Updates 2020-09-08

Welcome back, Folks!

Today is Patch Tuesday for September 2020.

This Month in Technology

I enjoy the soapbox I’ve taken here in my newsletters over the years, but unfortunately we were struck by a PG&E “Public Safety Power Shutoff” event so lost more than a day this week for Patch Tuesday and haven’t had the time (or Internet access!) to be able to collect this information for this newsletter. 🙁

Now for the good news:

Adobe Flash will be dead in only 113 days.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Internet Explorer, Office, Servicing Stack, and MSRT (~1.5 GB). This includes security updates. A reboot is required.

Apple released an update for Pro Video Formats 2.1.2. Use Apple Software Update to install these updates. A reboot is required.

Adobe Flash Player 32.0.0.414 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 85.0.4183.84 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.9 improves removal process, and adds support for new hardware. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

nVidia 452.06 adds support for newer hardware and improves performances in some games. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.13.82 adds several new privacy controls and display options. This is a security update.
https://brave.com/

Google Chrome 85.0.4183.102 is a security update.

Microsoft Edge 85.0.564.44 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 80.0.1 resolves several bugs. This is not a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 68.12.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 3.3.2022.39 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.2.0 resolves several bugs and improves OpenPGP integration. This should be treated as a security update.
https://www.thunderbird.net/en-US/

OutlookAttachView 3.42 adds cell context copy option. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Internet Updates

One or more of these are likely to be of interest to everyone.

curl 7.72.0 resolves one hundred bugs, adds zstd decoding, improves failure handling and adds effective method. This is a security update.
https://curl.haxx.se/windows/

Dropbox 104.4.175 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.50.0 updates Storj integration. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.1 resolves several bugs and improves compatibility. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 0.9997 is a security update.
https://nmap.org/npcap/

Prosody 0.11.6 resolves several bugs, and improves reliability and security.
https://prosody.im/download/start

Technitium DNS Server 5.2 resolves several bugs and adds certbot support. This is not a security update.
https://technitium.com/dns/

Zoom 5.2.45120.0906 disables webinar attendance by telephone. They plan to re-enable this feature “in the coming weeks.” This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Picard 2.4.4 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

3tene 2.0.3 resolves several bugs and adds z-axis tracking to Pro. This is not a security update.
https://en.3tene.com/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.09.03 resolves several bugs. This is not a security update.

PlayStation PS4 7.55 doesn’t provide a detailed changelog, so should be treated as a security update.
https://www.playstation.com/en-us/support/system-updates/ps4/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.012.20043 resolves compatibility issues with some programs. This is a security update.

Adobe DNG Converter 12.4 adds support for new hardware.
Win: https://supportdownloads.adobe.com/detail.jsp?ftpID=6975
Mac: https://supportdownloads.adobe.com/detail.jsp?ftpID=6973

Adobe Experience Manager 6.5.6.0 and 6.4.8.2 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html

Adobe Framemaker 2019.0.7 is a security update.
https://helpx.adobe.com/security/products/framemaker/apsb20-54.html

Adobe InDesign 15.1.2 is a security update.
https://helpx.adobe.com/security/products/indesign/apsb20-52.html

Atom 1.51.0 improves performance resolves several bugs. This is not a security update.
https://atom.io/

Blender 2.90 adds many new features and controls. This is a major update.
https://www.blender.org/download/

LibreOffice 6.4.6 resolves 70 bugs. This is a security update.
https://www.libreoffice.org/

LibreOffice Fresh 7.0.1 resolves over 70 bugs. This is a security update. Remember that this is a beta version of LibreOffice, so should be avoided by most users.
https://www.libreoffice.org/

Nextcloud Desktop 3.0.1 resolves several bugs and adds several new features. This is not a security update.
https://nextcloud.com/

Security Software Updates

One or more of these is likely to be of interest to most people.

Gpg4win 3.1.13 resolves several bugs and improves compatibility. This is a security update.
https://www.gpg4win.org/download.html

RogueKiller 14.7.2 adds several new features and updates libraries. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.29.2 resolves a couple bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.27 adds several new features and resolves more than a dozen bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.1.0.5 resolves a couple bugs and adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

Education updates

One or more of these are likely to be of interest to most people.

e-Sword 12.2 improves search and display. This is not a security update.
https://www.e-sword.net/

Utility Updates

These are unlikely to be of interest to most people.

Agent Ransack 2019.2947 adds installer flags for language, ui, and registration, resolves a performance bug with exporting searches that don’t parse content. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

DesktopOK 7.81 adds 64-bit improvements. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.71 adds option to copy contents of the clicked cell. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

DriverView 1.50 resolves a 64-bit compatibility problem. This is not a security update.
https://www.nirsoft.net/utils/driverview.html

Etcher 1.5.107 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

FileLocator Pro 8.5.2947 adds installer flags for language, UI, and registration, resolves a performance bug with exporting searches that don’t parse content. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Fing 2.0.1 adds support for new device detection, Wi-Fi heatmap, security details and resolves a bug in Bonjour discovery. This is not a security update.
https://www.fing.com/products/fing-desktop-download-windows

GoodSync 11.3.3 resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

Homedale 1.89 improves columns in GUI, and now uses UTF8 for logs. This is not a security update.
https://www.the-sz.com/products/homedale/

HWMonitor 1.42 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

IsMyHdOK 2.32 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.0.0.7640 improves component controls and settings, and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

Aomei Partition Assistant 8.9 improves GUI, and resolves several bugs. This is not a security update.
https://www.diskpart.com/

PointerStick 4.66 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.21.1 improves stability, adds several features, and resolves bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 8.9.2 resolves several bugs, including a reliability bug in manual saves. This is not a security update.
https://12pd.com/click?rf

TeamViewer 15.9.4 resolves several bugs. This is not a security update.
https://www.teamviewer.com/en/download/windows/

TraceRouteOK 2.22 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

Ultimate Boot CD 5.3.9 updates libraries. This is not a security update.
http://www.ultimatebootcd.com/download.html

WinGet 0.1.42241 adds autocomplete. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

WinScan2PDF 6.01 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.35 improves logging and export capabilities, and adds max last-modified date for newest file in the folder tree. This should be treated as a security update.
https://wiztreefree.com/

Developer Updates

These are unlikely to be of interest to most people.

