheme, updates libraries, and resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.1.13 is a security update (the second in a week).
https://drupal.org/download

Drupal 9.2.5 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

MailArchiva 8.2.4 resolves several bugs. This is not a security update.
https://mailarchiva.com/

MailEnable 10.36 resolves several bugs, including a certificate assignment bug. This is not a security update.
https://www.mailenable.com/

Nextcloud Server 22.1.1 updates libraries and resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

ownCloud Client 2.9.0.5150 resolves several bugs and improves stability. This is not a security update.
https://owncloud.com/desktop-app/

ScreenConnect 21.12.4575.7914 adds several controls for compatibility and reporting, improves stability, and resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

YOURLS 1.8.2 resolves several bugs. This is a security update.
https://yourls.org/

WordPress 5.8.1 is a security update.
https://wordpress.org/

Akismet 4.1.12 resolves a couple bugs. This is not a security update.

Autoptimize 2.9.2 improves compatibility and resolves several bugs. This is not a security update.

BuddyPress 9.1.1 is a security update.

Duplicator 1.4.3 resolves several bugs. This is not a security update.

Postie 1.9.57 improves attachment handling. This is not a security update.

Show IDs 1.1.8 adds support for the latest WordPress. This is not a security update.

Slider Revolution 6.5.8 resolves several bugs. This is not a security update.
https://revolution.themepunch.com/

Social Post Feed 4.0 is a major update adding several new features. This is not a security update.

Sucuri Security 1.8.28 removes a warning. This is not a security update.

Visual Composer 38.1 resolves a couple bugs. This is not a security update.
https://visualcomposer.com/

W3 Total Cache 2.1.8 resolves several bugs. This is not a security update.

WooCommerce 5.7.0 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2021-07-13

Posted on July 13, 2021 by Shawn K. Hall

Welcome back, Folks!

Today is Patch Tuesday for July, 2021. Bad patches, bad faith, insufferable heat, and a horrific series of holiday events for security professionals has left me in a foul mood. I’ll try to keep my temper.

This Month in Technology

Apex Legends, ATMs and PoS platforms, Boeing, Cisco Smart Switches, tens of millions of Dell devices, EA (including the source code for dozens of games), Indexsinas, iOS activation lock, the IRS, Kaseya – impacting hundreds of companies and over a million devices, and then, another Linux kernel bug, Luma, NSW Dept of Education, Pling, SolarWinds (again), Southwest Airlines, Swedish Coop supermarkets, VMWare vCenter, Western Digital’s My Book Live devices, and Windows Print Spooler (printnightmare) have been hacked.

Malware was released posing as a Kaseya security update to address their 4th of July horror show, Microsoft signed and published the malware-laden Netfilter rootkit, the Accelion breach keeps getting worse, there’s another strain of ransomware targeting Microsoft Exchange, and 8.4 billion passwords were dumped in a new leak. There has been a 10x increase in businesses targeted by adult phishing messages.

Apple prioritized its own app before competitors in their “fair” app search engine, simply naming a wireless network a certain way can disable iPhone Wi-Fi on devices that connect to it. If it’s an open network, they’ll try to connect to it automatically. Safari broke indexedDB which broke access to almost every web app. Apple uses slave labor while refusing to hire minorities, Siri is still violating your privacy, and if your iPhone is the “key” to your bank or other sensitive information, get a better lock. At least the Woz supports the right-to-repair.

You’re not in charge of your SMART devices. Dell admits to intentionally disabling their hardware. An Australian phone carrier is injecting advertisements into texts. What this says about your use of two-factor authentication (2FA) is that at the very least, your carrier can always access them (and so can any 3-letter agencies). Google has even acknowledged the significance of this risk and is advising developers to stop using texts for 2FA.

Microsoft’s Linux repos, Microsoft Store, and Fastly had major outages. The Fastly CDN outage was caused by “one customer changing a setting.”

Microsoft announced the upcoming release of Windows 11, which has only a handful of significant changes (including an uglier user interface and a requirement for home users to use a Microsoft account). This article is a great summary of why forcing a Microsoft account on their users is a bad idea.

