Updates 2024-07-09

Today is Patch Tuesday for July, 2024.

There were 330+ major hacks, and over 360 application updates this month. It’s an average month, with about 3.0 GB of updates for most users.

This Month in Technology

3GL Technology Solutions, 50 Cent, Acrotech Biopharma Inc, Adobe Commerce and Magento, Advance Auto Parts, AEG Presents, LLC, Affirm, Agrani Bank, Agropur, Airtel, AJE Group, Alabama Education Department, Altoona Logan Township Mobile Medical Emergency Department Authority, Ambulnz Holdings, LLC, AMD, Amper Group, Amtrak, Android, Ann & Robert H. Lurie Children’s Hospital of Chicago, ANY.RUN, Apple, Arcis Golf, Árvakur, ASI, Association of Texas Professional Educators, Aultman Hospital, Authy, Baltimore 311 callers, Behavioral Health Response, Belle Tire, Benefit Management, Better Business Bureau, Bharat Sanchar Nigam Limited (BSNL), Bol d’air France, BootCDN, Bootcss, Brainworks Software, Bunger Steel, Cambridge University Press & Assessment, Canara Bank, CareDx, Inc, CDK Global (twice), Center for Digestive Health, Center for Human Capital Innovation, Change Healthcare, Channel 7 News Australia, Chicha San Chen, Chroma Color, Circle K Atlanta, CISA Chemical Security Assessment Tool (CSAT), Cisco Nexus switches, Cisco NX-OS, City of Cleveland, Ohio, City Of Coon Rapids, City of Helsinki, Finland, City of Newburgh, NY, Class Advisors, Coca Cola, Cognizant Open Insurance Policy Administration, CoinStats, Conference USA, Consulting Radiologists Ltd, Creative Realities, Credit Suisse, CredRight, Critchfield & Johnston, Crown Equipment, CTG Brands, CTSystem, Cukierski Associates LLC, Custom Concrete, D-Link DIR-859, Datamate Bookkeeping & Tax, Inc, DaVita Inc, Daystar, Derby School, Derbyshire County Council, Designed Receivable Solutions, Inc, Deskcenter, DG3 North America, Inc, Diogenet SR, Docker containers, Dordt University, Eagle Materials, Egyptian Health Department, Ejército del Per, Elite Fitness, Elite Limousine Plus Inc, Elyria Foundry, EqualizeRCM, Ernst & Young LLP, Escondido Union High School District, Esquerra Republicana de Catalunya, Ethereum’s mailing list provider, eVeridis, Evolve Bank & Trust, Facebook PrestaShop module, Fareri Associates, FBT Transport, Financial Business and Consumer Solutions, Inc, Florida Department of Health, Fortra FileCatalyst Workflow, Francesco Parisi, French Diplomats, Fédération Internationale de l’Automobile (FIA – Formula 1), GBA GROUP, GCash, Geisinger Healthcare, Ghostscript library, GitLab, GlobalWafers, Globe Life, Goodman Reichwald-Dodge, GoodTemps, Google Chrome, Gorrie-Regan, Grandstream GXP2135, Great Lakes International Trading, Greylock McKinnon Associates, Inc, Grupo Amper, HackerOne, Harvey Construction, HealthEquity, Hedrick Brothers Construction, Hey You, Highland Health Systems, HubSpot, Human Technology Inc, Husky Owners, Hydmech, INDA’s, India’s National Disaster Management Authority (NDMA), India’s Regional Cancer Centre, Indonesia’s National Data Center, Indonesian Directorate General of Civil Aviation, Infosys McCamish Systems, Innerspec Technologies, Innomar Strategies, Intel CPUs (Indirector), Internal Revenue Service (IRS), Internal Security Operations Command (ISOC), Island Transportation Corp, JM Thompson, Jollibee Group, Jordan’s Ministry of Education, Juniper Networks Session Smart Router, Juniper Networks Session Smart Conductor, Juniper Networks WAN Assurance Router, Kadokawa Corporation, Kairos Health Arizona, Inc, Kansas City, Kansas Police Department, KBC Zagreb, Key Benefit, Kinter, Kito Canada, Kraken crypto exchange, Ladco, Lake Medical Group, Landmark Life, Learnosity, Legend Properties, Inc, Len Dubois Trucking, LevelOne WBR-6013, Levi Strauss, Lexibar, Lindex Group, LivaNova, Longview Oral & Maxillofacial Surgery, Los Angeles County Department of Public Health, Louisiana Special School District, Mailcow Mail Server, Manchester City Football, Maryhaven, Mass General Brigham, Maxicare, MD Now Urgent Care, MEL Aviation Ltd, Mercku, MGF Sourcing, Microsoft Azure Machine Learning Services, Microsoft email, Microsoft O365, Microsoft PlayReady DRM, Middletown Township, Mitsubishi Electric Software, ModPlan, Mount Kisco Surgery, Mountjoy, MOVEit, National Identity Management Commission of Nigeria, National Publisher Services LLC, Neiman Marcus, NetOne, Niconico, OCEANAIR, Olson & Co Steel, Opaxe, OpenAI (twice), OpenSSH server, P Kaufmann, Palomar Health Medical Group, Patelco Credit Union, Payne & Jones, Pediatric Urology Associates, Peterbilt of Atlanta, Philippine Health Insurance Corporation, Philippine Maritime Authority, Phoenix SecureCore UEFI firmware, Pinnacle Orthopaedics & Sports Medicine Specialists LLC, Planar, Plavan Commercial Fueling Inc (“P-Fleet”), Polyfill.io, Prairie Athletic Club, Privia Medical Group of Georgia, Progress MOVEit Transfer, Progress Software Corporation WhatsUp Gold, ProMotion Holdings, Providence Mission Heritage Endocrinology, Prudential Financial, PT Latinusa, Puyallup Tribe, Radiology and Imaging Specialists, Rappi, REA Wire, Realtek rtl819x, Rejetto HTTP File Server (HFS), Rider, Roblox Developer Conference, Rockford Public School District, Rockwell Automation’s PanelView Plus, Rolls-Royce, Sacred Heart Community Service, Samaritan Health Services, Inc, Sanyo Shokai, Scout Energy Partners, Scrubs And Beyond, Seagulf Marine Industries, Sensory Spectrum, Sharp printers, Shinnick & Ryan, Shoe Zone, Shopify third-party app, SiriusXM, Sirva, SkinCure Oncology, Sky-light, SkyPartsUSA, SlowMist, Smartweb, Sofidel, SolarWinds Serv-U, South Africa’s National Health Laboratory Service, SouthCoast Health, Special Health Resources, Spike Chunsoft, Staticfile, Steps to Life, Suminoe, Synnovis Pathology, Taj Hotel Group, TeamViewer, TETRA Technologies, Texas Recycling, Texas Retina Associates, The Ambulatory Surgery Center of Westchester, The Northwestern Mutual Life Insurance Company, The Union Labor Life Insurance Company, Ticketmaster LLC, Toshiba printers, Total Fitness, Tp-Link ER7206 Omada Gigabit VPN Router, TPI, TPOCC, Traderie, Transit Mutual Insurance Corporation, Transport Laberge, Trisun Land Services, Truist Bank, Turkish Government Websites, Twilio, UEFA, UK Post Office, US Dermatology Partners, UwU Lend, Vanguard, Vanna AI, Ventura County Credit Union, Victoria Racing Club, VirtualBox, Virum Apotek, Waupaca County, WI, West Clermont Schools, Western Mechanical, Westview Co-op, Wind Composite Services Group, LLC, Windows Wi-Fi driver (still vulnerable!), Wisconsin Department of Health Services, Wise Payments, Woodruff-Sawyer & Co, WordPress.org, World inquest, Yieldstreet, Zadig & Voltaire, Zaire National Health Laboratory Services, Zerto, Zimbabwe Anti-Corruption Commission, and Zotac have reported hacking or compromises this month.

CDK GlobalCloudflare, OVHcloud, and Xbox Live have suffered from outages this month.

Last months updates broke AuthLite on Domain Controllers, Windows Update, Show Desktop preferences, Windows Taskbar, Windows language packs, and Windows virtualization services.

A new proof-of-concept (SnailLoad) demonstrates how to exploit latency to track a victim’s online activity.

Microsoft’s WSUS driver synchronization will be going away along with WordPad.

The Supreme Court has struck down efforts to hold the federal government responsible for their violations of the first amendment. The US federal government has proven itself impotent to investigate SolarWinds for the most significant hack of all time.

Now for the good news:

The EU Commission has put Meta on notice that their “pay or consent” model breaches EU law.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is about average this month. The typical computer should see roughly 3.0 GB in updates today. Let’s get started.

Microsoft released updates to address 143 vulnerabilities in .NET and Visual Studio, Active Directory Federation Services, Active Directory Rights Management Services, Azure CycleCloud, Azure DevOps, Azure Kinect SDK, Azure Network Watcher, Intel, Line Printer Daemon Service (LPD), Microsoft Defender for IoT, Microsoft Dynamics, Microsoft Graphics Component, Microsoft Office, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft Streaming Service, Microsoft Windows Codecs Library, Microsoft WS-Discovery, NDIS, NPS RADIUS Server, Role: Active Directory Certificate Services; Active Directory Domain Services, Role: Windows Hyper-V, SQL Server, Windows BitLocker, Windows COM Session, Windows CoreMessaging, Windows Cryptographic Services, Windows DHCP Server, Windows Distributed Transaction Coordinator, Windows Enroll Engine, Windows Fax and Scan Service, Windows Filtering, Windows Image Acquisition, Windows Internet Connection Sharing (ICS), Windows iSCSI, Windows Kernel, Windows Kernel-Mode Drivers, Windows LockDown Policy (WLDP), Windows Message Queuing, Windows MSHTML Platform, Windows MultiPoint Services, Windows NTLM, Windows Online Certificate Status Protocol (OCSP), Windows Performance Monitor, Windows PowerShell, Windows Remote Access Connection Manager, Windows Remote Desktop, Windows Remote Desktop Licensing Service, Windows Secure Boot, Windows Server Backup, Windows TCP/IP, Windows Themes, Windows Win32 Kernel Subsystem, Windows Win32K – GRFX, Windows Win32K – ICOMP, Windows Workstation Service, XBox Crypto Graphic Services, and MSRT. This includes security updates. A reboot is required.

Apple released updates for AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

Google Chrome OS 126.0.6478.132 and 120.0.6099.315 are security updates. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Sonoma (14.x) means that macOS Big Sur (11.x) and older are no longer supported. If you can not install at least macOS Monterey (12) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current — and final — release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. All non-LTS versions of Windows 10 other than v22H2 are now out of support, upgrade to v22H2 now. If you aren’t sure whether you are using LTS, you aren’t. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v23H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is now stable and can be upgraded to if your hardware supports it, but I recommend you continue to use Windows 10 until early 2025 before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AirPods Firmware Update 6A326 is a security update.
https://support.apple.com/HT214111

AirPods Firmware Update 6F8 is a security update.
https://support.apple.com/HT214111

AMD Adrenalin 24.6.1 resolves several bugs and improves compatibility. This is not a security update.
https://www.amd.com/en/support

Beats Firmware Update 6F8 is a security update.
https://support.apple.com/HT214111

Nvidia Driver 475.14 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

TP-Link Archer AX72 v1.60 240426 is a security update.
https://www.tp-link.com/us/support/download/archer-ax72-pro/#Firmware

UniFi U6 Professional 6.6.73 resolves dozens of bugs. This is not a security update.
https://www.ui.com/download/software/u6-pro

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.67.123 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Firefox 128.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 128.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Google Chrome 126.0.6478.126 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 126.0.2592.87 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Vivaldi 6.8.3381.46 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

OutlookAttachView 3.53 resolves a stray field at the end of exported data. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

ProtonMail (Android) 4.0.15 improves security and message header view. This is a security update.
https://proton.me/mail/download

Spark 3.16.7.78552 resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.16.7.78551 resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 115.12.2 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Dropbox 202.4.5551 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 215.2.0.11.211 is a security update.
https://www.messenger.com/download

FreeFileSync 13.7 adds symlink support and resolves a couple bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 92.0 doesn’t provide a detailed change log so should be treated as a security update.
https://drive.google.com/start

Microsoft Teams 1.7.00.17051 improves third-party app experience and adds bookable desks. This is not a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 29.0.3 updates dependencies and resolves several bugs. This is not a security update.
https://nextcloud.com/

Rclone 1.67.0 is a security update.
https://rclone.org/

Signal 7.15.0 resolves several bugs. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 7.10.3 improves linked devices. This is not a security update.
https://signal.org/android/apk/

Syncthing 1.27.9 resolves several bugs and updates dependencies. This is not a security update.
https://syncthing.net/

Technitium DNS Server 12.2.1 resolves a couple bugs. This is not a security update.
https://technitium.com/dns/

Telegram 5.2.3 resolves several bugs. This is not a security update.
https://telegram.org/

Telegram (Android) 10.14.3 updates libraries and resolves several bugs. This is not a security update.
https://telegram.org/apps

Trillian 6.5.0.40 resolves dozens of bugs. This should be treated as a security update.
https://www.trillian.im/

Trillian Mac 6.5.0.43 doesn’t provide a change log so should be treated as a security update.
https://www.trillian.im/

