Updates 2021-04-13

Welcome back, Folks!

Today is Patch Tuesday for April, 2021. There have been over 50 major hacking incidents, many hardware devices with critical security issues (often these are responsible for the major hacking incidents), and over a hundred updates this month. Almost every browser has released weekly security updates for the last two months. I don’t know about you, but I’m getting kind of sick of it. Finally, there’s an OpenSSL security update this week, so expect many more updates throughout the next month from every vendor that rolls their own encryption.

This Month in Technology

Acer, Apperta FoundationAzureBIG-IP, the Blender websiteBoggi Milano MenswearBooking.comBroward County (FL) Public SchoolsBrown UniversityBuffalo SchoolsCalifornia State Controller’s OfficeClubhouseCNA FinancialCrash 4 (within a day of release!), Facebook (which had the audacity to blame it’s users), Gigaset Android Update Server (preinstalled, too), Harvard Business SchoolHaverhill Public SchoolsIdaho Central Credit Union, the Indian governmentiOS, iPhones, iPads and Apple WatchesKentucky unemployment insurance systemMaricopa (AZ) Community Colleges, Michigan-based Flagstar BankMillersville UniversityMobiKwikMultiCareNetgear switches, the Netmask libraryParkMobilePeakTPA/Carolina SeniorCarePHPRollSAPSchneider Electric Smart MetersShellShopifySierra WirelessStanford MedicineSwarmShopUbiquiti (even if they won’t admit it), Union Bank of NigeriaUniversity Of CaliforniaUniversity Of ColoradoUniversity of MiamiUniversity of WisconsinUPMCVerkada, various VPN devices, Wake Forest Baptist-Lexington Medical CenterWeLeakInfo (ironic), Yeshiva University, and Zoom (more than once) have each been hacked.

There’s still fallout from the Exchange vulnerabilities for which Microsoft released patches in March, but with today’s release there are newly discovered vulnerabilities and patches, too. Even so, about 8% of Exchange servers still aren’t patched with the March fixes.

Newly discovered vulnerabilities allow bypass of Spectre mitigations on Linux, and on other platforms via JavaScriptAMD Zen 3 CPUs, Cisco SOHO Routers, and QNAP NAS devices are just a small sampling of hardware devices with serious security problems this month. 80% of global enterprises report firmware cyberattacks, while the other 20% probably just don’t have sufficient training or equipment to be able to detect them.

Major Google Android WebView problems have been notable this month and banking malware have been found in ten apps on the Google Play store. And Apple’s macOS Mail App can be hacked simply by receiving an email (again).

Azure AD/Microsoft 365, Azure DNS, Facebook, and Google have suffered recent outages.

T-Mobile is the latest to convert their customers into products. TikTok and Facebook tracking is worse than you imagine.

From the “I’m glad it didn’t happen to me” file we have an example of an aggressive space saving measure gone horribly wrong. There’s a growing trend of targeting the customers of ransomware victims to convince them to pay and another new cross-platform cryptomining worm.

Mobile privacy is a myth as both Google and Apple collect telemetry even when telemetry is disabled, but at least they’ve finally closed one of the more significant SIM-jacking holes.

Big Tech gets to make their own rules. They’re so aggressive about it that their own security staff sometimes can’t tell if they’ve been hacked. Google is being sued in France for violation of privacy. Apple has banned an accessibility keyboard from their AppStore in an effort to force them to into a buyout. Hopefully Epic will be able to use this and Apple’s hypocritical statements in Australia in their antitrust suit.

As with all disasters and government programs (but I repeat myself), the “American Rescue Act” is being trolled by malware authors to infect unsuspecting users. LinkedIn users are also being targeted thanks to the LinkedIn hack.

Not all of those Norton Antivirus renewal messages are scams (just most of them), and the UK is now suing Norton for failing to comply with their investigation into their “Dark Pattern” subscription model.

If Big Tech, Big Government, and the MSM didn’t censor Presidents (even Venezuela’s),
representatives, doctors, Christians, students, and even knitters, push false narratives, and tolerate terror, child abuse, racism, and sexism, while providing security only to one side of the aisle and targeting the other, I suspect there would be much more peace. Virginia Tech is being sued for banning the amorphously definedhate speech“, while once more college racism turns out to be a hoax. It shouldn’t be any surprise to anyone that victimhood itself is a disease.

A single death is a tragedy but killing small businesses was always part of the plan. The lockdowns were never about a virus. They were about pushing compliance with masks and experimental (lethal and anything butsafe and effective“) mRNA treatments onto an unwilling public, to “hack the software of life” preventing the ability to survive and dismantling every freedom unless you accept the jab. A surge is happening, not just at the border, but in post-jab death rates. All of this to ensure that their slush funds would be financed and elections could never be honest again.

There have been tens of thousands of fraudulent ballots in Michigan Georgia, and New Hampshire. In Georgia, one county ordered voter registration applications for 25 times the population. At least we can all agree on some common sense election reform. Or can we? The same businesses that require an ID to use their services are attacking new laws that require the same scrutiny for elections.

Now for the good news:

After more than a decade the US Supreme Court has finally ruled in favor of Google.
It’s about time. While I have no love for Google, the idea that you can’t develop code that uses the same parameters or names as Oracle code is sickening. How many of you have have written functions to format a date or number? It’s not like granular coding styles leave much to the imagination. This would be like an author suing another author because the chapters of their book were named “Chapter 1”, “Chapter 2” and so on. Good decision.

As long as I have my soapbox: Save Crypto!

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Exchange, Edge, .NET, Servicing Stack, and MSRT (~ 1.5 GB). This includes security updates. A reboot is required.

Apple released updates for GarageBand 10.4.3, iOS 14.4.2, iOS 12.5.2,, iPadOS 14.4.2, and watchOS 7.3.3. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.4.2 and 12.5.2 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 14.4.2 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.3.3 is a security update. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 89.0.4389.95 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Drivers by Seagull 2021.1 adds hardware support, improves response time, and adds features to certain models. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/

Crucial Storage Executive 7.01 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.3.8 improves AMD removal and resolves several bugs. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Logitech Options (macOS) 8.50.210 resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options

NVidia 465.89 adds new profiles, improves compatibility with various games and newer hardware. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.22.71 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 89.0.4389.128 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 89.0.774.76 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 87.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.9.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

SeaMonkey 2.53.7 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.7.2218.52 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.9.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.47 adds high-DPI support and an option to copy URL QR Code to the clipboard. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 7.76.0 is a security update.
https://curl.haxx.se/windows/

Dropbox 119.4.1772 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.53.1 resolves a couple bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.9 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

IPInfoOffline 1.60 adds CIDR and Duplicate Count columns, and updates internal IP database.
https://www.nirsoft.net/utils/ip_country_info_offline.html

Npcap 1.30 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Technitium DNS Server 6.2 is a major update. The 6.0 branch adds DNS Application support, more options, and improved compatibility. This is not a security update. Be aware that the current version chokes during updates because it stalls on removal of the previous version.
https://technitium.com/dns/

Telegram 2.7.1 resolves several bugs. This is not a security update.
https://telegram.org/

WGet 1.21.1 is a security update.
https://eternallybored.org/misc/wget/

Zoom 5.6.1.617 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.14 resolves several bugs and adds new positions and motions. This is not a security update.
https://en.3tene.com/

FastStone Viewer 7.5 adds dark theme, support for audio formats, and resolves several bugs. This is not a security update.
http://www.faststone.org/FSViewerDetail.htm

Picard 2.6 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Photoshop 21.2.7 and 22.3.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb21-28.html

Adobe Digital Editions 4.5.11.187606 is a security update.
https://helpx.adobe.com/security/products/Digital-Editions/apsb21-26.html

Adobe Bridge 10.1.2 and 11.0.2 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb21-23.html

Atom 1.56.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/

RoboHelp RH2020.0.4 is a security update.
https://helpx.adobe.com/security/products/robohelp/apsb21-20.html

Krita 4.4.3 doesn’t provide a detailed changelog so should be treated as a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.1.2 resolves over 60 bugs. This is not a security update, but the “Fresh” line is beta, so should be avoided by most users.
https://www.libreoffice.org/

LibreOffice Still 7.0.5 resolves over 100 bugs. This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.2.0 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 7.9.5 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.17 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

ClamWin Portable 0.99.4.103 doesn’t provide a changelog so should be treated as a security update.
https://portableapps.com/apps/security/clamwin_portable

