Updates 2024-05-14

Welcome back, Folks!

Today is Patch Tuesday for May, 2024.

There were 580+ major hacks, and over 460 application updates this month. It’s an insanely big month, with about 5 GB of updates for most users.

This Month in Technology

First, let me apologize for this list. It’s 3x longer than it was only a couple months ago and that’s not really my fault. I really want to keep sharing the hacked lists but at the rate it’s going 3/4 of the newletter will just be the list by the end of Summer. I’m going to need to rework this next month when I have more time.

1+1 Media, 4LEAF, Inc, A123 Systems, Access Intelligence, Accor, ACFIN SA, Active PCB Solutions, Acurrate Lock & Hardware, ADCOM911, Advanced Business Networks, Advarra, Inc., Aero Tec Laboratories Inc, Aetna ACE, Affordable Payroll & Bookkeeping Services, Agate Construction, Agency for the Sustainable Development of the Saint Nazaire Region, France, AirAsia Group, Airsoft, Allianz Global Risks U.S. Insurance Company, Alltruck Bodies, Alrajhi Bank, Altipal S.A.S, Amazon, Amberstone Security, AMD Radeon DirectX 11 Driver, American Builders Outlet, American Renal Associates, American Renal Management, Andovers Federal Credit Union, APS – Automotive Parts Solutions, Arbitrum, Argentina’s national registry, Army Welfare Trust, Array Networks, Asantee Games, Asbury Automotive Group, Ascension healthcare, Ashley Home Stores, Aspire Health Alliance, Astra Daihatsu Motor (ID), AT&T, Atlantic States Marine Fisheries Commission (ASMFC), Aussizz Group, Autodesk Drive, Axip Energy Services, Ayesa, B&G Foods, Badger Tag & Label, Banco Santander, Banten Regional Development Bank Tbk, Barclays Bank, Base Network, Bay Oral Surgery & Implant Center, Bağcılar Training and Research Hospital, Bega Valley Council, Belarusian KGB, Belvedere Vodka UK, BenefitsCal, Berry, Dunn, McNeil & Parker, Best Reward Federal Credit Union, BetterHelp, Bharat Sanchar Nigam Limited (BSNL), BHF Couriers, Biggs Cardosa Associates, Inc., Bira 91, Bitfinex, Blackstone Valley Community Health Care, Blooms Today, Bluebonnet Trails, Bluegrass Care Navigators, BMW BANK, Bodyartforms LLC, Boeing, Bradford-Scott, Brandywine Realty Trust, BreachForums, Bridgeway Center, Inc., British Columbia, Canada, Brocade SANnav SAN Management Software, Brovedani Group, Bundeswehr, Byron council, Café Soluble, California library system, Calumet Civil Contractors, Inc, Camino Nuevo Charter Academy, Canatal Industries, Canberra club, Cannes hospital, Cariboo library system, Carpetright, Catholic Diocese of Cleveland, Catholic Medical Center (CMC), CCM Health, Central Bank Argentina, Central Carolina Insurance Agency Inc, Central Florida Equipment, Central Power Systems & Services, Central Virginia Federal Credit Union, Change Healthcare, Channel Logistics LLC, Chemring Group, Cherry Health, Chicony Electronics, Chirp Systems, Christie’s Auction House, Cisco Duo, Cisco Integrated Management Controller (IMC), City of Buckeye, AZ, City of Donges, France, City of El Cerrito, California, City of London, UK, City of Pensacola, Florida, City of Wichita, Kansas, Cleveland Catholic Diocese, Community First Credit Union, Confins Transport, Consensus Medical Group, Consol Energy, Continuum Health, Coppel, Coradix-Magnescan, CorporateStack, Costa Edutainment SPA, Council for Relationships, County of Coffee, Georgia, County of Hernando, FLCounty of Jackson, MOCounty of Los Angeles, CA, Department of Health Services, County of Robeson, NC, County of San Bernardino, CA, CrushFTP, Cushman Contracting Corporation, CyberPower UPS, D-Link Devices, Daoust, Dawson Creek, Deeside Timberframe, Delinea Secret Server, Dell, Dental Group of Amarillo, Dental Health Services, DES Architects and Engineers,
Designed Receivable Solutions, Deutsche Telekom, Digi Yatra Foundation, Dijk, Discord, District of Columbia’s Department of Insurance, Securities and Banking (DISB), DocGo, Dominican Republic vaccination data, Donco Air, Doyon Drilling, Drive Sally LLC, DRM Arby’s, Dropbox Sign, Duvel Moortgat, D’amico & Pettinicchi, LLC, E-ZPass, East Central University, OK, Eden Project, Edlong and Holstein Association USA, Educational Computer Systems, EduMarket, Efrat Airlines, Egypt Ministry of Supply and Internal Trade, El Salvador, El Salvador’s Chivo Wallet, Electric Mirror, Empath Health, Engineered Automation of Maine, Enstar, Epilepsy Foundation of Metro NY, EqualizeRCM and 1st Credentialing, Ernest Health, Eucatex, European Parliament, Europol, EvoBanco, F5 Central Manager, Feldstein & Stewart, Fic Expertise, Financial Business and Consumer Solutions (FBCS), Firstmac, FiXBET, Floirac, Footdistrict, Fort Worth, Texas, Foxit Reader, French Ministry of Agriculture, Frontier Communications, FrotCom, GBI Genios, Gerber Life Insurance Company, Giant Tiger, GitHub Search, GitLab, Glendale Unified School District, Glints, Global Tel Link, Google Chrome, Google, Graphic Solutions Group Inc, Grassroot DICOM, Great Firewall of China, Green Diamond Resource Company, Greylock McKinnon, Grindr, Grodno Azot, Group Health Cooperative of South-Central Wisconsin (GHC-SCW), Guadeloupe, Canada, Guardant Health, Inc., Guardian Analytics, Hapy Bear Surgery Center, Hardeman County Community Health Center, Hedgey Finance, Helapet Ltd, Helsinki Education Division, Heritage Cooperative, High Performance Services, Hillsong Church, Hirsh Industries, Hit Promotional Products, Home Depot, Hong Kong Arts Development Council, Hong Kong College of Technology, Hong Kong Fire Department, Hong Kong Union Hospital, Hooker Furniture, Hosocongty, Hospital Simone Veil, 100 hotels in Japan, Houser LLP, Hoya Optics, HP, HPE ArubaOS Devices, HSBC Bank, HTW, Hub International Limited, Human Events, IBM’s Enterprise Terminal, iCabbi, ICICI Bank, IDS Michigan, Illinois State Credit Union, Illinois Tollway, In The Know, India’s Central Board of Secondary Education (CBSE), India’s HRYLabour, India’s ICICI Bank, Ingo Money Inc, Inland Physicians Billing Services, Intel CPUs (Spectre v2), Intel Hardware Firmware, Interim Healthcare of Lubbock, International Baccalaureate Exam, Inventum Øst, Iranian Pipeline Company, Iress Ltd, Israel Electric Corporation (IEC), Israeli Real Estate Companies, ISTA International GmbH, It4 Solutions Robras Corp, Italian Red Cross Network, Ivanti Avalanche, J.P. Morgan Chase, JE Owens, Kaiser Foundation Health Plan, Inc., Kaiser Permanente, Kameymall, Kansas City Scout System, Keenan & Associates, Kintetsu World Express, Kisco Senior Living, KISTI SMART K2C, Kowloon Shangri-La, La Chapelle-des-marais, France, Ladakh Social Welfare Department, Lamont Hanley & Associates, Latvian TV Channels, LDLC, Le Slip Français, Leicester City Council, Lenovo Hardware Firmware, Lewis & Clark College, LG TVs, Lieberman LLP, Lilly Drogerie, Lincoln Project, LiteSpeed Cache, LivaNova, LiveHelpNow, LocalPlace JP, London Drugs, London Stock Exchange Group, Lopesan Hotels, Lotz Trucking, Lpdb Kumkm, LRB Info Tech, Lukfook Jewellery, Lumina Americas, Luxor, LYON TERMINAL, M2E Consulting Engineers, Macedonian Joint Stock Company, Madata, Magnet+, Malone & Co, Manchester’s Catholic Medical Center, Marpai Health, Mauritzon, McKinley Packing, Medequip Assistive Technology, Medical Home Network, MediExcel, Medios de Prevención Externos Sur SL, MedStar Health, Meduza, Mellitah Company, Mercedes, Merchants Benefit Administration, Metropolitan Life Insurance Company, Microsoft, Microsoft Azure Entra ID, Microsoft Outlook, Missouri Electric Cooperatives, Moffitt Cancer Center and Research Institute, Moldova Government, MoldTech, Molen & Associates, Monash Health, Monday.com, MongoDB, Monocon, Montoir-de-Bretagne, France, Moscow Moskollector, MovieBoxPro, MRA – The Management Association, Mt Hira College, Myers Automotive Group, National Energy Research Scientific Computing Center (NERSC), Nespresso, Nestle, New Boston Dental Care, New Hudson Facades, New Mexico Administrative Office of the District Attorneys, New Mexico Highlands University, New York’s state legislature, Nexperia, NHS Dumfries and Galloway, NK Parts Industries, NorthBay Health, Nota by M&T Bank and TTEC Databases, Nothing, Nova Scotia Health, NRS Healthcare, Numotion, NVIDIA, OakBend Medical, Octopharma Plasma, OE Federal Credit Union, Ogero, Ohio Lottery, Okta, Olson Steel, Olympus Group, OracleCMS, OraSure, Original Herkimer Cheese, OrthoConnecticut, Outabox, Pacific Guardian, Pak Suzuki, Palo Alto Networks PAN-OS, Panda Restaurant Group, Pandemonium Rocks, Panoramic Health, Parent Teacher Association (PTA), Paris Saint-Germain (PSG), Parklane Group, Patricia AI, Paychex, Inc., Paytm, Pennsylvania Convention Center, Pennsylvania Insurance Department, Peplink Smart Reader, Persyn, Philadelphia Inquirer, Philips Respironics, Phoenix Business Consulting, PHP, Pifer’s Auction & Realty, Pilot, Pinnacle Engineering, Pinnacle Orthopaedics, Pioneer Oil Company, Inc, Piping Rock, Police Service of Northern Ireland (PSNI), Porniche, France, Pratham, Precision Fluid Controls, Premier Dermatology, Prisma Finance, Pro Metals LLC, Process Solutions, Procuraduría General de la República, Profile Products, Progress Flowmon, Promarka Peru, Pub And Club, Public service of Wallonia, PWS – The Laundry Company, Qantas, QNAP, Quebec CEGEPs, RAF El Salvador, Randolph Health, RaySharp, RB Woodcraft, Reading Electric, Rebound Orthopedics & Neurosurgery, Recology, Redwood Coast Regional Center, Rehabilitation Hospital of Southern New Mexico, Reliable Networks, Rocky Mountain Sales, Roku, Romeo Pitaro Injury and Litigation Lawyers, Rushd Bookstore, Rutgers University, Räddningstjänsten Vä stra Blekinge, Sachkhere, Sahara Bank, Saint-Nazaire, France, Sanok Rubber Company, Saudi Water Facilities, Scanda Group, Scigames, Scottish health board, Seaman’s Mechanical, SEK Studio, Seneca Nation Health System, Sentry Data Management, Servicio Móvil, Shadow, Siemens Manufacturing, Sigmund Espeland, Signature Healthcare Services LLC, SigningHub, Simmons Perrine Moyer Bergman PLC, Singapore’s Ministry of Education, Singapore’s Mobile Guardian, SinglePoint Outsourcing, Inc., SIS Automatisering, Sisense, Skanlog, Sleep Data Holdings, LLC, Sleep Management Institute, Smoke Alarm Solutions, SOA Architecture, Softura, Somerset Dental Las Vegas, Somerville, Sonadev, France, South Africa’s International Trade Administration Commission (ITAC), South Korean courts, South Korean cable & satellite, South Korean Defense Companies, South Texas Oncology and Hematology, Space X, Space-Eyes, Speedy France, Sri Lanka’s visa system, SSCL, SSS Australia, St-Jerome Company, St. Helena Public Library, Stainless Foundry & Engineering, StarWallets, States of Guernsey, Sterling Holidays, Sterling Plumbing Inc., Studio LAMBDA, Swisspro, SynLab Italia, Sysmex America, Inc, T2 Tea Australia, Tamil Nadu Police, Tappware, Targus, Tatarstan, Russia, Taxi Software, Ted Brown Music, Telecom Argentina, Telit Cinterion modems, Texas Retina Associates, The Epilepsy Institute, The Georgia Institute for Plastic Surgery, The Heritage Foundation, The Kennedy Collective, The Lagunitas Brewing Company, The Line Up, Inc, The May Institute, Inc., The Philadelphia Inquirer, PBC, The Post and Courier, The Post Millennial, The Prudential Insurance Company of America, The Roman Catholic Diocese of Phoenix, The State of Kansas Office of Judicial Administration, The Tech Interactive, Theatrixx Technologies, Therapeutic Health Services, 50,000 Tinyproxy servers, Tipton Municipal Utilities, IN, Toolmarts, Toronto Transit Commission, Transamerica Life Insurance Company, Trib Total Media, True Homes, LLC, TRUE Solicitors, Trylon Srl, Tyler Technologies, UAE Government, UK Government’s System Database, UK Ministry of Defence, UK Royal Mail, 20 Ukrainian Energy and Water Sites, Ukrainian TV, United Nations Development Programme, University of Alabama, University of Alberta, University System of Georgia (USG), US Air Force Academy (USAFA), US Atlantic Fisheries, US Coast Guard Reserve, US Consumer Database, US Health and Human Services (HHS), US Internal Revenue Service (IRS), US Medicare, US Patent and Trademark Office, US Space Forces (USSF) Military Bases, USA Health Providence Hospital, Utica Mack, Valley Mountain Regional Center, Valley Veterinary Clinic, LLC, Van Gogh Museum, Varo Bank, N.A., Veeam, Velvet Capital, Verizon, Victorian Ambulance Union, Virginia Union University, VirtualBox, Visionary Integration Professionals, VMware Cloud Foundation, VMware ESXi, VMware Fusion Pro/Fusion, VMware Workstation Pro/Player, Void Interactive, Volkswagen, VPN traffic (TunnelVision), VTRP, W.I.S. Sicherheit-Service GmbH & Co. KG, Washington State’s Swinomish Casino and Lodge, WebTPA Employer Services, LLC, WEL Partners, Wells Fargo, Welsh Government, Wescom Central Credit Union, West Idaho Orthopedics and Sports Medicine, Westboro Baptist Church, WhatsApp, Windows, Windows Apps, Windows Print Spooler, WOM, World Architects, World-Check, WP Forminator plugin, WP-Automatic Plugin, Xiaomi, Yale Mortgage, YRW Limited – Chartered Accountants, ZA Government Employees Pension Fund’s (GEPF), ZircoDATA, and Zscaler Inc have reported hacking or compromises this month.