Node.js 14.10.0 resolves dozens of bugs, updates libraries, and improves stability. This is not a security update.
https://nodejs.org/en/

SQLite 3.33.0 resolves several bugs, adds support for arbitrary-precision decimal arithmetic, UPDATE FROM, increases maximum database size, and improves integrity checks.
https://www.sqlite.org/download.html

StrawberryPerl 5.32.0.1 is a major update adding new features, bug fixes, libraries and compatibility. This is not a security update.
http://strawberryperl.com/

Visual Studio Code 1.48.2 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.8 resolves several bugs, improves stability and reliability. This is not a security update.
https://winmerge.org/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.14-140239 resolves several bugs and adds support for Linux kernel 5.8. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.09 resolves several bugs. This is not a security update.
https://coppermine-gallery.net/

Dada Mail 11.11.2 is a security update.
https://dadamailproject.com/

Drupal 9.0.5 resolves a cosmetic bug and changes component registry to avoid flagging for non-existent security vulnerability. This is not a security update.
https://drupal.org/download

HumHub 1.6.3 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 3.9.21 is a security update.
https://www.joomla.org/

Nextcloud Server 19.0.2 resolves dozens of bugs and updates libraries. This is not a security update.
https://nextcloud.com/

phpList 3.5.6 adds reply-to support, forwarding improvements, and resolves several bugs. This is not a security update.
https://www.phplist.org/

ScreenConnect 20.10.957.7556 resolves several bugs and adds new user controls. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.5.1 resolves dozens of bugs. This is not a security update.

Autoptimize 2.7.7 is a security update.

Contact Form 7 5.2.2 resolves several bugs. This is not a security update.

Social Post Feed 2.16.1 resolves several bugs. This is not a security update.

Interactive World Map 3.1.8 improves compatibility and resolves several bugs. This is not a security update.

myStickymenu 2.4.4 resolves several bugs. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.18 resolves several bugs and improves compatibility. This is a security update.

W3 Total Cache 0.14.4 resolves several bugs and improves compatibility. This is not a security update.

WooCommerce 4.5.1 resolves several bugs and improves compatibility. This is not a security update.

WP Mail SMTP 2.3.1 improves compatibility and resolves several bugs. This is not a security update.

Show IDs 1.1.5 improves compatibility. This is not a security update.

WPtouch 4.3.38 resolves several bugs. This is not a security update.

WordPress Zero Spam 4.10.1 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-07-14

Welcome back, Folks!

Today is Patch Tuesday for July 2020.

This Month in Technology

Apple has formally announced that they’ll be switching to ARM processors on their new hardware. While Apple asserts that “most apps will just work,” the truth is that if it’s not a 64-bit app or it hasn’t been updated in more than a year, chances are not only won’t work on ARM but will never work on ARM. If you were here when they switched from PowerPC to Intel you remember the issues were long and wide. You’ll likely need a VM to make many of your apps work.

Piracy doesn’t pay, except for those creating the pirated apps.

Macs are still getting infected through fake “Flash update” malware, even on Catalina. From the comments, “Which is worse, a real Flash installer or a fake one? It’s a toss-up.”

Microsoft was caught breaching user trust, again, by hijacking your data from other browsers and importing into their forced update to their new Edge browser without your permission.

Mozilla switched to a 4-week cadence for major updates in March. This has resulted in even less time for beta testing and the expected release+1 security updates.

Google Chrome is planning to hide everything in a URL other than the domain name. Google, the most popular purveyor of information and also the self-appointed gatekeeper to what is true and false, believes that having the complete URL is bad for you.

Google resolved a major email spoofing vulnerability through customer services, shortly before allowing a core domain name for their Blogger service to expire.

Slack vulnerability allowed hackers to distribute malware to victims devices.

What is it going to take before you stop copying passwords on your phone?

Everyone knows Facebook is always listening. Now the courts have finally considered their web widgets “Wiretaps.” Others are, too. They’re also designing systems to be able to trigger recording of all background noise from external queues. In states like California, Facebook is already violating the all-party consent requirements by recording audio 24/7. Maybe they’ll eventually acknowledge that it’s bad and stop? Ouch. Sorry, I hurt myself laughing there. Oh, and the Facebook Messenger app allowed you to be infected with persistent malware. If you have a website with Facebook integration, you need to take action now to comply with the CCPA.

Airlines are perfectly happy to violate the Americans with Disabilities Act – and treat you like a terrorist – if you have medical conditions.

Bitdefender Antivirus allowed any website you visited to run code on your device. Apache’s Guacamole remote support client allows attackers to take over the entire enterprise. Backdoors in operating systems, why not backdoors in encryption software?

Surprise: phishing still works. Even by text. …and launching a service that relays content to third-parties will ensure it is abused. Honeypots (systems designed to be opened for abuse to see how attacks take place) demonstrate four previously unknown zero-day vulnerabilities.

Nintendo, Plex, Honda, Samsung, Oxford University, University Of Pittsburgh Medical Center, UCSF, anyone banking with various Chinese banks, Night Lion Security, 79 different Netgear router models, hundreds of online retailers, and it won’t be long before IoT vulnerabilities can be used to provide big game hunting for rare species.

June Patch Tuesday updates from Microsoft broke Outlook and other apps for some users.

Selective enforcement means you’re a publisher, says AG Barr of Section 230 of the CDA. There’s no better way to prevent the abuse of Section 230 to censor voices you disagree with.

Now for the good news:

Starlink is coming. LEO internet access could provide up to 1 Gbps Internet access from space. Testing will begin in the next weeks and will gradually move south as satellites take place.

For now, you can cut your internet bill by taking advantage of the free Xfinity Wi-Fi hotspots through the end of the year.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 1.5 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Internet Explorer, DNS Server, Office, Servicing Stack, and MSRT (~900 MB). This includes security updates. A reboot is required.