OpenSSL 1.1.1k is a security update.
https://www.openssl.org/source/

RogueKiller 14.8.6 is a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.34.0 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.9.2 doesn’t provide a detailed changelog so should be treated as a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.3.0 resolves several bugs and improves toolset. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.16.3 resolves several bugs. This is not a security update.
https://12pd.com/click?makemkv

Education updates

One or more of these are likely to be of interest to most people.

e-Sword 13.0 adds Audio Bible support. This is not a security update.
https://www.e-sword.net/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.6.797 resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/

Bitwarden 1.25.1 resolves installation issues, adds support for Safari 13 and updates electron. This is not a security update.
https://bitwarden.com/

CCleaner 5.78.8558 improves cleaning options and behavior. This is not a security update.
https://www.ccleaner.com/

Cygwin 3.2.0 is a major update, improving threading and symlink support, and resolves more than a dozen bugs. This is a security update.
https://cygwin.com/

DesktopOK 8.77 improves translations and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dupeGuru 4.1.1 resolves several bugs. This is not a security update.
https://dupeguru.voltaicideas.net/

Etcher 1.5.117 resolves several bugs and updates libraries. This is not a security update.
https://www.balena.io/etcher/

Everything Toolbar 0.6.3 resolves a user-mode compatibility problem, requiring uninstallation of previous versions before upgrade. All future builds will be machine-level only. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

GoodSync 11.6.2 resolves dozens of bugs. This is not a security update.
https://www.goodsync.com/

Homedale 1.95 adds translation. This is not a security update.
https://www.the-sz.com/products/homedale/

IsMyHdOK 3.13 improves SSD/SSHD detection and benchmark testing. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.1.0.7845 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

osquery 4.7.0 adds several new tables, concat* functions, and resolves dozens of bugs. This is not a security update.
https://osquery.io/downloads

ProduKey 1.96 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/product_cd_key_viewer.html

PsExec 2.33 is a security update.
https://sysinternals.com/

RoboForm 9.1.2 adds website problem reporting and resolves several bugs. This is not a security update.
https://www.roboform.com/

Samsung Magician 6.3.0 doesn’t provide a changelog so should be treated as a security update.
https://www.samsung.com/semiconductor/minisite/ssd/download/tools/

SimpleWMIView 1.43 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

System Monitor 13.02 resolves several bugs. This is not a security update.
https://sysinternals.com/

TaskSchedulerView 1.67 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TcpLogView 1.35 adds Process User column and improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/tcp_log_view.html

TCPView 4.0 adds flexible filtering, search, and display of the Windows service that owns an endpoint. This is not a security update.
https://sysinternals.com/

WifiInfoView 2.68 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinObj 3.02 resolves a crash bug. This is not a security update.
https://sysinternals.com/

WinScan2PDF 7.01 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WirelessKeyView 2.22 adds an option to copy QR Code of the selected item. This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.33.06 resolves a hotkey bug. This is not a security update.
https://www.autohotkey.com/download/

Android Studio 4.1.3.0 resolves a stable/beta channel bug. This is not a security update.
https://developer.android.com/studio

Node.js 12.22.0 is a security update.
https://nodejs.org/en/

Node.js 14.16.1 is a security update.
https://nodejs.org/en/

Node.js 15.14.0 is a security update.
https://nodejs.org/en/

Redemption 5.27.0.5916 resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/

SQLite 3.35.4 is a security update.
https://www.sqlite.org/download.html

TortoiseGit 2.12.0 updates libraries, resolves more than a dozen bugs, and improves consistency. This is not a security update.
https://tortoisegit.org/

Unreal Engine 4.26 adds many new features. This is not a security update.
https://unrealengine.com/en-US/

Visual Studio Code 1.55.2 is a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.11 adds a method to enable 2FA. This is not a security update.
https://coppermine-gallery.net/

Docker Desktop 3.3.0 resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.1.6 resolves over 50 bugs. This is not a security update.
https://drupal.org/download

HumHub 1.8.1 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 3.9.26 is a security update.
https://www.joomla.org/

MailEnable 10.34 resolves several bugs. This is not a security update.
https://www.mailenable.com/

Nextcloud Server 21.0.1 resolves over 70 bugs, updates libraries, and improves reliability and compatibility. This is not a security update.
https://nextcloud.com/

phpList 3.6.2 improves compatibility and resolves several bugs. This is not a security update.
https://www.phplist.org/

Piwigo 11.4.0 is a security update.
https://piwigo.org/

ScreenConnect 21.4.2767.7752 makes several cosmetic changes and resolves bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SpamAssassin 3.4.6 is a security update.
https://spamassassin.apache.org/downloads.cgi

Antispam Bee 2.9.4 adds support for ajax calls. This is not a security update.

Autoptimize 2.8.3 resolves a bug. This is not a security update.

BuddyPress 7.2.1 is a security update.

Social Post Feed 2.19.1 improves compatibility and reliability, and resolves several bugs. This is not a security update.

Email Log 2.4.5 resolves several bugs. This is not a security update.

Redirection 5.1.1 resolves several bugs. This is not a security update.

Sucuri Security 1.8.26 is an SJW release. This is not a security update.

Theme My Login 7.1.3 resolves several bugs. This is not a security update.

W3 Total Cache 2.1.2 resolves several bugs and adds AWS regions, new MIME types and pagination links. This is not a security update.

WooCommerce 5.2.0 resolves dozens of bugs. This is not a security update.

WP Mail SMTP 2.7.0 changes PHP requirements (5.5+) and resolves several bugs. This is not a security update.

WordPress Zero Spam 5.0.12 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2021-02-09

Welcome back, Folks!

Today is Patch Tuesday for February, 2021.

This Month in Technology

Malware planted during the SolarWinds hack is still being discovered and SolarWinds is still vulnerable.

ADT (not just employee abuse), Amazon Kindle e-readersAzure Functions, the Australian Securities and Investments CommissionCisco DNA CenterCyberpunk 2077Excellus Health Plan, Inc., ExperianFiberHome routers, Forward AirGolang, various Home Assistant integrationsiOSlibgcrypt, Linux (and macOS) SUDOMalwarebytesMeetMindfulMimecast (also a SolarWinds victim), Nespresso smart cards, New Zealand Central BankNoxPlayerOffice 365OpenWRT forumPalo Alto Networks, the PentagonPerl[.]comPfizerSonicWallStormshieldUK Research and Innovationthe UNUScellularUSDA (again), Vermont Dept of LaborVIPGamesWashington State Auditor’s OfficeWestRock Co., WhatsApp, and Wind River Systems have been hacked.

The EU is fining (victims) of data breaches 39% more than two years ago. Grindr is exposing your information. SpamCop made a boo-boo by not renewing their domain on time, resulting in a huge amount of legitimate messages being treated as spam. The LogoKit phishing platform has been updated to “improve” effectiveness.

The UK Government is giving malware-infected laptops to students and the US federal government has repeatedly supported violation of the third and fourth amendments to plant recording devices on private property. There has been an increase of 93% of leaks and data breaches in 2020.

Whether you pay the ransom or restore from backups: PATCH the vulnerabilities!

I have always called for avoiding pirated software because it poses a unique security risk. Here’s an example. (avoid travelling by train in China)

Federally funded censorship and double-standards are being used to advance cancel culture in bankscoffeejournalism, patriotism, by mere association, while actually inciting violence with absurd rhetoric such as calling a kindly neighbor a terrorist for plowing your snow are being excused as acceptable. While censorship isn’t left or right only one side is willing to ban those most likely to join the military from joining.

Worse yet, they’re even targeting third-parties for cancellation for daring to support free speech. Heck, even Mike Rowe is being cancelled.

Some are actually upset that not enough censorship is taking place while ignoring actual calls for violence, funding terroristsopenly supporting child porn, hypocritically calling censorship a violation of election integrity, and arresting people for posting memes.

No matter how much the narrative is disproven – this was planned by others well in advance, and the capitol police were directly involved, which is probably why they refused assistance from the National Guard and DoD when offered multiple times. There’s plenty more.

At least there’s finally some pushback. Hopefully it’s not too little, too late.

Meanwhile, TIME acknowledges that they did, in fact, collude with big tech, large corporations and foreign governments in violation of state and federal laws in order to steal the election. (But don’t talk about it online!) By the way, is it just a coincidence that so many opponents of free speech are pedophiles?

