Updates 2021-05-11

Welcome back, Folks!

Today is Patch Tuesday for May, 2021. There have been a couple dozen major hacking incidents and critical security issues, and every browser has now continued their weekly security update cadence through the third month.

This Month in Technology

Apple (Quanta Computer), Apple’s AirDrop, Apple’s iOS 14.5, Apple’s macOS Big Sur 11.3, Cellebrite, Celsius Network, Colonial Pipeline, Dell dbutil, Dominion election hardware, various DNS implementations, mostly on IoT devices, various medical devices, Elliman Property Management, Facebook, Geico, enterprise password app Passwordstate, various Police Departments, Pulse Connect Secure, Tesla’s Model X, and Trend Micro’s Apex One were hacked this month.

Linux banned University of Minnesota from submitting code because they intentionally submitted patches that would have intentionally made Linux devices insecure.

The FBI is violating the Computer Fraud and Abuse Act.

It’s illogical to justify or mandate an experimental treatment that increases your risk for a disease and creates side-effects on its own that are equivalent to the disease. When you can’t win your arguments using actual science you have to ignore the inserts, the numbers, falsify the data, falsify the tests, censor, attack their education, ridicule and intimidate, hide the dead children, secretly destroy the unused ventilators, ignore the tens of thousands of barrels of DDT dumped in the ocean by the same  companies making the experimental vaccines today, make sure nobody knows you have no idea what you’re doing, or just straight-up kill people. A Jedi mind trick or two goes a long way, too. By the way, the COVID-19 mortality rate for vaccinated test subjects dwarfs the rate for the “control group.” France is at least capable of putting two and two together. It’s sad that American doctors can’t.

In a surprise move, Apple & Google have actually stood by their privacy policies forbidding the UK from collecting additional location details through the NHS COVID-19 tracking app. That said, no matter how much they try to limit data exposure, if it’s collected, it can be compromised.

Piracy is bad and FLoC is worse10DLC is a step in the right direction, but will likely only result in increased text messaging forgery.

USPS is violating the first amendment but that pales in comparison to what state and federal governments are doing, and what the Speaker has done to keep her seat. Christianity isn’t illegal, yet. Violence is, but it has proven to be effective anyway, so will continue unabated.

There are still some wins coming in, so I guess we haven’t quite devolved into communism, but it doesn’t look good when censorship is so pervasive and ambiguous, and officials openly engage in fraud during an audit, and blame the victims for being assaulted.

The Epic vs Apple suit is currently underway and has proven to be what you’d expect from a conflict between a monopoly and a video game company. Meanwhile, Apple is now being sued for terminating accounts for customers that have “bought” apps and services through them, and the EU has declared Apple’s App Store a monopoly. Seeing the writing on the wall, Microsoft has lowered it’s Windows Store cut.

Google, which dropped Fortnite last year for violating the terms of a contract, just sidestepped Roku’s removal of the YouTube TV app by inserting the functionality of  YouTube TV app into the YouTube app. Demonstrating the flaws in their app compatibility argument Google broke YouTube TV on their own Chromecast platform during this circus.

Now for the good news:

Dogecoin for the win. Just make sure you are the only one with the keys to your wallet!

Oh, and Samsung is planning to provide a way so you can still make use of some of your archaic hardware.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge – with well over a hundred common applications and operating systems releasing fixes. The typical computer should see roughly 3.2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, Internet Explorer, and MSRT (~1.5 GB). This includes security updates. A reboot is required.

Apple released updates for iCloud for Windows 12.3, iTunes 12.11.3 for Windows, Safari 14.1, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, Xcode 12.5, iOS 14.5.1 and iPadOS 14.5.1, iOS 12.5.3, macOS Big Sur 11.3.1, tvOS 14.5, and watchOS 7.4.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.5.1 and 12.5.3 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 14.5.1 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.4.1 is a security update. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 90.0.4430.100 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 34-1.2 has a lot of changes under the hood, such as UEFI improvements, driver and updated libraries. This is a security update.
https://getfedora.org/en/workstation/download/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.x) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.3.9 improves diagnostics and removal. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Logitech Options 8.54.106 resolves several bugs. This version does not provide a detailed changelog so should be treated as a security update.
https://www.logitech.com/en-us/product/options

Nvidia 466.27 improves compatibility. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Engine 3.20.0 resolves several bugs. This is not a security update.
https://steelseries.com/engine

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.24.84 is a security update.
https://brave.com/

Google Chrome 90.0.4430.212 is a security update.
https://www.google.com/chrome/

Microsoft Edge 90.0.818.56 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 88.0.1 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.10.1 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

SeaMonkey 2.53.7.1 is a security update.
https://www.seamonkey-project.org/

Vivaldi 3.8.2259.42 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.9.1 is a security update.
https://getmailspring.com/

Thunderbird 78.10.1 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.48 adds a QR code toolbar button and resolves a bug in the SaveDirect command-line switch. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 7.76.1 resolves several bugs. This is a security update.
https://curl.haxx.se/windows/

Dropbox 121.4.4267 doesn’t provide a changelog, so should be treated as a security update.
https://www.dropbox.com/

FreeFileSync 11.10 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Java 8u291 is a security update.
https://www.java.com/en/download/manual.jsp

Npcap 1.31 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Omada Software Controller 4.3.5 resolves several bugs and improves compatibility. This is not a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

PuTTY 0.75 is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Technitium DNS Server 6.2.3 resolves several bugs. This is not a security update.
https://technitium.com/dns/

Telegram 2.7.4 resolves several bugs. This is not a security update.
https://telegram.org/

Zoom 5.6.5.823 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.11.3 is a security update.
https://www.apple.com/itunes/download/

Picard 2.6.2 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

Plex Media Server 1.22.3.4392 resolves several bugs with collections. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

VLC Media Player 3.0.14 is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

PlayStation PS4 8.03 improves notification controls and resolves several bugs. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps4/system-software/

PlayStation PS5 21.01-03.10.00 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Artweaver 7.0.9 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Atom 1.57.0 updates libraries, and resolves several bugs. This is not a security update.
https://atom.io/

LibreOffice Fresh 7.1.3 resolves over a hundred bugs. This is a security update. Be aware that LibreOffice Fresh is a beta version and should be avoided in favor of the Still (stable) version.
https://www.libreoffice.org/

Lightworks NLE 2021.2 resolves dozens of bugs and improves reliability. This is not a security update.
https://www.lwks.com/

Nextcloud Desktop 3.2.1 resolves several bugs. This is not a security update.
https://nextcloud.com/

OpenOffice 4.1.10 is a security update.
https://www.openoffice.org/download/

Paint.net 4.2.16 resolves several bugs. This is not a security update.
https://www.getpaint.net/

Adobe Creative Cloud Desktop Application 5.4.3 is a security update.
https://helpx.adobe.com/security/products/creative-cloud/apsb21-31.html

Adobe Genuine Service 7.3 is a security update.
https://helpx.adobe.com/security/products/integrity_service/apsb21-27.html

Adobe Acrobat and Reader 2021.001.20155, 2020.001.30025, and 2017.011.30196 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb21-29.html

Adobe After Effects 18.2 is a security update.
https://helpx.adobe.com/security/products/after_effects/apsb21-33.html

Adobe Animate 21.0.6 is a security update.
https://helpx.adobe.com/security/products/animate/apsb21-35.html

Adobe Experience Manager 6.5.8.0 and 6.4.8.4 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb21-15.html

Adobe InDesign 16.2.1 is a security update.
https://helpx.adobe.com/security/products/indesign/apsb21-22.html

Adobe Illustrator 25.2.3 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb21-24.html

Adobe InCopy 16.2.1 is a security update.
https://helpx.adobe.com/security/products/incopy/apsb21-25.html

Magento 2.4.2-p1 and 2.3.7 are security updates.
https://helpx.adobe.com/security/products/magento/apsb21-30.html

Adobe Media Encoder 15.2 is a security update.
https://helpx.adobe.com/security/products/media-encoder/apsb21-32.html

Adobe Medium 2.4.5.332 is a security update.
https://helpx.adobe.com/security/products/medium/apsb21-34.html

Security Software Updates

One or more of these is likely to be of interest to most people.