Adobe Flash Player 32.0.0.403 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 83.0.4103.119 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Crucial Storage Executive 6.04 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Daemon Tools Lite 10.13.0 improves activation and creation and use of bootable disk images. This is not a security update.
https://www.daemon-tools.cc/products/dtLite

Intel Driver and Support Assistant 20.7.26 adds support for new hardware and improves application detection. This is not a security update.
https://www.intel.com/p/en_US/support/detect

nVidia 451.67 resolves several bugs and improves compatibility. This is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.10.97 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 84.0.4147.89 is a security update. Use Menu, Help, About to install the most current version.

Microsoft Edge 83.0.478.64 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 78.0.2 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 68.10.0 is a security update. Use Menu, Help, About to install the most current version.

SeaMonkey 2.53.3 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.1.1929.45 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

OutlookAttachView 3.41 adds an option to copy the preview content and resolves a bug in the cfg switch. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Thunderbird 68.10.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Trillian 6.3.0.6 resolves dozens of bugs, including 2FA and stability issues. This is a security update.
https://www.trillian.im/

Trillian Mac 6.3.0.6 resolves several stability bugs. This is not a security update.
https://www.trillian.im/

curl 7.71.1 resolves several sanitation issues. This should be treated as a security update.
https://curl.haxx.se/windows/

Dropbox 101.4.434 doesn’t provide a useful changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.49.0 resolves a several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 10.25 adds support for Google Drive Shared Drives and Shortcuts, resolves several bugs, and improves user interface. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 0.9995 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

PuTTY 0.74 is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Technitium DNS Server 5.0.1 is a major update that refactors how blocklists are stored and resolves several bugs. This is not a security update.
https://technitium.com/dns/

Zoom 5.1.28656.0709 is a security update.
https://zoom.us/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.07.09 resolves several bugs and improves compatibility. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Camera Raw and DNG Converter 12.3 adds support for new hardware. This is not a security update.
Mac: https://supportdownloads.adobe.com/detail.jsp?ftpID=6955
Win: https://supportdownloads.adobe.com/detail.jsp?ftpID=6957

Adobe Download Manager 2.0.0.529 is a security update.
https://helpx.adobe.com/security/products/adm/apsb20-49.html

Adobe ColdFusion 2016.16 and 2018.10 are security updates.
https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html

Adobe FrameMaker 2019.0.6 doesn’t provide a changelog so should be treated as a security update.
Win32: https://supportdownloads.adobe.com/detail.jsp?ftpID=6963
Win64: https://supportdownloads.adobe.com/detail.jsp?ftpID=6965

Adobe Genuine Service 7.1 is a security update. (Point this one out the next time someone says pirating Adobe software can reduce the security of your computer.)
https://helpx.adobe.com/security/products/integrity_service/apsb20-42.html

Adobe Media Encoder 14.3 is a security update.
https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html

Adobe Creative Cloud Desktop Application 5.2 is a security update.
https://helpx.adobe.com/security/products/creative-cloud/apsb20-33.html

Magento SUPEE-11346 (for Magento v1) is a security update.
https://www.magentocommerce.com/products/downloads/magento/

Adobe Audition 13.0.7 is a security update.
https://helpx.adobe.com/security/products/audition/apsb20-40.html

Adobe Premiere Rush 1.5.16 is a security update.
https://helpx.adobe.com/security/products/premiere_rush/apsb20-39.html

Adobe Premiere Pro 14.3 is a security update.
https://helpx.adobe.com/security/products/premiere_pro/apsb20-38.html

Adobe Illustrator 2020 24.2 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb20-37.html

Adobe After Effects 17.1.1 is a security update.
https://helpx.adobe.com/security/products/after_effects/apsb20-35.html

Adobe Campaign Classic 20.2 is a security update.
https://helpx.adobe.com/security/products/campaign/apsb20-34.html

Artweaver 7.0.6 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Atom 1.49.0 resolves several bugs. This is not a security update.
https://atom.io/

Blender 2.83.2 resolves over 1250 bugs, adds improves performance and stability across several features and adds viewport denoiser. This is not a security update.
https://www.blender.org/download/

Krita 4.3.0 adds several new watercolor effects with brush presets and gradient map and palettizer filters. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 6.4.5 resolves over 100 bugs. This is beta software so should be avoided in favor of the “Still” version (LibreOffice stable). This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 2.6.5 resolves several bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 7.8.8 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Adobe Reader DC 20.009.20074 resolves several bugs. This is not a security update.
https://get.adobe.com/reader

Security Software Updates

One or more of these is likely to be of interest to most people.

Bitmessage 0.6.3.2 is a security update.
https://github.com/Bitmessage/PyBitmessage/releases/latest

DrWeb CureIt! 14.07.2020 should be treated as a security update.
https://www.freedrweb.com/download+cureit+free/?lng=en

Hashcat 6.0.0 adds 51 new algorithms, CUDA support, GPU emulation, improved auto-tuning and more. This should be treated as a security update.
http://hashcat.net/hashcat/#downloadlatest

RogueKiller 14.6.1 resolves several bugs. This is a security update.
https://www.adlice.com/download/roguekiller/

TinyWall 3.0.7 adds support for WSL, whitelisting from network shares, improves detection of short-lived processes, and resolves several bugs. This is not a security update.
https://tinywall.pados.hu/

uBlock Origin 1.28.2 improves syntax highlighting in My Filters and asset viewer, resolves several bugs, and replaces the default filterlists with a new composite list.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.8.0 doesn’t provide a changelog so should be treated as a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Wireless Network Watcher 2.22 updates the internal MAC database and improves the CFG switch. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.26.1 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 2020.1.3 adds support for direct publication through TechSmith Knowmia, adds transparency support for color replacement, and resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.9.7 adds support for new encodings, adds several new conversion tools, presets, and bug fixes. This is not a security update.
https://www.dvdfab.cn/download.htm

FFmpeg 4.3.1 updates libraries. This should be treated as a security update.
https://ffmpeg.org/ffmpeg.html

HandBrake 1.3.3 resolves several bugs. This is not a security update.
https://handbrake.fr/