Facebook will pay $300/ea to Illinois users for violating state biometric laws and yet, they have still violated Polish law and blocked & banned small investors while Zuckerberg bragged about how he censored Trump to prevent a free election. WhatsApp users are leaving in droves, while WhatsApp has shifted messaging to explain that user messages (notably not their “data”) can still be removed.

There’s been a surge in BSODs for some Windows devices after January updates. Microsoft has been beaten to the patch (again) by 0patch for a vulnerability in their installer system.

Google is above the law or at least, demands the ability to be excluded from it. They’ve also banned one app for supporting a popular open source file type and another for allowing access to content it doesn’t control (like Google’s own browsers), and violated their own terms to purge negative reviews in their App Store. YouTube is removing Senate testimony. It should come as no surprise then, that developers are realizing that “doing business with [Google] is a liability.” Do you really need more justification to de-Google?

Mozilla fixed a browser bug that could trigger physical damage to your SSD.

Amazon has been caught colludingendangering privacyhypocritically inciting violence, and stealing, all while pursuing the ability to run the Pentagon Defense Systems (in violation of their own Terms of Service).

Apple is throttling iPhones again, preventing sideloading on M1’s, and took five years to discover a widespread crypto miner in macOS.

Still trust your mobile security? Your operating systems have intentionally designed vulnerabilities/weaknesses.

Especially when it comes to science, sunlight remains the best disinfectant. It turns out “global warming” is worse when humans aren’t polluting the air. But sadly, facts don’t matter anymore, so months have passed and hundreds of thousands of lives were lost before political and social science caught up with actual science to acknowledge HCQ is, in fact, an effective treatment. And surely it’s just a coincidence that testing processes were changed immediately after inauguration?

Investigating and/or punishing people for refusing an experimental treatment (according to the FDA they’re not vaccines) is a violation of the Nuremberg Code, but that won’t prevent governments and corporations from doing it anyway, no matter how many times that is struck down as unconstitutional.

The CDC has illegally inflated COVID statistics, but is suppressing VAERS information about people dying like flies after injections.

Really though, can you trust any medical treatment created by people that struggle with math?

Now for the good news:

The Biden administration has dropped the federal lawsuit against the California Net Neutrality law. This will eventually be what breaks the Big Tech monopoly.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, and MSRT (~ 2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iCloud for Windows 12.0 (off and on again), iOS 14.4, iPadOS 14.4, Safari 14.0.3, tvOS 14.4, watchOS 7.3, and Xcode 12.4. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.4 is a security update. Use Settings, General, Software Update to install the most current update.

iPadOS 14.4 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.3 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 14.4 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 88.0.4324.109 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.3.6 improves cleanup. This is a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

nVidia 461.40 resolves a dozen bugs. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.19.92 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 88.0.4324.150 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 88.0.705.63 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 85.0.2 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.7.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

SeaMonkey 2.53.6 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.6.2165.36 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.8.0 adds account colors, and resolves several bugs. This is not a security update.
https://getmailspring.com/

Thunderbird 78.7.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.46 adds support for Brave. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 7.75.0 resolves dozens of bugs and adds several new features. This is not a security update.
https://curl.haxx.se/windows/

Dropbox 115.4.601 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.52.2 resolves several bugs. This is not a security update.
https://filezilla-project.org/

Pocketnet-Core 0.18.18 resolves several bugs. This is not a security update.
https://pocketnet.app/

WinSCP 5.17.10 is a security update.
https://winscp.net/eng/index.php

Zoom 5.5.12494.0204 resolves a couple minor bugs. This is not a security update.
https://zoom.us/

Java 8u281 is a security update.
https://www.java.com/en/download/manual.jsp

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.10 resolves several bugs. This is not a security update.
https://en.3tene.com/

darktable 3.4.1 resolves about 20 bugs. This is not a security update.
https://www.darktable.org/install/

VLC Media Player 3.0.12 is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

Steam 2021.02.05 resolves several bugs, improves compatibility, and improves cosmetics. This is not a security update.

PlayStation PS5 20.02-02.50.00 resolves a PS4 installation compatibility issue, improves editing video clips and improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Atom 1.54.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/

Blender 2.91.2 doesn’t have a detailed changelog so should be treated as a security update.
https://www.blender.org/download/

IcoFX 3.5 resolves several bugs. This is not a security update.
https://icofx.ro/

Krita 4.4.2 adds mesh gradients, mesh transform, gradient editor and halftone filter, new brushes, and resolves dozens of bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.1.0 resolves hundreds of bugs and improves reliability, stability, and compatibility. This is not a security update. This is beta software and should be avoided by most users.
https://www.libreoffice.org/

Lightworks NLE 2021.1 adds dozens of new features and improvements, and resolves many bugs. This is not a security update.
https://www.lwks.com/

Nextcloud Desktop 3.1.2 adds several new features: SVG client branding, push notifications for file changes, conflict resolution trigger and more. This is not a security update.
https://nextcloud.com/

OpenOffice 4.1.9 improves stability and compatibility. This is not a security update.
https://www.openoffice.org/download/

Paint.net 4.2.15 resolves several bugs. This is not a security update.
https://www.getpaint.net/

FrameMaker 2019 Update 8 64bit (2019.0.8) doesn’t provide a changelog, so should be treated as a security update.
64-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=7063
32-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=7065

Adobe Acrobat and Reader 2021.001.20135, 2020.001.30020, and 2017.011.30190 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb21-09.html

Adobe Animate 21.0.3 is a security update.
https://helpx.adobe.com/security/products/animate/apsb21-11.html

Adobe Dreamweaver 20.2.1 and 21.1 are security updates.
https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html

Adobe Illustrator 25.2 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb21-12.html

Adobe Photoshop 21.2.5 and 22.2 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb21-10.html

Magento 2.4.2, 2.4.1-p1, and 2.3.6-p1 are security updates.
https://helpx.adobe.com/security/products/magento/apsb21-08.html

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.15.1 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

RogueKiller 14.8.4 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.33.2 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.9.0 resolves a bug with URL parsing. This is not a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.2.0 resolves several bugs. This is not a security update.
https://12pd.com/click?snagit

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.6.791 resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/

Bitcoin 0.21.0 resolves over a dozen bugs and improves networking. This is not a security update.
https://bitcoin.org/en/download

Bitwarden 1.24.6 improves biometrics, search, and usability. This is not a security update.
https://bitwarden.com/

Carbonite 6.3.8 resolves a bug with NAS backups. This is not a security update.
https://account.carbonite.com/

CCleaner 5.76.8269 improves cleaning and accessibility, and resolves several bugs. This is not a security update.
https://www.ccleaner.com/

CPU-Z 1.95 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 8.44 improves toolset. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DriveImage XML 2.60 doesn’t provide a changelog so should be treated as a security update.
https://www.runtime.org/driveimage-xml.htm

Etcher 1.5.116 updates libraries and improves cleanup of temp files. This is not a security update.
https://www.balena.io/etcher/

Everything 1.4.1.1005 is a security update.
https://www.voidtools.com/

Fido 1.18 adds support for the latest 20H2 refresh. This is not a security update.
https://github.com/pbatard/Fido/releases

GoodSync 11.5.6 improves stability, reliability and sync, and resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

Homedale 1.92 resolves several bugs. This is not a security update.
https://www.the-sz.com/products/homedale/

IsMyHdOK 2.81 adds automatic update and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

LessMSI 1.8.1 resolves a display bug. This is not a security update.
https://lessmsi.activescott.com/

NTLite 2.0.0.7784 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

ProduKey 1.95 adds option to extract partial key from WMI. This is not a security update.
https://www.nirsoft.net/utils/product_cd_key_viewer.html

PSAppDeploy 3.8.4 resolves several bugs. This is not a security update.
https://psappdeploytoolkit.com/

RAMDisk 4.4.0.RC36 resolves several bugs and updates libraries. This is not a security update.
http://memory.dataram.com/products-and-services/software/ramdisk

RoboForm 9.1.1 updates credit card storage data, resolves several bugs, and now uses secure transmission for automatic updates. This is a security update.
https://12pd.com/click?rf

SimpleWMIView 1.42 adds an option to start hidden. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

TaskSchedulerView 1.66 adds pagination to the properties widow and adds Task Filename column. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TeamViewer 15.14.5 was released. The TeamViewer release notes have been unavailable for over a month, so while it might be a security update, it would be safer to remove TeamViewer until these issues are resolved.
https://www.teamviewer.com/en/download/windows/