If having the Facebook app itself installed weren’t risky enough…they can analyze the photo of a single word to recreate your handwriting, and identify the source of deepfakes, but they can’t bother to follow their own “important rules.” Facebook can be held liable for their facilitation of sex trafficking.

Secretaries of State continue to promote the false “secure election” claims when they, themselves, hold evidence to the contrary. There is now sufficient evidence to demonstrate that election fraud was the norm in 2020. Dominion blames “human error,” and why wouldn’t they? Liberty dies in darkness.

Epic Games is winning appeal in Australia. Robinhood violated the law by getting in bed with Wall Street, and the SEC is targeting independent investors. SpaceX is being investigated for their Starlink expansion (the heat is on). A federal judge has overturned California firearm ban even while California launches a vaccine passport. The Linux Foundation has jumped the shark, by joining the fracas.

The CDC keeps fudging the VAERS numbers so is it any wonder there are bills to ban a federal vaccination database? Why wouldn’t they when there are over 50,000 dead Americans thanks to the CV19 “vaccines,” and the vast majority of “COVID deaths” are to the vaccinated minority? More than half of all (government-funded) COVID “relief” was either stolen or fraudulent. Airlines are banning those who have received the vaccines and Pakistan is banning those who have not from having cell phones. Fauci keeps lying his way around the media, but that’s common when government meets health care. Profit-driven labs, agenda-driven judges, fake peer review, and “science” (not to be confused with actual science) have produced defective (unless their intent is to kill) and ineffective vaccines, deadly mask mandates, and insane stay-at-home orders, that have caused irreparable damage. Just say no. “Voluntary” does not mean “without consent.”

Biden (falsely, in case you weren’t aware) believes “a number of officers” lost their lives during the January 6th “riot“, but is allowing actual murderers go free, even though the capitol staff allowed protesters to enter the magnetically locked doors. This is why Speaker Pelosi refused National Guard assistance. If they were there, their cronies couldn’t have staged this “mostly peaceful” false flag.

The US federal government is researching ways to implement their own version of a social credit system. NCLB=>CRT, and now they’re treating humor as racism. Thanks to interventionalism, gas is going to get much more expensive.

All terrorism is sponsored by the FBI, or concealed by them. That’s not an exaggeration. Anyone that’s turned on a TV knows that there are a lot of pedophiles in government. How many do you think are in the FBI?

Threatening to nuke your citizenry approaches the worst thing any President has ever done. When is revolution justified?

Now for the good news:

This heat wave is finally subsiding.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is very large. The typical computer should see roughly 2.5 GB in updates today. Let’s get started.

Before I begin I should point out that Microsoft released an out-of-band (OOB) security update last week. For the vast majority of users, the “fix” caused more damage than the risk of compromise. Printers, card readers, even disk drives, suffered problems after installing the update, and in some cases Windows was broken as a result. Instead of tying it to the previously (and well-tested) June patch cycle update, they released the OOB update based on the beta version of the July update. I spent most of this week dealing with the fallout from this very poorly tested patch. Grrr.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, Internet Explorer, and MSRT (~1.2 GB). This includes security updates. A reboot is required.

Apple released updates for iOS 12.5.4 and iMovie 10.2.4. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 12.5.4 is a security update. Use Settings, General, Software Update to install the most current update.

Google Chrome OS 91.0.4472.147 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.4.2 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Logitech Options 8.54.161 resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options

Nvidia 471.11 resolves several bugs. This is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.26.74 is a security update.
https://brave.com/

Google Chrome 91.0.4472.124 is a security update.
https://www.google.com/chrome/

Microsoft Edge 91.0.864.67 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 90.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.12.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Iridium 2021.06.91 is a security update.
https://iridiumbrowser.de/

SeaMonkey 2.53.8 is a security update.
https://www.seamonkey-project.org/

Vivaldi 4.0.2312.38 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

NK2Edit 3.42 improves high-DPI support. This is not a security update.
https://www.nirsoft.net/utils/outlook_nk2_edit.html