Zoom 6.1.1.41705 resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 4.0.6 resolves a user interface bug. This is not a security update.
https://en.3tene.com/

darktable 4.8.0 adds a color equalizer, canvas enlargement, overlay support, performance improvements and resolves over 50 bugs. This is not a security update.
https://www.darktable.org/

Grayjay 249 adds support for Spotify, YouTube Channel Playlists, Nebula, Odysee, and resolves several bugs. This is not a security update.
https://grayjay.app/index.html

KaraFun Player 2.6.2.0 doesn’t provide a detailed change log so should be treated as a security update.
https://www.karafun.com/karaokeplayer/

Plex Desktop 1.96.0.177 resolves a bug displaying Genre. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.64.0.170 updates libraries. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.40.3.8555 resolves several bugs and adds automatic 64-bit upgrade to 32-bit installs on 64-bit hardware. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

Minecraft Server (Bedrock) 1.21.2.02 doesn’t provide a change log so should be treated as a security update.
https://www.minecraft.net/en-us/download/server/bedrock

Minecraft Server (Java) 1.21 doesn’t provide a change log so should be treated as a security update.
https://www.minecraft.net/en-us/download/server

PS5 2024.702 resolves several bugs. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2024-06-20 resolves several bugs. This is not a security update.
https://store.steampowered.com/news/app/593110

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 24.002.20895 resolves several bugs. This is not a security update.
https://get.adobe.com/reader

Adobe Premiere Pro 24.5 and 23.6.7 are security updates.
https://helpx.adobe.com/security/products/premiere_pro/apsb24-46.html

Adobe InDesign 19.4 and 18.5.3 are security updates
https://helpx.adobe.com/security/products/indesign/apsb24-48.html

Adobe Bridge 13.0.8 and 14.1.1 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb24-51.html

Artweaver 7.0.17 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Calibre 7.13.0 adds ability to generate a CSV catalog and resolves several bugs. This is not a security update.
https://calibre-ebook.com/

GnuCash 5.8 adds ability to move accounts into sub-accounts of another account. This is not a security update.
https://www.gnucash.org/

Kdenlive 24.05.2 resolves dozens of bugs. This is not a security update.
https://kdenlive.org/

Kindle for PC 2.4.70904 doesn’t provide a change log so should be treated as a security update.
https://www.amazon.com/kindleforpc

Krita 5.2.3 resolves 20 bugs. This is not a security update.
https://krita.org/en/download/

Manager 24.7.7.1713 doesn’t provide a detailed change log so should be treated as a security update.
https://www.manager.io/

Nextcloud Desktop 3.13.2 resolves a couple bugs. This should be treated as a security update.
https://nextcloud.com/

PDF-XChange Editor 10.3.1.387 adds several new settings and resolves dozens of bugs. This is a security update.
https://www.pdf-xchange.com/product/pdf-xchange-editor

QuickBooks Pro 2022 20240529-R16_17 doesn’t provide a detailed change log so should be treated as a security update.
https://downloads.quickbooks.com/app/qbdt/products

QuickBooks Pro 2023 20240529-R13_14 doesn’t provide a detailed change log so should be treated as a security update.
https://downloads.quickbooks.com/app/qbdt/products

Security Software Updates

One or more of these is likely to be of interest to most people.

Chainsaw 2.9.1-2 improves CLI and dump support, and fixes macOS builds. This is not a security update.
https://github.com/countercept/chainsaw

FSS 2024.6.20 doesn’t have a change log so should be treated as a security update.
https://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

JShelter 0.18.1 resolves several bugs. This is not a security update.
https://jshelter.org/install/

RogueKiller 15.17.4 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

SanDisk PrivateAccess 6.4.11.0 doesn’t provide a change log so should be treated as a security update.
https://support-en.wd.com/app/answers/detailweb/a_id/48025

Stinger 13.0.0.138 adds support for several new detections. This is not a security update.
https://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Tails 6.4 updates libraries and resolves several bugs. This is a security update.
https://tails.net/install/download/index.en.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 13.0.2.0 adds support for new encodings and resolves a compatibility bug. This is not a security update.
https://www.dvdfab.cn/download.htm

HandBrake 1.8.1 resolves several bugs and updates libraries. This is not a security update.
https://handbrake.fr/

StreamFab 6.1.8.7 improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 2.0.2.7 improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Utility Updates

These are unlikely to be of interest to most people.

1Password 8.10.35 is a security update.
https://1password.com/downloads/

7-Zip 24.07 improves stability. This is not a security update.
https://www.7-zip.org/

AOMEI Partition Assistant 10.4.1 resolves several bugs. This is not a security update.
https://www.diskpart.com/

Beyond Compare 5.0.0.29773 is a major update, adding dark mode, improved wrapping and table behavior, improved media compare, performance improvements and more. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 2024.6.4 improves legacy migration, administration and self-hosting. This is not a security update.
https://bitwarden.com/

CCleaner 6.25.11131 resolves several bugs. This is not a security update.
https://www.ccleaner.com/

CPU-Z 2.10 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 11.29 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 4.2.29.0 resolves several bugs. This is a security update.
https://dngrep.github.io/

Everything Toolbar 1.3.4 resolves several bugs. This is a security update.
https://github.com/stnkl/EverythingToolbar/

ExplorerPatcher 22621.3527.65.5 improves compatibility and resolves several bugs. This is not a security update.
https://github.com/valinet/ExplorerPatcher/

Fido 1.58 removes Windows 8.1 downloads. This is not a security update.
https://github.com/pbatard/Fido/releases

FolderChangesView 2.36 adds option to Save All Items. This is not a security update.
https://www.nirsoft.net/utils/folder_changes_view.html

FoneTool 2.8.0 adds support for iOS 18, ringtone management and fixes bugs in the ringtone maker. This is not a security update.
https://www.fonetool.com/download.html

Go 1.22.5 is a security update.
https://go.dev/

GoodSync 12.7.2 resolves several bugs. This is not a security update.
https://www.goodsync.com/

grepWin 2.1.3 resolves several bugs. This is not a security update.
https://github.com/stefankueng/grepWin/releases/latest

HWiNFO 8.04 improves hardware support and resolves several bugs. This is not a security update.
https://www.hwinfo.com/download/

ManageWirelessNetworks 1.14 adds option to set connection mode. This is not a security update.
https://www.nirsoft.net/utils/manage_wireless_networks.html

NTLite 2024.7.9997 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSForensics 11.0.1008 resolves several bugs. This is not a security update.
https://www.osforensics.com/download.html

PingInfoView 3.15 resolves IPv6 address parsing and menu configuration. This is not a security update.
https://www.nirsoft.net/utils/multiple_ping_tool.html

PowerToys 0.82.0 improves stability and resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

ProcessMonitor 4.01 adds color display. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

Recuva 1.54.120 adds license changes. This is not a security update.
https://www.ccleaner.com/recuva

SetUserFTA 1.8.2 doesn’t provide a change log so should be treated as a security update.
https://setuserfta.com/

Speccy 1.33.75 adds support for new hardware and improves licensing. This is not a security update.
https://www.ccleaner.com/speccy

Starwind V2V Converter 9.509 adds support for new conversions and improves performance. This is not a security update.
https://www.starwindsoftware.com/starwind-v2v-converter

WhyNotWin11 2.6.1.0 resolves several bugs. This is not a security update.
https://github.com/rcmaehl/WhyNotWin11

WinGet 1.8.1791 resolves dozens of bugs. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

WinScan2PDF 8.88 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

.NET Runtime 8.0.7 is a security update.
https://dotnet.microsoft.com/en-us/download/dotnet

Android Studio 2024.1.1.11 doesn’t provide a detailed change log so should be treated as a security update.
https://developer.android.com/studio

AutoHotkey 2.0.18 resolves a couple bugs. This is not a security update.
https://www.autohotkey.com/download/

GameMaker Studio 2024.6.1 resolves several bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.4.205 improves performance, adds several new actions and variables, and resolves several bugs. This is not a security update.
https://gdevelop.io/download

GitHub Desktop 3.4.2 resolves several bugs. This is not a security update.
https://desktop.github.com/

Inno Setup 6.3.2 resolves a bug in text parsing. This is not a security update.
https://www.jrsoftware.org/isdl.php

MySQL ConnectorNet 9.0.0 resolves several bugs. This is not a security update.
https://dev.mysql.com/downloads/connector/net/

Node.js 18.20.4 is a security update.
https://nodejs.org/en/

Node.js 20.15.1 is a security update.
https://nodejs.org/en/

Node.js 22.4.1 is a security update.
https://nodejs.org/en/

Visual Studio Code 1.91 adds support for several new features. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

HumHub 1.16.1 improves compatibility and resolves several bugs. This is not a security update.
https://www.humhub.com/en

ISPConfig 3.2.12 resolves several bugs, improves compatibility, and adds a couple new features. This is not a security update.
https://www.ispconfig.org/ispconfig/download/

Joomla 5.1.2 is a security update.
https://www.joomla.org/

ownCloud Client 5.3.1.14018 resolves a linking bug. This is a security update.
https://owncloud.com/desktop-app/

WordPress 6.5.5 is a security update.
https://wordpress.org/

bbPress 2.6.11 resolves over a dozen bugs. This is not a security update.
https://wordpress.org/extend/plugins/bbpress/

Contact Form 7 5.9.6 resolves a compatibility bug. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.10 resolves several bugs. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

My Sticky Bar 2.7.1 resolves a button bug. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/

NextScripts Social Networks Auto-Poster 4.4.6 is a security update.
https://wordpress.org/extend/plugins/social-networks-auto-poster-facebook-twitter-g/

Sucuri Security 1.9.1 adds support for configuring the cache-control header. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

WPBakery 7.7.2 resolves a couple bugs. This is not a security update.
https://wpbakery.com/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2023-11-14

Happy Thanksgiving, Folks!

Today is Patch Tuesday for November, 2023. It’s ugly.

This month brings a new version of Windows 11 (v23H2), critical security updates for all supported Apple products, and (literally) new security updates for every browser every single week since the last update cycle on October 10th. That’s on top of the 190+ major hacks, and over 205 application updates this month. Prepare yourself, there will be about 5 GB of updates for most devices this month.

The new Windows Copilot AI feature is now enabled by default in Windows 10 and 11, but can be disabled either in the deep settings or within group policy.

This Month in Technology

1Password, 23andMe, Accenture, Ace Hardware, Advarra, Air Canada, Air Europa, Allen & Overy, Allied Pilots Association, AlohaCare, American Family Insurance, Ampersand, Android 13, AndroidLista, Apache ActiveMQ, Apple Safari, Apple “Find My”, Atlas Healthcare CT, Atlassian Confluence, Avito, BHI Energy Health and Welfare Benefits Plan, BHI Energy I Specialty Services LLC, BHS Physician Network, Inc., Boeing, British Library, Bukalapak, BulletProftLink, Bureau van Dijk, Cadence Bank, Caesars Entertainment, Inc., Casio, CCleaner, Chess, Cisco IOS XE, City of Philadelphia, City of Victorville, California, Clark County School District (CCSD), Colonial Pipeline, Counseling and Recovery Services of Oklahoma, Crum & Forster, D-Link, Dakota Eye Institute, Deer Oaks Behavioral Health, 22 companies overseeing energy infrastructure in Denmark, District of Columbia Board of Elections, DP World Australia, Drug Free Workplaces USA, LLC, Edward C. Taylor, PhD., PL, eleHealth, Ethereum wallet system, European government email servers, F5 BIG-IP, Fidelity National Information Services, Inc., Financial Asset Management Systems, First Judicial Circuit, Fitmart, Five Guys Enterprises, LLC, Frax Outsourcing, Frazier & Deeter, LLC, Fredericksburg Foot & Ankle Center, PLC, GameSprite, GamingMonk, GPD Holdings LLC (CoinFlip), Grammarly, Greater Rochester Independent Practice Association, Inc., Growers Express, LLC, Grupo GTD, Healthsoft LLC, Helping the Aging Needy and Disabled Inc, Henry Schein, Hill International, Inc, Hospital & Medical Foundation of Paris, Inc, Hospital Sisters Health System, Indian state government, Industrial and Commercial Bank of China (ICBC)…which paid the ransom, International Criminal Court, IPM Healthcare DBA Boomerang Healthcare, Jeffco Public Schools, Juniper devices, Jupyter Notebooks, JustSystems Corporation Ichitaro, Kansas Supreme Court, Kwik Trip, Kyocera AVX Components Corporation (KAVX), La Red Health Center, LastPass, LCS Financial Services, LDLC ASVEL, Lennar Corporation, Life Generations Healthcare LLC, Lobel Financial Corporation, Longhorn Village, macOS, Marina Bay Sands, Mattson Technology, Inc., McLaren Health Care, MemeChat, Microsoft Exchange, Morrison Community Hospital, Mozi IoT Botnet, Mr. Cooper, Napa Integrated Medicine PC, NASCO, NetScaler ADC and NetScaler Gateway appliances, New York Life Insurance Company, Northern Iowa Therapy PC, Okta (again and again), OrthoAlaska, LLC, Oscar Insurance Company of Florida, Pacific Clear Vision Institute, Pacific Union College, Peerstar LLC, Pennsylvania General Store, peplink Surf SOHO, Perry Johnson & Associates, Personify Care, Pharmacy Group of Mississippi, LLC, Phoenix, Pisenti & Brinker LLP, Postmeds, Inc./Truepill, Progress Software MOVEit, Progressive Leasing, Prolific Puma, Pypl, QNAP QTS, Radius Global Solutions, RagnarLocker ransomware, Redcliffe Labs, Refresco Beverages US Inc., Resort Data Processing, Inc., Revival Animal Health, Riverside County Office of Education, Roundcube Webmail, Royal Elementor, Samsung Galaxy S23, San Diego PACE, San Francisco Jazz Organization, Sberbank, Seiko, Shadow PC, Simpson Manufacturing, Singing River Health System, 1 million Windows and Linux hosts using SMBv1, SoftEther VPN, SolarWinds Access Rights Manager, South River Technologies Titan MFT and Titan SFTP, Sphero, Stanford University, Stars Arena, State of Maine, Sumo Logic, Sun Life Financial, Sutter Health, SysAid, Taylored Service Parent Co., TeamCity, The Chattanooga Heart Institute, The Commerce Insurance Company (MAPFRE Insurance), The Hilb Group Operating Company, LLC, The Newtron Group, LLC, Toronto Public Library, Toumei, Town of Iowa, Louisiana, Transaction Data Systems, TransForm, Tri Counties Bank, Tri-City Medical Center, Trigona ransomware gang, Trust Benefit Technologies, LLC, Tunngle, 11 Ukrainian telcos, University Federal Credit Union, University of Michigan, University of Missouri, User Submitted Posts WordPress plugin, Veeam ONE IT, Vidio, VMware vCenter Server, VMware vRealize Log Insight, WACOSA, Wescom Central Credit Union, West Texas Gas, Westat, Inc., Western Washington Medical Group, Weston Embedded uC-HTTP HTTP Server, Women Political Leaders Summit, WS_FTP, Wyze Cam v3, Yifan YF325, Zhefengle have reportedly been hacked or compromised this month.