IsoBuster 4.6 adds a bunch of new features and format supports. This is not a security update.
https://www.isobuster.com/download.php

PDF Creator 4.1 resolves several bugs and improves watermark support. This is not a security update.
https://www.pdfforge.org/pdfcreator

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.6 is a security update.
https://1password.com/downloads/mac/

1Password for Windows 7.6.778 resolves dozens of bugs and improves reliability, adds notifications of website compromise, and improves accessibility. This is a security update.
https://1password.com/downloads/windows/

8GadgetPack 33.0 resolves several bugs, improves high-DPI support, removes defunct widgets. This is not a security update.
https://8gadgetpack.net/

AS SSD Benchmark 2.0.7316.34247 resolves a device access bug. This is not a security update.
https://www.alex-is.de/PHP/fusion/downloads.php?cat_id=4

Autoruns 13.98 now shows the Windows Defender binary as a signed binary. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Beyond Compare 4.3.5.24893 improves integration and compatibility, and resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 1.19.0 improves password concealment, adds soft delete and vault timeouts. This is not a security update.
https://bitwarden.com/

Cygwin 3.1.6 adds support for new socket options, resolves several bugs. This is a security update.
https://cygwin.com/

DesktopOK 7.48 adds SSL to automatic update capability. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Etcher 1.5.101 resolves several bugs, improves UI, and updates libraries. This should be treated as a security update.
https://www.balena.io/etcher/

GoodSync 11.2.5 resolves several bugs and changes licensing…again. This is not a security update.
https://www.goodsync.com/

MS ISO Downloader 8.38 adds support for new images. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

NTLite 1.9.0.7539 adds controls for Target release, Store pinning, Fast Startup, Fast User Switching, Hardware-accelerated GPU scheduling, Shutdown menu, Variable refresh rate, and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

PowerToys 0.19.1 resolves dozens of bugs and stability issues. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Rufus 3.11 improves compatibility and adds several keyboard shortcuts to toggle behaviors. This should be treated as a security update.
https://rufus.ie/en_IE.html

Sysmon 11.10 now captures ADS content into logs, introduces an is-any filter condition, and fixes several bugs. This is not a security update.
https://live.sysinternals.com/

Sigcheck 2.80 adds an option for specifying a trust GUID for signature verification and now shows certificate signing chains. This is not a security update.
https://live.sysinternals.com/

SimpleWMIView 1.41 adds cell-copying and case-sensitivity filtering. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

TeamViewer 15.7.7 resolves several bugs. This is not a security update.
https://www.teamviewer.com/en/download/windows/

WifiInfoView 2.61 updates the internal MAC addresses list. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinScan2PDF 5.81 resolves several bugs and improves rotation support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

ADB 30.0.3 resolves several bugs. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Android Studio 4.0.1.0 resolves over a dozen bugs. This is not a security update.
https://developer.android.com/studio

AutoHotkey 1.1.33.01 resolves several bugs and adds encoding, warnings, and version requirement options. This is not a security update.
https://www.autohotkey.com/download/

Godot 3.2.2 makes over 800 changes, adding C# support for iOS, 2D batching for GLES2, re-architecture of the Android plugin system, DRLS support and ENet integration, and better handling of Variants. This is not a security update.
https://godotengine.org/

Java 8u261 is a security update.
https://www.java.com/en/download/manual.jsp

Node.js 14.5.0 resolves dozens of bugs and updates libraries. This is not a security update.
https://nodejs.org/en/

Node.js v12 12.18.2 resolves several bugs and updates libraries. This is not a security update.
https://nodejs.org/en/

SQLite 3.32.3 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

DB Browser for SQLite 3.12.0 improves table editing, conditional formatting, and multi-threading, as well as dozens of other improvements and bug fixes. This is not a security update.
https://sqlitebrowser.org/

Visual Studio Code 1.47.1 is a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.12-139181 resolves over a dozen bugs and improves hardware compatibility. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

PPSSPP 1.10.3 resolves several bugs. This is not a security update.
https://ppsspp.org/downloads.html

Web Package Updates

These are likely to be of interest only to web developers.

Apache Tomcat 10.0.0-M7, 9.0.37, and 8.5.57 are security updates.
https://tomcat.apache.org/

Coppermine Gallery 1.6.08 improves installation and compatibility. This is not a security update.
https://coppermine-gallery.net/

Dada Mail 11.10.3 improves AWS signature v4 support. This is not a security update.
https://dadamailproject.com/

Drupal 8.8.8 and 8.9.2 are security updates.
https://drupal.org/download

Drupal 9.0.2 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

Joomla 3.9.20 is a security update.
https://www.joomla.org/

phpList 3.5.5 is a security update.
https://www.phplist.org/

ScreenConnect 20.7.29305.7496 resolves several bugs and improves compatibility. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.4.2 is a security update.
https://wordpress.org/

Autoptimize 2.7.3 resolves several bugs. This is not a security update.

BuddyPress 6.1.0 resolves several bugs. This is not a security update.

Contact Form 7 5.2 improves compatibility and resolves several bugs. This is not a security update.

Email Log 2.4.2 resolves several bugs. This is not a security update.

myStickymenu 2.4.3 resolves several bugs. This is not a security update.

Raw HTML 1.6.3 resolves a warning. This is not a security update.

Theme My Login 7.1.1 resolves several bugs. This is not a security update.

W3 Total Cache 0.14.2 resolves several bugs. This is not a security update.

WooCommerce 4.3.0 adds template caching, PHP warnings, improves accessibility, and resolves dozens of bugs. This is not a security update.

WP Mail SMTP 2.2.1 resolves several bugs and improves compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-06-09

Welcome back, Folks!

Today is Patch Tuesday for June 2020.

Windows 10 v2004 has been released. Don’t be the guinea pig! Make sure you’ve installed v1909 recently so you won’t be forced into the new build before they work out the bugs. I don’t see a lot of differences between v2004 and v1909 that most people would benefit from, anyway, but these releases tend to take a couple months to work out most of the bugs. For example, many Windows policies are erased during the upgrade which can result in local accounts being forced into using inescapable Microsoft accounts for users that don’t understand that “skip for now” is an option.