Central Power Systems & Services, Final Fantasy, Frontier Communications, Kansas City’s official website, Ogero, Reddit, and Telegram have suffered from outages this month.

Last months updates broke Outlook, Windows (thanks ManageEngine), and VPN connections.

An update to ManageEngine has caused thousands of Windows machines to fail to boot. I guess that’s one way to make sure that they can’t be hacked through ManageEngine vulnerabilities?

Windows has officially added advertisements to the Windows 11 Start Menu.

The PuTTY Pageant key generation weakness will require millions upon millions of certificates to be rekeyed.

The Windows Boot Manager update released in January still has no automated fix from Microsoft. Third parties have created several methods of installing the update, and the closest-to-perfect automation yet requires seven (7!) restarts.

Microsoft has announced plans to implement fully locked down DNS via a pairing of DNS and the firewall, branded Zero Trust DNS – ZTDNS.

A recent technical paper described the process of using LLM (GPT-4) to automate the process of building exploits for newly discovered vulnerabilities. Reviews of the paper tend to acknowledge that it can be used in this fashion but focus instead on the use of the word “autonomously” which they treat as sentience. No guys, the paper isn’t saying that Skynet is here, just that LLMs are getting to the point where they can build functional exploit code based on brief descriptions of vulnerabilities.

I first saw the description of “Kobold Letters” a couple months ago. While a very creative use of CSS and an interesting idea, what are the chances that this kind of thing would actually be used in real life? 100%. I’ve now seen this behavior on three different client mail accounts in Microsoft Online and Gmail.

The founder of Telegram has publicly reported that the FBI pressured an employee to build a backdoor into the system. They refused.

Thunderbird has added Microsoft Exchange support. This means you won’t be forced to use the “New Outlook” crapp to access your Microsoft Exchange accounts. 🙂

Now for the good news:

We won. Sony caved on the Helldivers 2 privacy-violating “account linking” change. 🙂

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is insane this month. The typical computer should see roughly 5 GB in updates today. Let’s get started.

Microsoft released updates to address 67 vulnerabilities in .NET and Visual Studio, Azure Migrate, Microsoft Bing, Microsoft Brokering File System, Microsoft Dynamics 365 Customer Insights, Microsoft Edge (Chromium-based), Microsoft Intune, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows SCSI Class System File, Microsoft Windows Search Component, Power BI, Visual Studio, Windows Cloud Files Mini Filter Driver, Windows CNG Key Isolation Service, Windows Common Log File System Driver, Windows Cryptographic Services, Windows Deployment Services, Windows DHCP Server, Windows DWM Core Library, Windows Hyper-V, Windows Kernel, Windows Mark of the Web (MOTW), Windows Mobile Broadband, Windows MSHTML Platform, Windows NTFS, Windows Remote Access Connection Manager, Windows Routing and Remote Access Service (RRAS), Windows Task Scheduler, Windows Win32K – GRFX, Windows Win32K – ICOMP, and MSRT. This includes security updates. A reboot is required.

Oracle released 441 security updates this quarter to address vulnerabilities in 119 applications.
https://www.oracle.com/security-alerts/cpuapr2024.html

Apple released updates for iOS 16.7.8, iOS 17.5, iPadOS 16.7.8, iPadOS 17.5, iTunes 12.13.2 for Windows, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, Safari 17.5, tvOS 17.5, and watchOS 10.5. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 16.7.8 and 17.5 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 6.7.8 and 17.5 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 10.5 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 17.5 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 124.0.6367.154 and 120.0.6099.310 are security updates. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 40-1.14 is a major update, replacing BerkeleyDB with alternatives, updating libraries, and including adding new features and defaults. This should be treated as a security update.
https://getfedora.org/en/workstation/download/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Sonoma (14.x) means that macOS Big Sur (11.x) and older are no longer supported. If you can not install at least macOS Monterey (12) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current — and final — release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. All non-LTS versions of Windows 10 other than v22H2 are now out of support, upgrade to v22H2 now. If you aren’t sure whether you are using LTS, you aren’t. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v23H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is now stable and can be upgraded to if your hardware supports it, but I recommend you continue to use Windows 10 until early 2025 before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 24.4.1 adds support for new software, performance improvements, and resolves several bugs. This is not a security update.
https://www.amd.com/en/support

Daemon Tools Lite 12.1.0 improves tooltips, and resolves a couple bugs. This is not a security update.
https://www.daemon-tools.cc/products/dtLite

Dymo Connect for Desktop 1.3.2.18 doesn’t provide a detailed change log so should be treated as a security update.
https://www.dymo.com/label-makers-printers/labelwriter-label-printers/dymo-labelwriter-450-duo-thermal-label-printer/SAP_1752267.html

TP-Link Archer AX55 v1 240325 adds almost a dozen new features, improves stability and resolves several bugs. This is a security update.
https://www.tp-link.com/us/support/download/archer-ax55/v1/#Firmware

TP-Link Archer AX73 v2.0 240323 resolves several bugs. This is a security update.
https://www.tp-link.com/us/support/download/archer-ax73/v2.0/#Firmware

UniFi Network Server 8.1.127 enhances firewall rules visibility, adds tunnel IP addresses, OSPF dynamic routing support, and resolves a dozen bugs. This is not a security update.
https://www.ui.com/download/releases/network-server

VIISAN OfficeCam 7.1.19.0 doesn’t provide a change log so should be treated as a security update.
https://www.viisan.com/en/download/type1.html

Wacom Driver 6.4.6-1 adds support for newer hardware, resolves several bugs and improves stability.
https://www.wacom.com/en-us/support/product-support/drivers

Xerox Smart Start 2.0.34.0 doesn’t provide a change log so should be treated as a security update.
https://www.support.xerox.com/en-us/content/143617

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.65.133 is a security update.
https://brave.com/

Firefox 126 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 115.11.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Google Chrome 124.0.6367.207 is a security update.
https://www.google.com/chrome/

Microsoft Edge 124.0.2478.97 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Vivaldi 6.7.3329.29 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Spark 3.15.5.72973 resolves several AI-related bugs. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.15.5.72972 resolves several AI-related bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 115.10.2 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 8.0.10 is a security update.
https://anydesk.com/en/downloads

AnyDesk (macOS) 8.0.1 resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

Dropbox 199.4.6287 removes a cosmetic defect. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 211.0.0.18.236 is a security update.
https://www.messenger.com/download

FileZilla Client 3.67.0 is a security update.
https://filezilla-project.org/

FileZilla Server 1.8.2 is a security update.
https://filezilla-project.org/

FreeFileSync 13.6 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 90.0 resolves several bugs. This is the last version to support macOS 10.15 – if your hardware can not support macOS 11 you should have already removed it from the Internet, but if not, please take this as one more signal that it’s time to replace it.
https://drive.google.com/start

Microsoft Teams 1.7.00.10152 resolves several bugs. This is not a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 29.0.0 is a major update, resolving dozens of bugs, updating libraries, and improving workflow and design. This should be treated as a security update.
https://nextcloud.com/

Nmap 7.95 adds over 6,500 more fingerprints, new scripts and resolves several bugs. This is a security update.
https://nmap.org/

PuTTY 0.81 is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Signal 7.8.0 adds emoji call responses and resolves several bugs. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 7.6.2 adds emoji call responses, adds sent message editing, and resolves several bugs. This is not a security update.
https://signal.org/android/apk/

Skype 8.116.0.213 improves stability. This is not a security update.
https://www.skype.com/

Syncthing 1.27.7 resolves a potential security bug.
https://syncthing.net/

Telegram 5.0.1 resolves several bugs. This is not a security update.
https://telegram.org/

USB Drive Log 1.13 adds black background support. This is not a security update.
https://www.nirsoft.net/utils/usb_drive_log.html

Z-Library 1.02 doesn’t provide a change log so should be treated as a security update.
https://z-library.se/z-access#desktop_app_tab

Zoom 6.0.4.38135 resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 4.0.4 resolves several bugs. This is not a security update.
https://en.3tene.com/

Bitwig Studio 5.1.9 resolves several bugs. This is a security update.
https://www.bitwig.com/download/

Grayjay 240 adds several new features, sources, improvements, and resolves a dozen bugs. This is not a security update.
https://grayjay.app/index.html

iTunes 12.13.2.3 is a security update.
https://www.apple.com/itunes/download/

Plex Desktop 1.92.1.140 doesn’t provide a detailed change log so should be treated as a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.60.1.134 updates libraries. This should be treated as a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.40.2.8395 resolves several bugs, including an installation path issue. If you used a custom path you will need to uninstall and reinstall in order for future automatic updates to work correctly. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2024.4.0.137 changes homepage. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.3.201 resolves several bugs and improves interface. This is not a security update.
https://gdevelop.io/download

Minecraft Server (Bedrock) 1.20.81.01 does not provide a change log so should be treated as a security update.
https://www.minecraft.net/en-us/download/server/bedrock

Minecraft Server (Java) 1.20.6 does not provide a change log so should be treated as a security update.
https://www.minecraft.net/en-us/download/server

Nintendo Switch 18.0.1 resolves several bugs. This is a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

PS5 2024.430 resolves several bugs and improves hardware support. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2024-05-13 resolves several bugs. This is not a security update.
https://store.steampowered.com/news/app/593110
By the way, we won. Sony caved on the Helldivers 2 privacy-violating “account linking” change. 🙂

SteamOS SteamDeck Update 2024-05-03 is a security update.
https://store.steampowered.com/news/app/1675200/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Acrobat and Reader 24.002.20759 and 20.005.30636 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb24-29.html

Adobe Aero 0.24.4 is a security update.
https://helpx.adobe.com/security/products/aero/apsb24-33.html

Adobe Animate 23.0.6 and 24.0.3 are security updates.
https://helpx.adobe.com/security/products/animate/apsb24-36.html

Adobe Dreamweaver 21.4 is a security update.
https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html