USB Oblivion 1.16.0.0 adds ability to preserve desktop settings and clean UserAssist keys. This is not a security update.
http://www.cherubicsoft.com/en/projects/usboblivion

WinScan2PDF 6.55 resolves several bugs and improves scanner compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 4.1.2.0 resolves a dozen bugs. This is not a security update.
https://developer.android.com/studio

MySQL ConnectorNet 8.0.23 is a security update.
https://dev.mysql.com/downloads/connector/net/

Node.js 15.8.0 resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/

Node.js 14.15.5 resolves several bugs. This is not a security update.
https://nodejs.org/en/

SQLite 3.34.1 adds new features and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

StrawberryPerl 5.32.1.1 resolves several bugs. This is not a security update.
https://strawberryperl.com/

Visual Studio Code 1.53 resolves several bugs and adds several features and controls. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.10 resolves several bugs and adds new command-line switches and features. This is not a security update.
https://winmerge.org/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.11 resolves dozens of bugs. This is not a security update.
https://ppsspp.org/downloads.html

VirtualBox 6.1.18-142142 resolves several stability and reliability bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Adminer 4.7.9 is a security update.
https://www.adminer.org/en/

Coppermine Gallery 1.6.10 improves compatibility with PHP 8.01. This is not a security update.
https://coppermine-gallery.net/

Docker Desktop 3.1.0 resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.0.11 is a security update.
https://drupal.org/download

Drupal 9.1.4 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

HumHub 1.7.2 resolves over a dozen bugs. This is a security update.
https://www.humhub.com/en/download

Nextcloud Server 20.0.7 updates libraries and resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

OpenCart 3.0.3.7 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.opencart.com/

Piwigo 11.3.0 resolves several bugs. This is a security update.
https://piwigo.org/

ScreenConnect 21.2.2159.7699 adds a security tile to configure security options and resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SMF 2.0.18 is a security update.
https://www.simplemachines.org/

WordPress 5.6.1 resolves several bugs. This is not a security update.
https://wordpress.org/

Social Post Feed 2.18.2 improves GDPR compatibility and resolves a deletion bug. This is not a security update.

Multisite Enhancements 1.6.1 resolves a path bug. This is not a security update.

Redirection 5.0.1 adds support for PHP 8 and resolves several bugs. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.20 resolves several bugs. This is not a security update.

Sucuri Security 1.8.25 updates the password reset process. This is not a security update.

W3 Total Cache 2.1.0 resolves several bugs and adds cache groups. This is not a security update.

WooCommerce 4.9.2 improves compatibility and disables untested plugins from status and plugin pages. This is not a security update.

WP Mail SMTP 2.6.0 improves compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

 

 

Updates 2020-11-10

Welcome back, Folks!

Today is Patch Tuesday for November, 2020. It’s a big one and many Windows computers will be pushed into v2009 unless they’ve recently installed v2004. With the release of v2009 and the election, there’s a lot going on this month.

This Month in Technology

Aetna has been hacked again, dozens of hospitals (again), Mashable has been hacked, Cisco AnyConnect zero-day still isn’t patched, a Solaris zero-day is being used to hack corporate networks, and billions of credentials have been leaked after a data breach website contents are leaked online, Google Drive is being used to infect hospitals, Cloud Hospitality has exposed customer data for millions of users, Mattel has been hacked, BigBasket has been hacked, WordPress pushed out a sorely broken security update and fixed it the next day, Waze can be used to track you by nearby drivers, and X-Cart sites were hit by ransomware.

Cadillac Fairview has been illegally using secret facial recognition cameras throughout their shopping centres.

Apple has had several outages this month, and their hardware manufacturer was hit by ransomware, while they abandon another for exposed labor abuses (not for the labor abuses themselves, since that’s really within Apple’s wheelhouse), iOS apps will work on Apple Silicon Macs, but many developers are already abandoning the App Store.

Microsoft is blocking upgrades to v2004 and v2009 due to a Thunderbolt compatibility & reliability bug.

Starlink’s beta shows impressive performance (135 Mbps/25 Mbps).

It’s usually best to dismiss anything a politician says, but Biden’s assertion that he has the “most extensive and inclusive voter fraud organization in the history of American politics” should not be taken with a grain of salt.

After all, there is plenty of evidence of fraud including voter intimidationterrorism (the “use of violence and intimidation, especially against civilians, in the pursuit of political aims”), foreign nation interference, varioussoftware” “glitches” and “bugs,” fake ballotsfake voters, invalidating sharpie ballotsbackdating ballots arriving late, an untrustworthy postal systemfalse witnesses, (literally) blocking access to ballot observersnetwork and “accidentally mislabeled” ballots, throwing away ballots that poll-workers disagree with, the inability to trust even election judges, and government “open integrity” websites, but the Main Stream Media continues to preach the mantra that there is no evidence of voter fraud (mostly because big tech is censoring most of the evidence) even while Democrat representatives declare voter fraud a “time-honored tradition.”

Awkward: Joe Biden’s (77) Coronavirus task force is being lead by a man that believes people shouldn’t live past 75.

It’s not just the vote tally that’s false, the US Census faked data, too.

Fox News has lost the faith of their viewers and Judge Jeanine.

Twitter continues to demonstrate why you shouldn’t use them.

NetMarketShare had a good run. After 14 years they’ve pulled the plug due to changes in the chromium source, reasonably accurate browser identification will no longer be possible.

The Cult of Branch Covidians continues to demonstrate that science has never been their goal. Medical staff know the truth, and their efforts to save family and the world from masked parasites based on faulty tests and high false-positive rates with severe costs for a virus they’ve never isolated are being blocked and ignored. By the way, did you know that the PCR false-positive rate is as much as 4% and the number of “positive tests” in CA averages 3.7%? A judge that treats people as adults is being investigated for daring not to wear a mask in his own courtroom.

5G is finally being investigated.

The Internet Archive has surrendered to censorship.

0patch to the rescue, again. Microsoft isn’t supporting Office 2010 but don’t let that dissuade you. 0patch has been offering security fixes for many vendors of otherwise unsupported applications.

There’s a workaround for some HP printers that allow you to bypass the ban on third-party ink and toner. This is especially useful since HP Instant Ink is now demanding a ransom to keep using the ink you’ve already paid for.

Now for the good news:

The best news, to me anyway, is that scientists have now regrown optic nerves.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is very big. The typical computer should see roughly 2.5 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, Flash, Internet Explorer, and MSRT (~ 1.1 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update, iOS 14.2, iPadOS 14.2, iOS 12.4.9, watchOS 5.3.9, watchOS 6.2.9, watchOS 7.1, and tvOS 14.2. Expect an update to iTunes, too, in the next few days. These are security updates.

iOS 14.2 and 12.4.9 are security updates. Use Settings, General, Software Update to install the most current version.

iPadOS 14.2 is a security update. Use Settings, General, Software Update to install the most current version.

watchOS 5.3.9, 6.2.9 and 7.1 are security updates. Use your updated iPhone to install the most current version through the Watch app.
https://support.apple.com/en-us/HT204641

tvOS 14.2 is a security update. Use Settings, General, Updates to install the most current version.

Adobe Flash Player 32.0.0.453 is a security update. Since Flash is going the way of the dodo along with the Year from Hell, this could very well be the last time you may have to install a Flash update. You’re still better off removing it instead of updating. 🙂
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 87.0.4280.47 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

nVidia 457.30 adds support for CUDA 11.1, new hardware, new game profiles, and resolves several bugs. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Daemon Tools Lite 10.14.0 resolves several bugs and adds streaming and theme controls. This is not a security update.
https://www.daemon-tools.cc/products/dtLite

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.16.72 is a security update. Use Menu, Help, About to install the current version.
https://brave.com/

Google Chrome 86.0.4240.193 is a security update. Use Menu, Help, About to install the current version.

Microsoft Edge 86.0.622.63 is a security update. Use Menu, Help, About to install the current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 82.0.3 is a security update. Use Menu, Help, About to install the current version.

Firefox ESR 78.4.1 is a security update. Use Menu, Help, About to install the current version.

Iridium 2020.11.85 is a security update, but Iridium runs behind with chromium so should be avoided.
https://iridiumbrowser.de/

Vivaldi 3.4.2066.99 is a security update. Use Menu, Help, About to install the current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.4.2 is a security update. Use Menu, Help, About to install the current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Dropbox 109.4.517 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FreeFileSync 11.3 resolves several bugs and improves cosmetics. This is not a security update.
https://www.freefilesync.org/download.php

Zoom 5.4.58740.1105 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.10.10.2 doesn’t provide a changelog so should be treated as a security update.
https://www.apple.com/itunes/download/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.013.20064 is a security update. Use Help, Check for updates to install the most current version.