HTTP Toolkit 1.3.0 doesn’t provide a detailed changelog so should be treated as a security update.
https://httptoolkit.tech/

KeePass 2.48.1 improves compatibility and resolves several bugs. This is not a security update.
https://keepass.info/

uBlock Origin 1.35.2 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.9.6 doesn’t provide a changelog so should be treated as a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Tails 4.18 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.30 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 2021.3.1 resolves two minor bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Education updates

One or more of these are likely to be of interest to most people.

Zotero 5.0.96.2 optimizes online storage and resolves a hang in generating citations. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.8.2 resolves several bugs. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 7.6.801 is a security update.
https://1password.com/downloads/windows/

Autoruns 13.100 resolves a crash bug. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

CCleaner 5.79.8704 adds cleaning of Slack cache, adds ability to wipe free space, and improves debug logging. This is a security update.
https://www.ccleaner.com/

CPU-Z Installer 1.96 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

CurrPorts 2.65 resolves a kernel tracing bug and improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/cports.html

Etcher 1.5.120 is a documentation change. This is not a security update.
https://www.balena.io/etcher/

Fing 2.6.0 adds Deep Scan and updates libraries. This is not a security update.
https://www.fing.com/products/fing-desktop-download-windows

GoodSync 11.6.6 resolves several bugs. This is not a security update.
https://www.goodsync.com/

HWMonitor 1.44 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

NTLite 2.1.0.7862 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

Aomei Partition Assistant 9.2 adds ability to free up space on Windows partitions by moving apps to another partition. This is not a security update.
https://www.diskpart.com/

PowerToys 0.37.2 updates all components, settings app and configuration, and improves silent installation behavior. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Process Monitor 3.70 allows constraining the number of events and fixes several bugs. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

ProduKey 1.97 adds command-line configuration processing. This is not a security update.
https://www.nirsoft.net/utils/product_cd_key_viewer.html

RoboForm 9.1.3 resolves several bugs. This is not a security update.
https://www.roboform.com/

SearchMyFiles 3.11 adds high-DPI support and adds a sorting as a menu option. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

TCPView 4.01 is a cosmetic update. This is not a security update.
https://sysinternals.com/

WinRAR 6.01 resolves several bugs. This is not a security update.
https://www.rarlab.com/

WinScan2PDF 7.07 improves compatibility with Windows. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.41 resolves several bugs. This is not a security update.
https://wiztreefree.com/

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.33.09 resolved several bugs. This is not a security update.
https://www.autohotkey.com/download/

Godot 3.3 improves reliability and adds several new features. This is not a security update.
https://godotengine.org/

MySQL ConnectorNet 8.0.25 resolves several bugs. This is not a security update.
https://dev.mysql.com/downloads/connector/net/

Node.js 16.1.0 resolves dozens of bugs and compatibility issues with the new major v16 update to Node.js, which removes support for Python 2 and updates system requirements. This is not a security update.
https://nodejs.org/en/

Node.js 14.17.0 updates libraries, resolves dozens of bugs, improves diagnostic capabilities, and backports several features from stable. This is not a security update.
https://nodejs.org/en/

SQLite 3.35.5 is a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.56 improves hover feedback, terminal profile, debugger, and more. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.12 adds ARM64 support and resolves dozens of bugs. This is not a security update.
https://winmerge.org/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.22-144080 is a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.12 updates libraries. This is not a security update.
https://coppermine-gallery.net/

Dada Mail 11.13.0 resolves several bugs. This is not a security update.
https://dadamailproject.com/

Docker Desktop 3.3.3 updates libraries and resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.0.13 updates libraries and resolves several bugs. This should be treated as a security update.
https://drupal.org/download

HumHub 1.8.2 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

OpenPetra 2021.04 improves contact and import, and resolves several bugs. This is not a security update.
https://www.openpetra.org/

ScreenConnect 21.6.3280.7796 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.7.1 is a security update.
https://wordpress.org/

Autoptimize 2.8.4 is a security update.

BuddyPress 7.3.0 is a security update.

Contact Form 7 5.4.1 resolves several bugs and compatibility issues. This is not a security update.

WooCommerce 5.3.0 resolves dozens of bugs and introduces several new features. This is not a security update.

WP Mail SMTP 2.8.0 resolves several bugs. This is not a security update.

WPtouch 4.3.41 resolves a cosmetic bug. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-10-13

Welcome back, Folks!

Today is Patch Tuesday for October 2020.

This Month in Technology

For those in our local community, the biggest news is that AT&T has abandoned DSL in rural America, reducing Internet access options even further for our friends and neighbors.

The US Treasury has announced that it is now illegal to pay your federal taxes.

The Universal Health Services was hacked (all 400+ locations!) and infected with ransomware, so was Software AG, the U.S. Department of Veterans Affairs (VA) was hacked again, the Department of Homeland Security (DHS) was hacked, the Las Vegas school system was hacked – and since they didn’t pay the ransom student details were leaked, Docsketch was hacked, and the United Nations (UN) International Maritime Organization was hacked. Razer made a boo-boo, and even coffee makers are now being used for ransomware distribution. Grindr was hacked, Microsoft’s Windows XP source code was leaked, almost any current iPhone can be listened into from 20 feet away using only an AM radio, and access to your RMM (Remote Monitoring and Management) is being sold to attackers. Evidence exists that your anti-virus is helping the bad guys, and BitDefender is still weak security.

Facebook has been hacked (for years), Facebook for Android has been hacked again, Office 365 & Outlook have been down repeatedly over the last month, Fitbit malware – distributed by Fitbit – can be used to take over your internal network and exfiltrate your data to the web, Bluetooth is still the weakest wireless link, your Comcast XR11 TV remote can be used to listen in to your conversations, BitLocker encryption is vulnerable to a sleep-mode bypass (aka, yet another reason not to use sleep mode), HP Device Manager flaw is a big deal, but not as big a deal as Windows Error Reporting being used to infect your PC.

Apple’s initial iOS 14 release killed batteries on many iPhones, (so did the recent ChromeOS update), Apple’s latest security fix (10.15.7) can kill performance on your Mac, but only if you use Mac software (rolls eyes). Hint: disable and re-enable Find My Mac to fix it. And that’s nothing compared to their T2 security chip vulnerability.

“The” secure reimplementation of BIOS, UEFI, was designed to make security at boot a thing of beauty and prevent third-parties from being able to hijack the boot process. Unfortunately, it simply provided a false sense of security.

2FA via SMS is also a much lower fruit than many realize, but not nearly as bad as SSO.

Many others have joined in the case against Apple & Google’s rent-seeking, who charge significantly more for their “services” than even the federal government, but portray themselves as victims. Insane rules and hypocritical requirements force developers to charge for free services or force users out of their application in order to even be allowed into the Apple ecosystem. What can we really expect from a SF bay area “green” company that lies about their recycling program? Hopefully the courts will use Apple’s own words against them, in that Apple claims that their AppStore is a place to “reliably” download “safeapps.