If you’re running any commercial version of Windows 10 prior to v1809 (build 17763) then it’s no longer supported and you will not receive operating system security updates. Upgrade to v1909 ASAP to maintain security updates for your device. Don’t install v2004 yet, since it’s now in what most people would call the “public beta.” Download v1909 for your system using the ISO Downloader, mount the ISO, then use the setup.exe file to install. Change the option on the first page of the installer to DISABLE checking for updates until after the installation is completed.

This Month in Technology

You could have probably used an egg timer to measure the time between the Orwellian release of GACT – Google/Apple Contact Tracing, which we were assured time and time again would never be used for anything other than COVID-19 tracking – and when it was used to track and arrest protesters. The current version of GACT can be disabled by turning off Location and Bluetooth on your devices. This will not be the case in the next iteration due within the next month.

The number of security vulnerabilities discovered in popular open source projects more than doubled in 2019. The horror! The fear! Well, this is actually a good thing. Vulnerabilities aren’t created by evil third-parties or hackers. They’re created by the original developers. They’re baked into the programs and libraries that the developer created – generally through failure of imagination or insufficient testing. The hackers and other third-parties only discover them and report them to the developers. Think of it like someone testing all the car doors in a parking lot to see if a car is unlocked. The “discovered” (read “reported”) vulnerabilities are what happens when the guy checking doors tells the car owner that he left the doors unlocked, so they can lock their doors. Unfortunately, whether they’re discovered or not the vulnerabilities do exist. Bad people may have already checked those doors and stolen everything out of your car long before the vulnerabilities were reported to the developers. Seeing these numbers go up makes me smile – the whole world is better for it. 🙂

The recent attacks on Microsoft logins using Google and Amazon URL redirection to steal authentication keys are not the only phishing methods currently being widely deployed. Attackers are also sending fake VPN configurations to users, which would allow direct man-in-the-middle attacks to proceed against all sites and services the victim used with their device.

My position on most services and features in any operating system or device is “default deny.” Turning off unused and unwanted features ensures that they can’t be abused and effect greater control over your device or your network. The #CallStranger UPnP protocol vulnerability allows malicious scripts from any website to hijack your internal network and perform network scans, DDoS attacks, or foothold attacks against your internal devices, including the vulnerable router that has UPnP enabled. Disabling UPnP and using manual network assignment would prevent this and any future UPnP vulnerabilities from having any effect.

The IAB has released a framework to aid in compliance with the CCPA.

The Free Thought Project provides several alternatives to the current law enforcement crisis that can help prevent the riots and protests we’re seeing now in many major metropolitan areas.

REAL science for the win. I wonder if the MSM outlets that have been vilifying Hydroxychloroquine will ever retract their statements? Sorry, that’s facetious since we all know that the MSM never acknowledges their failings. Will the arbiters of “truth” at Twitter and Facebook concede that their censorship was actually in the name of bad science? Of course not.

A major attack against Ajit Pai’s elimination of Net Neutrality comes in the form of AT&T paying itself for zero-rating HBO Max data on their networks. This will likely spring back up the Net Neutrality battle in the FCC.

The next Y2K is coming. CA Certificates are the parent certificates of the ones that provide TLS/SSL security for websites. The first of several to expire within the next year expired a few days ago causing service disruption for automated processes that depended upon the expiring authority certificates. Roku, Stripe, Sectigo, Fortinet and many, many more. Four separate root certificates expire within the next year and a dozen in the next 5 years. Be prepared for this to happen several more times in the near future.

Now for the good news:

Linux LTS Kernel 4.19 and 5.4 will be supported for 6 years. This will have a huge impact on the effective life of IoT devices.

Let’s Get Busy

Now back to our regularly scheduled program.

Thanks to the unstopping barrage of updates pushed during “weekly update quarantine”, Patch Tuesday this month is very light. The typical computer should see roughly 1 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Internet Explorer, Office, Servicing Stack, Microsoft Store, hardware security, and MSRT (~800 MB). This includes security updates. A reboot is required.

Adobe Flash Player 32.0.0.387 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 83.0.4103.97 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.9.80 is a security update. This version removes the “accidental” hijacking of affiliate links. Use Menu, Help, About to install the most current version.
https://brave.com/

Microsoft Edge 83.0.478.45 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 68.9.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Npcap 0.9993 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.06.05 resolves several bugs. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Notepad++ 7.8.7 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Adobe Framemaker 2019.0.6 is a security update.
https://www.adobe.com/products/framemaker.html

Adobe Experience Manager 6.4 and 6.5 are security updates.
https://helpx.adobe.com/experience-manager/aem-releases-updates.html

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.25 resolves several bugs, adds APNG support, adds option to disable tasks, and adds new URL metadata field. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.9.0 adds support for new encodings, improves default bit-rate and ripper modules, and resolves a SRT export bug. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

Etcher 1.5.97 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

PowerToys 0.18.2 resolves an elevation bug and several other bugs. This should be treated as a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 8.9.0 improves data synchronization, and resolves bugs in import. This is not a security update.
https://www.roboform.com/

USB Oblivion 1.12.2.0 adds support for unknown USB devices and resolves a bug related to old hardware. This is not a security update.
https://www.cherubicsoft.com/en/projects/usboblivion

WinScan2PDF 5.55 resolves a language selection bug and improves the scan integration. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

SQLite 3.32.2 improves VFS and PostgreSQL compatibility, adds IIF() support, improves the import command, and several other improvements. This is a security update.
https://www.sqlite.org/download.html

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.10-138449 adds support for Linux kernel 5.7, resolves several bugs, and improves Wayland compatibility. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Docker Desktop 2.3.0.3 upgrades the Linux kernel and resolves several bugs. This is a security update.
https://www.docker.com/products/docker-desktop

Akismet 4.1.6 resolves a race condition. This is not a security update.

Postie 1.9.53 adds a filter for postie_subject. This is not a security update.

WP Mail SMTP 2.1.1 adds a filter to set global reply-to address and improves documentation. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-02-20

Welcome back, Folks!