Thunderbird 78.12.0 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Telegram 2.8.4 improves stability. This is not a security update.
https://telegram.org/

AnyDesk 6.3.2 resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

Dropbox 125.4.3474 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.55.0 improves SFTP and ALPN support, and resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.11 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 1.50 resolves several bugs and improves compatibility. This is not a security update.
https://nmap.org/npcap/

Omada Software Controller 4.4.3 resolves dozens of bugs and improves reliability. This should be treated as a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

WinSCP 5.19.1 resolves several bugs. This is not a security update.
https://winscp.net/eng/index.php

Zoom 5.7.1.543 resolves several bugs. This is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.16 adds snow, rain and fire effects, resolves several bugs. This is not a security update.
https://en.3tene.com/

darktable 3.6.0 adds several new features, resolves dozens of bugs and updates hardware support. This is not a security update.
https://www.darktable.org/install/

Flickr Downloadr 3.4.0.1 resolves several bugs and removes defunct platforms. This is not a security update.
https://flickrdownloadr.com/downloads/

Plex Media Server 1.23.4.4805 improves AAC encoding quality, hardware compatibility, play queueing specials and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

VLC Media Player 3.0.16 is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

PlayStation PS5 21.01-03.21.00 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2021.07.13 resolves dozens of bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

Krita 4.4.5 resolves dozens of bugs. This should be treated as a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.1.4 resolves 80 bugs. This is a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.2.4 resolves several bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.1.1 adds/improves dark mode, resolves performance and stability bugs. This is not a security update.
https://notepad-plus-plus.org/

Adobe Dimension 3.4.3 is a security update.
https://www.adobe.com/products/dimension.html

Adobe Illustrator 25.3 is a security update.
https://www.adobe.com/creativecloud/catalog/desktop.html

Adobe Framemaker 2019.8 and 2020.2 are security updates.
https://helpx.adobe.com/framemaker/kb/framemaker-downloads.html

Adobe Acrobat and Reader 2021.005.20058, 2020.004.30006, and 2017.011.30199 are security updates. Use Help, Check for Updates to install the most current version.

Adobe Bridge 11.1 is a security update.
https://www.adobe.com/in/products/bridge.html

Security Software Updates

One or more of these is likely to be of interest to most people.

Gpg4win 3.1.16 updates libraries and resolves several bugs. This is a security update.
https://www.gpg4win.org/download.html

Hashcat 6.2.2 improves automation, adds new hash-modes and resolves several bugs. This is not a security update.
https://hashcat.net/hashcat/#downloadlatest

RogueKiller 15.0.8 updates engine and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Tails 4.20 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

uBlock Origin 1.36.2 is a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.32.1 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 2021.4.2 resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

VideoCacheView 3.07 improves Firefox compatibility. This is not a security update.
https://www.nirsoft.net/utils/video_cache_view.html

Converter Updates

These are unlikely to be of interest to most people.

IsoBuster 4.8 adds ReFS support, dmg, adf, and hdf file support, metadata parsing, Amiga partitions, block range addressing and search support. This is not a security update.
https://www.isobuster.com/download.php

MakeMKV 1.16.4 improves decoding, compatibility, and resolves several bugs. This is not a security update.
https://www.makemkv.com/download/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.8.6 resolves several bugs. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 7.7.810
https://1password.com/downloads/windows/

8GadgetPack 34.0 resolves several bugs and improves compatibility. This is not a security update.
https://8gadgetpack.net/

AccessChk 6.14 adds support for NULL DACL reporting. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk

Aomei Partition Assistant 9.3 adds option to create portable version, resolves an app mover bug. This is not a security update.
https://www.diskpart.com/

Bitwarden 1.27.1 resolves several bugs. This is not a security update.
https://bitwarden.com/

Dell Command Update 4.2.1 doesn’t provide a changelog. This should be treated as a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

DesktopOK 9.11 adds support for Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.75 adds support for sorting by menu. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