Former Facebook data scientist exposes her complicity with atrocities and abuse by governments and MNCs.

The Supreme Court heard arguments on the Oracle v Google IP fight suffered the same problem that most legal battles over technology do: poor arguments. Google’s defense failed to explain the distinctive nature of APIs as guides rather than code. Sure, they provide access to the functionality of the code, but are not, in and of themselves, code. The entire argument could be easily equated to vehicles. One does not need to know nor expose the specific design of a Ferrari 911 to know that the vehicle should stop at a stop sign nor yield at a yield sign. The vehicle itself (code – reasonably subject to IP) can operate on any road as long as the traffic signs (APIs) are in place. The signage is consistent across most of the world, even where languages differ greatly. So should the APIs be universally available.

In the current world of tech censorship and cancel culture, nobody can really argue against the necessity for Section 230 to be revised. However, most calls for revision would create an even more abhorrent system where public discourse can not be held without risk of liability to completely unrelated parties.

If you take government money, you are subject to the same rules as government, so says RFK, Jr.

In the new “get woke, go broke” era, it should come as no surprise that when you pander to racists and terrorists, you will be investigated.

Research shows that the lockdowns were not only anti-science, but caused far more harm than the virus itself. On the subject of fraud, are we still supposed to believe that the government’skill a fly with a nukeresponse to COVID is really all the result of bats in an Asian wet market or that masks actually do anything at all?

One would think fraud would be front page news, but the MSM is much more likely to ignore than acknowledge it. To paraphrase Stalin, “A single case of fraud is a tragedy; a million cases are just a statistic.”

The moment I read that Nintendo’s lawyers said Joy-Con Drift “wasn’t a real problem” I knew they would be sued.

Now for the good news – since I’m making up for last month, I’ll give you three:

Adobe Flash will finally be dead in only 79 days.

Free, limitless power from graphene could literally change everything.

A “vaccine” of sorts has been developed to protect against some forms of ransomware.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 2.5 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, Flash, and MSRT (~ 1.5 GB). This includes security updates. A reboot is required.

Apple released updates for iOS 14.0.1 and iPadOS 14.0.1, tvOS 14.0.2, Safari 14.0, watchOS 7.0.2, macOS Catalina 10.15.7, macOS Mojave 10.14.6, macOS High Sierra 10.13.6, iCloud for Windows 7.21, iCloud for Windows 11.4, iTunes for Windows 12.10.9, and Xcode 12.0. These are security updates.

iOS 14.0.1 is a security update. Use Settings, General, Software Update to install the most current version. This version also adds the Orwellian contact tracing feature at the system level. While “disabled” by default, you may validate that it is disabled in Settings, Privacy, Health, COVID-19 Exposure Logging, and turn off Exposure Logging.

iPadOS 14.0.1 is a security update. Use Settings, General, Software Update to install the most current version.

tvOS 14.0.2 is a security update. Use Settings, General, Updates to install the most current version.

watchOS 7.0.2 is a security update. Use your updated iPhone to install the most current version through the Watch app.

Adobe Flash Player 32.0.0.445 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google has released security updates for Android 9 and 10 which will gradually be published by individual vendors and available to you in the coming weeks. This version also adds the Orwellian contact tracing feature. Disabling Location and Bluetooth will disable the current version of contact tracing.

Google Chrome OS 85.0.4183.133 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.3.3 improves removal of DCH CP on older builds of Windows. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Logitech Options 8.30.310 resolves several bugs adds profiles for Zoom and MS Teams. This is not a security update.
https://www.logitech.com/en-us/product/options

Logitech Options (macOS) 8.30.293 resolves several bugs adds profiles for Zoom and MS Teams. This is not a security update.
https://www.logitech.com/en-us/product/options

nVidia 456.71 adds support for new hardware and improves support for COD beta and other games. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Crucial Storage Executive 6.06 doesn’t provide a changelog so should be treated as a a security update.
https://www.crucial.com/support/storage-executive

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.15.72 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 86.0.4240.80 is a security update. Use Menu, Help, About to install the most current version.

Microsoft Edge 86.0.622.38 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 81.0.2 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 78.3.1 is a security update. Use Menu, Help, About to install the most current version.

SeaMonkey 2.53.4 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.3.2022.47 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.3.2 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Dropbox 107.4.443 resolves bugs and adds more. This is not a security update.
https://www.dropbox.com/

Zoom 5.3.53291.1011 changes automatic update behavior, and improves poll and link behaviors. This is not a security update.
https://zoom.us/

Prosody 0.11.7 is a security update.
https://prosody.im/download/start

FreeFileSync 11.2 resolves several bugs, improves layout and key bindings. This is not a security update.
https://www.freefilesync.org/download.php

Nmap 7.91 adds support for new profiles and fingerprints, and resolves several bugs. This is a security update.
https://nmap.org/

Npcap 1.00 resolves two minor bugs. This is not a security update.
https://nmap.org/npcap/

Technitium DNS Server 5.3 resolves several bugs. This is not a security update.
https://technitium.com/dns/

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.6 improves sensitivity calculations, light focal management, and resolves several bugs. This is not a security update.
https://en.3tene.com/

iTunes for Windows 12.10.9 is a security update. Use Apple Software Update to install the most current version.

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.10.07 resolves several bugs. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Notepad++ 7.9 adds several new features and fixes over a dozen bugs. This is not a security update.
https://notepad-plus-plus.org/

Adobe Reader DC 20.012.20048 resolves several bugs. This is not a security update.

Artweaver 7.0.7 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Atom 1.52.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/

Blender 2.90.1 resolves several bugs. This is not a security update.
https://www.blender.org/download/

Lightworks NLE 2020.1.1 resolves several bugs. This is not a security update.
https://www.lwks.com/

Microsoft Office for Mac 2016/2019 is a security update.

Krita 4.4.0 improves fill layers, multigrid, screentone, brushes, API improvements and more. This is a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.0.2 resolves over a hundred bugs. This is a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.0.2 resolves a dozen bugs. This is not a security update.
https://nextcloud.com/

Security Software Updates

One or more of these is likely to be of interest to most people.

OpenSSL 1.1.1h resolves several bugs and improves compatibility. This is not a security update.
https://www.openssl.org/source/

KeePass 2.46 adds several features including TLS 1.3 and mass edit capabilities, as well as resolving bugs, and other improvements. This is not a security update.
https://keepass.info/

RogueKiller 14.7.3 resolves several bugs. This is a security update.
https://www.adlice.com/download/roguekiller/

TinyWall 3.0.8 resolves several bugs. This is not a security update.
https://tinywall.pados.hu/

uBlock Origin 1.30.4 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.27.3 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 2020.1.5 resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.0.1 is a major update with several improvements. This version improves the GUI and adds several new output profiles. This is not a security update.
https://www.dvdfab.cn/download.htm

AVStoDVD 2.8.9 resolves several bugs, improves performance and updates libraries. This should be treated as a security update.
https://sites.google.com/site/avstodvdmain/

MakeMKV 1.15.3 resolves several bugs, introduces TOR/VPN support, adds support for new stream types. This is not a security update.
https://www.makemkv.com/download/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.6.785 resolves a bug. This is not a security update.
https://1password.com/downloads/windows/

Beyond Compare 4.3.7.25118 resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 1.22.2 resolves bugs. This should be treated as a security update.
https://bitwarden.com/

CCleaner 5.72.7994 resolves several bugs and improves compatibility. This is not a security update.
https://www.ccleaner.com/

CPU-Z 1.94 adds support for new hardware and resolves several bugs. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 7.95 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.72 resolves an output bug. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