It’s not Patch Tuesday, but security updates from Google, Mozilla, Apple and Adobe have triggered an out-of-cycle update.

This Month Week in Technology

According to one of Tumblr’s engineers, Apple’s iOS is adware.

Even great computers are no match for the human brain in perceiving what the typical human consider obvious. Exploiting this fact, evildoers are extorting Google Adsense users by threatening to fraudulently click ads in violation of the Adsense terms unless they get paid off.

If your site is still running an older version of TLS or SSL it’s about to get spanked by the browsers and search engines. Upgrade your HTTPS security policies to use only the latest methods (even if older devices can no longer visit your site).

This month brings even more Bluetooth design and implementation vulnerabilities, and reassurance that keeping your mouth shut may eventually pay off, a relatively minor bug in Firefox allows CSS to be abused to (slowly) extract data from secure sites, and a change to the CCPA (California Consumer Privacy Act) now allows business to keep certain information you’ve requested to be removed so they can…prove…it was…removed…huh? LOL

Finally, a scientific study demonstrates that sound-bite socialization and catch-phrase culture have ruined our ability to have an educated conversation. The real question should be, is anyone surprised?

Let’s Get Busy

The typical computer should see approximately 600 MB of updates. Let’s get started.

watchOS 6.1.3 and 5.3.5 are security updates. Use your updated iPhone to install the most current version through the Watch app.
https://support.apple.com/en-us/HT204641

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Logitech Options 8.10.84 adds support for new hardware and resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 80.0.3987.116 is a security update. Use Menu, Help, About to install the current version.

Firefox 73.0.1 resolves several crash bugs. This is not a security update. Use Menu, Help, About to install the current version.

Vivaldi 2.11.1811.38 is a security update. Use Menu, Help, About to install the current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

FreeFileSync 10.20 adds email notification support, HTML logging, sync error detection, and more. This is not a security update.
https://www.freefilesync.org/download.php

IPNetInfo 1.95 adds improved command-line support. This is not a security update.
https://www.nirsoft.net/utils/ipnetinfo.html

WinSCP 5.17 resolves several bugs and adds new features. This is not a security update.
https://winscp.net/eng/index.php

Media Updates

These are unlikely to be of interest to most people.

MyPaint 2.0.0 is a major new update with new layer and compositing features, new brush controls, and dozens more. This is not a security update.
http://mypaint.org/downloads/

Picard 2.3 resolves dozens of bugs and improves reliability. This is not a security update.
https://picard.musicbrainz.org/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.02.12 resolves several bugs. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

LibreOffice Still 6.3.5 resolves about 85, including stability and reliability fixes. This is not a security update.
https://www.libreoffice.org/

Paint.net 4.2.10 resolves several bugs, notably with those using MSI deployment (yay!). This is not a security update.
https://www.getpaint.net/

Adobe Media Encoder 14.0.2 is a security update.
https://helpx.adobe.com/security/products/media-encoder/apsb20-10.html

Adobe After Effects 17.0.3 is a security update.
https://helpx.adobe.com/security/products/after_effects/apsb20-09.html

Adobe FrameMaker 2019.0.5 resolves several bugs. This is not a security update.
64-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=6851
32-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=6849

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.20.3 resolves a compatibility bug. This is not a security update.
https://www.fosshub.com/ScreenToGif.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.7.4 adds support for new encodings and resolves a crash bug. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

RoboForm 8.6.7 resolves several bugs and improves compatibility. This is not a security update.
https://12pd.com/click?rf

Cygwin 3.1.4 resolves a couple bugs and improves compatibility with symlinks and junctions. This is not a security update.
https://cygwin.com/

Etcher 1.5.79 improves user experience. This is not a security update.
https://www.balena.io/etcher/

GoodSync 10.10.24 resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

PointerStick 3.81 resolves several bugs and improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

Developer Updates

These are unlikely to be of interest to most people.

Node.js 13.9.0 resolves over 200 issues. This is not a security update.
https://nodejs.org/en/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.4-136177 resolves several bugs and improves EFI support. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Nextcloud Server 18.0.1 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

HumHub 1.4.1 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

myStickymenu 2.3.5 updates license rates and terms. This is not a security update.

Postie 1.9.43 begins the migration of shortcodes into the main module. This is not a security update.

Raw HTML 1.6.2 resolves a compatibility bug. This is not a security update.

Redirection 4.7 adds domain relocation with exceptions, site aliases, www/wwwithout controls, and content-type. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.12 improves Blogger and Facebook compatibility. This is not a security update.

Sucuri Security 1.8.24 resolves two bugs. This is not a security update.

WooCommerce 3.9.2 resolves several bugs. This is a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-02-11

Welcome back, Folks!

Today is Patch Tuesday for February 2020.

Microsoft blinked and released three updates to Windows 7 this month, however two of the issues that were resolved were actually caused by their EOL updates released last month. It’s no longer trustworthy, so do not let Windows 7 touch the Internet!

Windows 7 is officially end-of-life (EOL). If you’re still running it, shame on you, and if you are running a licensed version of Windows 7 or 8 you can still upgrade to Windows 10 and have a supported version of Windows for the foreseeable future. Don’t want to do it yourself? Call me!
https://saferpc.info/contact/

The Windows Update engine relies upon a file called “wsusscn2.cab” which is currently choking on download. While there are several Windows updates available today, it looks like the time just to check for updates will be over 2 hours for most devices today. Have patience or wait to start patching until later when they resolve this issue. There’s plenty of other stuff to patch anyway.

This Month in Technology

macOS finally fixes the Sudo bug (after 9 years), but this pales in comparison to the ease at which Mac users are infected through social engineering tactics. If you still think Mac’s are more secure than Windows, you need to see the numbers from MalwareBytes which show the typical Mac is targeted by nearly double the malware that Windows devices are. One special note here is that the users trusted the names of the websites that were involved, mostly a result of allowing domains to expire (a common concept within the broad scheme of domain hijacking).