Everything Toolbar 0.7.1 improves keyboard support, added options and integration, and resolves several bugs. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

Fido 1.20 adds Windows 7 ISO downloads. This is not a security update.
https://github.com/pbatard/Fido/releases

GoodSync 11.7.6 resolves several bugs. This is not a security update.
https://www.goodsync.com/

Homedale 1.97 resolves a bug. This is not a security update.
https://www.the-sz.com/products/homedale/

NetworkTrafficView 2.41 adds support for sorting by menu. This is not a security update.
https://www.nirsoft.net/utils/network_traffic_view.html

NTLite 2.1.2.8074 adds Windows 11 support and updates components. This is not a security update.
https://www.ntlite.com/download/

osquery 4.9.0 updates libraries, adds log rotation, improves table options, startup and shutdown time, and resolves other bugs. This is not a security update.
https://osquery.io/downloads

PointerStick 5.33 adds support for Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.41.3 resolves stability issues. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Process Monitor 3.83 resolves several bugs. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

RoboForm 9.1.5 resolves several bugs. This is not a security update.
https://www.roboform.com/

Strings 2.54 improves handling of files containing long strings. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/strings

Sysmon 13.22 improves performance and resolves a sub-rule bug. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TCPView 4.13 fixes a bug with connection state filtering. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview

TraceRouteOK 2.55 updates signature and languages. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

USBDeview 3.02 improves high-DPI support and adds support for sorting by menu. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

WinRAR 6.02 is a security update.
https://www.rarlab.com/

WinScan2PDF 7.22 adds Windows 11 support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 4.01 adds several new filter features, multiple simultaneous drive support, performance improvements, and adds cosmetic options. This is not a security update.
https://wiztreefree.com/

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 4.2.2.0 resolves several bugs. This is not a security update.
https://developer.android.com/studio

Node.js 16.4.2 is a security update.
https://nodejs.org/en/

Node.js 12.22.3 is a security update.
https://nodejs.org/en/

Node.js 14.17.3 is a security update.
https://nodejs.org/en/

SQLite 3.36.0 improves EXPLAIN, BOM skipping, and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.58 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Dada Mail 11.14.1 updates libraries, adds limits to Forward to a Friend, and resolves several bugs. This is not a security update.
https://dadamailproject.com/

Docker Desktop 3.5.2 resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.2.1 resolves several bugs. This is not a security update.
https://drupal.org/download

MailEnable 10.35 is a security update.
https://www.mailenable.com/

Nextcloud Server 22.0.0 adds Circles support, integrates chat and tasks, approval workflows, PDF signing, and resolves over 600 bugs. This is not a security update.
https://nextcloud.com/

ScreenConnect 21.9.4007.7863 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Akismet 4.1.10 resolves several bugs and improve API requests. This is not a security update.

Conditional Widgets 3.1 announced their native incompatibility with WP 5.8+ and how to continue to use it. This is not a security update.

Duplicator 1.4.2 resolves several bugs and updates package diagnostics. This is not a security update.

myStickymenu 2.5.3 resolves several bugs. This is not a security update.

Visual Composer 37.0 resolves several bugs, improves compatibility, and adds user interface improvements. This is not a security update.

W3 Total Cache 2.1.5 is a security update.

WooCommerce 5.5.0 resolves dozens of bugs. This is not a security update.

WP Mail SMTP 2.9.0 adds scheduler, improved notifications, and resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2021-03-09

Posted on March 9, 2021 by Shawn K. Hall

Welcome back, Folks!

Today is Patch Tuesday for March, 2021.

This Month in Technology

Gab has been hacked at least a couple more times. (Would you trust the security of a Gab-owned bank?)

A new form of “supply-chain” attack demonstrating dependency vulnerabilities has been used against many major vendors, including Microsoft, Apple, Tesla, and dozens more.