Etcher 1.5.109 is a security update.
https://www.balena.io/etcher/

Everything 1.4.1.992 is a security update.
https://www.voidtools.com/

GoodSync 11.3.8 resolves several bugs. This is not a security update.
https://www.goodsync.com/

IsMyHdOK 2.51 resolves bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

LessMSI 1.7.0 improves messaging. This is not a security update.
https://lessmsi.activescott.com/

MS ISO Downloader 8.40 adds support for new Dell models and images, new Win10 builds and adds hash reporting to images. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

NTLite 2.0.0.7656 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

Aomei Partition Assistant 8.10 improves display and startup. This is not a security update.
https://www.diskpart.com/

PSAppDeploy 3.8.3 adds several new features and resolves bugs. This is not a security update.
https://psappdeploytoolkit.com/

RoboForm 8.9.4 resolves several bugs, including the QuickBooks compatibility issue that prevented display of registers and Chrome that caused freezes.
https://12pd.com/click?rf

Process Monitor 3.60 adds support for multiple filter item selection and decoding for new file system control operations and error status codes. While not a security updates, this improves the analytical data collection, thus increasing security awareness.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

Procdump 10.0 adds support for dump cancellation and CoreCLR processes. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procdump

Sysmon 12.0 resolves several bugs and adds support for capturing clipboard operations. While not a security updates, this improves the analytical data collection, thus increasing security awareness.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

SysInternals released new builds of many of their applications, as well as ARM versions. While the changes on many of the updates are poorly documented and SysInternals apps are generally more secure than apps distributed elsewhere, you should assume that any updates have security ramifications. If they’re not security updates, they may improve the context or analytical data that is exposed, thus increasing the security awareness of the tools.
https://live.sysinternals.com/

TeamViewer 15.10.5 resolves a licensing bug. This is not a security update.
https://www.teamviewer.com/en/download/windows/

USBDeview 3.01 adds an option to copy the contents of the active cell. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

USB Oblivion 1.14.0.0 addes support for new modules. This is not a security update.
http://www.cherubicsoft.com/en/projects/usboblivion

WifiChannelMonitor 1.65 adds support for detection of new protocols. This is not a security update.
https://www.nirsoft.net/utils/wifi_channel_monitor.html

WifiInfoView 2.65 adds support for detection of new protocols. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WirelessKeyView 2.20 adds support for displaying WiFi QR Codes. This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html

WinGet 0.2.2521 updates libraries and adds new verbs. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

WinScan2PDF 6.06 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 4.1.0.19 integrates database and emulation, improves diagnostics, and resolves several bugs. This is not a security update.
https://developer.android.com/studio

Godot 3.2.3 resolves over a hundred bugs and improves stability. This is not a security update.
https://godotengine.org/

Node.js 14.13.1 resolves several bugs. This is a security update.
https://nodejs.org/en/

Node.js 12.19.0 updates libraries, and resolves dozens of bugs. This is a security update.
https://nodejs.org/en/

Visual Studio Code 1.50 improves accessibility features, pinned tabs, adds ARM support, and resolves several bugs. This is not a security update.
https://code.visualstudio.com/

TortoiseGit 2.11.0 updates libraries and resolves several bugs. This is not a security update.
https://tortoisegit.org/

Web Package Updates

These are likely to be of interest only to web developers.

Dada Mail 11.12.0 adds image embedding and resizing, improved scheduling capabilities, library updates and bug fixes. This is not a security update.
http://dadamailproject.com/

Drupal 9.0.7 resolves dozens of bugs. This is a security update.
https://drupal.org/download

Docker Desktop 2.4.0.0 updates libraries and resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Nextcloud Server 20.0.0 updates libraries, adds a new dashboard, Talk bridging support, and several other new features and improvements. This is not a security update.
https://nextcloud.com/

HumHub 1.6.4 is a security update.
https://www.humhub.com/en/download

Joomla 3.9.22 resolves several bugs. This is not a security update.
https://www.joomla.org/

OpenPetra 2020.09 resolves several bugs. This is not a security update.
https://www.openpetra.org/

phpMyAdmin 4.9.6 and 5.0.3 are security updates.
https://www.phpmyadmin.net/

Autoptimize 2.7.8 is a security update.

BuddyPress 6.3.0 resolves bugs. This is not a security update.

Email Log 2.4.3 adds a new filter and enhances nonce. This is not a security update.

Social Post Feed 2.17 adds support for new embed types. This is not a security update.

WooCommerce 4.5.2 resolves a couple bugs. This is not a security update.

WP Mail SMTP 2.4.0 updates libraries, improves compatibility, and resolves several bugs. This is not a security update.

W3 Total Cache 0.15.1 resolves several bugs. This is not a security update.

WordPress Zero Spam 4.10.2 improves compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-07-14

Welcome back, Folks!

Today is Patch Tuesday for July 2020.

This Month in Technology

Apple has formally announced that they’ll be switching to ARM processors on their new hardware. While Apple asserts that “most apps will just work,” the truth is that if it’s not a 64-bit app or it hasn’t been updated in more than a year, chances are not only won’t work on ARM but will never work on ARM. If you were here when they switched from PowerPC to Intel you remember the issues were long and wide. You’ll likely need a VM to make many of your apps work.

Piracy doesn’t pay, except for those creating the pirated apps.

Macs are still getting infected through fake “Flash update” malware, even on Catalina. From the comments, “Which is worse, a real Flash installer or a fake one? It’s a toss-up.”

Microsoft was caught breaching user trust, again, by hijacking your data from other browsers and importing into their forced update to their new Edge browser without your permission.

Mozilla switched to a 4-week cadence for major updates in March. This has resulted in even less time for beta testing and the expected release+1 security updates.

Google Chrome is planning to hide everything in a URL other than the domain name. Google, the most popular purveyor of information and also the self-appointed gatekeeper to what is true and false, believes that having the complete URL is bad for you.

Google resolved a major email spoofing vulnerability through customer services, shortly before allowing a core domain name for their Blogger service to expire.

Slack vulnerability allowed hackers to distribute malware to victims devices.

What is it going to take before you stop copying passwords on your phone?

Everyone knows Facebook is always listening. Now the courts have finally considered their web widgets “Wiretaps.” Others are, too. They’re also designing systems to be able to trigger recording of all background noise from external queues. In states like California, Facebook is already violating the all-party consent requirements by recording audio 24/7. Maybe they’ll eventually acknowledge that it’s bad and stop? Ouch. Sorry, I hurt myself laughing there. Oh, and the Facebook Messenger app allowed you to be infected with persistent malware. If you have a website with Facebook integration, you need to take action now to comply with the CCPA.

Airlines are perfectly happy to violate the Americans with Disabilities Act – and treat you like a terrorist – if you have medical conditions.

Bitdefender Antivirus allowed any website you visited to run code on your device. Apache’s Guacamole remote support client allows attackers to take over the entire enterprise. Backdoors in operating systems, why not backdoors in encryption software?

Surprise: phishing still works. Even by text. …and launching a service that relays content to third-parties will ensure it is abused. Honeypots (systems designed to be opened for abuse to see how attacks take place) demonstrate four previously unknown zero-day vulnerabilities.

Nintendo, Plex, Honda, Samsung, Oxford University, University Of Pittsburgh Medical Center, UCSF, anyone banking with various Chinese banks, Night Lion Security, 79 different Netgear router models, hundreds of online retailers, and it won’t be long before IoT vulnerabilities can be used to provide big game hunting for rare species.

June Patch Tuesday updates from Microsoft broke Outlook and other apps for some users.

Selective enforcement means you’re a publisher, says AG Barr of Section 230 of the CDA. There’s no better way to prevent the abuse of Section 230 to censor voices you disagree with.