While we’re on the subject of renewing domains, don’t forget your certificates! TLS/SSL certificates are often an enterprise’s weakest point of failure, especially when they’re not renewed on time. This will become even more important as TLS 1.0 and 1.1 are deprecated over the next couple months, which will prevent most older devices from being able to safely use the Internet at all. How important is certificate trust? Last months certificate hijacking bug allowed a researcher to replicate NSA and Github certificates in less than 24 hours which could be used immediately in MitM and DNS cache poisoning attacks with no effort from the attacker and as little as 10 lines of browser-based code.

Microsoft has decided to end it’s own ad platform within UWP apps, which will seriously hurt the entire UWP ecosystem and likely their users, by encouraging less security- and privacy-concerned third-party platforms to take their place.

This month we’ve seen data dumps from Twitter user details (shortly before a Twitter outage), Trello, Google, half a million servers, routers, and IoT devices, a major cannabis dispensary POS vendor, THSuite, WhatsApp had a major vulnerability (since patched), a Zoom vulnerability allowed hackers to eavesdrop on your calls, Mitsubishi was hacked via their enterprise security software, Trend Micro OfficeScan, and the United Nations was hacked through an unpatched server.

Is your privacy important? Apple bowed to the FBI to prevent fully-encrypted backups, ICE is using cellphone location data to track immigrants, but Avast has decided to stop selling it’s user data and they’re “sorry”, so at least there’s some good news.

Of course, any account can be hacked, even Facebook’s Twitter and Instagram accounts, and the NFL, and this month the City of Oshkosh (WI) and Duplin County (NC) join the “yet another government network hijacked” club.

It’s one thing to be incompetent when it comes to security, but Blizzard doesn’t even understand their users. This month they’re asserting total copyright ownership of any mods their users create and they released Warcraft: Reforged, which is the first game to ever be reviewed this poorly by the userbase. You might give Blizzard some credit for this – after all, they did build the engine that allowed the third-party “Dota” to flourish. LastPass, however, built their own system but accidentally removed their own extension from the Chrome Web Store!

In IoT news, more than 2/3rds of corporate and government entities were compromised with endpoint attacks in 2019, the weakest link might be the building itself or any of tens of millions of devices on a typical corporate or government network, though, as expected, many Huawei IoT devices have a backdoor. A serious public key exposure in Fortinet SIEM allows evildoers to kill your security appliance, and a critial zero-day in SolarWinds RMM allows attackers to hijack your network. Supply chain attacks targeting EOL Windows 7 devices remind us why we should avoid EOL hardware and software, and Phillips Hue lightbulbs are still proving that they weren’t well though-out security-wise. Thousand of WordPress-based websites have been hijacked to redirect visitors to evil sites, and there is always more to security than patching.

Let’s end my soapbox on a happy note: The best news this month might just be that Netflix finally offers an option to disable those #@$& autoplay previews. It’s about time.

Let’s Get Busy

Now back to our regularly scheduled program. The typical computer should see roughly 2.2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Internet Explorer, .NET, Flash, Servicing Stack, and MSRT (~1.2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra, iCloud for Windows 10.9.2, iCloud for Windows 7.17, iOS 13.3.1, iPadOS 13.3.1, iTunes for Windows 12.10.4, Safari 13.0.5, tvOS 13.3.1, and watchOS 6.1.2. These are security updates. Use Apple Software Update to install the most current versions.

iOS 13.3.1 and 12.4.5 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 13.3.1 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 6.1.2 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 13.3.1 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 79.0.3945.123 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Adobe Flash Player 32.0.0.330 is a security update. Take comfort knowing that Flash will be EOL in only 10 months.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (1909) is a pretty small update so will install quickly. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.2 resolves several issues and improves removal procedure. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

BullZip PDF Printer 11.12.0.2816 improves compatibility with Chrome 80+. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Intel Driver and Support Assistant 20.1.5 improves user interface, performance, uninstall, and resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect

nVidia 442.19 adds framerate capping, performance improvements for certain games, VRSS controls, and support for newer hardware. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Garmin Express 6.20 doesn’t provide a changelog so should be treated as a security update.
https://www.garmin.com/en-US/software/express/

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 80.0.3987.100 is a security update. This version is also the predecessor to the new samesite cookie handling behavior that will cause problems for various industries, including ad-services. Use Menu, Help, About to install the most current version.

Firefox 73.0 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 68.5.0 is a security update. Use Menu, Help, About to install the most current version.

Iridium 2019.11.78 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 2.10.1745.27 is a security update. Use Menu, Help, About to install the most current version.

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 68.5.0 is a security update. Use Menu, Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

MaxMind GeoLite: Due to their interpretation of the CCPA (California Consumer Privacy Act), MaxMind has opted to no longer provide direct downloads of their IP information databases. An account and agreement to perform updates immediately upon publishing new releases and removal of all existing copies is now required. Due to this we will no longer be listing MaxMind on SaferPC. I suggest you integrate their automatic update service into your existing platform to ensure that you can comply with their new usage agreement.

Prosody 0.11.4 improves performance and resolves several bugs. This is not a security update.
https://prosody.im/download/start

BrowsingHistoryView 2.36 adds option to delete Chrome and Firefox history records. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

FreeNAS 11.3 is a major update offering improved performance, security controls, community plugin integration, improved granularity of alerts and more. This is not a security update.
https://www.freenas.org/download-freenas-release/

Npcap 0.9987 is a security update.
https://nmap.org/npcap/

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.10.4 is a security update. Use Apple Software Update to install the most current version.

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.01.20 resolves several bugs and improves reliability of Remote Play. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.006.20034 is a security update. Use Help, Check for Updates to get the most current version.