Atom 1.53.0 resolves several bugs. This is not a security update.
https://atom.io/

Krita 4.4.1 resolves several bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.0.3 resolves over 90 bugs. This is not a security update. Remember that ‘Fresh’ is the beta version, so should be avoided by most users.
https://www.libreoffice.org/

Nextcloud Desktop 3.0.3 resolves over a dozen bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 7.9.1 resolves over 20 bugs, including several stability and reliability issues, and adds several new features. This is not a security update.
https://12pd.com/click?npp

Security Software Updates

One or more of these is likely to be of interest to most people.

TinyWall 3.0.10 resolves several bugs. This is not a security update.
https://tinywall.pados.hu/

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.0.1 adds new quick styles, direct theme access, resolves compatibility with YouTube and several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.0.5 improves hardware support, resolves several bugs, and adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

CCleaner 5.74.8184 improves application compatibility, automatic update controls, and resolves several bugs. This is not a security update.
https://www.ccleaner.com/

DesktopOK 7.99.1 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DMDE 3.8.0.790 adds APFS support, image preview, and resolves several bugs. This is not a security update.
https://dmde.com/

Eraser 6.2.0.2991 doesn’t provide a changelog so should be treated as a security update.
https://eraser.heidi.ie/download/

Etcher 1.5.110 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

GoodSync 11.4.5 resolves dozens of bugs. This is not a security update.
https://12pd.com/click?goodsync

RoboForm 8.9.5 resolves several bugs and improves Most Popular calculations. This is not a security update.
https://12pd.com/click?rf

AD Explorer 1.50 adds support for exporting data from the “Compare” dialog. This is not a security update.
https://live.sysinternals.com/

Disk Usage 1.62 adds support for the MFT and removes the MAX_PATH limitation. This is not a security update.
https://live.sysinternals.com/

VMMap 3.31 fixes a Thread Environment Block bug on Windows 10 systems. This is not a security update.
https://live.sysinternals.com/

Sysmon 12.02 fixes several configuration parsing bugs. This is not a security update.
https://live.sysinternals.com/

Developer Updates

These are unlikely to be of interest to most people.

ADB 30.0.5 improves performance and error handling. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Android Studio 4.1.1.0 resolves over a dozen bugs. This is not a security update.
https://developer.android.com/studio

Node.js 15.1.0 adds diagnostics_channel (experimental), new spawn event, DNS resolver control, and several V8 options. This is not a security update.
https://nodejs.org/en/

Redemption 5.25.0.5826 resolves 9 bugs and adds several new objects. This is not a security update.
http://www.dimastr.com/redemption/

Visual Studio Code 1.51 integrates a terminal, improves intellisense, Git, tab pinning and more. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Docker Desktop 2.5.0.1 updates libraries, system requirements, and resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

HumHub 1.7.0 resolves two minor bugs. This is not a security update.
https://www.humhub.com/en/download

OpenPetra 2020.10 resolves several bugs. This is not a security update.
https://www.openpetra.org/

ScreenConnect 20.11.1479.7606 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.5.3 resolves several security issues and automatic update failures.

bbPress 2.6.6 doesn’t have a current changelog, so should be treated as a security update.

Multisite Enhancements 1.5.3 resolves several bugs and improves cosmetics. This is not a security update.

Redirection 4.9.2 improves compatibility and cosmetics. This is not a security update.

WooCommerce 4.6.2 resolves an account creation bug. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-10-13

Welcome back, Folks!

Today is Patch Tuesday for October 2020.

This Month in Technology

For those in our local community, the biggest news is that AT&T has abandoned DSL in rural America, reducing Internet access options even further for our friends and neighbors.

The US Treasury has announced that it is now illegal to pay your federal taxes.

The Universal Health Services was hacked (all 400+ locations!) and infected with ransomware, so was Software AG, the U.S. Department of Veterans Affairs (VA) was hacked again, the Department of Homeland Security (DHS) was hacked, the Las Vegas school system was hacked – and since they didn’t pay the ransom student details were leaked, Docsketch was hacked, and the United Nations (UN) International Maritime Organization was hacked. Razer made a boo-boo, and even coffee makers are now being used for ransomware distribution. Grindr was hacked, Microsoft’s Windows XP source code was leaked, almost any current iPhone can be listened into from 20 feet away using only an AM radio, and access to your RMM (Remote Monitoring and Management) is being sold to attackers. Evidence exists that your anti-virus is helping the bad guys, and BitDefender is still weak security.

Facebook has been hacked (for years), Facebook for Android has been hacked again, Office 365 & Outlook have been down repeatedly over the last month, Fitbit malware – distributed by Fitbit – can be used to take over your internal network and exfiltrate your data to the web, Bluetooth is still the weakest wireless link, your Comcast XR11 TV remote can be used to listen in to your conversations, BitLocker encryption is vulnerable to a sleep-mode bypass (aka, yet another reason not to use sleep mode), HP Device Manager flaw is a big deal, but not as big a deal as Windows Error Reporting being used to infect your PC.

Apple’s initial iOS 14 release killed batteries on many iPhones, (so did the recent ChromeOS update), Apple’s latest security fix (10.15.7) can kill performance on your Mac, but only if you use Mac software (rolls eyes). Hint: disable and re-enable Find My Mac to fix it. And that’s nothing compared to their T2 security chip vulnerability.

“The” secure reimplementation of BIOS, UEFI, was designed to make security at boot a thing of beauty and prevent third-parties from being able to hijack the boot process. Unfortunately, it simply provided a false sense of security.

2FA via SMS is also a much lower fruit than many realize, but not nearly as bad as SSO.

Many others have joined in the case against Apple & Google’s rent-seeking, who charge significantly more for their “services” than even the federal government, but portray themselves as victims. Insane rules and hypocritical requirements force developers to charge for free services or force users out of their application in order to even be allowed into the Apple ecosystem. What can we really expect from a SF bay area “green” company that lies about their recycling program? Hopefully the courts will use Apple’s own words against them, in that Apple claims that their AppStore is a place to “reliably” download “safeapps.

Former Facebook data scientist exposes her complicity with atrocities and abuse by governments and MNCs.

The Supreme Court heard arguments on the Oracle v Google IP fight suffered the same problem that most legal battles over technology do: poor arguments. Google’s defense failed to explain the distinctive nature of APIs as guides rather than code. Sure, they provide access to the functionality of the code, but are not, in and of themselves, code. The entire argument could be easily equated to vehicles. One does not need to know nor expose the specific design of a Ferrari 911 to know that the vehicle should stop at a stop sign nor yield at a yield sign. The vehicle itself (code – reasonably subject to IP) can operate on any road as long as the traffic signs (APIs) are in place. The signage is consistent across most of the world, even where languages differ greatly. So should the APIs be universally available.

In the current world of tech censorship and cancel culture, nobody can really argue against the necessity for Section 230 to be revised. However, most calls for revision would create an even more abhorrent system where public discourse can not be held without risk of liability to completely unrelated parties.

If you take government money, you are subject to the same rules as government, so says RFK, Jr.

In the new “get woke, go broke” era, it should come as no surprise that when you pander to racists and terrorists, you will be investigated.

Research shows that the lockdowns were not only anti-science, but caused far more harm than the virus itself. On the subject of fraud, are we still supposed to believe that the government’skill a fly with a nukeresponse to COVID is really all the result of bats in an Asian wet market or that masks actually do anything at all?

One would think fraud would be front page news, but the MSM is much more likely to ignore than acknowledge it. To paraphrase Stalin, “A single case of fraud is a tragedy; a million cases are just a statistic.”

The moment I read that Nintendo’s lawyers said Joy-Con Drift “wasn’t a real problem” I knew they would be sued.

Now for the good news – since I’m making up for last month, I’ll give you three:

Adobe Flash will finally be dead in only 79 days.

Free, limitless power from graphene could literally change everything.

A “vaccine” of sorts has been developed to protect against some forms of ransomware.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 2.5 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, Flash, and MSRT (~ 1.5 GB). This includes security updates. A reboot is required.