Now for the good news:

Starlink is coming. LEO internet access could provide up to 1 Gbps Internet access from space. Testing will begin in the next weeks and will gradually move south as satellites take place.

For now, you can cut your internet bill by taking advantage of the free Xfinity Wi-Fi hotspots through the end of the year.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 1.5 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Internet Explorer, DNS Server, Office, Servicing Stack, and MSRT (~900 MB). This includes security updates. A reboot is required.

Adobe Flash Player 32.0.0.403 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 83.0.4103.119 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Crucial Storage Executive 6.04 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Daemon Tools Lite 10.13.0 improves activation and creation and use of bootable disk images. This is not a security update.
https://www.daemon-tools.cc/products/dtLite

Intel Driver and Support Assistant 20.7.26 adds support for new hardware and improves application detection. This is not a security update.
https://www.intel.com/p/en_US/support/detect

nVidia 451.67 resolves several bugs and improves compatibility. This is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.10.97 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 84.0.4147.89 is a security update. Use Menu, Help, About to install the most current version.

Microsoft Edge 83.0.478.64 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 78.0.2 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 68.10.0 is a security update. Use Menu, Help, About to install the most current version.

SeaMonkey 2.53.3 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.1.1929.45 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

OutlookAttachView 3.41 adds an option to copy the preview content and resolves a bug in the cfg switch. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Thunderbird 68.10.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Trillian 6.3.0.6 resolves dozens of bugs, including 2FA and stability issues. This is a security update.
https://www.trillian.im/

Trillian Mac 6.3.0.6 resolves several stability bugs. This is not a security update.
https://www.trillian.im/

curl 7.71.1 resolves several sanitation issues. This should be treated as a security update.
https://curl.haxx.se/windows/

Dropbox 101.4.434 doesn’t provide a useful changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.49.0 resolves a several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 10.25 adds support for Google Drive Shared Drives and Shortcuts, resolves several bugs, and improves user interface. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 0.9995 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

PuTTY 0.74 is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Technitium DNS Server 5.0.1 is a major update that refactors how blocklists are stored and resolves several bugs. This is not a security update.
https://technitium.com/dns/

Zoom 5.1.28656.0709 is a security update.
https://zoom.us/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.07.09 resolves several bugs and improves compatibility. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Camera Raw and DNG Converter 12.3 adds support for new hardware. This is not a security update.
Mac: https://supportdownloads.adobe.com/detail.jsp?ftpID=6955
Win: https://supportdownloads.adobe.com/detail.jsp?ftpID=6957

Adobe Download Manager 2.0.0.529 is a security update.
https://helpx.adobe.com/security/products/adm/apsb20-49.html

Adobe ColdFusion 2016.16 and 2018.10 are security updates.
https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html

Adobe FrameMaker 2019.0.6 doesn’t provide a changelog so should be treated as a security update.
Win32: https://supportdownloads.adobe.com/detail.jsp?ftpID=6963
Win64: https://supportdownloads.adobe.com/detail.jsp?ftpID=6965

Adobe Genuine Service 7.1 is a security update. (Point this one out the next time someone says pirating Adobe software can reduce the security of your computer.)
https://helpx.adobe.com/security/products/integrity_service/apsb20-42.html

Adobe Media Encoder 14.3 is a security update.
https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html

Adobe Creative Cloud Desktop Application 5.2 is a security update.
https://helpx.adobe.com/security/products/creative-cloud/apsb20-33.html

Magento SUPEE-11346 (for Magento v1) is a security update.
https://www.magentocommerce.com/products/downloads/magento/

Adobe Audition 13.0.7 is a security update.
https://helpx.adobe.com/security/products/audition/apsb20-40.html

Adobe Premiere Rush 1.5.16 is a security update.
https://helpx.adobe.com/security/products/premiere_rush/apsb20-39.html

Adobe Premiere Pro 14.3 is a security update.
https://helpx.adobe.com/security/products/premiere_pro/apsb20-38.html

Adobe Illustrator 2020 24.2 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb20-37.html

Adobe After Effects 17.1.1 is a security update.
https://helpx.adobe.com/security/products/after_effects/apsb20-35.html

Adobe Campaign Classic 20.2 is a security update.
https://helpx.adobe.com/security/products/campaign/apsb20-34.html

Artweaver 7.0.6 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Atom 1.49.0 resolves several bugs. This is not a security update.
https://atom.io/

Blender 2.83.2 resolves over 1250 bugs, adds improves performance and stability across several features and adds viewport denoiser. This is not a security update.
https://www.blender.org/download/

Krita 4.3.0 adds several new watercolor effects with brush presets and gradient map and palettizer filters. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 6.4.5 resolves over 100 bugs. This is beta software so should be avoided in favor of the “Still” version (LibreOffice stable). This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 2.6.5 resolves several bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 7.8.8 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Adobe Reader DC 20.009.20074 resolves several bugs. This is not a security update.
https://get.adobe.com/reader

Security Software Updates

One or more of these is likely to be of interest to most people.

Bitmessage 0.6.3.2 is a security update.
https://github.com/Bitmessage/PyBitmessage/releases/latest

DrWeb CureIt! 14.07.2020 should be treated as a security update.
https://www.freedrweb.com/download+cureit+free/?lng=en

Hashcat 6.0.0 adds 51 new algorithms, CUDA support, GPU emulation, improved auto-tuning and more. This should be treated as a security update.
http://hashcat.net/hashcat/#downloadlatest

RogueKiller 14.6.1 resolves several bugs. This is a security update.
https://www.adlice.com/download/roguekiller/

TinyWall 3.0.7 adds support for WSL, whitelisting from network shares, improves detection of short-lived processes, and resolves several bugs. This is not a security update.
https://tinywall.pados.hu/

uBlock Origin 1.28.2 improves syntax highlighting in My Filters and asset viewer, resolves several bugs, and replaces the default filterlists with a new composite list.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.8.0 doesn’t provide a changelog so should be treated as a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Wireless Network Watcher 2.22 updates the internal MAC database and improves the CFG switch. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.26.1 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 2020.1.3 adds support for direct publication through TechSmith Knowmia, adds transparency support for color replacement, and resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.9.7 adds support for new encodings, adds several new conversion tools, presets, and bug fixes. This is not a security update.
https://www.dvdfab.cn/download.htm

FFmpeg 4.3.1 updates libraries. This should be treated as a security update.
https://ffmpeg.org/ffmpeg.html

HandBrake 1.3.3 resolves several bugs. This is not a security update.
https://handbrake.fr/

IsoBuster 4.6 adds a bunch of new features and format supports. This is not a security update.
https://www.isobuster.com/download.php

PDF Creator 4.1 resolves several bugs and improves watermark support. This is not a security update.
https://www.pdfforge.org/pdfcreator

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.6 is a security update.
https://1password.com/downloads/mac/

1Password for Windows 7.6.778 resolves dozens of bugs and improves reliability, adds notifications of website compromise, and improves accessibility. This is a security update.
https://1password.com/downloads/windows/

8GadgetPack 33.0 resolves several bugs, improves high-DPI support, removes defunct widgets. This is not a security update.
https://8gadgetpack.net/

AS SSD Benchmark 2.0.7316.34247 resolves a device access bug. This is not a security update.
https://www.alex-is.de/PHP/fusion/downloads.php?cat_id=4

Autoruns 13.98 now shows the Windows Defender binary as a signed binary. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Beyond Compare 4.3.5.24893 improves integration and compatibility, and resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 1.19.0 improves password concealment, adds soft delete and vault timeouts. This is not a security update.
https://bitwarden.com/