32red, Accellion, Allergy Partners, Apple, Bombardier, CA DMV, Clubhouse Chats, Covenant HealthCare, CSX, D-Link devices, Ecuador’s Ministry of Finance and Banco Pichincha, the European Banking Authority, EXMO, Experian (again), France’s Ministry of Health, Georgetown County (SC), Hipcam (and other baby monitors), Humana, IBM, over a hundred Italian banks, KeepChange, Kia, Kroger, Lakehead University, Malaysia Airlines, Ness Digital Engineering, Ninja Forms, Ngrok, NurseryCam, Oxford University, RealPage, RIPE NCC accounts, Rockwell Automation PLCs, Maza, a Russian Cybercrime forum, Singtel, SITA (an airline service provider), SolarCity, PayPal, Qualys, Sendgrid accounts (to send spam – how could anyone tell the difference?!), Sequoia Capital, Signal, T-Mobile, TMS, 15 UK schools, Underwriters Laboratories, Universal Health Services, VMWare vCenter Server, Washington State Unemployment Department, Wawa, Apple’s WebKit, and Yandex have been hacked.

According to a study by Bridewell Consulting, 86% of UK critical national infrastructure organizations have experienced cyber-attacks. I think it would be more accurate to present these numbers as, “14% of UKs critical national infrastructure doesn’t have the technology in place to know they were hacked.”

Even more malware related to the SolarWinds hack has been discovered. Since AWS was used for the SolarWinds hack, shouldn’t Amazon shut AWS down, too?

Microsoft is now admitting that Azure and Exchange source code has been compromised by the SolarWinds attackers.

The big news this month is that a vulnerability in Microsoft Exchange (coincidence?) has resulted in over thirty thousand servers being hacked. This is huge. So what did Microsoft do? Microsoft has announced it has changed their policy to crack down on hosted email accounts that receive a lot of email. Sigh.

Another interesting new tactic, bitsquatting, has proved far more effective than one would think. The demonstration allowed them to hijack thousands of requests intended for Microsoft. Used maliciously, this method will cause serious damage.

Censorship has finally made it before the Supreme Court, but Dr. Suess is only the latest target, while Facebook allowed actual genocide, but forbade discussion about news articles, Google acknowledges their efforts to perform censorship “better,” and Firefox has released a new extension to aid in censorship, while Streamlabs waited for the payment to clear before censoring one paid user. The Beverly Hills Police Department is using the novel approach of playing copyrighted music to prevent their actions from being observed, and Congress is now violating federal law by demanding censorship of media.

It amazes me that people actually trust “fact checkers.” Censorship doesn’t work!

Poland isn’t taking it anymore. Italy is fining Facebook, too.

Tor was hacked years ago, but new implementations (like that in Brave) are still popping up with their own problems.

Another 21 million VPN users were taught the lesson about the difference between customers and products. If you’re not the customer, you’re the product.

Instagram (like parent Facebook) is sharing everything you do with law enforcement. So is Apple’s iCloud.

The Windows 10 implementation of web fonts can be used to hack you. Apple M1 chips (less than 6 months old) have been targeted with several pieces of malware, but we should trust the MORPHEUS chip, right? BTW, M1 Macs are eating their (soldered in) SSDs, too.

It’s not just Google. Apple can disable all of your accounts and services on a whim, too. Or for your name.

Amazon has been caught duplicating products, can they be trusted to sell your products or host your content?

Is half a billion dollars enough to get you to rethink a bad user interface?

The whole point of unified interfaces and consistent logins is to ensure a familiar experience so you know whether you’re visiting the real site. Attackers take advantage of this to build their own imagekits and forms, even using their own fake security measures to convince you you’re on the “real” site since they are forced to validate that *you* are really you.

The malicious Gootkit Trojan can help the SEO of your websites. Just not for you.

Never reuse passwords. Or hard-code them. And don’t use obvious passwords either. But if you do, don’t blame a fabricated intern.

Apple claims that a new (available since 2019, but only recently launched on iOS) application execution technique will make it more difficult for iPhones to be hacked,
while yet another iPhone bug has demonstrated to successfully jailbreak every active iOS/iPhone line.

North Dakota and Arizona may save the Internet by forbidding the ability for vendors to force the use of their own app stores.