Apple released updates for iOS 14.0.1 and iPadOS 14.0.1, tvOS 14.0.2, Safari 14.0, watchOS 7.0.2, macOS Catalina 10.15.7, macOS Mojave 10.14.6, macOS High Sierra 10.13.6, iCloud for Windows 7.21, iCloud for Windows 11.4, iTunes for Windows 12.10.9, and Xcode 12.0. These are security updates.

iOS 14.0.1 is a security update. Use Settings, General, Software Update to install the most current version. This version also adds the Orwellian contact tracing feature at the system level. While “disabled” by default, you may validate that it is disabled in Settings, Privacy, Health, COVID-19 Exposure Logging, and turn off Exposure Logging.

iPadOS 14.0.1 is a security update. Use Settings, General, Software Update to install the most current version.

tvOS 14.0.2 is a security update. Use Settings, General, Updates to install the most current version.

watchOS 7.0.2 is a security update. Use your updated iPhone to install the most current version through the Watch app.

Adobe Flash Player 32.0.0.445 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google has released security updates for Android 9 and 10 which will gradually be published by individual vendors and available to you in the coming weeks. This version also adds the Orwellian contact tracing feature. Disabling Location and Bluetooth will disable the current version of contact tracing.

Google Chrome OS 85.0.4183.133 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.3.3 improves removal of DCH CP on older builds of Windows. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Logitech Options 8.30.310 resolves several bugs adds profiles for Zoom and MS Teams. This is not a security update.
https://www.logitech.com/en-us/product/options

Logitech Options (macOS) 8.30.293 resolves several bugs adds profiles for Zoom and MS Teams. This is not a security update.
https://www.logitech.com/en-us/product/options

nVidia 456.71 adds support for new hardware and improves support for COD beta and other games. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Crucial Storage Executive 6.06 doesn’t provide a changelog so should be treated as a a security update.
https://www.crucial.com/support/storage-executive

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.15.72 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 86.0.4240.80 is a security update. Use Menu, Help, About to install the most current version.

Microsoft Edge 86.0.622.38 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 81.0.2 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 78.3.1 is a security update. Use Menu, Help, About to install the most current version.

SeaMonkey 2.53.4 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.3.2022.47 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.3.2 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Dropbox 107.4.443 resolves bugs and adds more. This is not a security update.
https://www.dropbox.com/

Zoom 5.3.53291.1011 changes automatic update behavior, and improves poll and link behaviors. This is not a security update.
https://zoom.us/

Prosody 0.11.7 is a security update.
https://prosody.im/download/start

FreeFileSync 11.2 resolves several bugs, improves layout and key bindings. This is not a security update.
https://www.freefilesync.org/download.php

Nmap 7.91 adds support for new profiles and fingerprints, and resolves several bugs. This is a security update.
https://nmap.org/

Npcap 1.00 resolves two minor bugs. This is not a security update.
https://nmap.org/npcap/

Technitium DNS Server 5.3 resolves several bugs. This is not a security update.
https://technitium.com/dns/

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.6 improves sensitivity calculations, light focal management, and resolves several bugs. This is not a security update.
https://en.3tene.com/

iTunes for Windows 12.10.9 is a security update. Use Apple Software Update to install the most current version.

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.10.07 resolves several bugs. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Notepad++ 7.9 adds several new features and fixes over a dozen bugs. This is not a security update.
https://notepad-plus-plus.org/

Adobe Reader DC 20.012.20048 resolves several bugs. This is not a security update.

Artweaver 7.0.7 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Atom 1.52.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/

Blender 2.90.1 resolves several bugs. This is not a security update.
https://www.blender.org/download/

Lightworks NLE 2020.1.1 resolves several bugs. This is not a security update.
https://www.lwks.com/

Microsoft Office for Mac 2016/2019 is a security update.

Krita 4.4.0 improves fill layers, multigrid, screentone, brushes, API improvements and more. This is a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.0.2 resolves over a hundred bugs. This is a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.0.2 resolves a dozen bugs. This is not a security update.
https://nextcloud.com/

Security Software Updates

One or more of these is likely to be of interest to most people.

OpenSSL 1.1.1h resolves several bugs and improves compatibility. This is not a security update.
https://www.openssl.org/source/

KeePass 2.46 adds several features including TLS 1.3 and mass edit capabilities, as well as resolving bugs, and other improvements. This is not a security update.
https://keepass.info/

RogueKiller 14.7.3 resolves several bugs. This is a security update.
https://www.adlice.com/download/roguekiller/

TinyWall 3.0.8 resolves several bugs. This is not a security update.
https://tinywall.pados.hu/

uBlock Origin 1.30.4 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.27.3 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 2020.1.5 resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.0.1 is a major update with several improvements. This version improves the GUI and adds several new output profiles. This is not a security update.
https://www.dvdfab.cn/download.htm

AVStoDVD 2.8.9 resolves several bugs, improves performance and updates libraries. This should be treated as a security update.
https://sites.google.com/site/avstodvdmain/

MakeMKV 1.15.3 resolves several bugs, introduces TOR/VPN support, adds support for new stream types. This is not a security update.
https://www.makemkv.com/download/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.6.785 resolves a bug. This is not a security update.
https://1password.com/downloads/windows/

Beyond Compare 4.3.7.25118 resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 1.22.2 resolves bugs. This should be treated as a security update.
https://bitwarden.com/

CCleaner 5.72.7994 resolves several bugs and improves compatibility. This is not a security update.
https://www.ccleaner.com/

CPU-Z 1.94 adds support for new hardware and resolves several bugs. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 7.95 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.72 resolves an output bug. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

Etcher 1.5.109 is a security update.
https://www.balena.io/etcher/

Everything 1.4.1.992 is a security update.
https://www.voidtools.com/

GoodSync 11.3.8 resolves several bugs. This is not a security update.
https://www.goodsync.com/

IsMyHdOK 2.51 resolves bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

LessMSI 1.7.0 improves messaging. This is not a security update.
https://lessmsi.activescott.com/

MS ISO Downloader 8.40 adds support for new Dell models and images, new Win10 builds and adds hash reporting to images. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

NTLite 2.0.0.7656 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

Aomei Partition Assistant 8.10 improves display and startup. This is not a security update.
https://www.diskpart.com/

PSAppDeploy 3.8.3 adds several new features and resolves bugs. This is not a security update.
https://psappdeploytoolkit.com/

RoboForm 8.9.4 resolves several bugs, including the QuickBooks compatibility issue that prevented display of registers and Chrome that caused freezes.
https://12pd.com/click?rf

Process Monitor 3.60 adds support for multiple filter item selection and decoding for new file system control operations and error status codes. While not a security updates, this improves the analytical data collection, thus increasing security awareness.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

Procdump 10.0 adds support for dump cancellation and CoreCLR processes. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procdump

Sysmon 12.0 resolves several bugs and adds support for capturing clipboard operations. While not a security updates, this improves the analytical data collection, thus increasing security awareness.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

SysInternals released new builds of many of their applications, as well as ARM versions. While the changes on many of the updates are poorly documented and SysInternals apps are generally more secure than apps distributed elsewhere, you should assume that any updates have security ramifications. If they’re not security updates, they may improve the context or analytical data that is exposed, thus increasing the security awareness of the tools.
https://live.sysinternals.com/

TeamViewer 15.10.5 resolves a licensing bug. This is not a security update.
https://www.teamviewer.com/en/download/windows/

USBDeview 3.01 adds an option to copy the contents of the active cell. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

USB Oblivion 1.14.0.0 addes support for new modules. This is not a security update.
http://www.cherubicsoft.com/en/projects/usboblivion

WifiChannelMonitor 1.65 adds support for detection of new protocols. This is not a security update.
https://www.nirsoft.net/utils/wifi_channel_monitor.html

WifiInfoView 2.65 adds support for detection of new protocols. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WirelessKeyView 2.20 adds support for displaying WiFi QR Codes. This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html

WinGet 0.2.2521 updates libraries and adds new verbs. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

WinScan2PDF 6.06 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 4.1.0.19 integrates database and emulation, improves diagnostics, and resolves several bugs. This is not a security update.
https://developer.android.com/studio

Godot 3.2.3 resolves over a hundred bugs and improves stability. This is not a security update.
https://godotengine.org/

Node.js 14.13.1 resolves several bugs. This is a security update.
https://nodejs.org/en/

Node.js 12.19.0 updates libraries, and resolves dozens of bugs. This is a security update.
https://nodejs.org/en/

Visual Studio Code 1.50 improves accessibility features, pinned tabs, adds ARM support, and resolves several bugs. This is not a security update.
https://code.visualstudio.com/

TortoiseGit 2.11.0 updates libraries and resolves several bugs. This is not a security update.
https://tortoisegit.org/

Web Package Updates

These are likely to be of interest only to web developers.