Cygwin 3.1.6 adds support for new socket options, resolves several bugs. This is a security update.
https://cygwin.com/

DesktopOK 7.48 adds SSL to automatic update capability. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Etcher 1.5.101 resolves several bugs, improves UI, and updates libraries. This should be treated as a security update.
https://www.balena.io/etcher/

GoodSync 11.2.5 resolves several bugs and changes licensing…again. This is not a security update.
https://www.goodsync.com/

MS ISO Downloader 8.38 adds support for new images. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

NTLite 1.9.0.7539 adds controls for Target release, Store pinning, Fast Startup, Fast User Switching, Hardware-accelerated GPU scheduling, Shutdown menu, Variable refresh rate, and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

PowerToys 0.19.1 resolves dozens of bugs and stability issues. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Rufus 3.11 improves compatibility and adds several keyboard shortcuts to toggle behaviors. This should be treated as a security update.
https://rufus.ie/en_IE.html

Sysmon 11.10 now captures ADS content into logs, introduces an is-any filter condition, and fixes several bugs. This is not a security update.
https://live.sysinternals.com/

Sigcheck 2.80 adds an option for specifying a trust GUID for signature verification and now shows certificate signing chains. This is not a security update.
https://live.sysinternals.com/

SimpleWMIView 1.41 adds cell-copying and case-sensitivity filtering. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

TeamViewer 15.7.7 resolves several bugs. This is not a security update.
https://www.teamviewer.com/en/download/windows/

WifiInfoView 2.61 updates the internal MAC addresses list. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinScan2PDF 5.81 resolves several bugs and improves rotation support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

ADB 30.0.3 resolves several bugs. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Android Studio 4.0.1.0 resolves over a dozen bugs. This is not a security update.
https://developer.android.com/studio

AutoHotkey 1.1.33.01 resolves several bugs and adds encoding, warnings, and version requirement options. This is not a security update.
https://www.autohotkey.com/download/

Godot 3.2.2 makes over 800 changes, adding C# support for iOS, 2D batching for GLES2, re-architecture of the Android plugin system, DRLS support and ENet integration, and better handling of Variants. This is not a security update.
https://godotengine.org/

Java 8u261 is a security update.
https://www.java.com/en/download/manual.jsp

Node.js 14.5.0 resolves dozens of bugs and updates libraries. This is not a security update.
https://nodejs.org/en/

Node.js v12 12.18.2 resolves several bugs and updates libraries. This is not a security update.
https://nodejs.org/en/

SQLite 3.32.3 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

DB Browser for SQLite 3.12.0 improves table editing, conditional formatting, and multi-threading, as well as dozens of other improvements and bug fixes. This is not a security update.
https://sqlitebrowser.org/

Visual Studio Code 1.47.1 is a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.12-139181 resolves over a dozen bugs and improves hardware compatibility. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

PPSSPP 1.10.3 resolves several bugs. This is not a security update.
https://ppsspp.org/downloads.html

Web Package Updates

These are likely to be of interest only to web developers.

Apache Tomcat 10.0.0-M7, 9.0.37, and 8.5.57 are security updates.
https://tomcat.apache.org/

Coppermine Gallery 1.6.08 improves installation and compatibility. This is not a security update.
https://coppermine-gallery.net/

Dada Mail 11.10.3 improves AWS signature v4 support. This is not a security update.
https://dadamailproject.com/

Drupal 8.8.8 and 8.9.2 are security updates.
https://drupal.org/download

Drupal 9.0.2 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

Joomla 3.9.20 is a security update.
https://www.joomla.org/

phpList 3.5.5 is a security update.
https://www.phplist.org/

ScreenConnect 20.7.29305.7496 resolves several bugs and improves compatibility. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.4.2 is a security update.
https://wordpress.org/

Autoptimize 2.7.3 resolves several bugs. This is not a security update.

BuddyPress 6.1.0 resolves several bugs. This is not a security update.

Contact Form 7 5.2 improves compatibility and resolves several bugs. This is not a security update.

Email Log 2.4.2 resolves several bugs. This is not a security update.

myStickymenu 2.4.3 resolves several bugs. This is not a security update.

Raw HTML 1.6.3 resolves a warning. This is not a security update.

Theme My Login 7.1.1 resolves several bugs. This is not a security update.

W3 Total Cache 0.14.2 resolves several bugs. This is not a security update.

WooCommerce 4.3.0 adds template caching, PHP warnings, improves accessibility, and resolves dozens of bugs. This is not a security update.

WP Mail SMTP 2.2.1 resolves several bugs and improves compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-04-14

Welcome back, Folks!

Today is the real Patch Tuesday for April 2020.

The next build of Windows 10 is just around the corner. If you don’t want to be the guinea pig I strongly suggest you update to v1909 as soon as possible if you’re running an older build. This will grant you a reprieve from the new version for a couple months. Let everyone else beta test and you can upgrade when they’ve worked out the bugs.

This Month in Technology

France content publishers have won a tiny victory against Google. The French competition authority now requires Google (and presumably other news publishers) to pay for republication rights when including a snippet of content. Google simply removed the snippet and now publishes only the title and URL.

A scale 10.0 vulnerability in VMWare has placed most corporate and cloud offerings at severe risk of data compromise.

The latest build of the Switch operating system now lets you move downloaded games to an SD card and remap buttons.

Mozilla’s new privacy-first stance doesn’t apply to their own new telemetry collection.

Now for the good news:

Commissioner Carr of the FCC points out that US internet speed are up 70% since the repeal of Net Neutrality.

Let’s Get Busy

Now back to our regularly scheduled program. Thanks to the unstopping barrage of updates pushed during “weekly update quarantine”, Patch Tuesday this month is pretty light. The typical computer should see roughly 900 MB in updates today. Let’s get started.

Microsoft released updates for Windows, Internet Explorer, and MSRT (~600 MB). This includes security updates. A reboot is required.

Apple released updates for macOS Catalina 10.15.4 and watchOS 6.2.1. This includes security updates. Use Apple Software Update to install the most current versions. Be aware that the 10.15.4 update is known to brick some Apple hardware, so I recommend waiting for 10.15.5, due in about 10 days.

watchOS 6.2.1 is a security update. Use the Watch app on your iPhone to install the most current version.

Adobe Flash Player 32.0.0.363 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (1909) is a pretty small update so will install quickly. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Browser Updates

One or more of these are likely to be of interest to everyone.

Microsoft Edge 81.0.416.53 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Brave 1.7.92 is a security update.
https://brave.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 68.7.0 is a security update. Use Menu, Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

Zoom 4.6.20559.0413 is a security update. Click the user icon, Check for updates to install the most current version.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Unreal Media Server 14.0 adds support for live HEVC (h265) video, output to UMS and MPEG2-TS players, streaming HTML5 video elements, and resolves several bugs. This is not a security update.
http://www.umediaserver.net/umediaserver/download.html

Office Updates

One or more of these are likely to be of interest to most people.

Artweaver 7.0.5 improves hardware compatibility, and resolves several bugs. This is not a security update.
https://www.artweaver.de/

IcoFX 3.4 improves hostory and semitransparent export, and resolves several bugs. This is not a security update.
https://icofx.ro/

Adobe ColdFusion 2016.15 and 2018.9 are security updates.
https://helpx.adobe.com/coldfusion/kb/coldfusion-2016-update-15.html
https://helpx.adobe.com/coldfusion/kb/coldfusion-2018-update-9.html

Adobe After Effects 17.0.6 is a security update. Use Creative Cloud Desktop to install the most current version.