While many treat Google’s lockdown of their data APIs in Chromium as a bad thing, I see it as getting Google further out of Chromium – which can only be a net positive.

AT&T and Frontier have consistently abandoned phone networks in California, but we knew that: AT&T said they were going to do this when Title II passed. Sometimes the only thing to make a company following through is enough bad press.

Deepfakes for everyone! While most focus on Deepfakes are about their potential for evil, they can be used for good.

On patents: Intel owes $2.2 billion for saving power, and Apple has violated several biometric patents.

Dr. Fauci has known all along that the PCR test was useless. The WHO has launched their own COVID-specific version of “we investigated ourselves and found we did nothing wrong.” The dystopian concept of vaccine passports has been struck down by the Council of Europe. Unfortunately their power is mostly cosmetic.

The CDC inflated “COVID deaths” over 1600% in violation of multiple federal laws. CDS is real though. COVID has been “really good for CNN ratings,” though. Thousands of people have died in the US from the experimental COVID “vaccines,” (and elsewhere) or suffered from other harm. Many more internationally. Quarantine internment camps are a real thing. People are being harmed from the tests (or forcefully vaccinated), too. You can do something about it. (They sure won’t.) BTW, the CDC has had to remove their claim that vaccines don’t cause Autism.

Pennsylvania, New Mexico, and Texas have joined in on efforts to end lockdown insanity.

Don’t be selfish! Masks still don’t work, but masks can kill you. (At least they won’t rape you.)

Keep the pedophile, but ban the words.

Green Energy killed Texas. It shouldn’t have been allowed to happen.

Governors Cuomo and Whitmer are finally being taken to task on their “accidental” murder of thousands of nursing home residents. Don’t expect the President to get involved. Genocide is just “different norms” to him. Instead of those in “National Security” investigating this, they’re convinced their time is better used calling half the population terrorists.

Facebook has had more than 20 million child sex abuse incidents, more than 20x greater than any other website, including Google. Nevertheless, the masses aren’t calling for cancelling Facebook. It’s tolerance when “they” do it.

Speaker Pelosi (who is responsible for security at the House) refused National Guard assistance, supposedly over “optics“, before the staged January 6 “riot“. Chris Wray lied to Congress about Antifa dressing as Trump supporters. So did former Deputy Attorney General Rod Rosenstein. They’ve knowingly falsified FISA warrants. So is it really any surprise there are calls to shut down the FBI?

Some states are finally allowing election audits, with evidence of 6% discrepancies in every single race, others as much as 78%, and other serious math problems, while others refuse to release ballots for inspection, purge election data, or allow the FBI to shred ballots without oversight or inspection. Then they poison the people they are forcing to guard them.

Is it any surprise that their Section 230 “reforms” are designed to completely silence online discourse? After all, the President doesn’t understand what “clandestine” means. (Quick tip: If you announce your intentions on the MSM, it’s not clandestine!)

The Babylon Bee is probably the best news site on the Internet, not because they actually have any news, but because they shine a light on the fraud that passes for news today.

Now for the good news:

California has finally been allowed to implement their own brand of Net Neutrality. I strongly oppose Net Neutrality, as getting government involved in something (even under the auspices of protection) always results in unintended consequences. This is, fortunately, no exception. CA Net Neutrality can now be used by myself and others to target Big Tech to penalize them for their continuous acts of censorship.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, Internet Explorer, and MSRT (~2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Big Sur 11.2.3, watchOS 7.3.2, Safari 14.0.3, iOS 14.4.1 and iPadOS 14.4.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.4.1 is a security update. Use Settings, General, Software Update to install the most current update.

iPadOS 14.4.1 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.3.2 is a security update. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 88.0.4324.186 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Driver Updates

If you’re using this hardware – these updates are for you.