Adobe FrameMaker 2020.6 and 2022.4 are security updates.
https://helpx.adobe.com/security/products/framemaker/apsb24-37.html

Adobe Illustrator 28.5 and 27.9.4 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb24-30.html

Adobe Substance 3D Designer 13.1.2 is a security update.
https://helpx.adobe.com/security/products/substance3d_designer/apsb24-35.html

Adobe Substance 3D Painter 10.0.0 is a security update.
https://helpx.adobe.com/security/products/substance3d_painter/apsb24-31.html

Aronium 1.43.0.2 adds dual currency and night theme, improves refund behavior, and resolves several bugs. This is not a security update.
https://aronium.com/

Audacity 3.5.1 adds a bunch of new features and resolves dozens of bugs. This is not a security update.
https://www.audacityteam.org/download/

Calibre 7.10.0 adds export support, spell check, color inversion and resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Columns++ 1.0.6 improves wrapped line caompatibility. This is not a security update.
https://github.com/Coises/ColumnsPlusPlus

Formatta Filler 8.19.0.4 doesn’t provide a change log so should be treated as a security update.
https://formatta.com/formatta-products/complete-submit/

GIMP 2.10.38 doesn’t provide a detailed change log so should be treated as a security update.
https://www.gimp.org/

Java 8u411 is a security update.
https://www.java.com/en/download/manual.jsp

JShelter 0.18 improves compatibility. This is not a security update.
https://jshelter.org/install/

Kdenlive 24.02.2 improves compatibility and resolves several bugs. This is not a security update.
https://kdenlive.org/

Kindle for PC 2.3.70840 doesn’t provide a change log so should be treated as a security update.
https://www.amazon.com/kindleforpc

LibreOffice 7.6.7 resolves over 40 bugs. This is a security update.
https://www.libreoffice.org/

LibreOffice Fresh 24.2.3 resolves over 75 bugs. This is a security update.
https://www.libreoffice.org/

Manager 24.5.13.1531 adds several new features and improves email integration and display. This is not a security update.
https://www.manager.io/

Nextcloud Desktop 3.13.0 resolves dozens of bugs and updates libraries. This is a security update.
https://nextcloud.com/

Notepad++ 8.6.7 improves multiedit and language support, and resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

PDF-XChange Editor 10.3.0.386 adds page extraction, label modification, improves sort and group behavior and resolves dozens of bugs. This is not a security update.
https://www.pdf-xchange.com/product/pdf-xchange-editor

QuickBooks Pro 2022 20240509-R15_25 updates to backend processes. This is not a security update.
https://downloads.quickbooks.com/app/qbdt/products

QuickBooks Pro 2023 20240509-R12_15 updates to backend processes. This is not a security update.
https://downloads.quickbooks.com/app/qbdt/products

Security Software Updates

One or more of these is likely to be of interest to most people.

Chainsaw 2.9.0 adds native rules, timezone improvements, and adds ability to change default conditional when searching. This is not a security update.
https://github.com/countercept/chainsaw

Microsoft Edge Policy 2024.05.07 updates policies. This is not a security update.
https://github.com/MicrosoftDocs/Edge-Enterprise/blob/public/edgeenterprise/microsoft-edge-policies.md

OpenSSL 3.3.0 is a security update.
https://slproweb.com/products/Win32OpenSSL.html

ProtonVPN (macOS) 4.2.2 improves performance. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.16.1 updates engine and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Stinger 13.0.0.118 adds support for more detections. This is not a security update.
https://www.mcafee.com/us/downloads/free-tools/stinger.aspx

SuperAntiSpyware 10.0.1266 resolves several bugs. This is not a security update.
https://www.superantispyware.com/download.html

Tails 6.2 is a security update.
https://tails.net/install/download/index.en.html

Velociraptor 0.72 adds EWF support and resolves several bugs. This is not a security update.
https://github.com/Velocidex/velociraptor/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 24.1.3 improves OCR, performances, updates libraries and resovles several bugs. This is a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 13.0.1.7 resolves several couple bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

StreamFab 6.1.7.7 improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 2.0.2.0 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Utility Updates

These are unlikely to be of interest to most people.

1Password 8.10.32 improves compatibility, adds support to import from more third-party platforms, and resolves several bugs. This is a security update.
https://1password.com/downloads/

Agent Ransack 2022.3434 adds support for OneNote and resovles several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

AOMEI Partition Assistant 10.4.0 improves the user interface. This is not a security update.
https://www.diskpart.com/

Bitwarden 2024.4.2 improves passkeys support and secrets manager, and adds a new Authenticator app. This is not a security update.
https://bitwarden.com/

BulkFileChanger 1.73 resolves a timezone-related bug. This is not a security update.
https://www.nirsoft.net/utils/bulk_file_changer.html

CCleaner 6.23.11010 resolves several bugs. This is a security update.
https://www.ccleaner.com/

DesktopOK 11.21 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 4.1.92.0 resolves a .git/.gitignore bug, updates .NET library and translations. This is a security update.
https://dngrep.github.io/

ExplorerPatcher 22621.3527.65.2 resolves several bugs. This is not a security update.
https://github.com/valinet/ExplorerPatcher/

FileLocator Pro 2022.3434 adds support for OneNote and resovles several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

FoneTool 2.6.1 adds iOS Data Recovery and resolves a crash bug. This is not a security update.
https://www.fonetool.com/download.html

Git SCM 2.45.0 adds dozens of new features and behaviors, and resolves over 50 bugs. This is not a security update.
https://git-scm.com/

Go 1.22.3 is a security update.
https://go.dev/

GoodSync 12.6.5 improves compatibility and resolves several bugs. This is not a security update.
https://www.goodsync.com/

HWiNFO 8.02 doesn’t provide a change log so should be treated as a security update.
https://www.hwinfo.com/download/

InstalledAppView 1.08 resolves a CLI bug. This is not a security update.
https://www.nirsoft.net/utils/installed_app_view.html

IsMyHdOK 3.96 improves performance and testing accuracy. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

LessMSI 2.0.1 updates dependencies and build environment, and resolves a stability bug. This is not a security update.
https://lessmsi.activescott.com/

NirCmd 2.87 adds and resolves ~$ variables. This is not a security update.
https://www.nirsoft.net/utils/nircmd.html

NTLite 2024.5.9931 resolves dozens of bugs. This is not a security update.
https://www.ntlite.com/download/

osquery 5.12.1 is a security update.
https://osquery.io/downloads

PingInfoView 3.05 adds option to map source IPv4 Address. This is not a security update.
https://www.nirsoft.net/utils/multiple_ping_tool.html

PowerToys 0.80.1 improves stability. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

PSAppDeploy 3.10.1 adds a dozen features and parameters, improves stability and reliability, and resolves several bugs. This is not a security update.
https://psappdeploytoolkit.com/

RoboForm 9.5.8 improves GUI. This is not a security update.
https://www.roboform.com/

ScreenConnect 24.1.7.8892 resolves dozens of bugs and improves compatibility. This should be treated as a security update.
https://screenconnect.connectwise.com/download

Starwind V2V Converter 9.444 adds support for new conversions. This is not a security update.
https://www.starwindsoftware.com/starwind-v2v-converter

WinGet 1.7.11261 fixes elevation issues, updates dependencies and libraries. This is a security update.
https://github.com/microsoft/winget-cli/releases/latest

WinScan2PDF 8.81 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WUMT 04.22.2022 improves Windows 11 compatibility. This is not a security update.
https://www.oldergeeks.com/downloads/file.php?id=1366

Developer Updates

These are unlikely to be of interest to most people.

.NET Runtime 8.0.5 is a security update.
https://dotnet.microsoft.com/en-us/download/dotnet

Android Studio 2023.3.1 adds device streaming for testing, integrates crashlytics, improves App Quality Insights, and adds audio redirection. This is not a security update.
https://developer.android.com/studio

AutoHotkey 2.0.14 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

cx_Freeze 7.0 updates dependencies and libraries and resolves hundreds of bugs. This should be treated as a security update.
https://cx-freeze.readthedocs.io/en/latest/index.html

GitHub Desktop 3.3.17 removes support for older macOS versions, resolves a dozen bugs and improves user interface. This is not a security update.
https://desktop.github.com/

Godot 4.2.2 improves CLI support, resolves the audio bug, and more than 200 other issues. This is a security update.
https://godotengine.org/

MySQL ConnectorNet 8.4.0 updates libraries and resolves several bugs. This is a security update.
https://dev.mysql.com/downloads/connector/net/

MySQL Server 8.0.37 resolves dozens of bugs. This is a security update.
https://dev.mysql.com/downloads/installer/

NASM 2.16.03 improves the build process. This is not a security update.
https://www.nasm.us/index.php

Node.js 18.20.2 is a security update.
https://nodejs.org/en/

Node.js 20.13.1 resolves several bugs and updates libraries. This is a security update.
https://nodejs.org/en/

Node.js 21.7.3 is a security update.
https://nodejs.org/en/

Node.js 22.1.0 is a major update. This is a security update.
https://nodejs.org/en/

Redemption 6.5.0.6294 improves integration and resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/

Rustup 1.27.1 resolves several bugs. This is not a security update.
https://www.rust-lang.org/

SQLite 3.45.3 adds new JSON handling behaviors and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

TortoiseGit 2.16.0 resolves a dozen bugs and updates libraries. This is a security update.
https://tortoisegit.org/

TortoiseSVN 1.14.7 resolves several bugs. This is a security update.
https://tortoisesvn.net/downloads.html

Visual Studio Code 1.89.1 adds support to exclude content from Copilot and resolves several bugs. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.40 resolves several bugs. This is not a security update.
https://winmerge.org/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 7.0.18 resolves over a dozen bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

HumHub 1.15.5 resolves several bugs. This is not a security update.
https://www.humhub.com/en

Joomla 5.1.0 adds more than a dozen features and code and performance improvements. This is not a security update.
https://www.joomla.org/

MAMP 5.0.6 updates dependencies. This should be treated as a security update.
https://www.mamp.info/en/mamp/windows/

phpList 3.6.15 is a security update.
https://www.phplist.org/

Piwigo 14.4.0 resolves several bugs. This is not a security update.
https://piwigo.org/

WordPress 6.5.3 is a security update.
https://wordpress.org/

BuddyPress 12.4.1 is a security update.
https://wordpress.org/extend/plugins/buddypress/

Contact Form 7 5.9.4 resolves a couple bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.9 improves compatibility and resolves a bug. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

My Sticky Bar 2.7 resolves a cosmetic bug. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/

Postie 1.9.69 should be treated as a security update.
https://wordpress.org/extend/plugins/postie/

Slider Revolution 6.7 resolves several bugs. This is a security update.
https://revolution.themepunch.com/

Social Post Feed 4.2.4 improves integration. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

Sucuri Security 1.8.44 improves API key controls. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

W3 Total Cache 2.7.2 resolves several bugs and improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 8.9.0 improves compatibility and resolves dozens of bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WPBakery 7.6 resolves several bugs. This is a security update.
https://wpbakery.com/

WPtouch 4.3.59 adds support for Reddit, improves compatibility, and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2023-12-12

Merry Christmas, Folks!

Today is Patch Tuesday for December, 2023.

There were 200+ major hacks, and over 215 application updates this month. Even with all that, it’s actually a pretty small month, with only about 2.5 GB of updates for most users.