In what should be no surprise to 40,000 people, yes, leaving the default “admin” password will get you hacked.

Cloudflare, OpenAI/ChatGPT, Outlook.com, and the Toronto Public Library have suffered from outages this month.

Last months updates broke .NET 6.0 security patches, .NET 7.0 security patches, Apple device integration with Enterprise Single Sign On, Hosted Exchange, HP motherboards, Hyper-V, Microsoft 365 admin system, Microsoft 365, MS Office, Outlook Desktop, Rivian infotainment systems, Veeam RCT, VMware ESXi, Windows desktop icons, Windows Server 2022 VMs on VMware ESXi, Windows Update, and WSUS.

Microsoft violated (again) their promise not to push bloatware on LTSC.

Microsoft also introduced over 110 security vulnerabilities (discovered so far…) to Microsoft 365 by integrating SketchUp 3D capabilities.

Sadly, Microsoft has also disabled the free upgrade to Windows 10 from Windows 7 and 8. Until about a month ago it was still possible to upgrade older machines to Windows 10 without having to purchase a license. Now it is no longer possible.

Microsoft has also changed Authenticator behavior to suppress notifications for “risky sign-ins.” The idea is that when a login occurs from an unlikely source, somewhere you have not logged in before or a country you’re unlikely to be in, they can prevent the out-of-the-blue popup asking if you’re trying to log in. Unfortunately, if you’ve reused passwords, or used weak passwords, then this will increase the likelihood of a random calls “from microsoft” or “your IT department” asking you to “verify that you still have access to account” by opening the authenticator and actively approving the login. This kind of UI behavior teaches people to be less wary since they have to then go out of their way to “prove” themselves, which is something most humans innately want to do. It’s going to be bad. To reduce the risk please use strong, unique, random passwords to lessen the risk of successful password spraying attacks.

Microsoft extended the security update support period for Windows Server 2012 to October 2026.

LBRY, Inc is finally throwing in the towel after years of fighting the SEC. LBRY is the organization behind the best (IMHO) video and data sharing service in the world, and was targeted because the federal government chooses not to understand crypto. LBRY is dead, long live LBRY!

The US is leading an alliance to never pay ransom to cybercriminals. A US court has ruled that it is not a privacy violation for your car to harvest your contacts, texts and call logs even when you do not grant those permissions. The SEC has charged SolarWinds and their CISO with fraud over the massive hack in late 2020.

Not only is it foolhardy to assume that any automated system could prevent abuse by 100% of the advertisers, Google’s own data shows that the number of malicious ads they have detected has increased by over 50% in the last year.

The “they have detected” clause is the important takeaway from that statement. Google has over a thousand dedicated people within their ad review department whose sole purpose is to detect and block malicious advertisements, and ads that violate any other policies. Even with that, many people that interact with ads still don’t realize they’re advertisements or are taken to malicious or fraudulent sites. They simply can not detect all malicious advertisements.

Now that Google is pushing a new ad-blocker war via YouTube, it’s actually increasing the number of people that realize that they can, and should, take action to block advertisements. Is it any wonder why people are increasingly blocking ads? You should, too. Start with uBlock Origin. Blocking advertisements is not just about security, though, it could help save the planetNeed help? Ask.

Moody’s has downgraded the US financial outlook to “negative”.

Now for the good news:

According to the CDC there are now record-high childhood vaccine refusals across the country. It’s about time.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 5 GB in updates today. Let’s get started.

Microsoft released updates to address 83 vulnerabilities in .NET Framework, ASP.NET, Azure, Azure DevOps, Microsoft Dynamics, Microsoft Dynamics 365 Sales, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Office, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Remote Registry Service, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows Search Component, Microsoft Windows Speech, Open Management Infrastructure, Tablet Windows User Interface, Visual Studio, Visual Studio Code, Windows Authentication Methods, Windows Cloud Files Mini Filter Driver, Windows Common Log File System Driver, Windows Compressed Folder, Windows Defender, Windows Deployment Services, Windows DHCP Server, Windows Distributed File System (DFS), Windows DWM Core Library, Windows HMAC Key Derivation, Windows Hyper-V, Windows Installer, Windows Internet Connection Sharing (ICS), Windows Kernel, Windows NTFS, Windows Protected EAP (PEAP), Windows Scripting, Windows SmartScreen, Windows Storage, and MSRT (~ 2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Monterey 12.7.1, macOS Ventura 13.6.2, macOS Sonoma 14.1.1, iOS 15.8, iOS 16.7.2, iOS 17.1.1, iPadOS 15.8, iPadOS 16.7.2, iPadOS 17.1.1, Safari 17.1, tvOS 17.1, and watchOS 10.1.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 15.8, 16.7.2, and 17.1.1 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 15.8, 16.7.2, and 17.1.1 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 10.1.1 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 17.1 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 118.0.5993.123/124 and 114.0.5735.339 are security updates. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 39-1.5 is a major update, adding cosmetic, networking, security and other improvements, and updates libraries. This should be treated as a security update.
https://getfedora.org/en/workstation/download/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Sonoma (14.x) means that macOS Big Sur (11.x) and older are no longer supported. If you can not install at least macOS Monterey (12) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current — and final — release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. All non-LTS versions of Windows 10 other than v22H2 are now out of support, upgrade to v22H2 now. If you aren’t sure whether you are using LTS, you aren’t. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v23H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is now stable and can be upgraded to if your hardware supports it, but I recommend you continue to use Windows 10 until early 2025 before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 23.11.1 resolves several bugs. This is not a security update.
https://www.amd.com/en/support

Daemon Tools Lite 12.0.0 is a major update with a redesign, improves search and resolves several bugs. This is not a security update.
https://www.daemon-tools.cc/products/dtLite

Display Driver Uninstaller 18.0.6.9 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DS4Windows 3.2.19 updates libraries and resolves several bugs. This is a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Nvidia Driver 474.66 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Samsung DeX 2.4.1.22 doesn’t provide a change log so should be treated as a security update.
https://www.samsung.com/us/apps/dex/

Wacom Driver 6.4.4-3 adds support for new hardware and resolves several bugs. This is not a security update.
https://www.wacom.com/en-us/support/product-support/drivers

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.60.114 resolves dozens of bugs. This is a security update.
https://brave.com/

Google Chrome 119.0.6045.123 is a security update.
https://www.google.com/chrome/

Microsoft Edge 119.0.2151.58 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 119.0.1 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 115.4.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 6.4.3160.42 is a security update.
https://vivaldi.com/

Microsoft Edge WebView2 119.0.2151.44 is a security update.
https://developer.microsoft.com/en-us/microsoft-edge/webview2/

Email Updates

One or more of these are likely to be of interest to everyone.

DavMail Gateway 6.2.0 updates dependencies and resolves several bugs. This is a security update.
https://davmail.sourceforge.net/

Spark 3.10.2 adds Spark Integrations and +AI to improve automation and resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.10.2.61166 adds Spark Integrations and +AI to improve automation and resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 115.4.2 resolves several bugs. This is not a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 8.0.6 adds dark mode, improves key handling, improves UI, and resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

AnyDesk (macOS) 7.2.3 vastly improves key handling and resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

BrowsingHistoryView 2.57 improves compatibility with Opera. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 8.4.0 adds support for IPFS and resolves more than 100 bugs. This is a security update.
https://curl.haxx.se/windows/

Dropbox 186.4.6207 improved hard drive space controls. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 199.0.0.9.236 is a security update.
https://www.messenger.com/download

FileZilla Client 3.66.1 improves stability and resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 13.1 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 84.0 is a security update.
https://drive.google.com/start

Microsoft Teams 1.6.00.29964 adds SMS notifications, unique join links, workflows within channels and resolves several bugs. This is not a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 27.1.3 is a security update.
https://nextcloud.com/

Npcap 1.78 is a security update.
https://nmap.org/npcap/

Pocketnet-GUI 0.8.67 resolves several bugs. This is not a security update.
https://pocketnet.app/

Rclone 1.64.2 resolves several bugs. This should be treated as a security update.
https://rclone.org/

Signal 6.38.0 improves contact management, voice and video calls. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 6.39.3 improves contact management. This is not a security update.
https://signal.org/android/apk/

Skype 8.106.0.212 resolves several bugs. This is not a security update.
https://www.skype.com/

Syncthing 1.26.0 resolves several bugs. This should be treated as a security update.
https://syncthing.net/

Technitium DNS Server 11.5.3 resolves several bugs. This follows shortly after a security update, so should be treated as a security update.
https://technitium.com/dns/

Telegram (Android) 10.2.3 doesn’t provide a changelog so should be treated as a security update.
https://telegram.org/apps

Telegram 4.11.8 resolves several bugs. This is not a security update.
https://telegram.org/

Zoom 5.16.6.24712 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 3.0.13 resolves several bugs. This is not a security update.
https://en.3tene.com/

Bitwig Studio 5.0.11 resolves several bugs. This is not a security update.
https://www.bitwig.com/download/

iTunes 12.13.0.9 is a security update.
https://www.apple.com/itunes/download/

Picard 2.10 is a security update.
https://picard.musicbrainz.org/

Plex Desktop 1.81.0.4012 adds Discover Together and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.50.1.4014 improves stability. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.32.8.7639 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

VLC Media Player 3.0.20 is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2023.8.2.108 improves stability. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.3.180 resolves several bugs. This is not a security update.
https://gdevelop.io/download

Lego Studio 2.23.10_1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

Minecraft Server (Bedrock) 1.20.41.02 doesn’t provide a changelog so should be treated as a security update.
https://www.minecraft.net/en-us/download/server/bedrock

Nintendo Switch 17.0.0 improves stability. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

PS5 23.02-08.20.02 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

SteamOS SteamDeck Update 2023-11-13 is a security update.
https://store.steampowered.com/news/app/1675200/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Acrobat and Reader DC 23.006.20380 is a security update.
https://get.adobe.com/reader

Adobe Acrobat and Reader 20.005.30539 is a security update.
https://helpx.adobe.com/security/products/acrobat/apsb23-54.html

Adobe After Effects 23.6.2 and 24.0.3 are security updates.
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html

Adobe Animate 23.0.3 and 24.0 are security updates.
https://helpx.adobe.com/security/products/animate/apsb23-61.html

Adobe Audition 23.6.2 and 24.0.3 are security updates.
https://helpx.adobe.com/security/products/audition/apsb23-64.html

Adobe Bridge 13.0.5 and 14.0.1 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb23-57.html

Adobe ColdFusion 2021.12 and 2023.6 are security updates.
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html

Adobe Dimension 3.4.10 is a security update.
https://helpx.adobe.com/security/products/dimension/apsb23-62.html

Adobe FrameMaker Publishing Server 2022.1 is a security update.
https://helpx.adobe.com/security/products/framemaker/apsb23-58.html

Adobe InCopy 18.5.1 and 19.0 are security updates.
https://helpx.adobe.com/security/products/incopy/apsb23-60.html

Adobe InDesign 18.5.1 and 19.0 are security updates.
https://helpx.adobe.com/security/products/indesign/apsb23-55.html

Adobe Media Encoder 23.6.2 and 24.0.3 are security updates.
https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html

Adobe Photoshop 24.7.2 and 25.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb23-56.html

Adobe Premiere Pro 23.6.2 and 24.0.3 are security updates.
https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html

Adobe RoboHelp Server 11.5 is a security update.
https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html

Artweaver 7.0.16 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Audacity 3.4.1 adds musical view, pitch controls, and resolves a dozen bugs. This is not a security update.
https://www.audacityteam.org/download/