BullZip PDF Printer 12.2.0.2902 resolves several bugs. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Display Driver Uninstaller 18.0.3.7 improves cleanup and adds network path support. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DirectX 9.29.1974.1 doesn’t provide a changelog, so should be treated as a security update.

nVidia 461.72 adds support for newer hardware and resolves several bugs. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.21.74 resolved several bugs. This is a security update.
https://brave.com/

Google Chrome 89.0.4389.82 is a security update.
https://www.google.com/chrome/

Microsoft Edge 89.0.774.48 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 86.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.8.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 3.6.2165.40 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.8.0 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Mumble 1.2.19 is a security update.
http://wiki.mumble.info/wiki/Main_Page

Prosody 0.11.8 is a security update.
https://prosody.im/download/start

Trillian 6.4.0.5 resolves a settings bug. This is not a security update.
https://www.trillian.im/

Dropbox 117.4.378 does not provide a changelog so should be treated like a security update.
https://www.dropbox.com/

FreeFileSync 11.8 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Zoom 5.5.13142.0301 resolves several bugs, improves grid view, and better indicates when content is being shared. This is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.12 adds 3 new types of motion, show/hide shortcut, and resolves several bugs. This is not a security update.
https://en.3tene.com/

Flickr Downloadr 3.3.4.1 updates the Docker image. This is not a security update.
https://flickrdownloadr.com/downloads/

Office Updates

One or more of these are likely to be of interest to most people.

Atom 1.55.0 allows git configuration without a repository. This is not a security update.
https://atom.io/

IcoFX 3.5.1 resolves several bugs. This is not a security update.
https://icofx.ro/

LibreOffice Fresh 7.1.1 resolves almost a hundred bugs. Remember that this is beta software, so should be avoided for the stable version whenever possible. This should be treated as a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.1.3 is a security update.
https://nextcloud.com/

Notepad++ 7.9.3 adds new folder features that now prevent it working on Windows XP. If you are still running XP you should really consider switching to Linux, but if you must continue to use XP then use Notepad++ 7.9.2. This is not a security update.
https://12pd.com/click?npp32

VideoCleaner 5.8 improves Matrix, Sharpening and Mask features. This is not a security update.
https://videocleaner.com/download.html

Adobe Connect 11.2 is a security update.
https://helpx.adobe.com/security/products/connect/apsb21-19.html

Adobe Creative Cloud Desktop Application 5.4 is a security update.
https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html

Adobe Framemaker 2020.0.2 is a security update.
https://helpx.adobe.com/security/products/framemaker/apsb21-14.html

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.16 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

OpenSSL 1.1.1j is a security update.
https://www.openssl.org/source/

RogueKiller 14.8.5 updates core and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Wireless Network Watcher 2.25 improved compatibility with high-DPI. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

Capture Updates

These are unlikely to be of interest to most people.

VideoCacheView 3.06 adds support for the new cache partitioning structure in chromium-based browsers. This is not a security update.
https://www.nirsoft.net/utils/video_cache_view.html

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.16.1 resolves several bugs and adds ARM support. This is not a security update.
https://12pd.com/click?makemkv

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.8 adds native M1 support and resolves dozens of bugs. This is a security update.
https://1password.com/downloads/mac/

1Password for Windows 7.6.793 improves performance and resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/

CCleaner 5.77.8521 improves cleaning and resolves several bugs. This is a security update.
https://www.ccleaner.com/

ControlMyMonitor 1.28 improves compatibility with high DPI. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

Coreinfo 3.52 adds reporting for CET (shadow stack). This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/coreinfo

Cygwin 3.1.7 resolves several bugs. This is not a security update.
https://cygwin.com/

Dell Command Update 4.1 is a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

DesktopOK 8.66 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Eraser 6.2.0.2992 doesn’t provide a changelog so should be treated as a security update.
https://eraser.heidi.ie/download/

Everything Toolbar 0.6.2 adds an installer, drag & drop support, elevation support, and more. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

Homedale 1.93 adds an option to set the gps baud rate from the command line. This is not a security update.
https://www.the-sz.com/products/homedale/

IsMyHdOK 3.01 resolves a bug in screenshot generation. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.0.0.7820 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSFMount 3.1.1000 updates drivers and improves CLI support. This is not a security update.
https://www.osforensics.com/tools/mount-disk-images.html