This Month in Technology

1st Source Bank, 23andMe, 4 Over LLC, Aadhaar, Acuity, Advantis Global, Inc., Alps Alpine North America, Inc., AMD & Intel CPUs, AMD CPUs, American University of Antigua College of Medicine, Americold Logistics LLC, Apache Struts 2, Ardent Health Services, Austal USA, AutoZone, Avito, Beaverton School District, Big Brothers Big Sisters of America, Bleach Anime Forum, Bloomberg Crypto, Blue Shield of California, Blue Shield of California Promise Health Plan, Bluetooth 4.2 to 5.4 hardware (BLUFFS), British Library, Brodart Co, Brookfield Global Relocation Services, Butte School District, Cadence Bank, California Physicians Service, Cambridge NHS, Capital Health, CareTree, Inc., CBIZ KA, Citrix NetScaler Application Delivery Controller, Citrix NetScaler Gateway, CKF Addiction Treatment, Inc., Clark County School District, Clear Spring Life and Annuity Insurance Company, Coin Cloud, Community Health Network, Inc., Community Healthcare Network, Inc., Counter-Strike 2, CrushFTP, CTS, CVC Holding Corp, CyberLink, Deanco Healthcare LLC, Deer Oaks Behavioral Health, Delaware Life Insurance Company, DePauw University, Detroit Chassis, LLC, Dollar Tree, Dragon Touch, East River Medical Imaging, EMS Management and Consultants Inc., Endocrine and Psychiatry Center, Enstar (US) Inc., Equality Health, LLC, Erris water, Estante Virtual, Ethyrial, Experian, Fenway Community Health Center, Inc., Fidelity National Financial, Financial Risk Mitigation, Inc., FortiSIEM, Foursquare Healthcare, Ltd., Foxit Reader, Fred Hutchinson Cancer Center, Gemplex, General Electric, Gerber Life Insurance Company, Go Ninja, Google Calendar, Gunster, Yoakley & Steward, PA, Hackensack Meridian Health, Hal Turner Radio Show, Hampton-Newport News CSB, Hendersonville, Henry Schein, Holding Slovenske Elektrarne, HSKS Greenhalgh Chartered Accountants and Business Advisors, HTC Global Services, Idaho National Laboratory, IDF, Indian Hotels Company, IndiHome, Industrial and Commercial Bank of China, InflateVids, Inline Plastics Corp., Intel CPUs, International Paper Company, International Paper Company Group Health and Welfare Plan, Jam Tangan, Japan’s Space Agency JAXA, JoyGames, Kaneva, Kansas state court system, KitchenPal, Koeller Nebeker Calrson & Haluk LLP, KyberSwap, Kyivstar, Leggett & Platt Incorporated Employee Benefit Fund, Livermore Amador Valley Transit Authority, Long Beach, California, McLaren Health Care, Medical College of Wisconsin, Medical Eye Services, Inc., MeridianLink, MGM Resorts International, Microsoft DHCP servers, Microsoft Exchange, Midwest Gaming & Entertainment, LLC, Molina Healthcare of Iowa, Inc., Montrose Behavioral Health Hospital, Inc., Morrison Community Hospital District, Movie Forums, Municipal Water Authority of Aliquippa, NASCO, NEWAG trains, Nissan Australia & New Zealand, Nissan Financial Services, Nonstop Administration and Insurance Services, Inc., Norsk Hydro, Northwest Eye Care Professionals, Norton Healthcare, NSC Technologies, NXP, Oak Street Health, Okta, OMGPOP, ownCloud, Pahl & McCay, Pan-American Life Insurance Group, Inc., password managers on Android, Perry Johnson & Associates, pfSense servers, Philippine Government, Poloniex, Postmeds/Truepill, Proliance Surgeons, PruittHealth Network, Psychiatry Associates of Kansas City, Qlik Sense, RailYatri, Redcliffe Labs, Rock Valley Physical Therapy, Rosaviatsia, Rusnak, Saisystems International, Inc., Samsung Electronics, Sellafield, Serbian Civil Society, Shadowfax, Shoval, Sierra County, Sierra OT/IoT routers, SIRVA Worldwide Relocation & Moving Services, SoarGames, Sophos Firewalls, South Korean defense companies, Southwest Behavioral Health Center, Stanley Steemer International, Inc., Staples, State of Maine, Stevedore DP World, Systems East, Inc., Taylor University, TGI Direct, Inc., The Charles Lea Center, Tipalti, Toronto Public Library, Toyota Financial Services, TransUnion, Tri Counties Bank, Troutman Pepper Hamilton Sanders LLP, U.S. Drug Mart, Inc., UEFI on just about every platform, Unitronics PLCs, University of Manchester, US Department of Health and Human Services, US government agencies, Valrhona Inc., Vanderbilt University Medical Center, VMware Cloud Director, Warren General Hospital, Welltok, West Central District Health Department, Weston Embedded uC-HTTP Server, Westside Community Services, Wichita Urology Group, Windows Hello fingerprint authentication, WordPress Backup Migration plugin, WordPress, WP Fastest Cache, Wyoming County Community Health System, Yakima Valley Radiology PC, Yamaha Motor’s Philippines, Yanfeng Automotive Interiors, Zeroed-In Technologies, and Zyxel NAS have reported hacking or compromises this month.

ALPHV, Blender, British Library, Fidelity National Financial, Industrial and Commercial Bank of China, Kyivstar, Optus, Rumble, and Staples have suffered from outages this month.

Last months updates broke Google Drive, USB C compatibility, Microsoft 365 Outlook, trust in the Windows Store, Microsoft 365 authentication, and they’re installing HP Smart on millions of computers without any HP hardware.

Apple introduced a new feature (NameDrop) that allows it to easily share your contact information with someone nearby. While the feature is designed to share information only when the popup is selected, Apple has a history of weak or defective controls on new features. Apple’s AirTags can be silenced to make stalking easier.

Hackers claim they can use expired Google auth cookies to gain access to accounts. A new AI is designed to crack your password by listening to your typing.

Rumble has sued Check My Ads.

The EV death toll is rising and “green lie” is being exposed.

Now for the good news:

The FISA Reform and Reauthorization Act is due to be renewed (like, tomorrow), and information is out that exposes how it can be abused even further. There’s still time to contact your congress critters and ask them to reject it.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is pretty small this month. The typical computer should see roughly 2.5 GB in updates today. Let’s get started.

Microsoft released updates to address 42 vulnerabilities in Azure Connected Machine Agent, Azure Machine Learning, Microsoft Bluetooth Driver, Microsoft Dynamics, Microsoft Edge, Microsoft Office Outlook, Microsoft Office Word, Microsoft Power Platform Connector, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows DNS, Windows Cloud Files Mini Filter Driver, Windows Defender, Windows DHCP Server, Windows DPAPI (Data Protection Application Programming Interface), Windows Internet Connection Sharing (ICS), Windows Kernel, Windows Kernel-Mode Drivers, Windows Local Security Authority Subsystem Service (LSASS), Windows Media, Windows MSHTML Platform, Windows ODBC Driver, Windows Telephony Server, Windows USB Mass Storage Class Driver, Windows Win32K, XAML Diagnostics, AMD Chipsets, and MSRT. This includes security updates. A reboot is required.

Apple released updates for macOS Monterey 12.7.2, macOS Sonoma 14.1.2, macOS Sonoma 14.2, macOS Ventura 13.6.3, iOS 16.7.3, iOS 17.1.2, iOS 17.2, iPadOS 16.7.3, iPadOS 17.1.2, iPadOS 17.2, Safari 17.1.2, Safari 17.2, tvOS 17.2, watchOS 10.2, and Pro Video Formats 2.3. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 16.7.3, 17.1.2 and 17.2 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 16.7.3, 17.1.2 and 17.2 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 10.2 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 17.2 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 114.0.5735.343 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Sonoma (14.x) means that macOS Big Sur (11.x) and older are no longer supported. If you can not install at least macOS Monterey (12) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current — and final — release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. All non-LTS versions of Windows 10 other than v22H2 are now out of support, upgrade to v22H2 now. If you aren’t sure whether you are using LTS, you aren’t. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v23H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is now stable and can be upgraded to if your hardware supports it, but I recommend you continue to use Windows 10 until early 2025 before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 23.12.1 resolves several bugs and improves compatibility. This is not a security update.
https://www.amd.com/en/support

Crucial Storage Executive 9.09 doesn’t provide a change log so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.7.0 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Drivers by Seagull 2023.4 adds support for 200 new printers. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/

DS4Windows 3.2.21 resolves several bugs and updates libraries. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Epson ET-2800 3.01 doesn’t provide a detailed change log so should be treated as a security update.
https://epson.com/Support/Printers/All-In-Ones/ET-Series/Epson-ET-2800/s/SPT_C11CJ66202

Epson ET-3760 2.68.02 doesn’t provide a detailed change log so should be treated as a security update.
https://epson.com/Support/Printers/All-In-Ones/ET-Series/Epson-ET-3760/s/SPT_C11CG20203

Epson ET-4800 3.01 doesn’t provide a detailed change log so should be treated as a security update.
https://epson.com/Support/Printers/All-In-Ones/ET-Series/Epson-ET-4800/s/SPT_C11CJ65201

Epson ET-4850 3.02.00 doesn’t provide a detailed change log so should be treated as a security update.
https://epson.com/Support/Printers/All-In-Ones/ET-Series/Epson-ET-4850/s/SPT_C11CJ60202

Epson ET-5880 3.02 doesn’t provide a detailed change log so should be treated as a security update.
https://epson.com/Support/Printers/All-In-Ones/ET-Series/Epson-ET-5880/s/SPT_C11CJ28201

Epson WF-4820 3.04.00 doesn’t provide a detailed change log so should be treated as a security update.
https://epson.com/Support/Printers/All-In-Ones/WorkForce-Series/Epson-WorkForce-Pro-WF-4820/s/SPT_C11CJ06201

TP-Link Archer AX55 v1 231130 resolves several bugs. This is a security update.
https://www.tp-link.com/us/support/download/archer-ax55/v1/#Firmware

TP-Link Archer AX73 v2.0 231023 is a security update.
https://www.tp-link.com/us/support/download/archer-ax73/v2.0/#Firmware

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.61.101 is a security update.
https://brave.com/

Firefox 120.0.1 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 115.5.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Google Chrome 120.0.6099.71 is a security update.
https://www.google.com/chrome/

Microsoft Edge 120.0.2210.61 is a security update.
https://www.microsoft.com/en-us/edge/business/download

SeaMonkey 2.53.18 is a security update.
https://www.seamonkey-project.org/

Vivaldi 6.4.3160.47 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.13.2 resolves several bugs. This is a security update.
https://getmailspring.com/

Spark 3.10.6.61878 resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.10.6.61877 resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 115.5.2 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk (macOS) 7.3.0 resolves several bugs and improves address book. This is not a security update.
https://anydesk.com/en/downloads

aria2 1.37.0 resolves dozens of bugs and updates libraries. This is not a security update.
https://aria2.github.io/

curl 8.5.0 resolves more than 180 bugs. This is not a security update.
https://curl.haxx.se/windows/

Dropbox 188.4.6302 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 201.0.0.9.336 is a security update.
https://www.messenger.com/download

FileZilla Server 1.8.0 is a security update.
https://filezilla-project.org/

FreeFileSync 13.2 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Microsoft Teams 1.6.00.33567 is a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 28.0 resolves dozens of bugs and updates libraries. This should be treated as a security update.
https://nextcloud.com/

Omada Software Controller 5.13.22 resolves several bugs. This is not a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Pocketnet-Core 0.22.0 is a major update improving performance and optimizing storage. This is not a security update.
https://pocketnet.app/

Pocketnet-GUI 0.8.74 resolves several bugs. This is not a security update.
https://pocketnet.app/

Rclone 1.65.0 adds dozens of new features, resolves several bugs, and improves performance and reliability. This is not a security update.
https://rclone.org/

Signal 6.41.0 resolves several bugs. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 6.41.3 resolves several bugs. This is not a security update.
https://signal.org/android/apk/

Syncthing 1.27.1 resolves several bugs. This is not a security update.
https://syncthing.net/

Telegram 4.12.2 resolves several bugs and improves compatibility. This is not a security update.
https://telegram.org/

Telegram (Android) 10.3.2 doesn’t provide a detailed change log so should be treated as a security update.
https://telegram.org/apps

Wget2 2.1.0 resolves a couple dozen bugs. This is not a security update.
https://gitlab.com/gnuwget/wget2/-/releases

Zoom 5.16.10.26186 updates the icon and adds dozens of new features. This is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 3.0.14 resolves several bugs. This is not a security update.
https://en.3tene.com/

Bitwig Studio 5.1 adds several new characters and dozens of new controls and improvements. This is not a security update.
https://www.bitwig.com/download/

Plex Desktop 1.83.1.4061 improves stability. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.52.1.4035 updates libraries. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.32.8.7639 updates libraries and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2023.11.0.121 doesn’t provide a detailed change log so should be treated as a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.3.183 vastly improves startup performance and resolves several bugs. This is not a security update.
https://gdevelop.io/download

Minecraft Server (Bedrock) 1.20.50.03 doesn’t provide a change log so should be treated as a security update.
https://www.minecraft.net/en-us/download/server/bedrock

Minecraft Server (Java) 1.20.4 doesn’t provide a change log so should be treated as a security update.
https://www.minecraft.net/en-us/download/server

Nintendo Switch 17.0.1 improves stability. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