Blender 3.6.5 doesn’t provide a detailed change log so should be treated as a security update.
https://www.blender.org/download/

Calibre 6.29.0 resolves several bugs, improves zoom control, and adds a command line option to open a new instance. This is not a security update.
https://calibre-ebook.com/

Ghostscript 10.02.1 is a security update.
https://www.ghostscript.com/releases/gsdnld.html

GIMP 2.10.36 is a security update.
https://www.gimp.org/

ImageMagick 7.1.1-21 is a security update.
https://imagemagick.org/

Kdenlive 23.08.3 resolves dozens of bugs. This is not a security update.
https://kdenlive.org/

Kindle for PC 2.1.70471 doesn’t provide a change log so should be treated as a security update.
https://www.amazon.com/kindleforpc

Krita 5.2.1 improves various features and resolves dozens of bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice 7.5.8 resolves more than a dozen bugs. This is not a security update.
https://www.libreoffice.org/

Manager 23.11.13.1143 resolves several bugs. This is not a security update.
https://www.manager.io/

Nextcloud Desktop 3.10.1 resolves several bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.5.8 resolves more than a dozen bugs. This is a security update.
https://notepad-plus-plus.org/

Paint.net 5.0.11 resolves several bugs. This is not a security update.
https://www.getpaint.net/

PDF-XChange Editor 10.1.2.382 is a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

QuickBooks Pro 2022 R13_09 improves migration assistant and resolves several bugs. This is not a security update.
https://downloads.quickbooks.com/app/qbdt/products

QuickBooks Pro 2023 R6_25 resolves resolves a major billing bug. This is not a security update.
https://downloads.quickbooks.com/app/qbdt/products

QuickBooks Pro 2024 20230817-R3_61 doesn’t provide a change log so should be treated as a security update.
https://downloads.quickbooks.com/app/qbdt/products

SumatraPDF 3.5.2 resolves several bugs. This is not a security update.
https://www.sumatrapdfreader.org/download-free-pdf-viewer

Security Software Updates

One or more of these is likely to be of interest to most people.

JShelter 0.17 adds several new controls and features. This is not a security update.
https://jshelter.org/install/

KeePass 2.55 resolves more than a dozen bugs and adds several new features. This is a security update.
https://keepass.info/

MalwareBytes Anti-Malware 4.6.5 improves compatibility and resolves a couple bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

OpenSSL 3.1.4 is a security update.
https://www.openssl.org/

ProtonVPN (macOS) 4.0.0 improves stability. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.13.0 is a security update.
https://www.adlice.com/download/roguekiller/

Stinger 12.2.0.664 adds support for several new detections. This should be considered a security update.
https://www.mcafee.com/us/downloads/free-tools/stinger.aspx

SuperAntiSpyware 10.0.1258 is a security update.
https://www.superantispyware.com/download.html

Tails 5.19 is a security update.
https://tails.boum.org/install/dvd/index.en.html

Tron 2023-10-17 is a security update.
https://www.bmrf.org/repos/tron/

uBlock Origin 1.53.4 improves stability.
https://github.com/gorhill/uBlock/releases/latest

Wireless Network Watcher 2.40 adds columns for IPv6 Address and Link Local IPv6 Address. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

Capture Updates

These are unlikely to be of interest to most people.

Open Broadcaster Software 30.0.0 is a major update which removes support for older platforms, adds support to new features and capabilities, and resolves over 50 bugs. This should be treated as a security update.
https://obsproject.com/

SnagIt 24.0.1 resolves several bugs, improves performance and adds output to Teams. This is not a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 13.0.0.4 resolves dozens of bugs and adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

FFmpeg 20231114 adds caption decoding. This is not a security update.
https://ffmpeg.org/ffmpeg.html

StreamFab 6.1.4.9 improves compatibility and resolves dozens of bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 2.0.0.3 improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.30 is a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

.NET Runtime 7.0.13 and 8.0.0 are security updates.
https://dotnet.microsoft.com/en-us/download/dotnet

1Password 8.10.18 resolves over a dozen bugs. This is not a security update.
https://1password.com/

Agent Ransack 2022.3416 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

AMD Ryzen Master 2.11.2.2659 is a security update.
https://www.amd.com/en/technologies/ryzen-master

AOMEI Partition Assistant 10.2.1 improves compatibility. This is not a security update.
https://www.diskpart.com/

Beyond Compare 4.4.7.28397 improves stability and resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 2023.10.1 resolves several bugs. This is not a security update.
https://bitwarden.com/

CCleaner 6.17.10746 improves junk cleaning. This is a security update.
https://www.ccleaner.com/

CurrPorts 2.76 adds option to show only incoming TCP connections. This is not a security update.
https://www.nirsoft.net/utils/cports.html

Dell Command Update 5.1.0 is a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

Dell OS Recovery Tool 2.3.2.7523 doesn’t provide a change log so should be treated as a security update.
https://www.dell.com/support/home/uk/en/ukbsdt1/drivers/osiso/recoverytool

DesktopOK 11.13 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 4.0.129.0 updates libraries and resolves several bugs. This is a security update.
https://dngrep.github.io/

email-oauth2-proxy 2023-11-01 adds support for secret rotation, resolves a couple bugs, and improves compatibility. This is not a security update.
https://github.com/simonrob/email-oauth2-proxy

Everything Toolbar 1.3.2 resolves a couple bugs. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

Fido 1.52 adds support for Windows 11 23H2. This is not a security update.
https://github.com/pbatard/Fido/releases

FileLocator Pro 2022.3416 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Fing 3.5.1 improves stability and resolves several bugs. This is not a security update.
https://www.fing.com/products/fing-desktop-download-windows

Go 1.21.4 is a security update.
https://go.dev/

GoodSync 12.4.5 resolves dozens of bugs. This is not a security update.
https://www.goodsync.com/

HDD Raw Copy 1.20 doesn’t provide a change log so should be treated as a security update.
https://hddguru.com/software/HDD-Raw-Copy-Tool/

HWiNFO 7.66 adds support for newer hardware and resolves several bugs. This is not a security update.
https://www.hwinfo.com/download/

Java 8u391 is a security update.
https://www.java.com/en/download/manual.jsp

NConvert 7.163 doesn’t provide a change log so should be treated as a security update.
https://www.xnview.com/en/nconvert/

NetworkInterfacesView 1.35 adds support for IPv6 addresses and IPv6 DNS servers. This is not a security update.
https://www.nirsoft.net/utils/network_interfaces.html

NTLite 2023.11.9477 improves compatibility and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

osquery 5.10.2 is a security update.
https://osquery.io/downloads

PingInfoView 3.01 adds support for IPv6, sorting, reporting improvements, and resolves several bugs. This is not a security update.
https://www.nirsoft.net/utils/multiple_ping_tool.html

PowerToys 0.75.1 resolves a couple bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 9.5.4 reduces nags and resolves several bugs. This is not a security update.
https://www.roboform.com/

Rufus 4.3 adds support for Windows 11 23H2, improves compatibility, and resolves several bugs. This is not a security update.
https://rufus.ie/en_US/

ScreenConnect 23.8.5.8707 is a security update.
https://www.connectwise.com/software/control/download

Sysmon 15.11 improves performance and resolves a couple bugs. This is a security update.
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon

TcpLogView 1.40 adds option to show only incoming connections. This is not a security update.
https://www.nirsoft.net/utils/tcp_log_view.html

VMMap 3.4 adds support for .NET 6 and higher. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/vmmap

WinGet 1.6.3133 adds support to configure behavior and resolves several bugs. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

WinScan2PDF 8.68 improves performance and reliability. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 4.16 adds several new features, cosmetic and reliability improvements, and resolves several bugs. This is not a security update.
https://www.diskanalyzer.com/

ZoomIt 7.2 adds highlighter and blur and microphone selection. This is not a security update.
https://learn.microsoft.com/en-us/sysinternals/downloads/zoomit

Developer Updates

These are unlikely to be of interest to most people.

ADB 34.0.5 resolves several bugs. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Android Studio 2022.3.1.21 resolves a couple issues with Gradle. This is not a security update.
https://developer.android.com/studio

GitHub Desktop 3.3.5 resolves several bugs. This is not a security update.
https://desktop.github.com/

Godot 4.1.3 resolves several bugs. This is not a security update.
https://godotengine.org/

Microsoft Visual C++ 2022 Redistributable 14.36.33130.0 is a security update.
https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist

MySQL ConnectorNet 8.2.0 updates libraries and resolves a couple bugs. This is not a security update.
https://dev.mysql.com/downloads/connector/net/

MySQL Server 8.0.35 resolves over a dozen bugs. This is a security update.
https://dev.mysql.com/downloads/installer/

Node.js 18.18.2 is a security update.
https://nodejs.org/en/

Node.js 20.9.0 is a security update.
https://nodejs.org/en/

Node.js 21.2.0 resolves several bugs, updates libraries, and provides dozens of improvements. This is a security update.
https://nodejs.org/en/

SQLite 3.44.0 provides more than a dozen improvements and bug fixes. This should be treated as a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.84.2 resolves several bugs. As of 1.84 Microsoft has dropped support for 32-bit versions of Visual Studio. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.34 resolves several bugs. This is not a security update.
https://winmerge.org/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.16.6 resolves several bugs. This is not a security update.
https://www.ppsspp.org/download/

VirtualBox 7.0.12 resolves dozens of bugs. This should be treated as a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

HumHub 1.15.0 resolves dozens of bugs. This is a security update.
https://www.humhub.com/en

Invision Community 4.7.14 resolves dozens of bugs. This is not a security update.
https://invisioncommunity.com/

Joomla 5.0.0 and 4.4.0 are both major updates with many new features, compatibility improvements, and bug fixes. These are not security updates.
https://www.joomla.org/

ownCloud Client 5.1.2 is a major update improving compatibility, performance, stability and resolving many bugs. This is not a security update.
https://owncloud.com/desktop-app/

ownCloud Server 10.13.2 updates depenendencies and resolves several bugs. This is a security update.
https://owncloud.com/download-server/

WordPress 6.4.1 is the third update to WordPress in the last month, following several security issues.
https://wordpress.org/

Autoptimize 3.1.10 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

BuddyPress 11.4.0 improves stability and compatibility. This is a security update.
https://wordpress.org/extend/plugins/buddypress/

Contact Form 7 5.8.2 improves stability and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.7 resolves a couple bugs. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

My Sticky Bar (formerly myStickymenu) 2.6.5 rebrands, adds a couple features, and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/

Postie 1.9.66 improves compatibility and resolves a notification bug. This is not a security update.
https://wordpress.org/extend/plugins/postie/

Show IDs 1.1.10 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/wpsite-show-ids/

W3 Total Cache 2.6.0 improves compatibility and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 8.2.2 resolves several bgus. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Mail SMTP 3.10.0 improves OAuth integration and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/

WP Plugin Update Checker 5.3 resolves a couple bugs. This is not a security update.
https://github.com/YahnisElsts/plugin-update-checker/releases/latest

WPBakery 7.2 adds AI support and resolves several bugs. This is not a security update.
https://wpbakery.com/

WPtouch 4.3.55 resolves several bgus. This is not a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

 

Updates 2023-04-11

Welcome back, Folks!

Today is Patch Tuesday for April, 2023.

This month brings over 160 significant hacks, and over 170 application updates. This is pretty normal these days, and the updates will weigh in at a little over 2.5 GB of updates for most users.