Dada Mail 11.12.0 adds image embedding and resizing, improved scheduling capabilities, library updates and bug fixes. This is not a security update.
http://dadamailproject.com/

Drupal 9.0.7 resolves dozens of bugs. This is a security update.
https://drupal.org/download

Docker Desktop 2.4.0.0 updates libraries and resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Nextcloud Server 20.0.0 updates libraries, adds a new dashboard, Talk bridging support, and several other new features and improvements. This is not a security update.
https://nextcloud.com/

HumHub 1.6.4 is a security update.
https://www.humhub.com/en/download

Joomla 3.9.22 resolves several bugs. This is not a security update.
https://www.joomla.org/

OpenPetra 2020.09 resolves several bugs. This is not a security update.
https://www.openpetra.org/

phpMyAdmin 4.9.6 and 5.0.3 are security updates.
https://www.phpmyadmin.net/

Autoptimize 2.7.8 is a security update.

BuddyPress 6.3.0 resolves bugs. This is not a security update.

Email Log 2.4.3 adds a new filter and enhances nonce. This is not a security update.

Social Post Feed 2.17 adds support for new embed types. This is not a security update.

WooCommerce 4.5.2 resolves a couple bugs. This is not a security update.

WP Mail SMTP 2.4.0 updates libraries, improves compatibility, and resolves several bugs. This is not a security update.

W3 Total Cache 0.15.1 resolves several bugs. This is not a security update.

WordPress Zero Spam 4.10.2 improves compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-07-14

Welcome back, Folks!

Today is Patch Tuesday for July 2020.

This Month in Technology

Apple has formally announced that they’ll be switching to ARM processors on their new hardware. While Apple asserts that “most apps will just work,” the truth is that if it’s not a 64-bit app or it hasn’t been updated in more than a year, chances are not only won’t work on ARM but will never work on ARM. If you were here when they switched from PowerPC to Intel you remember the issues were long and wide. You’ll likely need a VM to make many of your apps work.

Piracy doesn’t pay, except for those creating the pirated apps.

Macs are still getting infected through fake “Flash update” malware, even on Catalina. From the comments, “Which is worse, a real Flash installer or a fake one? It’s a toss-up.”

Microsoft was caught breaching user trust, again, by hijacking your data from other browsers and importing into their forced update to their new Edge browser without your permission.

Mozilla switched to a 4-week cadence for major updates in March. This has resulted in even less time for beta testing and the expected release+1 security updates.

Google Chrome is planning to hide everything in a URL other than the domain name. Google, the most popular purveyor of information and also the self-appointed gatekeeper to what is true and false, believes that having the complete URL is bad for you.

Google resolved a major email spoofing vulnerability through customer services, shortly before allowing a core domain name for their Blogger service to expire.

Slack vulnerability allowed hackers to distribute malware to victims devices.

What is it going to take before you stop copying passwords on your phone?

Everyone knows Facebook is always listening. Now the courts have finally considered their web widgets “Wiretaps.” Others are, too. They’re also designing systems to be able to trigger recording of all background noise from external queues. In states like California, Facebook is already violating the all-party consent requirements by recording audio 24/7. Maybe they’ll eventually acknowledge that it’s bad and stop? Ouch. Sorry, I hurt myself laughing there. Oh, and the Facebook Messenger app allowed you to be infected with persistent malware. If you have a website with Facebook integration, you need to take action now to comply with the CCPA.

Airlines are perfectly happy to violate the Americans with Disabilities Act – and treat you like a terrorist – if you have medical conditions.

Bitdefender Antivirus allowed any website you visited to run code on your device. Apache’s Guacamole remote support client allows attackers to take over the entire enterprise. Backdoors in operating systems, why not backdoors in encryption software?

Surprise: phishing still works. Even by text. …and launching a service that relays content to third-parties will ensure it is abused. Honeypots (systems designed to be opened for abuse to see how attacks take place) demonstrate four previously unknown zero-day vulnerabilities.

Nintendo, Plex, Honda, Samsung, Oxford University, University Of Pittsburgh Medical Center, UCSF, anyone banking with various Chinese banks, Night Lion Security, 79 different Netgear router models, hundreds of online retailers, and it won’t be long before IoT vulnerabilities can be used to provide big game hunting for rare species.

June Patch Tuesday updates from Microsoft broke Outlook and other apps for some users.

Selective enforcement means you’re a publisher, says AG Barr of Section 230 of the CDA. There’s no better way to prevent the abuse of Section 230 to censor voices you disagree with.

Now for the good news:

Starlink is coming. LEO internet access could provide up to 1 Gbps Internet access from space. Testing will begin in the next weeks and will gradually move south as satellites take place.

For now, you can cut your internet bill by taking advantage of the free Xfinity Wi-Fi hotspots through the end of the year.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 1.5 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Internet Explorer, DNS Server, Office, Servicing Stack, and MSRT (~900 MB). This includes security updates. A reboot is required.

Adobe Flash Player 32.0.0.403 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 83.0.4103.119 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Crucial Storage Executive 6.04 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Daemon Tools Lite 10.13.0 improves activation and creation and use of bootable disk images. This is not a security update.
https://www.daemon-tools.cc/products/dtLite

Intel Driver and Support Assistant 20.7.26 adds support for new hardware and improves application detection. This is not a security update.
https://www.intel.com/p/en_US/support/detect

nVidia 451.67 resolves several bugs and improves compatibility. This is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.10.97 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 84.0.4147.89 is a security update. Use Menu, Help, About to install the most current version.

Microsoft Edge 83.0.478.64 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 78.0.2 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 68.10.0 is a security update. Use Menu, Help, About to install the most current version.

SeaMonkey 2.53.3 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.1.1929.45 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

OutlookAttachView 3.41 adds an option to copy the preview content and resolves a bug in the cfg switch. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Thunderbird 68.10.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Trillian 6.3.0.6 resolves dozens of bugs, including 2FA and stability issues. This is a security update.
https://www.trillian.im/

Trillian Mac 6.3.0.6 resolves several stability bugs. This is not a security update.
https://www.trillian.im/

curl 7.71.1 resolves several sanitation issues. This should be treated as a security update.
https://curl.haxx.se/windows/

Dropbox 101.4.434 doesn’t provide a useful changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.49.0 resolves a several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 10.25 adds support for Google Drive Shared Drives and Shortcuts, resolves several bugs, and improves user interface. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 0.9995 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

PuTTY 0.74 is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Technitium DNS Server 5.0.1 is a major update that refactors how blocklists are stored and resolves several bugs. This is not a security update.
https://technitium.com/dns/

Zoom 5.1.28656.0709 is a security update.
https://zoom.us/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.07.09 resolves several bugs and improves compatibility. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Camera Raw and DNG Converter 12.3 adds support for new hardware. This is not a security update.
Mac: https://supportdownloads.adobe.com/detail.jsp?ftpID=6955
Win: https://supportdownloads.adobe.com/detail.jsp?ftpID=6957

Adobe Download Manager 2.0.0.529 is a security update.
https://helpx.adobe.com/security/products/adm/apsb20-49.html

Adobe ColdFusion 2016.16 and 2018.10 are security updates.
https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html

Adobe FrameMaker 2019.0.6 doesn’t provide a changelog so should be treated as a security update.
Win32: https://supportdownloads.adobe.com/detail.jsp?ftpID=6963
Win64: https://supportdownloads.adobe.com/detail.jsp?ftpID=6965

Adobe Genuine Service 7.1 is a security update. (Point this one out the next time someone says pirating Adobe software can reduce the security of your computer.)
https://helpx.adobe.com/security/products/integrity_service/apsb20-42.html

Adobe Media Encoder 14.3 is a security update.
https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html

Adobe Creative Cloud Desktop Application 5.2 is a security update.
https://helpx.adobe.com/security/products/creative-cloud/apsb20-33.html

Magento SUPEE-11346 (for Magento v1) is a security update.
https://www.magentocommerce.com/products/downloads/magento/

Adobe Audition 13.0.7 is a security update.
https://helpx.adobe.com/security/products/audition/apsb20-40.html