SteamOS SteamDeck Update 3.5.7 improves stability and USB connectivity. This is not a security update.
https://store.steampowered.com/news/app/1675200/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Dimension 3.4.11 is a security update.
https://helpx.adobe.com/security/products/dimension/apsb23-71.html

Adobe Experience Manager 2023.11 and 6.5.19.0 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html

Adobe Illustrator 28.1 and 27.9.1 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb23-68.html

Adobe InDesign 19.1 and 18.5.1 are security updates.
https://helpx.adobe.com/security/products/indesign/apsb23-70.html

Adobe Prelude 22.6.1 is a security update.
https://helpx.adobe.com/security/products/prelude/apsb23-67.html

Adobe Reader DC Patch 23.008.20421 resolves several bugs. This is not a security update. Use Help, Check for updates to install the most current version.
https://get.adobe.com/reader

Adobe Reader DC Patch for MacOS 23.008.20423 resolves several bugs. This is not a security update. Use Menu, Check for updates to install the most current version.
https://get.adobe.com/reader

Adobe Substance3D After Effects 24.1 and 23.6.2 are security updates.
https://helpx.adobe.com/security/products/after_effects/apsb23-75.html

Adobe Substance3D Designer 13.1.0 is a security update.
https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html

Adobe Substance3D Sampler 4.2.2 is a security update.
https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html

Adobe Substance3D Stager 2.1.3 is a security update.
https://helpx.adobe.com/security/products/substance3d_stager/apsb23-73.html

Audacity 3.4.2 resolves dozens of bugs. This is not a security update.
https://www.audacityteam.org/download/

Calibre 7.1.0 resolves several bugs. This is not a security update.
https://calibre-ebook.com/

ImageMagick 7.1.1-23 resolves dozens of bugs. This is a security update.
https://imagemagick.org/

Inkscape 1.3.2 resolves dozens of bugs. This should be treated as a security update.
https://inkscape.org/release/

Kdenlive 23.08.4 resolves a dozen stability and reliability bugs. This is not a security update.
https://kdenlive.org/

Kindle for PC 2.2.70623 doesn’t provide a change log so should be treated as a security update.
https://www.amazon.com/kindleforpc

Krita 5.2.2 fixes more than a dozen bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice 7.5.9 resolves a couple bugs. This is not a security update.
https://www.libreoffice.org/

LibreOffice Fresh 7.6.4 resolves more than 150 bugs. This should be treated as a security update. Remember that the Fresh line is beta software and the “Still” line should be used by most users.
https://www.libreoffice.org/

Manager 23.12.12.1221 resolves more than a dozen bugs and adds several new features, including global inventory transfer and custom depreciation and amortization fields. This is not a security update.
https://www.manager.io/

Nextcloud Desktop 3.11.0 resolves dozens of bugs and improves compatibility. This is not a security update.
https://nextcloud.com/

Notepad++ 8.6 improves multi-edit, inaccessible file access, and resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 5.0.12 resolves several bugs. This is not a security update.
https://www.getpaint.net/

PDF-XChange Editor 10.1.3.383 is a security update.
https://www.pdf-xchange.com/product/pdf-xchange-editor

QuickBooks Pro 2022 R13_33 resolves several bugs. This is not a security update.
https://downloads.quickbooks.com/app/qbdt/products

QuickBooks Pro 2023 R9_104 resolves several bugs. This is not a security update.
https://downloads.quickbooks.com/app/qbdt/products

QuickBooks Pro 2024 R4_15 doesn’t provide a change log so should be treated as a security update.
https://downloads.quickbooks.com/app/qbdt/products

Security Software Updates

One or more of these is likely to be of interest to most people.

Chainsaw 2.8.1 updates dependencies and resolves a couple bugs. This is not a security update.
https://github.com/countercept/chainsaw

HTTP Toolkit 1.14.8 doesn’t provide a change log so should be treated as a security update.
https://httptoolkit.tech/

MalwareBytes Anti-Malware 4.6.6 resolves a couple bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

OpenSSL 3.2.0 is a security update.
https://slproweb.com/products/Win32OpenSSL.html

ProtonVPN (macOS) 4.0.1 improves the user interface. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.13.1 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

SuperAntiSpyware 10.0.1260 resolves several bugs and adds a Chrome and Edge extension. This is not a security update.
https://www.superantispyware.com/download.html

Tails 5.20 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.54.0 adds differential updates for filter lists and resolves a dozen bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 1.0.0 is the first official release version. This is not a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

Open Broadcaster Software 30.0.2 resolves a dozen bugs. This is a security update.
https://obsproject.com/

ScreenToGif 2.40 improves theming, updates dependencies and resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 24.0.2 resolves a couple bugs. This is not a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 13.0.0.7 adds support for new encodings, improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

HandBrake 1.7.1 adds support for new output formats and resolves several bugs. This is not a security update.
https://handbrake.fr/

IsoBuster 5.3 adds support for new hardware, new encodings, new partition schemes, and several bug fixes. This is not a security update.
https://www.isobuster.com/download.php

StreamFab 6.1.5.3 improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 2.0.0.6 improves compatibility and performance. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Utility Updates

These are unlikely to be of interest to most people.

1Password 8.10.22 adds reminders to imported passwords and resolves more than a dozen bugs. This is a security update.
https://1password.com/downloads/

Agent Ransack 2022.3418 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

AMD Ryzen Master 2.12.0.2806 adds support for new hardware and voltage reporting. This is not a security update.
https://www.amd.com/en/technologies/ryzen-master

Beyond Compare 4.4.7.28397 resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 2023.12.0 resolves several bugs and adds Elastic integration and CLI event logs. This is not a security update.
https://bitwarden.com/

CalyxOS Device Flasher 1.0.8 doesn’t provide a change log so should be treated as a security update.
https://calyxos.org/install/

CCleaner 6.18.10838 resolves several bugs. This is a security update.
https://www.ccleaner.com/

dnGrep 4.0.151.0 adds several new features and controls. This is not a security update.
https://dngrep.github.io/

email-oauth2-proxy 2023-11-18 resolves several bugs. This is not a security update.
https://github.com/simonrob/email-oauth2-proxy

ExplorerPatcher 22621.2506.60.1 improves compatibility and resolves several bugs. This is not a security update.
https://github.com/valinet/ExplorerPatcher/

Fido 1.53 adds new UEFI Shell and updates versions. This is not a security update.
https://github.com/pbatard/Fido/releases

FileLocator Pro 2022.3418 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Git SCM 2.43.0 resolves dozens of bugs. This is not a security update.
https://git-scm.com/

Go 1.21.5 is a security update.
https://go.dev/

GoodSync 12.4.8 improves compatibility. This is not a security update.
https://www.goodsync.com/

ImageUSB 1.5.1006 improves logging. This is not a security update.
https://www.osforensics.com/tools/write-usb-images.html

Mac Migration Assistant 2.4.5.0 doesn’t provide a change log so should be treated as a security update.
https://support.apple.com/en-us/HT204087

NTLite 2023.11.9515 improves compatibility and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

PowerToys 0.76.1 resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

ProcDump 3.0 for Linux adds memory leak reporting. This is not a security update.
https://live.sysinternals.com/

ripgrep 14.0.3 resolves several bugs. This is not a security update.
https://github.com/BurntSushi/ripgrep/releases/latest

RoboForm 9.5.6 resolves a couple bugs. This is not a security update.
https://www.roboform.com/

ScreenConnect 23.8.6.8735 is a security update.
https://www.connectwise.com/software/control/download

Sysmon 1.3.2 for Linux is a security update.
https://live.sysinternals.com/

WinGet 1.6.3421 updates the app installer and adds Configure command to improve consistency. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

WirelessKeyView 2.23 improves QR Code generation and improves compatibility. This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html

XnConvert 1.99 doesn’t provide a detailed change log so should be treated as a security update.
https://www.xnview.com/en/xnconvert/

ZoomText 2023 2023.2311.20.400 resolves several bugs.
https://support.freedomscientific.com/Downloads/ZoomText

ZoomText 2024 is a new major version adding several new mouse and cursor controls, performance improvements, and improved keyboard controls. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 2023.1.1.26 resolves several bugs and improves compatibility. This is not a security update.
https://developer.android.com/studio

GitHub Desktop 3.3.6 resolves several bugs. This is not a security update.
https://desktop.github.com/

Godot 4.2.1 resolves over 1,800 bugs. This is not a security update.
https://godotengine.org/

Node.js 18.19.0 updates libraries and resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/

Node.js 20.10.0 updates libraries and resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/

Node.js 21.4.0 updates libraries and resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/

Python 3.12.1 resolves dozens of bugs. This is a security update.
https://www.python.org/downloads/windows/

SQLite 3.44.2 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.85 adds dozens of new features. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.36 resolves several bugs. This is not a security update.
https://winmerge.org/

Web Package Updates

These are likely to be of interest only to web developers.

Joomla 5.0.1 is a security update.
https://www.joomla.org/

ownCloud Client 5.2.0.12726 resolves a couple bugs. This is not a security update.
https://owncloud.com/desktop-app/

Piwigo 14.0.0 improves search, index, media support, album editor and performance, and resolves several bugs. This is not a security update.
https://piwigo.org/

WordPress 6.4.2 is a security update.
https://wordpress.org/

BuddyPress 12.0.0 is a major update, replacing the rewrite API and resolving dozens of bugs. This is not a security update.
https://wordpress.org/extend/plugins/buddypress/

Contact Form 7 5.8.4 is a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.7.1 is a security update.
https://wordpress.org/plugins/duplicator/#developers

Postie 1.9.68 adds an option to suppress the postie div. This is not a security update.
https://wordpress.org/extend/plugins/postie/

NextScripts Social Networks Auto-Poster 4.4.3 is a security update.
https://wordpress.org/extend/plugins/social-networks-auto-poster-facebook-twitter-g/

W3 Total Cache 2.6.1 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 8.3.1 resolves dozens of bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WPBakery 7.3 resolves a couple bugs. This is not a security update.
https://wpbakery.com/

WP Cerber Security 9.6 adds 2FA support and improves compatibility. This is not a security update.
https://wpcerber.com/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2023-11-14

Happy Thanksgiving, Folks!

Today is Patch Tuesday for November, 2023. It’s ugly.

This month brings a new version of Windows 11 (v23H2), critical security updates for all supported Apple products, and (literally) new security updates for every browser every single week since the last update cycle on October 10th. That’s on top of the 190+ major hacks, and over 205 application updates this month. Prepare yourself, there will be about 5 GB of updates for most devices this month.

The new Windows Copilot AI feature is now enabled by default in Windows 10 and 11, but can be disabled either in the deep settings or within group policy.