This Month in Technology

3CX, 51,000 websites, Ace Nursing, Activision, Adobe ColdFusion, Alivia Health, AllCare Plus Pharmacy, Inc, Allied Benefit, American Pain and Wellness, PLLC, an “East Asian company that develops data-loss prevention software for government and military,” Apple Safari, Aspire Public Schools, Associates in Dermatology, Atlantic Dialysis Management Services, Atlantic General Hospital, Autoridad de Acueductos y Alcantarillados, Bing.com search (via Azure AD), BitGo, BitKeep, Bitzlato, Black & McDonald, Blue Shield of California, Breached, Brooks Rehabilitation, Capita, ChatGPT, Chippewa County, CHU University hospitals, City of Oakland, City of Toronto, CloudPanel, Community Health Systems, Crown Resorts, Dole Food Company, a Dutch maritime logistics company, eFile-com, El Camino Health, El Consejo Nacional de Supervisión del Sistema Financiero, Elementor Pro WordPress plugin, Elmbrook School District, Essendant, Eye4Fraud, Fabrega Molino, Federal Law Enforcement Database, Ferrari, Florida-based community healthcare system, Frideres Dental LLC, Gala Games, General Bytes, 130+ organizations using GoAnywhere MFT, Guam Memorial Hospital, Hatch Bank, Hawaiian death registry, HDB Financial Services, Health Plan of San Mateo, Hitachi Energy, Homewood Health, HP LaserJet printers, Independent Living Systems, India’s Defense Research and Development Organization, Indian health system, Instituto De Educación Secundaria Ies Emilio Canalejo Olmeda, Integrated Supports for Living, Inc, Killer Instinct, Latitude Financial Services, Leaked Reality, LinusTechTips, Lionsgate, Long Son Petrochemicals, Lumen, Majestic Care Middletown Assisted Living LLC, McDonald’s, Medellin government, MedEx, Medminder, Merritt Healthcare Advisors, Microsoft SharePoint, Microsoft Teams, Mozilla Firefox, MSI, National Basketball Association, NCB Management Services, Nebu, Netgear Orbi, New Medical Healthcare, New York City public school special education students, New York-Presbyterian Hospital, NewBridge Services, NewYork-Presbyterian Hospital, Nexx smart devices, NHS Highland, Nonstop Administration and Insurance Services, Inc, NorthStar Emergency Medical Services, NS, Open University of Cyprus, Oracle VirtualBox, ParaSpace, Pension Protection Fund, PetroVietnam, Poolz Finance, POSCO Engineering & Construction, Postal Prescription Services – Kroger, Procter & Gamble, Proskauer Rose, QNAP, Rio Tinto, Rochester Public Schools, Rubrik, SafeMoon, Saks Fifth Avenue, Samsung, SD Worx, Shopper+, South Texas Health System, Sundry Files, Tallahassee Memorial Healthcare, Inc, Tasmanian Education Department, Telegram, Tesla Model 3, the WiFi protocol (this is big), TheGradCafe, Throne, TMX Finance (TitleMax, TitleBucks, InstaLoan), Top of the World Ranch Treatment Center, Toyota Italy, Tusla, Twitter, Uber, Ubuntu Desktop, UC San Diego Health, UHS of Delaware, Inc, UK’s Criminal Records Office, UK’s Virgin Red, Ukrainian utility company, US Congress, US Department of DefenseUS Federal Bureau of Investigation, US Marshals Service, US Special Operations Command, US Wellness Inc, US Wellness, Vazquez Nava Consultores y Abogados, Veeam’s Backup & Replication, Veritas Backup Exec, VM2, VMware Workstation, WellBe, Wells Fargo, West Virginia hospital, Western Digital, Wilkes-Barre Career and Technical Center, WinRAR SFX, WooCommerce, Yardley Dermatology Associates, PC, Yucatan government, Yum! Brands (Taco Bell, KFC, Pizza Hut), Z2U, ZenGo, Zimbra Collaboration Suite, and Zoll have reportedly been hacked or compromised this month.

Amazon has pulled the plug on their most successful charitable endeavor, AmazonSmile.

According to the FBI, 860 “critical” infrastructure organizations were hit with ransomware in 2022. Shouldn’t they just stop if they’re so concerned, since they’re usually the ones behind most terrorists?

It should come as no surprise that the recent spate of train derailments comes not long after a manager at one of the largest rail companies told inspectors to stop marking rail cars that needed repairs.

Apple Weather, Microsoft Defender, Reddit, and WD My Cloud suffered from outages this month.

Last months updates broke Red Dead Redemption 2, and caused problems for many printers by replacing the vendor print drivers with Microsoft’s incompatible drivers. But at least Microsoft is now inserting ads in the Start menu, right? Grrr.

Here’s yet another demonstration of how your “smart device” can be exploited without your knowledge. GM’s Cruise robotaxis have been recalled after they caused an accident in San Francisco. 

Now for the good news:

 

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly
GB in updates today. Let’s get started.

Windows 10 and Windows 11 22H2 should now be installed. Sadly, the new “Moments” features on Windows 11 will insert advertisements in the Start menu and Control Panel. Just another sign of the continuing decline of Windows.

Microsoft released updates to address 93 vulnerabilities in .NET Core, Azure Machine Learning, Azure Service Connector, Microsoft Bluetooth Driver, Microsoft Defender for Endpoint, Microsoft Dynamics, Microsoft Dynamics 365 Customer Voice, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Message Queuing, Microsoft Office, Microsoft Office Publisher, Microsoft Office SharePoint, Microsoft Office Word, Microsoft PostScript Printer Driver, Microsoft Printer Drivers, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows DNS, Visual Studio, Visual Studio Code, Windows Active Directory, Windows ALPC, Windows Ancillary Function Driver for WinSock, Windows Boot Manager, Windows Clip Service, Windows CNG Key Isolation Service, Windows Common Log File System Driver, Windows DHCP Server, Windows Enroll Engine, Windows Error Reporting, Windows Group Policy, Windows Internet Key Exchange (IKE) Protocol, Windows Kerberos, Windows Kernel, Windows Layer 2 Tunneling Protocol, Windows Lock Screen, Windows Netlogon, Windows Network Address Translation (NAT), Windows Network File System, Windows Network Load Balancing, Windows NTLM, Windows PGM, Windows Point-to-Point Protocol over Ethernet (PPPoE), Windows Point-to-Point Tunneling Protocol, Windows Raw Image Extension, Windows RDP Client, Windows Registry, Windows RPC API, Windows Secure Boot, Windows Secure Channel, Windows Secure Socket Tunneling Protocol (SSTP), Windows Transport Security Layer (TLS), Windows Win32K and MSRT (~
GB). This includes security updates. A reboot is required.

Apple released updates for iOS 15.7.5 and 16.4.1, iPadOS 15.7.5 and 16.4.1, macOS Big Sur 11.7.6, macOS Monterey 12.6.5, macOS Ventura 13.3.1, Safari 16.4.1, Studio Display Firmware Update 16.4, tvOS 16.4, and watchOS 9.4. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 16.4.1 and 15.7.5 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 16.4.1 and 15.7.5 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 9.4 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 16.4 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 112.0.5615.62 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Ventura (13.x) means that macOS Catalina (10.15) and older are no longer supported. If you can not install at least macOS Big Sur (11) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 23.4.1 resolves several bugs. This is not a security update.
https://www.amd.com/en/support

Display Driver Uninstaller 18.0.6.2 resolves a stability bug. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Nvidia Driver 474.30 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.50.114 is a security update.
https://brave.com/

Google Chrome 112.0.5615.49 is a security update.
https://www.google.com/chrome/

Microsoft Edge 112.0.1722.34 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Microsoft Edge 109.0.1518.78 is a security update. This version should be used only on devices where the current stable release is not available.
https://www.microsoft.com/en-us/edge/business/download

Firefox 112.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/

SeaMonkey 2.53.16 is a security update.
https://www.seamonkey-project.org/

Vivaldi 5.7.2921.65 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

OutlookAttachView 3.48 adds sort-by to the toolbar. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Spark 3.3.6.46134 improves stability. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.3.6.46132 improves stability. This is not a security update.
https://sparkmailapp.com/

Thunderbird 102.9.1 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.1.11 is a bug fix for a security update.
https://anydesk.com/en/downloads

BrowsingHistoryView 2.55 adds sort-by to the toolbar. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 8.0.1 resolves dozens of bugs. This should be treated as a security update.
https://curl.haxx.se/windows/

Dropbox 171.4.6182 improves stability. This is not a security update.
https://www.dropbox.com/

FreeFileSync 12.2 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 73.0 resolves several bugs. This is not a security update.
https://drive.google.com/start

Microsoft Teams 1.6.00.6754 is a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 26.0.0 is a major update with improvements across a dozens features and many bug fixes. This is not a security update.
https://nextcloud.com/

Npcap 1.73 is a security update.
https://nmap.org/npcap/

Omada Software Controller 5.9.31 resolves several bugs. This is not a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Rclone 1.62.2 resolves several bugs. This is not a security update.
https://rclone.org/

Signal (Android) 6.16.2 doesn’t provide a detailed changelog so should be treated as a security update.
https://signal.org/android/apk/

Signal 6.13.0 improves dark mode and cosmetics. This is not a security update.
https://signal.org/download/windows/

Syncthing 1.23.4 resolves several bugs. This should be treated as a security update.
https://syncthing.net/

Telegram 4.7.1 resolves a couple bugs. This is not a security update.
https://telegram.org/

Trillian 6.5.0.28 resolves several bugs. This is not a security update.
https://www.trillian.im/

WinSCP 5.21.8 is a security update.
https://winscp.net/eng/index.php

Zoom 5.14.2.14578 resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Bitwig Studio 4.4.10 improves stability. This is not a security update.
https://www.bitwig.com/download/

iTunes 12.12.8.1 is a security update.
https://www.apple.com/itunes/download/

Plex Desktop 1.67.1.3665 fixes the subtitle render/crash issue. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.37.2.3674 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.32.0.6918 resolves a font bug and a certificate installation bug. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2023.2.1.75 adds a new particle editor to the IDE and reworks some of the interface. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.1.160 resolves several bugs and adds more than a dozen new assets and feature improvements. This is not a security update.
https://gdevelop.io/download

Lego Studio 2.23.3.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

Nintendo Switch 16.0.1 improves stability. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

PS5 23.01-07.01.01 resolves a cosmetic bug. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2023.03.15 resolves dozens of bugs. This should be treated as a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 23.001.20143 is a security update.
https://get.adobe.com/reader

Adobe Digital Editions 4.5.11.187658 is a security update.
https://www.adobe.com/solutions/ebook/digital-editions/download.html

Adobe InCopy 18.2 and 17.4.1 are security updates. Use Creative Cloud to install the update.

Adobe Acrobat and Reader 23.001.20143 and 20.005.30467 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb23-24.html

Adobe Substance 3D Stager 2.0.2 is a security update.
https://www.adobe.com/products/substance3d-stager.html

Adobe Dimension 3.4.9 is a security update.
https://www.adobe.com/products/dimension.html

Adobe Substance 3D Designer 12.4.1 is a security update.
https://www.adobe.com/products/substance3d-designer.html

Artweaver 7.0.15 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Calibre 6.15.1 resolves several bugs and improves document compatibility. This is not a security update.
https://calibre-ebook.com/

ImageMagick 7.1.1-6 resolves several bugs. This is not a security update.
https://imagemagick.org/

LibreOffice Fresh 7.5.2 resolves over 90 bugs. This is a security update. The “Fresh” line is beta software and should be avoided by most users.
https://www.libreoffice.org/

Nextcloud Desktop 3.8.0 resolves several bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.5.2 resolves several context menu and cosmetic bugs. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 5.0.3 adds center-point shape drawing and resolves several bugs. This is not a security update.
https://www.getpaint.net/

PDF-XChange Editor 9.5.368.0 is a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

Security Software Updates

One or more of these is likely to be of interest to most people.

Caine 13.0 is a security update.
https://www.caine-live.net/

Chainsaw 2.6.0 resolves several bugs. This is not a security update.
https://github.com/countercept/chainsaw

FSS 2023.3.19 updates service list. This is not a security update.
https://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

MalwareBytes Anti-Malware 4.5.26 improves reporting and resolves several bugs. This should be treated as a security update.
https://www.malwarebytes.org/antimalware/

ProtonVPN 2.4.1 improves stability. This is not a security update.
https://protonvpn.com/download

ProtonVPN (macOS) 3.0.15 resolves several bugs. This is not a security update.
https://protonvpn.com/download

QubesOS 4.1.2 is a security update.
https://www.qubes-os.org/downloads/

RogueKiller 15.8.2 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Stinger 12.2.0.570 improves detections. This should be treated as a security update.
https://www.mcafee.com/us/downloads/free-tools/stinger.aspx

SuperAntiSpyware 10.0.1250 resolves several bugs. This is not a security update.
https://www.superantispyware.com/download.html

Tails 5.11 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.48.4 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Velociraptor 0.6.8 integrates several net
https://github.com/Velocidex/velociraptor/releases/latest

Wireless Network Watcher 2.31 adds a dark mode option and updates internal MAC address database. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

YARA 4.3.0 resolves several bugs and adds new functions and behaviors. This should be treated as a security update.
https://github.com/VirusTotal/yara/

Capture Updates

These are unlikely to be of interest to most people.