Adobe DNG 12.2 adds support for new hardware. This is not a security update.
Mac: https://supportdownloads.adobe.com/detail.jsp?ftpID=6879
Win: https://supportdownloads.adobe.com/detail.jsp?ftpID=6881

Adobe Experience Manager 6.5.0-31870 and 6.4.0-31868 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb20-08.html

Adobe Digital Editions 4.5.11 is a security update.
https://helpx.adobe.com/security/products/Digital-Editions/apsb20-07.html

Adobe Framemaker 2019.0.5 is a security update.
https://helpx.adobe.com/security/products/framemaker/apsb20-04.html

Adobe Illustrator CC 24.0.2 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb20-03.html

Artweaver 7.0.4 resolves several bugs and improves performance with impasto and PSD text layers. This is not a security update.
https://www.artweaver.de/

Atom 1.44.0 resolves several bugs. This is not a security update.
https://atom.io/

LibreOffice Still 6.3.4 is a major update adding a wide variety of new features and performance improvements. This is not a security update.
https://www.libreoffice.org/

LibreOffice Fresh 6.4.0 resolves almost 500 bugs, including security issues. The typical user should run LibreOffice Still (stable), not Fresh (beta).
https://www.libreoffice.org/

Lightworks NLE 14.5 adds dozens of new features, export options, media codecs, and over a hundred bugs. This should be treated as a security update.
https://www.lwks.com/

Notepad++ 7.8.4 adds JSON and Workspace improvements, and resolves a crash bug. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 4.2.9 resolves several bugs and improves performance. This is not a security update.
https://www.getpaint.net/

Security Software Updates

One or more of these is likely to be of interest to most people.

QubesOS 4.0.3 is a security update.
https://www.qubes-os.org/downloads/

elementaryOS 5.1.2 is a security update.
https://elementary.io/

RogueKiller 14.1.1 resolves several bugs. This is a security update.
https://www.adlice.com/download/roguekiller/

TinyWall 3.0 improves reliability, user interface, exception controls, and resolves several bugs. This is not a security update.
https://tinywall.pados.hu/

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.20.2 resolves several bugs. This is not a security update.
https://www.fosshub.com/ScreenToGif.html

Converter Updates

These are unlikely to be of interest to most people.

MKVToolnix 43.0.0 resolves several bugs and improves user interface defaults options from command line. This is not a security update.
https://www.fosshub.com/MKVToolNix.html

DVDFab 11.0.7.1 resolves several bugs and adds support for newer encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

RoboForm 8.6.6 improves compatibility and resolves several bugs. This is not a security update.
https://www.roboform.com/

Easy2Boot 1.B8A improves compatibility and user-interface. This is not a security update.
https://www.fosshub.com/Easy2Boot.html

1Password for Mac 7.4.2 improves compatibility and resolves several bugs. This is not a security update.
https://1password.com/downloads/mac/

ControlMyMonitor 1.25 adds option to put icon in tray. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

DesktopOK 6.84 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.66 adds Class GUID column. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

Etcher 1.5.76 updates libraries and resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Everything CLI 1.1.0.18 doesn’t provide a changelog, so should be treated as a security update.
https://www.voidtools.com/

FileLocator Pro 8.5.2944 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Fing 8.8.2 improves user interaction and resolves several bugs. This is not a security update.
https://community.fing.com/

GoodSync 10.10.21 improves performance and reliability, resolves several bugs. This is not a security update.
https://www.goodsync.com/

MS ISO Downloader 8.31 adds support for new media. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

OSFMount 3.0.1005 adds command-line options to load physical or logical emulation only, and resolves a permissions bug. This is not a security update.
https://www.osforensics.com/tools/mount-disk-images.html

SetDefaultBrowser 1.4 adds support for Chromium-based Edge. This is not a security update.
https://kolbi.cz/blog/2017/11/10/setdefaultbrowser-set-the-default-browser-per-user-on-windows-10-and-server-2016-build-1607/

TaskSchedulerView 1.54 adds options to select/deselect all to column chooser. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

USBDeview 2.86 adds mode option for Regedit call, to support opening with or without elevation.
https://www.nirsoft.net/utils/usb_devices_view.html

WinScan2PDF 5.21 improves WIA compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.32 resolves several bugs, adds options to export file types to CSV, filterexclude, and command-line supporter activation. This is not a security update. On the note of Supporters – this software is amazing. Use it. And donate.
https://antibody-software.com/web/software/software/wiztree-finds-the-files-and-folders-using-the-most-disk-space-on-your-hard-drive/

Developer Updates

These are unlikely to be of interest to most people.

Godot 3.2 improves reliability, performance, stability and resolves almost 2,000 bugs. This should be treated as a security update.
https://godotengine.org/

Node.js 13.8.0 is a security update.
https://nodejs.org/en/

SQLite 3.31.1 adds generated columns, hard heap limits, improved pragma, dbstat aggregated mode support, open nofollow, and resolves an internal schema compatibility issue. This compatibility fix is temporary, so fix your applications if you currently rely on parsing the data structure via internal schema. This is a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.42 resolves several bugs, improves user interface, additional preference controls, task management, and more. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.2-135663 resolves several bugs and improves compatibility. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Adminer 4.7.6 resolves several bugs. This is not a security update.
https://www.adminer.org/en/

Drupal 8.8.2 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

HumHub 1.4.0 updates libraries and resolves dozens of bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 3.9.15 is a security update.
https://www.joomla.org/

Magento 2.3.4, 2.2.11, 1.14.4.4, 1.9.4.4 are security updates.
https://helpx.adobe.com/security/products/magento/apsb20-02.html

Nextcloud Hub 18.0.0 is a major update adding improved file, flow, photos, calendar, mail, and talk integration, and ONLYOFFICE support. This is not a security update.
https://nextcloud.com/

ScreenConnect 19.6.26659.7340 is a security update.
https://www.connectwise.com/software/control/download

SpamAssassin 3.4.4 is a security update.
http://spamassassin.apache.org/downloads.cgi

YOURLS 1.7.6 is a security update.
https://yourls.org/

bbPress 2.6.4 is a security update.

Interactive World Map 3.1.4 is a major update that resolves several issues. This is not a security update.

myStickymenu 2.3.4 resolves several bugs. This is not a security update.

Postie 1.9.41 resolves regex bug and now attempts to process only 1 email at a time. This is not a security update.

Sucuri Security 1.8.23 updates key updater and improves user interface. This is not a security update.

W3 Total Cache 0.13.1 resolves several bugs. This is not a security update.

WooCommerce 3.9.1 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/