This Month in Technology

1Password, 23andMe, Accenture, Ace Hardware, Advarra, Air Canada, Air Europa, Allen & Overy, Allied Pilots Association, AlohaCare, American Family Insurance, Ampersand, Android 13, AndroidLista, Apache ActiveMQ, Apple Safari, Apple “Find My”, Atlas Healthcare CT, Atlassian Confluence, Avito, BHI Energy Health and Welfare Benefits Plan, BHI Energy I Specialty Services LLC, BHS Physician Network, Inc., Boeing, British Library, Bukalapak, BulletProftLink, Bureau van Dijk, Cadence Bank, Caesars Entertainment, Inc., Casio, CCleaner, Chess, Cisco IOS XE, City of Philadelphia, City of Victorville, California, Clark County School District (CCSD), Colonial Pipeline, Counseling and Recovery Services of Oklahoma, Crum & Forster, D-Link, Dakota Eye Institute, Deer Oaks Behavioral Health, 22 companies overseeing energy infrastructure in Denmark, District of Columbia Board of Elections, DP World Australia, Drug Free Workplaces USA, LLC, Edward C. Taylor, PhD., PL, eleHealth, Ethereum wallet system, European government email servers, F5 BIG-IP, Fidelity National Information Services, Inc., Financial Asset Management Systems, First Judicial Circuit, Fitmart, Five Guys Enterprises, LLC, Frax Outsourcing, Frazier & Deeter, LLC, Fredericksburg Foot & Ankle Center, PLC, GameSprite, GamingMonk, GPD Holdings LLC (CoinFlip), Grammarly, Greater Rochester Independent Practice Association, Inc., Growers Express, LLC, Grupo GTD, Healthsoft LLC, Helping the Aging Needy and Disabled Inc, Henry Schein, Hill International, Inc, Hospital & Medical Foundation of Paris, Inc, Hospital Sisters Health System, Indian state government, Industrial and Commercial Bank of China (ICBC)…which paid the ransom, International Criminal Court, IPM Healthcare DBA Boomerang Healthcare, Jeffco Public Schools, Juniper devices, Jupyter Notebooks, JustSystems Corporation Ichitaro, Kansas Supreme Court, Kwik Trip, Kyocera AVX Components Corporation (KAVX), La Red Health Center, LastPass, LCS Financial Services, LDLC ASVEL, Lennar Corporation, Life Generations Healthcare LLC, Lobel Financial Corporation, Longhorn Village, macOS, Marina Bay Sands, Mattson Technology, Inc., McLaren Health Care, MemeChat, Microsoft Exchange, Morrison Community Hospital, Mozi IoT Botnet, Mr. Cooper, Napa Integrated Medicine PC, NASCO, NetScaler ADC and NetScaler Gateway appliances, New York Life Insurance Company, Northern Iowa Therapy PC, Okta (again and again), OrthoAlaska, LLC, Oscar Insurance Company of Florida, Pacific Clear Vision Institute, Pacific Union College, Peerstar LLC, Pennsylvania General Store, peplink Surf SOHO, Perry Johnson & Associates, Personify Care, Pharmacy Group of Mississippi, LLC, Phoenix, Pisenti & Brinker LLP, Postmeds, Inc./Truepill, Progress Software MOVEit, Progressive Leasing, Prolific Puma, Pypl, QNAP QTS, Radius Global Solutions, RagnarLocker ransomware, Redcliffe Labs, Refresco Beverages US Inc., Resort Data Processing, Inc., Revival Animal Health, Riverside County Office of Education, Roundcube Webmail, Royal Elementor, Samsung Galaxy S23, San Diego PACE, San Francisco Jazz Organization, Sberbank, Seiko, Shadow PC, Simpson Manufacturing, Singing River Health System, 1 million Windows and Linux hosts using SMBv1, SoftEther VPN, SolarWinds Access Rights Manager, South River Technologies Titan MFT and Titan SFTP, Sphero, Stanford University, Stars Arena, State of Maine, Sumo Logic, Sun Life Financial, Sutter Health, SysAid, Taylored Service Parent Co., TeamCity, The Chattanooga Heart Institute, The Commerce Insurance Company (MAPFRE Insurance), The Hilb Group Operating Company, LLC, The Newtron Group, LLC, Toronto Public Library, Toumei, Town of Iowa, Louisiana, Transaction Data Systems, TransForm, Tri Counties Bank, Tri-City Medical Center, Trigona ransomware gang, Trust Benefit Technologies, LLC, Tunngle, 11 Ukrainian telcos, University Federal Credit Union, University of Michigan, University of Missouri, User Submitted Posts WordPress plugin, Veeam ONE IT, Vidio, VMware vCenter Server, VMware vRealize Log Insight, WACOSA, Wescom Central Credit Union, West Texas Gas, Westat, Inc., Western Washington Medical Group, Weston Embedded uC-HTTP HTTP Server, Women Political Leaders Summit, WS_FTP, Wyze Cam v3, Yifan YF325, Zhefengle have reportedly been hacked or compromised this month.

In what should be no surprise to 40,000 people, yes, leaving the default “admin” password will get you hacked.

Cloudflare, OpenAI/ChatGPT, Outlook.com, and the Toronto Public Library have suffered from outages this month.

Last months updates broke .NET 6.0 security patches, .NET 7.0 security patches, Apple device integration with Enterprise Single Sign On, Hosted Exchange, HP motherboards, Hyper-V, Microsoft 365 admin system, Microsoft 365, MS Office, Outlook Desktop, Rivian infotainment systems, Veeam RCT, VMware ESXi, Windows desktop icons, Windows Server 2022 VMs on VMware ESXi, Windows Update, and WSUS.

Microsoft violated (again) their promise not to push bloatware on LTSC.

Microsoft also introduced over 110 security vulnerabilities (discovered so far…) to Microsoft 365 by integrating SketchUp 3D capabilities.

Sadly, Microsoft has also disabled the free upgrade to Windows 10 from Windows 7 and 8. Until about a month ago it was still possible to upgrade older machines to Windows 10 without having to purchase a license. Now it is no longer possible.

Microsoft has also changed Authenticator behavior to suppress notifications for “risky sign-ins.” The idea is that when a login occurs from an unlikely source, somewhere you have not logged in before or a country you’re unlikely to be in, they can prevent the out-of-the-blue popup asking if you’re trying to log in. Unfortunately, if you’ve reused passwords, or used weak passwords, then this will increase the likelihood of a random calls “from microsoft” or “your IT department” asking you to “verify that you still have access to account” by opening the authenticator and actively approving the login. This kind of UI behavior teaches people to be less wary since they have to then go out of their way to “prove” themselves, which is something most humans innately want to do. It’s going to be bad. To reduce the risk please use strong, unique, random passwords to lessen the risk of successful password spraying attacks.

Microsoft extended the security update support period for Windows Server 2012 to October 2026.

LBRY, Inc is finally throwing in the towel after years of fighting the SEC. LBRY is the organization behind the best (IMHO) video and data sharing service in the world, and was targeted because the federal government chooses not to understand crypto. LBRY is dead, long live LBRY!

The US is leading an alliance to never pay ransom to cybercriminals. A US court has ruled that it is not a privacy violation for your car to harvest your contacts, texts and call logs even when you do not grant those permissions. The SEC has charged SolarWinds and their CISO with fraud over the massive hack in late 2020.

Not only is it foolhardy to assume that any automated system could prevent abuse by 100% of the advertisers, Google’s own data shows that the number of malicious ads they have detected has increased by over 50% in the last year.

The “they have detected” clause is the important takeaway from that statement. Google has over a thousand dedicated people within their ad review department whose sole purpose is to detect and block malicious advertisements, and ads that violate any other policies. Even with that, many people that interact with ads still don’t realize they’re advertisements or are taken to malicious or fraudulent sites. They simply can not detect all malicious advertisements.

Now that Google is pushing a new ad-blocker war via YouTube, it’s actually increasing the number of people that realize that they can, and should, take action to block advertisements. Is it any wonder why people are increasingly blocking ads? You should, too. Start with uBlock Origin. Blocking advertisements is not just about security, though, it could help save the planetNeed help? Ask.

Moody’s has downgraded the US financial outlook to “negative”.

Now for the good news:

According to the CDC there are now record-high childhood vaccine refusals across the country. It’s about time.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 5 GB in updates today. Let’s get started.

Microsoft released updates to address 83 vulnerabilities in .NET Framework, ASP.NET, Azure, Azure DevOps, Microsoft Dynamics, Microsoft Dynamics 365 Sales, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Office, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Remote Registry Service, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows Search Component, Microsoft Windows Speech, Open Management Infrastructure, Tablet Windows User Interface, Visual Studio, Visual Studio Code, Windows Authentication Methods, Windows Cloud Files Mini Filter Driver, Windows Common Log File System Driver, Windows Compressed Folder, Windows Defender, Windows Deployment Services, Windows DHCP Server, Windows Distributed File System (DFS), Windows DWM Core Library, Windows HMAC Key Derivation, Windows Hyper-V, Windows Installer, Windows Internet Connection Sharing (ICS), Windows Kernel, Windows NTFS, Windows Protected EAP (PEAP), Windows Scripting, Windows SmartScreen, Windows Storage, and MSRT (~ 2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Monterey 12.7.1, macOS Ventura 13.6.2, macOS Sonoma 14.1.1, iOS 15.8, iOS 16.7.2, iOS 17.1.1, iPadOS 15.8, iPadOS 16.7.2, iPadOS 17.1.1, Safari 17.1, tvOS 17.1, and watchOS 10.1.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 15.8, 16.7.2, and 17.1.1 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 15.8, 16.7.2, and 17.1.1 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 10.1.1 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 17.1 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 118.0.5993.123/124 and 114.0.5735.339 are security updates. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 39-1.5 is a major update, adding cosmetic, networking, security and other improvements, and updates libraries. This should be treated as a security update.
https://getfedora.org/en/workstation/download/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Sonoma (14.x) means that macOS Big Sur (11.x) and older are no longer supported. If you can not install at least macOS Monterey (12) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current — and final — release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. All non-LTS versions of Windows 10 other than v22H2 are now out of support, upgrade to v22H2 now. If you aren’t sure whether you are using LTS, you aren’t. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v23H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is now stable and can be upgraded to if your hardware supports it, but I recommend you continue to use Windows 10 until early 2025 before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 23.11.1 resolves several bugs. This is not a security update.
https://www.amd.com/en/support

Daemon Tools Lite 12.0.0 is a major update with a redesign, improves search and resolves several bugs. This is not a security update.
https://www.daemon-tools.cc/products/dtLite

Display Driver Uninstaller 18.0.6.9 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DS4Windows 3.2.19 updates libraries and resolves several bugs. This is a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Nvidia Driver 474.66 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Samsung DeX 2.4.1.22 doesn’t provide a change log so should be treated as a security update.
https://www.samsung.com/us/apps/dex/

Wacom Driver 6.4.4-3 adds support for new hardware and resolves several bugs. This is not a security update.
https://www.wacom.com/en-us/support/product-support/drivers

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.60.114 resolves dozens of bugs. This is a security update.
https://brave.com/

Google Chrome 119.0.6045.123 is a security update.
https://www.google.com/chrome/

Microsoft Edge 119.0.2151.58 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 119.0.1 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 115.4.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 6.4.3160.42 is a security update.
https://vivaldi.com/

Microsoft Edge WebView2 119.0.2151.44 is a security update.
https://developer.microsoft.com/en-us/microsoft-edge/webview2/

Email Updates

One or more of these are likely to be of interest to everyone.

DavMail Gateway 6.2.0 updates dependencies and resolves several bugs. This is a security update.
https://davmail.sourceforge.net/

Spark 3.10.2 adds Spark Integrations and +AI to improve automation and resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.10.2.61166 adds Spark Integrations and +AI to improve automation and resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 115.4.2 resolves several bugs. This is not a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 8.0.6 adds dark mode, improves key handling, improves UI, and resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

AnyDesk (macOS) 7.2.3 vastly improves key handling and resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

BrowsingHistoryView 2.57 improves compatibility with Opera. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 8.4.0 adds support for IPFS and resolves more than 100 bugs. This is a security update.
https://curl.haxx.se/windows/

Dropbox 186.4.6207 improved hard drive space controls. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 199.0.0.9.236 is a security update.
https://www.messenger.com/download

FileZilla Client 3.66.1 improves stability and resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 13.1 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 84.0 is a security update.
https://drive.google.com/start

Microsoft Teams 1.6.00.29964 adds SMS notifications, unique join links, workflows within channels and resolves several bugs. This is not a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 27.1.3 is a security update.
https://nextcloud.com/

Npcap 1.78 is a security update.
https://nmap.org/npcap/

Pocketnet-GUI 0.8.67 resolves several bugs. This is not a security update.
https://pocketnet.app/

Rclone 1.64.2 resolves several bugs. This should be treated as a security update.
https://rclone.org/

Signal 6.38.0 improves contact management, voice and video calls. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 6.39.3 improves contact management. This is not a security update.
https://signal.org/android/apk/

Skype 8.106.0.212 resolves several bugs. This is not a security update.
https://www.skype.com/

Syncthing 1.26.0 resolves several bugs. This should be treated as a security update.
https://syncthing.net/

Technitium DNS Server 11.5.3 resolves several bugs. This follows shortly after a security update, so should be treated as a security update.
https://technitium.com/dns/

Telegram (Android) 10.2.3 doesn’t provide a changelog so should be treated as a security update.
https://telegram.org/apps

Telegram 4.11.8 resolves several bugs. This is not a security update.
https://telegram.org/

Zoom 5.16.6.24712 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 3.0.13 resolves several bugs. This is not a security update.
https://en.3tene.com/

Bitwig Studio 5.0.11 resolves several bugs. This is not a security update.
https://www.bitwig.com/download/

iTunes 12.13.0.9 is a security update.
https://www.apple.com/itunes/download/

Picard 2.10 is a security update.
https://picard.musicbrainz.org/

Plex Desktop 1.81.0.4012 adds Discover Together and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.50.1.4014 improves stability. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.32.8.7639 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

VLC Media Player 3.0.20 is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2023.8.2.108 improves stability. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.3.180 resolves several bugs. This is not a security update.
https://gdevelop.io/download