PointerStick 5.05 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

QuickSetDNS 1.31 adds option to start hidden. This is not a security update.
https://www.nirsoft.net/utils/quick_set_dns.html

TeamViewer 15.15.5 was released. The TeamViewer release notes have been unavailable for months now, so while it might be a security update, it would be safer to remove TeamViewer until these issues are resolved.
https://www.teamviewer.com/en/download/windows/

TraceRouteOK 2.42 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

WinScan2PDF 6.91 adds support for multi-page TIF and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.37 improves compatibility, refresh behavior, and resolves several bugs. This is not a security update.
https://wiztreefree.com/

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.33.05 resolves several bugs and improves compatibility. This is not a security update.
https://www.autohotkey.com/download/

Node.js 12.21.0 is a security update.
https://nodejs.org/en/

Node.js 14.16.0 is a security update.
https://nodejs.org/en/

Node.js 15.11.0 resolves dozens of bugs. This is a security update.
https://nodejs.org/en/

TortoiseSVN 1.14.1 resolves several bugs. This is not a security update.
https://tortoisesvn.net/downloads.html

Visual Studio Code 1.54 resolves an extension dependency bug. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.11.3 resolves several bugs. This is not a security update.
https://ppsspp.org/downloads.html

Web Package Updates

These are likely to be of interest only to web developers.

Adminer 4.8.0 adds several new features and improves compatibility. This is not a security update.
https://www.adminer.org/en/

Docker Desktop 3.2.1 updates the Docker Engine. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.1.5 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

HumHub 1.8.0 adds a bunch of new features, improves permissions, brute force delays, style and administration improvements, and resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 3.9.25 is a security update.
https://www.joomla.org/

MailEnable 10.32 resolves several bugs and adds LDAP support. This is not a security update.
https://www.mailenable.com/

Nextcloud Server 21.0.0 improves performance (up to 10x!), collaboration, groupware and more. This is not a security update.
https://nextcloud.com/

OpenPetra 2021.02 adds several new features, improvements, and resolves bugs. This is not a security update.
https://www.openpetra.org/

phpList 3.6.1 improves short URLs, PHP8 support, and security improvements. This is a security update.
https://www.phplist.org/

phpMyAdmin 5.1.0 resolves several bugs, improves compatibility, and adds several new options. This is not a security update.
https://www.phpmyadmin.net/

ScreenConnect 21.3.2160.7699 resolves several bugs, renamed End to Delete, and improves compatibility. This is not a security update.
https://www.connectwise.com/software/control/download

YOURLS 1.8.1 improves IDN, UTF8, time zone, and PHP8 support, removes support for PHP 7.2, and resolves several bugs. This is not a security update.
https://yourls.org/

WordPress 5.7 resolves several bugs and adds a few new features, improving accessibility, and (finally) adding a feature to update HTTP to HTTPS links throughout your site when you switch to HTTPS. This is not a security update.
https://wordpress.org/

Akismet 4.1.9 improves handling of pingbacks in XML-RPC calls. This is not a security update.

BuddyPress 7.2.0 resolves several bugs. This is not a security update.

Conditional Widgets 3 improves translation support. This is not a security update.

Contact Form 7 5.4 adds Sendinblue support, updates libraries and improves reliability and compatibility. This is not a security update.

Social Post Feed 2.19 improves error handling and reporting, cleanup, resolves several bugs and updates libraries. This is not a security update.

myStickymenu 2.5.1 improves instructions and compatibility. This is not a security update.

Postie 1.9.55 improves compatibility and removes legacy image sizing feature. This is not a security update.

Really Simple CAPTCHA 2.1 improves hash comparison. This is not a security update.

W3 Total Cache 2.1.1 resolves several bugs and adds information links and ogg caching support. This is not a security update.

WooCommerce 5.1.0 is a major update. This version improves compatibility, localization, and resolves dozens of bugs. This is not a security update.

WordPress Zero Spam 5.0.9 resolves several bugs and improves spam detection. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/