Camtasia 22.5.3 resolves several crash bugs, installation issues and improves the UI. This is not a security update.
https://www.techsmith.com/video-editor.html

SnagIt 23.1.1 resolves several bugs. This is not a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.1.0.3 improves compatibility. This is not a security update.
https://www.dvdfab.cn/download.htm

StreamFab 6.1.1.6 improves compatibility and provides new output options. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 1.0.1.7 improves compatibility. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.10.4 fixes of a dozen bugs. This is a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.10.4 fixes over a dozen bugs. This is a security update.
https://1password.com/downloads/windows/

AstroGrep 4.4.9 updates libraries, adds dark theme, improves filters and resolves several bugs. This is a security update.
http://astrogrep.sourceforge.net/

Bitwarden 2023.3.3 adds domain verification, improved browser security, and resolves several bugs. This is a security update.
https://bitwarden.com/

CalyxOS Device Flasher 1.0.7 doesn’t provide a changelog so should be treated as a security update.
https://calyxos.org/install/

Carbonite 6.4.6 is a security update.
https://account.carbonite.com/

CCleaner 6.10.10347 improves cleaning and adds to the their driver update solution. This is not a security update.
https://www.ccleaner.com/

CrucialScan 20230308 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/store/systemscanner

CurrPorts 2.71 adds full screen display option. This is not a security update.
https://www.nirsoft.net/utils/cports.html

DesktopOK 10.77 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DMDE 4.0.6.806 fixes several bugs. This is a security update.
https://dmde.com/

Everything Toolbar 1.0.5 improves stability and compatibility. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

FolderChangesView 2.35 adds dark mode support and sort-by to the toolbar. This is not a security update.
https://www.nirsoft.net/utils/folder_changes_view.html

Go 1.20.3 is a security update.
https://go.dev/

GoodSync 12.2.0 resolves several bugs. This is not a security update.
https://www.goodsync.com/

IsMyHdOK 3.88 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2023.4.9191 adds components, new settings and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

osquery 5.8.2 is a security update.
https://osquery.io/downloads

PowerToys 0.69.0 resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Process Explorer 17.04 is a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

PsExec 2.42 adds support for long paths. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

Regedix 2.0.0.0 adds registry scan and resolves paste bug. This is not a security update.
https://regedix.webrox.fr/

RoboForm 9.4.6 is a security update.
https://www.roboform.com/

Rufus 3.22 resolves several bugs. This is not a security update.
https://rufus.ie/en_US/

ScreenConnect 23.2.9.8466 improves compatibility. This is not a security update.
https://www.connectwise.com/software/control/download

TCPView 4.18 resolves a crash bug and improves dark mode. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview

TeamViewer 15.40.8 resolves a LAN bug. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

Unity 2022.2.14 resolves dozens of bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

Ventoy 1.0.91 resolves several bugs. This is not a security update.
https://www.ventoy.net/en/index.html

WifiInfoView 2.79 resolves a display bug. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinScan2PDF 8.55 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 4.13 adds regexp search, search history, command line options, virtual drives, sorting options, and resolves a couple bugs. This is not a security update.
https://www.diskanalyzer.com/

XnConvert 1.98 doesn’t provide a changelog so should be treated as a security update.
https://www.xnview.com/en/xnconvert/

ZoomText 2023 2023.2303.77.400 adds tethered view. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

ADB 34.0.1 resolves several bugs. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

GitHub Desktop 3.2.1 resolves a dozen bugs and provides several improvements. This is not a security update.
https://desktop.github.com/

Node.js 16.20.0 updates libraries and resolves several bugs. This is not a security update.
https://nodejs.org/en/

Node.js 19.9.0 adds a new tracing feature, URL parser improvements, and resolves several bugs. This is not a security update.
https://nodejs.org/en/

SQLite 3.41.2 resolves several bugs and improves several features. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.77.1 improves stability. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.24 resolves several bugs. This is not a security update.
https://coppermine-gallery.net/

Drupal 9.4.12 is a security update.
https://drupal.org/download

Drupal 9.5.7 resolves a bug in the editor. This is not a security update.
https://drupal.org/download

WordPress 6.2 adds several new native features – custom CSS, sticky positions, new site editor, block management, Openverse media access, and more. This is not a security update.
https://wordpress.org/

Akismet 5.1 resolves several bugs. This should be treated as a security update.
https://wordpress.org/extend/plugins/akismet/

Autoptimize 3.1.6 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

Contact Form 7 5.7.5.1 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.3.1 doesn’t provide a change log so should be treated as a security update.
https://wordpress.org/plugins/duplicator/

Limit Login Attempts 1.7.2 is a security update.
https://wordpress.org/extend/plugins/limit-login-attempts/

Redirection 5.3.10 resolves a save bug. This is not a security update.
https://wordpress.org/extend/plugins/redirection/

W3 Total Cache 2.3.1 improves compatibility and resolves several bugs. This is a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 7.5.1 improves stability. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Cerber Security 9.5.3 improves compatibility. This is not a security update.
https://wpcerber.com/

WPtouch 4.3.52 resolves a cosmetic bug. This is not a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

 

Updates 2022-12-13

Merry Christmas, Folks!

Today is Patch Tuesday for December, 2022.

This month brings a new version of Windows 10 (v22H2), critical security updates for all supported Apple products, and (literally) new security updates every single week since the last update cycle on November 8th. That’s on top of the 150+ major hacks, and over 165 application updates this month. Prepare yourself, there will be about 4 GB of updates for most devices this month.

This Month in Technology

Over 15,000 websites, Abandonia2022, ABB Totalflow, Accuro, Acer UEFI Secure Boot, dozens of apps using the Algolia API, Amazon ECR, Amnesty International Canada, Android, Android OEM certificates, André-Mignot Hospital, Ankr, Antwerp, Belgium, Argentina de Soluciones Satelitales, Arkansas Department of Human Services, Atlassian Bitbucket Server, Bahrain, Bank of Russia, Boa web server, California’s Department of Finance, Canadian Teachers Union, Canon hardware, CareFirst Administrators, CCA Health Plans of California, Inc d/b/a CCA Health CA, Central Depository Services Ltd, Chiropractic Board of New Zealand, Cincinnati State Technical and Community College, Cisco IP phones, Citrix ADC and Gateway, CloudSEK, Codesys, CoinTracker, CommonSpirit Health, Community Health Network, Inc. as an Affiliated Covered Entity, Connexin Software, Consumer Directed Services In Texas, Inc., CorrectCare Integrated Health Inc, County of Tehama, California, Dallam Hartley Counties Hospital District, Deribit, Dermatology & Skin Cancer Ctr, PC, Dialpad, Inc., Dietitians Board of New Zealand, Docs Medical Inc, Doctors’ Center Hospital, Dr. Douglas C. Shoenberger,PC, Durham District School Board, Dutch LNG Terminal, Easton Cardiovascular, Ellen M. Field, M.D., Epic Management LLC, European Parliament, F5 BIG-IP and BIG-IQ, Fars News Agency, Festo, FortiOS SSL-VPN, FTX, GATE Petroleum Company Employee Benefits Plan, Gateway Rehabilitation Center, General Council of the Judiciary, GGCorp, Google Pixel 5 and 6, Google’s Looker Studio, GoTo, Guatemala’s Ministry of Foreign Affairs, Health Care Management Solutions, LLC, Health New Zealand, Hope Health Systems Inc., Hospital Center of Versailles, HP hardware, Hyundai and Genesis cars, Indian Central Board of Higher Education, Indian Community Health Network, Indian Council of Medical Research, Indian electrical grid operators, Innovative Service Technology Management Services, Inc., Kaiser Foundation Health Plan of the Mid-Atlantic States, Inc., Keralty Group, Lake Charles Memorial Health System, LastPass (again), Lehigh Valley Women’s Specialties, Lenovo UEFI Secure Boot, Lexmark hardware, Magento 2, Manassas Surgery Center Anesthesia Services, MaryAnne Freeman Brndjar, DO, PC, Medibank, Mena Regional Health System, Mercury IT, Microsoft Exchange, Mikrotik hardware, NETGEAR hardware, New York-Presbyterian Hospital, New Zealand Ministry of Justice, New Zealand Psychologists Board, New York-Presbyterian Hospital, a NY salon, NU House Calls, PC, Nuance Communications, Inc., OakBend Medical Center, One Brooklyn Health System, Optometrists and Dispensing Opticians Board of New Zealand, Oracle Fusion, Orange Telecom, Orlando Health, Pendurthi Surgical Associates, Peter J. Isaac, D.O., Physiotherapy Board of New Zealand, Plascar Participacoes Industriais, Podiatrists Board of New Zealand, Polsinelli PC, Quarkus Java Framework, Rackspace, Radio Free Asia, Receivables Performance Management, Restaurants in Cincinnati, Roman Catholic Church, Rosenfeld VanWirt, PC, Royal Mail, Samsung Galaxy S22, Sequoia One, Seville Urban Transport Company, Silverstone Circuit, Sobeys, Sonder, Sonos hardware, South Staffordshire Water, South Walton Fire District, Southampton County, Virginia, Sree Saran Medical Centre, Stanley Street Treatment and Resources, Inc., Synology hardware, Tata Power, Telstra, The Smith Family, TP-Link hardware, Tuloso-Midway Independent School District, Twitter, Uber, Ubiquiti hardware, University Medical Center of Southern Nevada, UOB KayHian, Uruguay’s Ministry of Transport and Public Works, the US government, VMware ESXi, VTB Bank, Western Digital hardware, Whoosh, Work Health Solutions, Wright & Filippis LLC, Xavier College, Yakima Neighborhood Health Services, Yale University, and the Zwijndrecht police have reportedly been hacked or compromised this month.

There’s another novel method for exfiltrating information from air-gapped devices: the power supply. Most US DoD contractors fail to implement basic security controls.

Windows updates last month broke DirectAccess, gaming performance, ODBC database connections, Remote Desktop, Task Manager, Windows Kerberos, caused Windows freezes and domain controller freezes.

Meta (Facebook and Instagram) has acknowledged they’ve been used by the US Military for propaganda

Now for the good news:

Apple is finally adding end-to-end encryption for some iCloud backups.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 4 GB in updates today. Let’s get started.

Microsoft released updates to address 57 vulnerabilities in .NET Framework, Azure, Client Server Run-time Subsystem (CSRSS), Microsoft Bluetooth Driver, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office, Microsoft Office OneNote, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft Windows Codecs Library, Windows Hyper-V, SysInternals, Windows Certificates, Windows Contacts, Windows DirectX, Windows Error Reporting, Windows Fax Compose Form, Windows HTTP Print Provider, Windows Kernel, Windows PowerShell, Windows Print Spooler Components, Windows Projected File System, Windows Secure Socket Tunneling Protocol (SSTP), Windows SmartScreen, Windows Subsystem for Linux, Windows Terminal and MSRT (~ 2.5 GB). This includes security updates. A reboot is required.

Apple released updates for iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2, iOS 16.2 and iPadOS 16.2, macOS Big Sur 11.7.2, macOS Monterey 12.6.2, macOS Ventura 13.1, Safari 16.2, tvOS 16.1.1, tvOS 16.2, and watchOS 9.2. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 15.7.2, 16.1.2, and 16.2 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 15.7.2, 16.1.2, and 16.2 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 9.2 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 16.1.1 and 16.2 are security updates. Use System, Software Update to install the most current version.

Google Chrome OS 108.0.5359.75 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 37-1.7 is a major update, adding support for Raspberry Pi 4, new editions, and updates libraries. This is not a security update.
https://getfedora.org/en/workstation/download/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Big Sur (11) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 22.11.2 resolves several bugs. This is not a security update.
https://www.amd.com/en/support

Display Driver Uninstaller 18.0.5.9 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DS4Windows 3.1.11 resolves several bugs. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Garmin Express 7.15.2 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.garmin.com/en-US/software/express/

NVcleanstall 1.14.0 resolves several bugs. This is not a security update.
https://www.techpowerup.com/download/techpowerup-nvcleanstall/

Nvidia Driver 474.06 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Drivers by Seagull 2022.3 adds support for over 200 new devices. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/

Wacom Driver 6.4.0-11 resolves several bugs. This is not a security update.
https://www.wacom.com/en-us/support/product-support/drivers

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.46.134 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 108.0.5359.98 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 108.0.1462.46 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 108.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Vivaldi 5.6.2867.40 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.10.7 resolves a couple bugs and improves cosmetic options. This is not a security update.
https://getmailspring.com/

OutlookAttachView 3.47 adds option to cancel scan with Esc key. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Spark 3.2.1.40643 resolves many bugs. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.2.1.40641 resolves many bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 102.6 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk (macOS) 7.0.0 resolves several bugs and improves interface and Settings. This is not a security update.
https://anydesk.com/en/downloads

BrowsingHistoryView 2.53 adds multiple profile support to several browsers and adds the ability to cancel scan with the Esc key. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

DNSDataView 1.70 adds support for collecting A records of all PTR record. This is not a security update.
https://www.nirsoft.net/utils/dns_records_viewer.html

Dropbox 162.4.5419 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 172.0.0.23.215 is a security update.
https://www.messenger.com/download

FileZilla Client 3.62.2 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FileZilla Server 1.6.1 resolves an installation bug and improves certificate controls. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.28 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 68.0 resolves several bugs. This is not a security update.
https://drive.google.com/start

Microsoft Teams 1.5.00.33362 adds HOSI support for compatible hardware. This is not a security update.
https://teams.microsoft.com/downloads

Minds (Android) 4.30.1 resolves several bugs. This is not a security update.
https://www.minds.com/

Nextcloud Server 25.0.2 resolves dozens of bugs. This is a security update.
https://nextcloud.com/

Omada Software Controller 5.7.4 improves the user interface, adds several new options, and resolves several bugs. This is a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Pocketnet-Core 0.20.29 resolves several bugs. This is not a security update.
https://pocketnet.app/

Pocketnet-GUI 0.8.34 resolves several bugs. This is not a security update.
https://pocketnet.app/

Qbox 4.0.5.35 doesn’t provide a changelog so should be treated as a security update.
https://www.coraltreetech.com/qbox

Rclone 1.60.1 resolves several bugs and improves compatibility. This is not a security update.
https://rclone.org/

Signal 6.0.1 adds Stories support. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 6.3.6 adds donation support. This is not a security update.
https://signal.org/android/apk/

Skype 8.91.0.404 adds universal translation and resolves several bugs. This is not a security update.
https://www.skype.com/

Syncthing 1.22.2 resolves several bugs and updates libraries. This is not a security update.
https://syncthing.net/

Technitium DNS Server 10.0.1 adds several features and resolves bugs. This is a security update.
https://technitium.com/dns/

Telegram 4.4.1 resolves several bugs. This is not a security update.
https://telegram.org/

Telegram (Android) 9.2.1 doesn’t provide a detailed changelog so should be treated as a security update.
https://telegram.org/apps

TP-Link Archer AX21 v1.3.6 is a security update.
https://www.tp-link.com/us/support/download/archer-ax21/v1.20/#Firmware