Lego Studio 2.23.10_1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

Minecraft Server (Bedrock) 1.20.41.02 doesn’t provide a changelog so should be treated as a security update.
https://www.minecraft.net/en-us/download/server/bedrock

Nintendo Switch 17.0.0 improves stability. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

PS5 23.02-08.20.02 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

SteamOS SteamDeck Update 2023-11-13 is a security update.
https://store.steampowered.com/news/app/1675200/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Acrobat and Reader DC 23.006.20380 is a security update.
https://get.adobe.com/reader

Adobe Acrobat and Reader 20.005.30539 is a security update.
https://helpx.adobe.com/security/products/acrobat/apsb23-54.html

Adobe After Effects 23.6.2 and 24.0.3 are security updates.
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html

Adobe Animate 23.0.3 and 24.0 are security updates.
https://helpx.adobe.com/security/products/animate/apsb23-61.html

Adobe Audition 23.6.2 and 24.0.3 are security updates.
https://helpx.adobe.com/security/products/audition/apsb23-64.html

Adobe Bridge 13.0.5 and 14.0.1 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb23-57.html

Adobe ColdFusion 2021.12 and 2023.6 are security updates.
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html

Adobe Dimension 3.4.10 is a security update.
https://helpx.adobe.com/security/products/dimension/apsb23-62.html

Adobe FrameMaker Publishing Server 2022.1 is a security update.
https://helpx.adobe.com/security/products/framemaker/apsb23-58.html

Adobe InCopy 18.5.1 and 19.0 are security updates.
https://helpx.adobe.com/security/products/incopy/apsb23-60.html

Adobe InDesign 18.5.1 and 19.0 are security updates.
https://helpx.adobe.com/security/products/indesign/apsb23-55.html

Adobe Media Encoder 23.6.2 and 24.0.3 are security updates.
https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html

Adobe Photoshop 24.7.2 and 25.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb23-56.html

Adobe Premiere Pro 23.6.2 and 24.0.3 are security updates.
https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html

Adobe RoboHelp Server 11.5 is a security update.
https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html

Artweaver 7.0.16 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Audacity 3.4.1 adds musical view, pitch controls, and resolves a dozen bugs. This is not a security update.
https://www.audacityteam.org/download/

Blender 3.6.5 doesn’t provide a detailed change log so should be treated as a security update.
https://www.blender.org/download/

Calibre 6.29.0 resolves several bugs, improves zoom control, and adds a command line option to open a new instance. This is not a security update.
https://calibre-ebook.com/

Ghostscript 10.02.1 is a security update.
https://www.ghostscript.com/releases/gsdnld.html

GIMP 2.10.36 is a security update.
https://www.gimp.org/

ImageMagick 7.1.1-21 is a security update.
https://imagemagick.org/

Kdenlive 23.08.3 resolves dozens of bugs. This is not a security update.
https://kdenlive.org/

Kindle for PC 2.1.70471 doesn’t provide a change log so should be treated as a security update.
https://www.amazon.com/kindleforpc

Krita 5.2.1 improves various features and resolves dozens of bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice 7.5.8 resolves more than a dozen bugs. This is not a security update.
https://www.libreoffice.org/

Manager 23.11.13.1143 resolves several bugs. This is not a security update.
https://www.manager.io/

Nextcloud Desktop 3.10.1 resolves several bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.5.8 resolves more than a dozen bugs. This is a security update.
https://notepad-plus-plus.org/

Paint.net 5.0.11 resolves several bugs. This is not a security update.
https://www.getpaint.net/

PDF-XChange Editor 10.1.2.382 is a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

QuickBooks Pro 2022 R13_09 improves migration assistant and resolves several bugs. This is not a security update.
https://downloads.quickbooks.com/app/qbdt/products

QuickBooks Pro 2023 R6_25 resolves resolves a major billing bug. This is not a security update.
https://downloads.quickbooks.com/app/qbdt/products

QuickBooks Pro 2024 20230817-R3_61 doesn’t provide a change log so should be treated as a security update.
https://downloads.quickbooks.com/app/qbdt/products

SumatraPDF 3.5.2 resolves several bugs. This is not a security update.
https://www.sumatrapdfreader.org/download-free-pdf-viewer

Security Software Updates

One or more of these is likely to be of interest to most people.

JShelter 0.17 adds several new controls and features. This is not a security update.
https://jshelter.org/install/

KeePass 2.55 resolves more than a dozen bugs and adds several new features. This is a security update.
https://keepass.info/

MalwareBytes Anti-Malware 4.6.5 improves compatibility and resolves a couple bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

OpenSSL 3.1.4 is a security update.
https://www.openssl.org/

ProtonVPN (macOS) 4.0.0 improves stability. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.13.0 is a security update.
https://www.adlice.com/download/roguekiller/

Stinger 12.2.0.664 adds support for several new detections. This should be considered a security update.
https://www.mcafee.com/us/downloads/free-tools/stinger.aspx

SuperAntiSpyware 10.0.1258 is a security update.
https://www.superantispyware.com/download.html

Tails 5.19 is a security update.
https://tails.boum.org/install/dvd/index.en.html

Tron 2023-10-17 is a security update.
https://www.bmrf.org/repos/tron/

uBlock Origin 1.53.4 improves stability.
https://github.com/gorhill/uBlock/releases/latest

Wireless Network Watcher 2.40 adds columns for IPv6 Address and Link Local IPv6 Address. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

Capture Updates

These are unlikely to be of interest to most people.

Open Broadcaster Software 30.0.0 is a major update which removes support for older platforms, adds support to new features and capabilities, and resolves over 50 bugs. This should be treated as a security update.
https://obsproject.com/

SnagIt 24.0.1 resolves several bugs, improves performance and adds output to Teams. This is not a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 13.0.0.4 resolves dozens of bugs and adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

FFmpeg 20231114 adds caption decoding. This is not a security update.
https://ffmpeg.org/ffmpeg.html

StreamFab 6.1.4.9 improves compatibility and resolves dozens of bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 2.0.0.3 improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.30 is a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

.NET Runtime 7.0.13 and 8.0.0 are security updates.
https://dotnet.microsoft.com/en-us/download/dotnet

1Password 8.10.18 resolves over a dozen bugs. This is not a security update.
https://1password.com/

Agent Ransack 2022.3416 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

AMD Ryzen Master 2.11.2.2659 is a security update.
https://www.amd.com/en/technologies/ryzen-master

AOMEI Partition Assistant 10.2.1 improves compatibility. This is not a security update.
https://www.diskpart.com/

Beyond Compare 4.4.7.28397 improves stability and resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 2023.10.1 resolves several bugs. This is not a security update.
https://bitwarden.com/

CCleaner 6.17.10746 improves junk cleaning. This is a security update.
https://www.ccleaner.com/

CurrPorts 2.76 adds option to show only incoming TCP connections. This is not a security update.
https://www.nirsoft.net/utils/cports.html

Dell Command Update 5.1.0 is a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

Dell OS Recovery Tool 2.3.2.7523 doesn’t provide a change log so should be treated as a security update.
https://www.dell.com/support/home/uk/en/ukbsdt1/drivers/osiso/recoverytool

DesktopOK 11.13 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 4.0.129.0 updates libraries and resolves several bugs. This is a security update.
https://dngrep.github.io/

email-oauth2-proxy 2023-11-01 adds support for secret rotation, resolves a couple bugs, and improves compatibility. This is not a security update.
https://github.com/simonrob/email-oauth2-proxy

Everything Toolbar 1.3.2 resolves a couple bugs. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

Fido 1.52 adds support for Windows 11 23H2. This is not a security update.
https://github.com/pbatard/Fido/releases

FileLocator Pro 2022.3416 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Fing 3.5.1 improves stability and resolves several bugs. This is not a security update.
https://www.fing.com/products/fing-desktop-download-windows

Go 1.21.4 is a security update.
https://go.dev/

GoodSync 12.4.5 resolves dozens of bugs. This is not a security update.
https://www.goodsync.com/

HDD Raw Copy 1.20 doesn’t provide a change log so should be treated as a security update.
https://hddguru.com/software/HDD-Raw-Copy-Tool/

HWiNFO 7.66 adds support for newer hardware and resolves several bugs. This is not a security update.
https://www.hwinfo.com/download/

Java 8u391 is a security update.
https://www.java.com/en/download/manual.jsp

NConvert 7.163 doesn’t provide a change log so should be treated as a security update.
https://www.xnview.com/en/nconvert/

NetworkInterfacesView 1.35 adds support for IPv6 addresses and IPv6 DNS servers. This is not a security update.
https://www.nirsoft.net/utils/network_interfaces.html

NTLite 2023.11.9477 improves compatibility and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

osquery 5.10.2 is a security update.
https://osquery.io/downloads

PingInfoView 3.01 adds support for IPv6, sorting, reporting improvements, and resolves several bugs. This is not a security update.
https://www.nirsoft.net/utils/multiple_ping_tool.html

PowerToys 0.75.1 resolves a couple bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 9.5.4 reduces nags and resolves several bugs. This is not a security update.
https://www.roboform.com/

Rufus 4.3 adds support for Windows 11 23H2, improves compatibility, and resolves several bugs. This is not a security update.
https://rufus.ie/en_US/

ScreenConnect 23.8.5.8707 is a security update.
https://www.connectwise.com/software/control/download

Sysmon 15.11 improves performance and resolves a couple bugs. This is a security update.
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon

TcpLogView 1.40 adds option to show only incoming connections. This is not a security update.
https://www.nirsoft.net/utils/tcp_log_view.html

VMMap 3.4 adds support for .NET 6 and higher. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/vmmap

WinGet 1.6.3133 adds support to configure behavior and resolves several bugs. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

WinScan2PDF 8.68 improves performance and reliability. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 4.16 adds several new features, cosmetic and reliability improvements, and resolves several bugs. This is not a security update.
https://www.diskanalyzer.com/

ZoomIt 7.2 adds highlighter and blur and microphone selection. This is not a security update.
https://learn.microsoft.com/en-us/sysinternals/downloads/zoomit

Developer Updates

These are unlikely to be of interest to most people.

ADB 34.0.5 resolves several bugs. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Android Studio 2022.3.1.21 resolves a couple issues with Gradle. This is not a security update.
https://developer.android.com/studio

GitHub Desktop 3.3.5 resolves several bugs. This is not a security update.
https://desktop.github.com/

Godot 4.1.3 resolves several bugs. This is not a security update.
https://godotengine.org/

Microsoft Visual C++ 2022 Redistributable 14.36.33130.0 is a security update.
https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist

MySQL ConnectorNet 8.2.0 updates libraries and resolves a couple bugs. This is not a security update.
https://dev.mysql.com/downloads/connector/net/

MySQL Server 8.0.35 resolves over a dozen bugs. This is a security update.
https://dev.mysql.com/downloads/installer/

Node.js 18.18.2 is a security update.
https://nodejs.org/en/

Node.js 20.9.0 is a security update.
https://nodejs.org/en/

Node.js 21.2.0 resolves several bugs, updates libraries, and provides dozens of improvements. This is a security update.
https://nodejs.org/en/

SQLite 3.44.0 provides more than a dozen improvements and bug fixes. This should be treated as a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.84.2 resolves several bugs. As of 1.84 Microsoft has dropped support for 32-bit versions of Visual Studio. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.34 resolves several bugs. This is not a security update.
https://winmerge.org/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.16.6 resolves several bugs. This is not a security update.
https://www.ppsspp.org/download/

VirtualBox 7.0.12 resolves dozens of bugs. This should be treated as a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

HumHub 1.15.0 resolves dozens of bugs. This is a security update.
https://www.humhub.com/en

Invision Community 4.7.14 resolves dozens of bugs. This is not a security update.
https://invisioncommunity.com/

Joomla 5.0.0 and 4.4.0 are both major updates with many new features, compatibility improvements, and bug fixes. These are not security updates.
https://www.joomla.org/

ownCloud Client 5.1.2 is a major update improving compatibility, performance, stability and resolving many bugs. This is not a security update.
https://owncloud.com/desktop-app/

ownCloud Server 10.13.2 updates depenendencies and resolves several bugs. This is a security update.
https://owncloud.com/download-server/

WordPress 6.4.1 is the third update to WordPress in the last month, following several security issues.
https://wordpress.org/

Autoptimize 3.1.10 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

BuddyPress 11.4.0 improves stability and compatibility. This is a security update.
https://wordpress.org/extend/plugins/buddypress/

Contact Form 7 5.8.2 improves stability and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.7 resolves a couple bugs. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

My Sticky Bar (formerly myStickymenu) 2.6.5 rebrands, adds a couple features, and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/

Postie 1.9.66 improves compatibility and resolves a notification bug. This is not a security update.
https://wordpress.org/extend/plugins/postie/

Show IDs 1.1.10 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/wpsite-show-ids/

W3 Total Cache 2.6.0 improves compatibility and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 8.2.2 resolves several bgus. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Mail SMTP 3.10.0 improves OAuth integration and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/

WP Plugin Update Checker 5.3 resolves a couple bugs. This is not a security update.
https://github.com/YahnisElsts/plugin-update-checker/releases/latest

WPBakery 7.2 adds AI support and resolves several bugs. This is not a security update.
https://wpbakery.com/

WPtouch 4.3.55 resolves several bgus. This is not a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

 

Updates 2023-06-13

Welcome back, Folks!