Adobe Digital Editions 4.5.11.187303 is a security update.
https://www.adobe.com/solutions/ebook/digital-editions/download.html

Adobe Camera Raw 12.2.1 doesn’t provide a changelog and download links don’t work. It could be a security update, but doesn’t look like it’s actually available yet.

Adobe DNG Converter 12.2.1 adds support for newer hardware. This is not a security update.
https://supportdownloads.adobe.com/detail.jsp?ftpID=6913
https://supportdownloads.adobe.com/detail.jsp?ftpID=6915

Security Software Updates

One or more of these is likely to be of interest to most people.

IISCrypto 3.2 adds a Protocols Enabled control. This is not a security update.
https://www.nartac.com/Products/IISCrypto/Default.aspx

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.23.1 resolves a relative path bug. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.8.4 adds support for new encodings, performance improvements, and improved scaling with newer hardware. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

DesktopOK 6.93 improves Tools. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

GoodSync 10.11.5 resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

TeamViewer 15.4.8332 doesn’t have a published changelog so should be treated as a security update.
https://www.teamviewer.com/en/download/windows/

Developer Updates

These are unlikely to be of interest to most people.

Visual Studio Code 1.44 improves accessibility, adds preserved undo/redo beyond application closure, remote checkout into containers, timeline view, settings sync and more. This is not a security update.
https://code.visualstudio.com/

Java 8u251 is a security update. If you are not 110% sure you require Java, it’s best to remove it. Java and JavaScript are not the same thing and few desktop applications actually require Java.
https://www.java.com/en/download/manual.jsp

Web Package Updates

These are likely to be of interest only to web developers.

myStickymenu 2.3.9 fixes a bug in the notification bar. This is not a security update.

Postie 1.9.46 resolves a notification bug. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-02-11

Welcome back, Folks!

Today is Patch Tuesday for February 2020.

Microsoft blinked and released three updates to Windows 7 this month, however two of the issues that were resolved were actually caused by their EOL updates released last month. It’s no longer trustworthy, so do not let Windows 7 touch the Internet!

Windows 7 is officially end-of-life (EOL). If you’re still running it, shame on you, and if you are running a licensed version of Windows 7 or 8 you can still upgrade to Windows 10 and have a supported version of Windows for the foreseeable future. Don’t want to do it yourself? Call me!
https://saferpc.info/contact/

The Windows Update engine relies upon a file called “wsusscn2.cab” which is currently choking on download. While there are several Windows updates available today, it looks like the time just to check for updates will be over 2 hours for most devices today. Have patience or wait to start patching until later when they resolve this issue. There’s plenty of other stuff to patch anyway.

This Month in Technology

macOS finally fixes the Sudo bug (after 9 years), but this pales in comparison to the ease at which Mac users are infected through social engineering tactics. If you still think Mac’s are more secure than Windows, you need to see the numbers from MalwareBytes which show the typical Mac is targeted by nearly double the malware that Windows devices are. One special note here is that the users trusted the names of the websites that were involved, mostly a result of allowing domains to expire (a common concept within the broad scheme of domain hijacking).

While we’re on the subject of renewing domains, don’t forget your certificates! TLS/SSL certificates are often an enterprise’s weakest point of failure, especially when they’re not renewed on time. This will become even more important as TLS 1.0 and 1.1 are deprecated over the next couple months, which will prevent most older devices from being able to safely use the Internet at all. How important is certificate trust? Last months certificate hijacking bug allowed a researcher to replicate NSA and Github certificates in less than 24 hours which could be used immediately in MitM and DNS cache poisoning attacks with no effort from the attacker and as little as 10 lines of browser-based code.

Microsoft has decided to end it’s own ad platform within UWP apps, which will seriously hurt the entire UWP ecosystem and likely their users, by encouraging less security- and privacy-concerned third-party platforms to take their place.

This month we’ve seen data dumps from Twitter user details (shortly before a Twitter outage), Trello, Google, half a million servers, routers, and IoT devices, a major cannabis dispensary POS vendor, THSuite, WhatsApp had a major vulnerability (since patched), a Zoom vulnerability allowed hackers to eavesdrop on your calls, Mitsubishi was hacked via their enterprise security software, Trend Micro OfficeScan, and the United Nations was hacked through an unpatched server.

Is your privacy important? Apple bowed to the FBI to prevent fully-encrypted backups, ICE is using cellphone location data to track immigrants, but Avast has decided to stop selling it’s user data and they’re “sorry”, so at least there’s some good news.

Of course, any account can be hacked, even Facebook’s Twitter and Instagram accounts, and the NFL, and this month the City of Oshkosh (WI) and Duplin County (NC) join the “yet another government network hijacked” club.

It’s one thing to be incompetent when it comes to security, but Blizzard doesn’t even understand their users. This month they’re asserting total copyright ownership of any mods their users create and they released Warcraft: Reforged, which is the first game to ever be reviewed this poorly by the userbase. You might give Blizzard some credit for this – after all, they did build the engine that allowed the third-party “Dota” to flourish. LastPass, however, built their own system but accidentally removed their own extension from the Chrome Web Store!

In IoT news, more than 2/3rds of corporate and government entities were compromised with endpoint attacks in 2019, the weakest link might be the building itself or any of tens of millions of devices on a typical corporate or government network, though, as expected, many Huawei IoT devices have a backdoor. A serious public key exposure in Fortinet SIEM allows evildoers to kill your security appliance, and a critial zero-day in SolarWinds RMM allows attackers to hijack your network. Supply chain attacks targeting EOL Windows 7 devices remind us why we should avoid EOL hardware and software, and Phillips Hue lightbulbs are still proving that they weren’t well though-out security-wise. Thousand of WordPress-based websites have been hijacked to redirect visitors to evil sites, and there is always more to security than patching.

Let’s end my soapbox on a happy note: The best news this month might just be that Netflix finally offers an option to disable those #@$& autoplay previews. It’s about time.

Let’s Get Busy

Now back to our regularly scheduled program. The typical computer should see roughly 2.2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Internet Explorer, .NET, Flash, Servicing Stack, and MSRT (~1.2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra, iCloud for Windows 10.9.2, iCloud for Windows 7.17, iOS 13.3.1, iPadOS 13.3.1, iTunes for Windows 12.10.4, Safari 13.0.5, tvOS 13.3.1, and watchOS 6.1.2. These are security updates. Use Apple Software Update to install the most current versions.

iOS 13.3.1 and 12.4.5 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 13.3.1 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 6.1.2 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 13.3.1 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 79.0.3945.123 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Adobe Flash Player 32.0.0.330 is a security update. Take comfort knowing that Flash will be EOL in only 10 months.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (1909) is a pretty small update so will install quickly. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.2 resolves several issues and improves removal procedure. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

BullZip PDF Printer 11.12.0.2816 improves compatibility with Chrome 80+. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Intel Driver and Support Assistant 20.1.5 improves user interface, performance, uninstall, and resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect

nVidia 442.19 adds framerate capping, performance improvements for certain games, VRSS controls, and support for newer hardware. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Garmin Express 6.20 doesn’t provide a changelog so should be treated as a security update.
https://www.garmin.com/en-US/software/express/

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 80.0.3987.100 is a security update. This version is also the predecessor to the new samesite cookie handling behavior that will cause problems for various industries, including ad-services. Use Menu, Help, About to install the most current version.

Firefox 73.0 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 68.5.0 is a security update. Use Menu, Help, About to install the most current version.

Iridium 2019.11.78 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 2.10.1745.27 is a security update. Use Menu, Help, About to install the most current version.