Adobe Premiere Rush 1.5.16 is a security update.
https://helpx.adobe.com/security/products/premiere_rush/apsb20-39.html

Adobe Premiere Pro 14.3 is a security update.
https://helpx.adobe.com/security/products/premiere_pro/apsb20-38.html

Adobe Illustrator 2020 24.2 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb20-37.html

Adobe After Effects 17.1.1 is a security update.
https://helpx.adobe.com/security/products/after_effects/apsb20-35.html

Adobe Campaign Classic 20.2 is a security update.
https://helpx.adobe.com/security/products/campaign/apsb20-34.html

Artweaver 7.0.6 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Atom 1.49.0 resolves several bugs. This is not a security update.
https://atom.io/

Blender 2.83.2 resolves over 1250 bugs, adds improves performance and stability across several features and adds viewport denoiser. This is not a security update.
https://www.blender.org/download/

Krita 4.3.0 adds several new watercolor effects with brush presets and gradient map and palettizer filters. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 6.4.5 resolves over 100 bugs. This is beta software so should be avoided in favor of the “Still” version (LibreOffice stable). This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 2.6.5 resolves several bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 7.8.8 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Adobe Reader DC 20.009.20074 resolves several bugs. This is not a security update.
https://get.adobe.com/reader

Security Software Updates

One or more of these is likely to be of interest to most people.

Bitmessage 0.6.3.2 is a security update.
https://github.com/Bitmessage/PyBitmessage/releases/latest

DrWeb CureIt! 14.07.2020 should be treated as a security update.
https://www.freedrweb.com/download+cureit+free/?lng=en

Hashcat 6.0.0 adds 51 new algorithms, CUDA support, GPU emulation, improved auto-tuning and more. This should be treated as a security update.
http://hashcat.net/hashcat/#downloadlatest

RogueKiller 14.6.1 resolves several bugs. This is a security update.
https://www.adlice.com/download/roguekiller/

TinyWall 3.0.7 adds support for WSL, whitelisting from network shares, improves detection of short-lived processes, and resolves several bugs. This is not a security update.
https://tinywall.pados.hu/

uBlock Origin 1.28.2 improves syntax highlighting in My Filters and asset viewer, resolves several bugs, and replaces the default filterlists with a new composite list.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.8.0 doesn’t provide a changelog so should be treated as a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Wireless Network Watcher 2.22 updates the internal MAC database and improves the CFG switch. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.26.1 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 2020.1.3 adds support for direct publication through TechSmith Knowmia, adds transparency support for color replacement, and resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.9.7 adds support for new encodings, adds several new conversion tools, presets, and bug fixes. This is not a security update.
https://www.dvdfab.cn/download.htm

FFmpeg 4.3.1 updates libraries. This should be treated as a security update.
https://ffmpeg.org/ffmpeg.html

HandBrake 1.3.3 resolves several bugs. This is not a security update.
https://handbrake.fr/

IsoBuster 4.6 adds a bunch of new features and format supports. This is not a security update.
https://www.isobuster.com/download.php

PDF Creator 4.1 resolves several bugs and improves watermark support. This is not a security update.
https://www.pdfforge.org/pdfcreator

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.6 is a security update.
https://1password.com/downloads/mac/

1Password for Windows 7.6.778 resolves dozens of bugs and improves reliability, adds notifications of website compromise, and improves accessibility. This is a security update.
https://1password.com/downloads/windows/

8GadgetPack 33.0 resolves several bugs, improves high-DPI support, removes defunct widgets. This is not a security update.
https://8gadgetpack.net/

AS SSD Benchmark 2.0.7316.34247 resolves a device access bug. This is not a security update.
https://www.alex-is.de/PHP/fusion/downloads.php?cat_id=4

Autoruns 13.98 now shows the Windows Defender binary as a signed binary. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Beyond Compare 4.3.5.24893 improves integration and compatibility, and resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 1.19.0 improves password concealment, adds soft delete and vault timeouts. This is not a security update.
https://bitwarden.com/

Cygwin 3.1.6 adds support for new socket options, resolves several bugs. This is a security update.
https://cygwin.com/

DesktopOK 7.48 adds SSL to automatic update capability. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Etcher 1.5.101 resolves several bugs, improves UI, and updates libraries. This should be treated as a security update.
https://www.balena.io/etcher/

GoodSync 11.2.5 resolves several bugs and changes licensing…again. This is not a security update.
https://www.goodsync.com/

MS ISO Downloader 8.38 adds support for new images. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

NTLite 1.9.0.7539 adds controls for Target release, Store pinning, Fast Startup, Fast User Switching, Hardware-accelerated GPU scheduling, Shutdown menu, Variable refresh rate, and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

PowerToys 0.19.1 resolves dozens of bugs and stability issues. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Rufus 3.11 improves compatibility and adds several keyboard shortcuts to toggle behaviors. This should be treated as a security update.
https://rufus.ie/en_IE.html

Sysmon 11.10 now captures ADS content into logs, introduces an is-any filter condition, and fixes several bugs. This is not a security update.
https://live.sysinternals.com/

Sigcheck 2.80 adds an option for specifying a trust GUID for signature verification and now shows certificate signing chains. This is not a security update.
https://live.sysinternals.com/

SimpleWMIView 1.41 adds cell-copying and case-sensitivity filtering. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

TeamViewer 15.7.7 resolves several bugs. This is not a security update.
https://www.teamviewer.com/en/download/windows/

WifiInfoView 2.61 updates the internal MAC addresses list. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinScan2PDF 5.81 resolves several bugs and improves rotation support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

ADB 30.0.3 resolves several bugs. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Android Studio 4.0.1.0 resolves over a dozen bugs. This is not a security update.
https://developer.android.com/studio

AutoHotkey 1.1.33.01 resolves several bugs and adds encoding, warnings, and version requirement options. This is not a security update.
https://www.autohotkey.com/download/

Godot 3.2.2 makes over 800 changes, adding C# support for iOS, 2D batching for GLES2, re-architecture of the Android plugin system, DRLS support and ENet integration, and better handling of Variants. This is not a security update.
https://godotengine.org/

Java 8u261 is a security update.
https://www.java.com/en/download/manual.jsp

Node.js 14.5.0 resolves dozens of bugs and updates libraries. This is not a security update.
https://nodejs.org/en/

Node.js v12 12.18.2 resolves several bugs and updates libraries. This is not a security update.
https://nodejs.org/en/

SQLite 3.32.3 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

DB Browser for SQLite 3.12.0 improves table editing, conditional formatting, and multi-threading, as well as dozens of other improvements and bug fixes. This is not a security update.
https://sqlitebrowser.org/

Visual Studio Code 1.47.1 is a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.12-139181 resolves over a dozen bugs and improves hardware compatibility. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

PPSSPP 1.10.3 resolves several bugs. This is not a security update.
https://ppsspp.org/downloads.html

Web Package Updates

These are likely to be of interest only to web developers.

Apache Tomcat 10.0.0-M7, 9.0.37, and 8.5.57 are security updates.
https://tomcat.apache.org/

Coppermine Gallery 1.6.08 improves installation and compatibility. This is not a security update.
https://coppermine-gallery.net/

Dada Mail 11.10.3 improves AWS signature v4 support. This is not a security update.
https://dadamailproject.com/

Drupal 8.8.8 and 8.9.2 are security updates.
https://drupal.org/download

Drupal 9.0.2 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

Joomla 3.9.20 is a security update.
https://www.joomla.org/

phpList 3.5.5 is a security update.
https://www.phplist.org/

ScreenConnect 20.7.29305.7496 resolves several bugs and improves compatibility. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.4.2 is a security update.
https://wordpress.org/

Autoptimize 2.7.3 resolves several bugs. This is not a security update.

BuddyPress 6.1.0 resolves several bugs. This is not a security update.

Contact Form 7 5.2 improves compatibility and resolves several bugs. This is not a security update.

Email Log 2.4.2 resolves several bugs. This is not a security update.

myStickymenu 2.4.3 resolves several bugs. This is not a security update.

Raw HTML 1.6.3 resolves a warning. This is not a security update.

Theme My Login 7.1.1 resolves several bugs. This is not a security update.

W3 Total Cache 0.14.2 resolves several bugs. This is not a security update.

WooCommerce 4.3.0 adds template caching, PHP warnings, improves accessibility, and resolves dozens of bugs. This is not a security update.

WP Mail SMTP 2.2.1 resolves several bugs and improves compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/