WinSCP 5.21.6 is a security update.
https://winscp.net/eng/index.php

Zoom 5.12.9.10650 improves policy controls, CC and translation, and resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Bitwig Studio 4.4.3 fixes a couple stability bugs. This is not a security update.
https://www.bitwig.com/download/

Picard 2.8.5 resolves several bugs. This is a security update.
https://picard.musicbrainz.org/

Plex Desktop 1.59.1.3398 adds support for AV1 and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.30.1.3391 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.30.0.6486 adds pattern matching, improves scheduled tasks, and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

VLC Media Player 3.0.18 is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2022.11.0.54 resolves dozens of bugs and improves usability. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.1.152 adds new features, including monetization through assets, and resolves several bugs. This is not a security update.
https://gdevelop.io/download

Lego Studio 2.22.12.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

Steam 2022.12.01 resolves 20 bugs. This is not a security update.
https://steamcommunity.com/news/client

SteamOS SteamDeck Update 2022-11-21 resolves many bugs including hardware compatibility, performance and stability issues. This is not a security update.
https://store.steampowered.com/news/app/1675200/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Campaign Classic 7.3.2 and 8.4.2 are security updates.
https://helpx.adobe.com/security/products/campaign/apsb22-58.html

Adobe Experience Manager 2022.10.0 and 6.5.15.0 resolve almost three dozen security vulnerabilities.
https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html

Illustrator 2023 27.0.1 and 2022 26.5.2 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb22-60.html

Artweaver 7.0.14 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Atom 1.63.1 is the final release of Atom before it is to be EOL in a couple days. Please switch to another editor.
https://atom.io/

Audacity 3.2.2 adds VST2 realtime effect support and resolves several bugs. This is not a security update.
https://www.audacityteam.org/download/

Calibre 6.9.0 adds signing to all binaries and resolves several bugs. This should be treated as a security update.
https://calibre-ebook.com/

Inkscape 1.2.2 resolves dozens of bugs. This is not a security update.
https://inkscape.org/release/

Kindle for PC 1.39.65383 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

LibreOffice Fresh 7.4.3 resolves 100 bugs. This is a security update. Remember that the Fresh line is beta software. Most users should use the Still line.
https://www.libreoffice.org/

Nextcloud Desktop 3.6.4 improves stability. This is not a security update.
https://nextcloud.com/

PDF-XChange Editor 9.5.366.0 resolves several bugs. This is not a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

Security Software Updates

One or more of these is likely to be of interest to most people.

Chainsaw 2.3.0 improves culprit tracking. This should be treated as a security update.
https://github.com/countercept/chainsaw

HTTP Toolkit 1.12.1 doesn’t provide a changelog so should be treated as a security update.
https://httptoolkit.tech/

MalwareBytes Anti-Malware Mac 4.17.8 adds support for macOS Ventura/13. This is not a security update.
https://www.malwarebytes.com/mac/

ProtonVPN 2.3.1 improves user interface. This is not a security update.
https://protonvpn.com/download

ProtonVPN (macOS) 3.0.10 improves the user interface. This is not a security update.
https://protonvpn.com/download

Radmin VPN 1.3.4568.3 adds ability to add exceptions from within the software. This is not a security update.
https://www.radmin-vpn.com/

RogueKiller 15.6.3 updates engine and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Tails 5.7 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.45.2 resolves a couple bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Velociraptor 0.6.7 adds PGP automation and resolves several bugs. This is not a security update.
https://github.com/Velocidex/velociraptor/releases/latest

WebBrowserPassView 2.12 adds High-DPI support and improves portable browser support. This is not a security update.
https://www.nirsoft.net/utils/web_browser_password.html

Capture Updates

These are unlikely to be of interest to most people.

Camtasia 22.4.1 resolves several bugs. This is not a security update.
https://www.techsmith.com/video-editor.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.9.4 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

iMazing HEIC Converter 2.0.3 doesn’t provide a changelog so should be treated as a security update.
https://imazing.com/heic

IsoBuster 5.1 adds support for reading the FAT directly, improves performance and stability, and resolves dozens of bugs. This is not a security update.
https://www.isobuster.com/download.php

PDF Creator 5.0.3 resolves several bugs. This is not a security update.
https://www.pdfforge.org/pdfcreator

StreamFab 6.0.0.7 adds support for new encodings and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.18 resolves a merge bug. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.9.10 improves 2FA support and compatibility, and resolves dozens of bugs. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.9.10 improves 2FA support and compatibility, and resolves dozens of bugs. This is not a security update.
https://1password.com/downloads/windows/

Agent Ransack 2022.3349 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

Bitwarden 2022.11.0 implements 2-step authentication and resolves several bugs. This is not a security update.
https://bitwarden.com/

CCleaner 6.06.10144 adds and improves cleanup for over a dozen applications. This is not a security update.
https://www.ccleaner.com/

Cygwin 3.4.1 resolves several bugs. This is not a security update.
https://cygwin.com/

DesktopOK 10.51 improves compatibility with Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 3.1.197.0 adds recycle bin support, resolves several bugs, and improves bookmark behavior. This is not a security update.
https://dngrep.github.io/

Etcher 1.10.6 updates dependencies. This is not a security update.
https://www.balena.io/etcher/

FileLocator Pro 2022.3349 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Git SCM 2.39.0 resolves several bugs. This is not a security update.
https://git-scm.com/

Go 1.19.4 is a security update.
https://go.dev/

GoodSync 12.1.2 resolves dozens of bugs. This is not a security update.
https://www.goodsync.com/

Homedale 2.04 removes log headers and updates languages. This is not a security update.
https://www.the-sz.com/products/homedale/

HWMonitor 1.48 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

NetConnectChoose 1.10 adds Metric column and resolves a network selection bug. This is not a security update.
https://www.nirsoft.net/utils/net_connect_choose.html

NTLite 2.3.9.9018 improves compatibility and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSForensics 10.0.1006 resolves several bugs. This is not a security update.
https://www.osforensics.com/download.html

osquery 5.6.0 resolves several bugs, adds new columns and controls. This is not a security update.
https://osquery.io/downloads

AOMEI Partition Assistant 9.13.0 resolves several bugs. This is not a security update.
https://www.diskpart.com/

PointerStick 6.11 improves compatibility with Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.65.0 upgrades dependencies and resolves a couple bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Process Explorer 17.02 resolves stability bugs. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

RoboForm 9.3.8 resolves several bugs. This is not a security update.
https://www.roboform.com/

Rufus 3.21 updates dependencies, libraries, and resolves several bugs. This is not a security update.
https://rufus.ie/en_US/

ScreenConnect 22.9.10589.8370 resolves dozens of bugs including stability and reliability. This is a security update.
https://www.connectwise.com/software/control/download

Sysmon 14.13 resolves a stability bug. This is a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TeamViewer 15.36.9 improves terminal and scripting support. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

TraceRouteOK 3.22 improves compatibility with Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

Unity 2022.2.0 resolves over a hundred bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

WinScan2PDF 8.31 improves compatibility with Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 4.12 resolves a couple bugs. This is not a security update.
https://www.diskanalyzer.com/

ZoomText 2022 2022.2211.5.400 improves integration and stability, and resolves several bugs. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

ZoomText 2023 2023.2210.28.400 is a new major version adding tethered view and improves compatibility. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.36.02 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

Docker Desktop 4.14.1 improves stability and performance, adds WebAssembly support, user interface improvements, upgrades libraries and resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Node.js 14.21.2 updates certificates and timezone information. This should be treated as a security update.
https://nodejs.org/en/

Node.js 16.19.0 updates certificates and timezone information. This should be treated as a security update.
https://nodejs.org/en/

Node.js 19.2.0 updates libraries and resolves over a dozen bugs. This is not a security update.
https://nodejs.org/en/

SQLite 3.40.0 improves support for data recovery, performance, and reliability. This is a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.74 adds several new features. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 7.0.4 resolves over a dozen bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 9.4.9 resolves several bugs. This is not a security update.
https://drupal.org/download

HumHub 1.12.3 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 4.2.6 improves compatibility and resolves several bugs. This is not a security update.
https://www.joomla.org/

jQuery 3.6.2 improves compatibility and resolves several bugs. This is not a security update.
https://code.jquery.com/

MailEnable 9.86 is a security update.
https://www.mailenable.com/

MailEnable 10.43 is a security update.
https://www.mailenable.com/

ownCloud Client 3.0.0.9215 resolves dozens of bugs. This is not a security update.
https://owncloud.com/desktop-app/

Piwigo 13.3.0 resolves several bugs. This is not a security update.
https://piwigo.org/

SMF 2.1.3 resolves dozens of bugs. This should be treated as a security update.
https://www.simplemachines.org/

WordPress 6.1.1 resolves dozens of bugs. This is not a security update.
https://wordpress.org/

Akismet 5.0.2 is a security update.
https://wordpress.org/extend/plugins/akismet/

Autoptimize 3.1.4 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

Contact Form 7 5.7 resolves dozens of bugs and improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.1 adds support for the latest build of WordPress and resolves several bugs. This is a security update.
https://wordpress.org/plugins/duplicator/#developers

Redirection 5.3.6 improves translations. This is not a security update.
https://wordpress.org/extend/plugins/redirection/

Register IP – Multisite 1.8.3 is a security update.
https://wordpress.org/extend/plugins/register-ip-multisite/

Simple Lightbox 2.9.3 resolves several bugs and improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/simple-lightbox/

Sucuri Security 1.8.36 is a cosmetic update. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

W3 Total Cache 2.2.9 improves translation support. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 7.1.1 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WPtouch 4.3.46 is a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2022-07-12

Welcome back, Folks!

Today is Patch Tuesday for July, 2022. You know how you say something like “biggest update series in well over a year” and the next month just blows that out of the water? We’re there now.

This Month in Technology

Advocates, Inc., Aerojet Rocketdyne, Alabama Eye & Cataract, P.C., Alameda Health System, Aloha Laser Vision, Amagasaki, Japan, Amazon Photos, AMD, Anker Eufy, Aon, Aruba Networks Switches, ATC Healthcare, Bangladeshi government, Bank of the West, Baptist Medical Center and Resolute Health Hospital, Bayhealth Medical Center, Inc., BeanVPN, Benefit Plan Administrators, Inc., Bookchor, Bourse des Vols, Capital Economics, Carnival Corporation, Carolina Behavioral Health Alliance, Carolina Eyecare Physicians, LLC, Catholic Health System, Center for Sight, Inc., Central Florida Inpatient Medicine, Charlotte Radiology, Cherry Creek Eye Physicians and Surgeons, P.C., CHRISTUS Spohn Health System Corporation, Cisco Secure Email, Cisco VPN routers, Citrix Application Delivery Management, CoDeSys Automation Software, Community of Hope D.C., Crema Finance, Customer.io, Disneyland’s Facebook and Instagram accounts, DivX SubTitles, Django, DTEK Group, ExpressLRS, Fast Shop, Flagstar Bank, Florida Birth-Related Neurological Injury Compensation Association, Foxhall Ob Gyn Associates, Geographic Solutions, Gol Tours LTD, Grab, Harmony, Hillrom Medical, Honda cars, Hudson Regional Hospital, IBM, Ignitis Group, Indian Flood Monitors, Indian government, thousands of industrial devices, Israeli Defense, Kaiser Foundation Health Plan of Washington, Kaiser Permanente, Kernersville Eye Surgeons, P.C., Khouzestan Steel Company, almost a million Kubernetes clusters, La Poste Mobile, Latvian government, Lithuanian government, Long Vision Center, Macmillan Publishing, Mangatoon, Marriott International, Massachusetts Child and Family Services, Inc., Mattax Neu Prater Eye Center, Inc., MCG Health and Eye Care Leaders, Medical University of Innsbruck, MEGA, Michigan Avenue Immediate Care, Microsoft Azure FabricScape, Microsoft Exchange, Microsoft Windows Domain Servers, Mitel VoIP, New Jersey Health Information Management, Nichirin-Flex U.S.A., North American Spine Society, Norway govt sites, OpenSea, OrthoNebraska, Phelps Care Regional Medical Center, Preferred Hospital Leasing Coleman Inc., Professional Finance Company, Renton School District, Resolute Health Hospital, Rodeo Pharmacy Inc, Shanghai National Police, Sharper Vision P.A., SHI International, Shoprite, Sight Partners Physicians, P.C., Sophos Firewall, Southwest Health Center, St Joseph Heritage Health, Stanford University, Stokes Regional Eye Centers, TB Kawashima, The People Concern, The Vicksburg Clinic, LLC, Tosoh America, Inc., UK Army’s Twitter & YouTube, UNC Lenoir Health Care, University of Pisa, University Pediatric Dentistry, US Bank, Walmart, WellDyneRx, LLC, Wiltshire Farm Foods, Yodel, Yuma Regional Medical Center, and Zimbra reportedly been hacked or compromised this month.

Some vendors, like CafePress, simply don’t care about security – and do their best to conceal when they’re hacked. I contacted them to report when they were hacked back in 2014 and they ignored me. Sigh.

Microsoft 365, Cloudflare, Microsoft Teams, Rogers (it was a big one), and Microsoft Office / OneDrive had widespread outages.

Facebook is collecting the patient data of millions, and is also blocking the link to the Facebook settlement class action website. You think they would have learned.

Attackers are using Google Chrome Extension fingerprinting to uniquely identify you. This method works in any Chromium browser.