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 68.5.0 is a security update. Use Menu, Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

MaxMind GeoLite: Due to their interpretation of the CCPA (California Consumer Privacy Act), MaxMind has opted to no longer provide direct downloads of their IP information databases. An account and agreement to perform updates immediately upon publishing new releases and removal of all existing copies is now required. Due to this we will no longer be listing MaxMind on SaferPC. I suggest you integrate their automatic update service into your existing platform to ensure that you can comply with their new usage agreement.

Prosody 0.11.4 improves performance and resolves several bugs. This is not a security update.
https://prosody.im/download/start

BrowsingHistoryView 2.36 adds option to delete Chrome and Firefox history records. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

FreeNAS 11.3 is a major update offering improved performance, security controls, community plugin integration, improved granularity of alerts and more. This is not a security update.
https://www.freenas.org/download-freenas-release/

Npcap 0.9987 is a security update.
https://nmap.org/npcap/

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.10.4 is a security update. Use Apple Software Update to install the most current version.

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.01.20 resolves several bugs and improves reliability of Remote Play. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.006.20034 is a security update. Use Help, Check for Updates to get the most current version.

Adobe DNG 12.2 adds support for new hardware. This is not a security update.
Mac: https://supportdownloads.adobe.com/detail.jsp?ftpID=6879
Win: https://supportdownloads.adobe.com/detail.jsp?ftpID=6881

Adobe Experience Manager 6.5.0-31870 and 6.4.0-31868 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb20-08.html

Adobe Digital Editions 4.5.11 is a security update.
https://helpx.adobe.com/security/products/Digital-Editions/apsb20-07.html

Adobe Framemaker 2019.0.5 is a security update.
https://helpx.adobe.com/security/products/framemaker/apsb20-04.html

Adobe Illustrator CC 24.0.2 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb20-03.html

Artweaver 7.0.4 resolves several bugs and improves performance with impasto and PSD text layers. This is not a security update.
https://www.artweaver.de/

Atom 1.44.0 resolves several bugs. This is not a security update.
https://atom.io/

LibreOffice Still 6.3.4 is a major update adding a wide variety of new features and performance improvements. This is not a security update.
https://www.libreoffice.org/

LibreOffice Fresh 6.4.0 resolves almost 500 bugs, including security issues. The typical user should run LibreOffice Still (stable), not Fresh (beta).
https://www.libreoffice.org/

Lightworks NLE 14.5 adds dozens of new features, export options, media codecs, and over a hundred bugs. This should be treated as a security update.
https://www.lwks.com/

Notepad++ 7.8.4 adds JSON and Workspace improvements, and resolves a crash bug. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 4.2.9 resolves several bugs and improves performance. This is not a security update.
https://www.getpaint.net/

Security Software Updates

One or more of these is likely to be of interest to most people.

QubesOS 4.0.3 is a security update.
https://www.qubes-os.org/downloads/

elementaryOS 5.1.2 is a security update.
https://elementary.io/

RogueKiller 14.1.1 resolves several bugs. This is a security update.
https://www.adlice.com/download/roguekiller/

TinyWall 3.0 improves reliability, user interface, exception controls, and resolves several bugs. This is not a security update.
https://tinywall.pados.hu/

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.20.2 resolves several bugs. This is not a security update.
https://www.fosshub.com/ScreenToGif.html

Converter Updates

These are unlikely to be of interest to most people.

MKVToolnix 43.0.0 resolves several bugs and improves user interface defaults options from command line. This is not a security update.
https://www.fosshub.com/MKVToolNix.html

DVDFab 11.0.7.1 resolves several bugs and adds support for newer encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

RoboForm 8.6.6 improves compatibility and resolves several bugs. This is not a security update.
https://www.roboform.com/

Easy2Boot 1.B8A improves compatibility and user-interface. This is not a security update.
https://www.fosshub.com/Easy2Boot.html

1Password for Mac 7.4.2 improves compatibility and resolves several bugs. This is not a security update.
https://1password.com/downloads/mac/

ControlMyMonitor 1.25 adds option to put icon in tray. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

DesktopOK 6.84 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.66 adds Class GUID column. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

Etcher 1.5.76 updates libraries and resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Everything CLI 1.1.0.18 doesn’t provide a changelog, so should be treated as a security update.
https://www.voidtools.com/

FileLocator Pro 8.5.2944 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Fing 8.8.2 improves user interaction and resolves several bugs. This is not a security update.
https://community.fing.com/

GoodSync 10.10.21 improves performance and reliability, resolves several bugs. This is not a security update.
https://www.goodsync.com/

MS ISO Downloader 8.31 adds support for new media. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

OSFMount 3.0.1005 adds command-line options to load physical or logical emulation only, and resolves a permissions bug. This is not a security update.
https://www.osforensics.com/tools/mount-disk-images.html

SetDefaultBrowser 1.4 adds support for Chromium-based Edge. This is not a security update.
https://kolbi.cz/blog/2017/11/10/setdefaultbrowser-set-the-default-browser-per-user-on-windows-10-and-server-2016-build-1607/

TaskSchedulerView 1.54 adds options to select/deselect all to column chooser. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

USBDeview 2.86 adds mode option for Regedit call, to support opening with or without elevation.
https://www.nirsoft.net/utils/usb_devices_view.html

WinScan2PDF 5.21 improves WIA compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.32 resolves several bugs, adds options to export file types to CSV, filterexclude, and command-line supporter activation. This is not a security update. On the note of Supporters – this software is amazing. Use it. And donate.
https://antibody-software.com/web/software/software/wiztree-finds-the-files-and-folders-using-the-most-disk-space-on-your-hard-drive/

Developer Updates

These are unlikely to be of interest to most people.

Godot 3.2 improves reliability, performance, stability and resolves almost 2,000 bugs. This should be treated as a security update.
https://godotengine.org/

Node.js 13.8.0 is a security update.
https://nodejs.org/en/

SQLite 3.31.1 adds generated columns, hard heap limits, improved pragma, dbstat aggregated mode support, open nofollow, and resolves an internal schema compatibility issue. This compatibility fix is temporary, so fix your applications if you currently rely on parsing the data structure via internal schema. This is a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.42 resolves several bugs, improves user interface, additional preference controls, task management, and more. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.2-135663 resolves several bugs and improves compatibility. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Adminer 4.7.6 resolves several bugs. This is not a security update.
https://www.adminer.org/en/

Drupal 8.8.2 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

HumHub 1.4.0 updates libraries and resolves dozens of bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 3.9.15 is a security update.
https://www.joomla.org/

Magento 2.3.4, 2.2.11, 1.14.4.4, 1.9.4.4 are security updates.
https://helpx.adobe.com/security/products/magento/apsb20-02.html

Nextcloud Hub 18.0.0 is a major update adding improved file, flow, photos, calendar, mail, and talk integration, and ONLYOFFICE support. This is not a security update.
https://nextcloud.com/

ScreenConnect 19.6.26659.7340 is a security update.
https://www.connectwise.com/software/control/download

SpamAssassin 3.4.4 is a security update.
http://spamassassin.apache.org/downloads.cgi

YOURLS 1.7.6 is a security update.
https://yourls.org/

bbPress 2.6.4 is a security update.

Interactive World Map 3.1.4 is a major update that resolves several issues. This is not a security update.

myStickymenu 2.3.4 resolves several bugs. This is not a security update.

Postie 1.9.41 resolves regex bug and now attempts to process only 1 email at a time. This is not a security update.

Sucuri Security 1.8.23 updates key updater and improves user interface. This is not a security update.

W3 Total Cache 0.13.1 resolves several bugs. This is not a security update.

WooCommerce 3.9.1 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/