Spam is still the #1 method of exploiting users. Whether it is a fake renewal notice, fake copyright complaints, or fake invoice, most spams will include a fake login form or a fake support number. In both cases they depend on the user to actually enter the login details or call the scammer to fall prey to their attacks. Online development environments are even being used for these attacks.

Counterfeit hardware can be far more dangerous than the real thing. Even though some vendors only support their hardware a few years before you have to replace it,  counterfeits are never supported and often have malicious implants.

Microsoft has rolled back (temporarily) their decision to block macros by default.

MITRE staff didn’t understand that publishing vulnerable sites, not just vulnerability information was bad, while a HackerOne employee was selling exploits before they were published, and an Amazon employee installed cryptominers on Capital One servers. Adobe is using malware traits to block antivirus software from scanning PDF files. How quickly these organizations can shatter their trust.

Here’s a great example of how a single vulnerability will be used to get far deeper into your network and hardware.

Storing your password directly in the browser is dangerous. Use a password manager.

Now for the good news:

 

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates to address 74 vulnerabilities in Azure Site Recovery, Azure Storage Library, DNS Server, Microsoft Defender for Endpoint, Microsoft Edge, Microsoft Graphics Component, Microsoft Lync, Microsoft Office, Open Source Software, Skype for Business, Windows Active Directory, Windows Advanced Local Procedure Call, Windows BitLocker, Windows Boot Manager, Windows Client/Server Runtime Subsystem, Windows Connected Devices Platform Service, Windows Credential Guard, Windows Fast FAT Driver, Windows Fax and Scan Service, Windows Fax Service, Windows Group Policy, Windows Hyper-V, Windows IIS, Windows Kernel, Windows Media, Windows Network File System, Windows Performance Counters, Windows Point-to-Point Tunneling Protocol, Windows Portable Device Enumerator Service, Windows Print Spooler Components, Windows Remote Procedure Call Runtime, Windows Security Account Manager, Windows Server Service, Windows Shell, Windows Storage, XBox, and MSRT (~3 GB). This includes security updates. A reboot is required.

Google Chrome OS 103.0.5060.114 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 22.6.1 adds support for newer hardware. This is not a security update.
https://www.amd.com/en/support

Crucial Storage Executive 7.12 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.5.2 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Intel Driver and Support Assistant 22.4.26 improves user interface. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Samsung DeX 2.4.0.29 doesn’t provide a changelog so should be treated as a security update.
https://www.samsung.com/us/apps/dex/

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.41.96 is a security update.
https://brave.com/

SeaMonkey 2.53.13 is a security update.
https://www.seamonkey-project.org/

Google Chrome 103.0.5060.114 is a security update.
https://www.google.com/chrome/

Microsoft Edge 103.0.1264.51 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 102.0.1 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 91.11.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 5.3.2679.68 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

OutlookAttachView 3.45 adds a command-line option to control columns in exports. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Thunderbird 102.0.2 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

curl 7.84.0 resolves over a hundred bugs. This is a security update.
https://curl.haxx.se/windows/

Dropbox 152.4.4880 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 153.0.0.19.110 is a security update.
https://www.messenger.com/download

FreeFileSync 11.22 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 60.0 resolves several bugs. This is not a security update.
https://drive.google.com/start

Nextcloud Server 24.0.2 updates libraries, and resolves over 50 bugs. This is a security update.
https://nextcloud.com/

Npcap 1.70 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Rclone 1.59.0 adds support for new backends, metadata framework, resolves several bugs, and updates libraries. This is not a security update.
https://rclone.org/

Signal 5.49.0 doesn’t provide a detailed changelog so should be treated as a security update.
https://signal.org/download/windows/

Skype 8.85.0.409 improves their propaganda tools and resolves several bugs. This is not a security update.
https://www.skype.com/

Syncthing 1.20.3 resolves several bugs. This is not a security update.
https://syncthing.net/

Technitium DNS Server 8.1.4 resolves several bugs. This is not a security update.
https://technitium.com/dns/

Telegram 4.0.2 resolves several bugs. This is not a security update.
https://telegram.org/

WinSCP 5.21.2 is a security update.
https://winscp.net/eng/index.php

Zoom 5.11.1.6602 resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 3.0.2 updates libraries and resolves several bugs. This is not a security update.
https://en.3tene.com/

darktable 4.0.0 is a major update. This version improves color space, exposure, contrast controls and hundreds of other features, as well as resolving over 100 issues. This should be treated as a security update.
https://www.darktable.org/

Picard 2.8.2 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

Plex Desktop 1.48.2.3124 adds option to disable some Discover features, resolves several bugs with Search and Watchlist. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.20.2.3110 resolves a stability bug. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.27.2.5929 improves logging, adds support for Musicbrainz tags, and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

Epic Games 14.1.2 resolves several bugs. This is not a security update.
https://www.epicgames.com/

GameMaker Studio 2022.6.0.23 adds Feather support, room editor filters, additional extension features, and resolves dozens of bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker

Lego Studio 2.22.6.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

PlayStation PS5 22.01-05.50.00 resolves several bugs and improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

PlayStation PS4 9.60 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps4/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe RoboHelp RH2020.0.8 is a security update.
https://www.adobe.com/support/robohelp/downloads.html

Adobe Acrobat and Reader 22.001.20169, 20.005.30362, and 17.012.30249 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb22-32.html

Adobe Character Animator 22.5 is a security update.
https://www.adobe.com/creativecloud/catalog/desktop.html

Adobe Photoshop 22.5.8 and 23.4.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb22-35.html

Artweaver 7.0.13 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Calibre 6.0 is a major update. This version adds full text search, new hardware support and performance improvements, a new URL scheme, and read-aloud support. It also removed 32-bit support. This is not a security update.
https://calibre-ebook.com/

Gimp 2.10.32 adds HiDPI, high bit-depth and multi-threading support, dark theme, improved color control, masking, and warp. This is not a security update.
https://www.gimp.org/

Kindle for PC 1.37.65274 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

Nextcloud Desktop 3.5.2 resolves over a dozen bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.4.3 adds option to limit search results to one line per file, adds EOL customization, adds new document shortcuts, and resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

Intel CSMEVDT 7.0.2.0 resolves a documentation error. This is not a security update.
https://www.intel.com/content/www/us/en/download/19392/28632/intel-converged-security-and-management-engine-version-detection-tool-intel-csmevdt.html

FSS 2022.6.14 doesn’t provide a changelog so should be treated as a security update.
https://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

Gpg4win 4.0.3 is a security update.
https://www.gpg4win.org/download.html

HTTP Toolkit 1.9.0 improves issue tracking and feedback. This is not a security update.
https://httptoolkit.tech/

MalwareBytes Anti-Malware 4.5.10.200 is a security update.
https://www.malwarebytes.org/antimalware/

OpenSSL (SLP) 3.0.5 is a security update.
https://slproweb.com/products/Win32OpenSSL.html

OpenSSL 1.1.1q is a security update.
https://www.openssl.org/source/

ProtonVPN 2.0.3 resolves several bugs. This is not a security update.
https://protonvpn.com/download

ProtonVPN (macOS) 3.0.1 resolves several bugs. This is not a security update.
https://protonvpn.com/download

SanDisk PrivateAccess 6.3.10 does not provide a changelog so should be considered a security update.
https://kb.sandisk.com/app/answersweb/detailweb/a_id/21996

Tails 5.2 is a security update.
https://tails.boum.org/install/dvd/index.en.html

YARA 4.2.2 is a security update.
https://github.com/VirusTotal/yara/

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 22.1.0 adds several new features, improves performance, and resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/releases/snagit.msi

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.7.8 adds support for new encodings and resolves several stability bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

iMazing HEIC Converter 2.0.0 doesn’t provide a changelog so should be considered a security update.
https://imazing.com/heic

IsoBuster 5.0 is a major update that adds a 64-bit version, high-DPI scaling, themes, improved media support and resolves several bugs. This is not a security update.
https://www.isobuster.com/download.php

MakeMKV 1.17.0 improves reliability, adds support for new encodings, and resolves several bugs. This is not a security update.
https://www.makemkv.com/download/

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.9 adds PDF rotation and resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 8.7.3 is a major update adding several new cosmetic and integration improvements, and search and filter options. This is a security update.
https://1password.com/downloads/windows/

1Password for Mac 8.7.3 is a major update adding several new cosmetic and integration improvements, and search and filter options. This is a security update.
https://1password.com/downloads/mac/

7-Zip 22.00 adds support for APFS, pax, adds zone.id, and resolves several bugs. This is not a security update.
https://www.7-zip.org/

8GadgetPack 35.0 improves compatibility, adds keyboard shortcuts, and resolves several bugs. This is not a security update.
https://8gadgetpack.net/

Agent Ransack 2022.3335 adds new columns, improves view state restoration, and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

CCleaner 6.01.9825 adds support for new apps and resolves several bugs. This is not a security update.
https://www.ccleaner.com/

Dell OS Recovery Tool 2.3.7012.0 doesn’t provide a changelog so should be treated as a security update.
https://www.dell.com/support/home/uk/en/ukbsdt1/drivers/osiso/recoverytool

DesktopOK 9.97 expands toolset. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 3.0.84.0 adds personalization, search statistics, Excel row numbers, and resolves several bugs. This is not a security update.
https://dngrep.github.io/

dupeGuru 4.3.1 resolves a false duplication detection bug. This should be treated as a security update if you use dupeGuru to remove duplicate files.
https://dupeguru.voltaicideas.net/

FileLocator Pro 2022.3335 adds new columns, improves view state restoration, and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Git SCM 2.37.0 resolves several bugs and improves CLI support. This is a security update.
https://git-scm.com/

GoodSync 11.11.5 resolves dozens of bugs. This is a security update.
https://www.goodsync.com/

Intel CPU Diagnostic 4.1.7.39 adds tests for newer hardware, resolves several bugs, and updates components. This is not a security update.
https://www.intel.com/content/www/us/en/download/15951/intel-processor-diagnostic-tool.html

IsMyHdOK 3.66 improves compatibility and SSD/SSHD detection. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.3.6.8804 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

PointerStick 5.88 improves support for virtual desktops and multiple screens. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.60.0 resolves several bugs and improves compatibility. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 9.3.3 adds (and resolves bugs within) OTP feature, improves search, and resolves several bugs. This is not a security update.
https://www.roboform.com/

Rufus 3.19 adds an option for setup customization, updates drivers, and resolves several bugs. This is not a security update.
https://rufus.ie/en_US/

SearchMyFiles 3.20 adds filename length filter. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

Synergy 1.14.5 resolves several bugs. This is not a security update.
https://symless.com/synergy/

TeamViewer 15.31.5 improves video experience and adds remote terminal to the Computers & Contacts list. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

Unity 2022.1.8 updates libraries and resolves dozens of bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

WhyNotWin11 2.5.0.1 resovles several bugs. This is not a security update.
https://github.com/rcmaehl/WhyNotWin11

WifiInfoView 2.77 improves high-DPI support. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

ZoomText 2022.2206.7.400 adds languages and resolves several bugs. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

GitHub Desktop 3.0.3 resolves several bugs. This is not a security update.
https://desktop.github.com/

Node.js 18.5.0 is a security update.
https://nodejs.org/en/

Node.js 16.16.0 is a security update.
https://nodejs.org/en/

Node.js 14.20.0 is a security update.
https://nodejs.org/en/

Rustup 1.25.0 adds support for arm64, improved integration and resolves several bugs. This is not a security update.
https://www.rust-lang.org/

Redemption 6.2.0.6122 resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/

SQLite 3.39.0 adds support for right and full outer join, distinct from, and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.69.1 adds 3-way merge, improved command center UI for search, DND mode, and resolves several bugs. This is a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 9.3.18 is a security update.
https://drupal.org/download

Drupal 9.4.0 is a security update.
https://drupal.org/download

HumHub 1.11.4 is a security update.
https://www.humhub.com/en/download

Joomla 4.1.5 resolves several bugs. This is the last of the 4.1 series. This is not a security update.
https://www.joomla.org/

jQuery 3.6.0
https://code.jquery.com/

MailEnable 10.40 updates libraries and resolves over a dozen bugs. This is a security update.
https://www.mailenable.com/

Piwigo 12.3.0 resolves several bugs. This is not a security update.
https://piwigo.org/

WordPress 6.0.1 resolves over two dozen bugs. This is not a security update.
https://wordpress.org/

Akismet 4.2.5 resolves a bug. This is not a security update.
https://wordpress.org/extend/plugins/akismet/

Antispam Bee 2.11.1 cleans up code. This is not a security update.
https://wordpress.org/extend/plugins/antispam-bee/

Contact Form 7 5.6 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.4.7 improves compatibility. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

Interactive World Map 3.2.0 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/interactive-world-map/

Postie 1.9.61 resolves a MIME warning. This is not a security update.
https://wordpress.org/extend/plugins/postie/

NextScripts Social Networks Auto-Poster 4.3.26 is a security update.
https://wordpress.org/extend/plugins/social-networks-auto-poster-facebook-twitter-g/

Slider Revolution 6.5.25 resolves a dozen bugs. This is not a security update.
https://revolution.themepunch.com/

Sucuri Security 1.8.32 is a critical security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

W3 Total Cache 2.2.3 is a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 6.6.1 resolves dozens of bugs. This is a security update.
https://wordpress.org/extend/plugins/woocommerce/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/