Today is Patch Tuesday for June, 2023.

This month brings critical security updates for all supported Apple products, the end of all non-LTS versions of Windows 10 other than v22H2 (if you aren’t sure whether you are using LTS, you aren’t), and new security updates for every browser every single week since last month. That’s on top of the 180+ major hacks, and over 220 application updates this month.

Prepare yourself, there will be about 4.5 GB of updates for most devices this month.

This Month in Technology

Accellion FTA, Aer Lingus, airBaltic, Albany ENT & Allergy Services, Alvaria, Inc., Android, 60,000 malicious Android apps, millions of Android-based devices have been  pre-infected, Apria Healthcare, ASAS Health, Ascension Providence, Ascension Seton, Asian Health Services, Atomic Wallet, Augusta, Georgia, Bank Syariah Indonesia, Barracuda Email Security Gateway appliances (since 2022), BBC, Bluefield University, Boots, Brightline, Inc., Brightly Software SchoolDude, British Airways, Builders FirstSource Flex Plan, Bukkit and CurseForge Minecraft mods, Burton Snowboards, Capita, Casepoint (used by SEC, DOD and Pentagon), Celer, Children’s Health Insurance Program, Chilean army, Cisco Secure Client (formerly AnyConnect), Cisco Small Business Series Switches, City of Dallas, Texas, Clarke County Hospital, Credit Control Corp, Culbertson Memorial Hospital, D-Link D-View 8, Discord, Earlens Corporation, thousands of eCommerce sites, Eisai, Elgon Information Systems, Emby, Enzo Biochem, Essen Medical Associates, Extreme Networks, Farmalink, Fertility Specialists Medical Group, FortiOS, Franklin Templeton Canada, Franklin, Tennessee, GIGABYTE PCs, GitLab, Globalcaja, Goodwill Industries of Greater New York and Northern NJ, Inc., Google Chrome, over 30 Chrome extensions, Grant Regional Health Center, Great Expressions Dental Centers, Harvard Pilgrim Health Care, Hillsborough County Supervisors of Elections Office, Honda, HWL Ebsworth, Idaho Falls Community Hospital, Illinois Department of Healthcare and Family Services, Illinois Department of Human Services, IMA Financial Group, Inc., Infotel JSC, Intellihartx, iOS, Iowa Department of Health and Human Services (again!), iPhones, iSpace, Inc., Israeli organizations, ITx Companies, JD Group, Jimbos Protocol, Kaspersky, KeePass, Kiddowares Parental Control – Kids Place, L3Harris, Lacroix, Lancaster Orthopedic Group, Latitude Financial Services, Lehigh Valley Health Network, Luxottica, macOS, Madhya Pradesh Power Management Co, Managed Care of North America (MCNA) Dental, Marshall Information Services, LLC dba Primary Solutions, Martinique, MedInform, Inc., MEO, Mercy Home, Mercy Medical Center – Clinton, Inc., Microsoft Azure, Microsoft Exchange, Microsoft Visual Studio, Minnesota Department of Education, Mountain View Hospital, Mountain View RediCare, MOVEit Transfer (since 2021 – and more coming almost daily), MSI, NextGen Healthcare, North Shore Medical Labs, Norton Healthcare, Nova Scotia government, Onix Group LLC, Orbiter Finance, Oyate Health Center, Pacific Union College, thousands of PaperCut servers, PartsSource, Inc. Welfare Benefit Plan, Pearland ISD, Texas, PharMerica, Amazon PillPack, Pioneer Valley Ophthalmic Consultants, PC, 30 Portuguese financial institutions, R&B Corporation of Virginia, the defunct RaidForums, RenderDoc, RentoMojo, ReportLab, Rheinmetall AG, Ruckus Wireless Admin, Sacramento County, Salesforce ‘Ghost Sites’, Samsung mobile devices, Scandinavian Airlines, ScanSource, Seoul National University Hospital, Sesame, Inc., Shell Recharge, SimpleTire, Skolkovo Foundation, Solutran, South and Southeast Asia government, aviation, and telecommunication organizations, South East Regional Organised Crime Unit, Sparta Community Hospital District, State of Illinois, Strava, Swiss government, Synergy Hematology Oncology Medical Associates, T. Rowe Price Group, Inc., Tennessee Orthopaedic Clinics, The CSC Generation Holdings, Inc. Health and Welfare Plan, The Philadelphia Inquirer, Topcon Healthcare Solutions, Inc., Tornado Cash, Toyota Motor Corporation (over a decade), TP-Link routers, Trezor T Hardware Wallet, Tron, UI Community Home Care, Uintah Basin Healthcare, United Healthcare Services, Inc. Single Affiliated Covered Entity, University of Manchester, University of Rochester, Uranium Finance, “critical US infrastructure” since 2021, US communications infrastructure, US Department of Transportation, US government contractor ABB, Valley Orthopaedic Specialists, Vascular Center of Intervention, VMware Aria Operations for Networks, VMware ESXi servers, WhizComms, Windows 10 WordPad, Windows Internet Information Services, Windows XP activation, WordPress Advanced Custom Fields, WordPress Beautiful Cookie Consent Banner, WordPress Essential Addons for Elementor, WordPress Gravity Forms, WordPress Jetpack, Zacks Investment Research, Zellis, Zimbra, and Zyxel have reportedly been hacked or compromised this month.

ASUS routers, ChatGPT, GitHub, Microsoft 365, Microsoft Azure Portal, Microsoft OneDrive, Microsoft’s Outlook.com, Reddit, and ScanSource have suffered from outages this month.

Last months updates broke HP Office Jet printers, Surface laptop cameras, VPN performance, Windows Defender, Windows file copy, and Windows printing and audio playback.

30% of all internet traffic is malicious. Is anyone really surprised? Facebook has actually made progress against phishing by suing a registrar used primarily to create phishing domains.  The .zip TLD was released this month and it is already being used for malicious purposesMozilla was pushing full-screen ads for their VPN service. Google Ads remain one of the most common sources for malware.

Amazon has been fined $30 million over Ring and Alexa privacy violations. Microsoft will pay a mere $20 million for illegally collecting data on children in violation of COPPA. Meta (Facebook) has been fined $1.3 billion for moving data to US servers.

Call of Duty players can be identified on any platform violating their privacy. The American Hospital Association (AHA) doesn’t respect your privacy. People are sacrificing their tech, crypto and privacy in hopes of 15 minutes of fame.

Ford is so concerned about their spontaneous combustion issues, they’re advising owners of their vehicles to park outside.

While I’m not a big fan of Reddit, their new API rates and policies are going to be the death of many subreddits, since they’ll result in less automation by the good guys while not reducing the automation used by the bad guys.

Apple introduced Rapid Security Response (fast patching for security issues) last month, and have already caused panic among users.

The FDA has once-again expanded its own authority in what can only result in shrinking the food supply.

As expected, OAuth provides a fancy new “watering hole” target for attackers.

Now for the good news:

Microsoft will be killing Cortana later this year.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 4.5 GB in updates today. Let’s get started.

Windows 10 and Windows 11 versions 22H2 should now be installed on all supported hardware as all prior non-LTS versions are no longer supported.

Microsoft released updates to address 1,378 bugs including 73 vulnerabilities in .NET and Visual Studio, .NET Core, .NET Framework, ASP .NET, Azure DevOps, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Office, Microsoft Office Excel, Microsoft Office OneNote, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft Power Apps, Microsoft Printer Drivers, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows Codecs Library, NuGet Client, Remote Desktop Client, Role: DNS Server, SysInternals, Visual Studio, Visual Studio Code, Windows Authentication Methods, Windows Bus Filter Driver, Windows Cloud Files Mini Filter Driver, Windows Collaborative Translation Framework, Windows Container Manager Service, Windows CryptoAPI, Windows DHCP Server, Windows Filtering, Windows GDI, Windows Geolocation Service, Windows Group Policy, Windows Hello, Windows Hyper-V, Windows Installer, Windows iSCSI, Windows Kernel, Windows NTFS, Windows ODBC Driver, Windows OLE, Windows PGM, Windows Remote Procedure Call Runtime, Windows Resilient File System (ReFS), Windows Server Service, Windows SMB, Windows TPM Device Driver, Windows Win32K, and MSRT (~2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Ventura 13.4, macOS Monterey 12.6.6, macOS Big Sur 11.7.7, iOS 15.7.6, iOS 16.5, iPadOS 15.7.6, iPadOS 16.5, tvOS 16.5, watchOS 9.5.1, Safari 16.5, iTunes 12.12.9 for Windows, and Pro Video Formats 2.2.5. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 15.7.6 and 16.5 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 15.7.6 and 16.5 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 9.5.1 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 16.5 is a security update. Use System, Software Update to install the most current version.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Ventura (13.x) means that macOS Catalina (10.15) and older are no longer supported. If you can not install at least macOS Big Sur (11) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current — and final — release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. All non-LTS versions of Windows 10 other than v22H2 are now out of support, upgrade to v22H2 now. If you aren’t sure whether you are using LTS, you aren’t. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is now stable and can be upgraded to if your hardware supports it, but I recommend you continue to use Windows 10 until early 2025 before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 23.5.2 resolves several bugs and improves reliability. This is not a security update.
https://www.amd.com/en/support

Crucial Storage Executive 9.01 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.6.4 adds command-line arguments to optimize removal and improves cleanup for AMD. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DS4Windows 3.2.11 resolves several bugs and updates libraries. This should be treated as a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Garmin Express 7.17.2 doesn’t provide a changelog so should be treated as a security update.
https://www.garmin.com/en-US/software/express/

Wacom Driver 6.4.2-3 adds training, help bar tips, and resolves several bugs. This is not a security update.
https://www.wacom.com/en-us/support/product-support/drivers

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.52.122 is a security update.
https://brave.com/

Google Chrome 114.0.5735.133 is a security update.
https://www.google.com/chrome/

Google Chrome 109.0.5414.149 (for Windows Server 2012) is a security update.
https://www.google.com/chrome/

Microsoft Edge 113.0.1774.57 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Microsoft Edge 109.0.1518.100 (for Windows Server 2012) is a security update.
https://www.microsoft.com/en-us/edge/business/download

Microsoft Edge WebView2 114.0.1823.43 is a security update.
https://developer.microsoft.com/en-us/microsoft-edge/webview2/

Firefox 114.0.1 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Vivaldi 6.1.3035.75 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

ProtonMail (Android) 3.0.15 is a security update.
https://proton.me/mail/download

Spark 3.6.0.50235 improves stability and resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.6.0.50236 improves stability and resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 102.12.0 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.1.12 resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

AnyDesk (macOS) 7.1.0 adds User Account support. This is not a security update.
https://anydesk.com/en/downloads

curl 8.1.2 resolves dozens of bugs. This is not a security update.
https://curl.haxx.se/windows/

DNSDataView 1.71 resolves a cosmetic bug. This is not a security update.
https://www.nirsoft.net/utils/dns_records_viewer.html

Dropbox 175.4.5569 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 188.0.11.164 is a security update.
https://www.messenger.com/download

FileZilla Server 1.7.2 resolves several bugs and improves Let’s Encrypt compatibility. This is not a security update.
https://filezilla-project.org/

FreeFileSync 12.3 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 76.0 is a security update.
https://drive.google.com/start

IPInfoOffline 1.70 adds support for additional IP location databases. This is not a security update.
https://www.nirsoft.net/utils/ip_country_info_offline.html

MailEnable 10.46 is a security update.
https://www.mailenable.com/

MeshCentral 2.11.7849.20089 resolves several bugs and updates libraries. This is not a security update.
https://meshcentral.com/info/downloads.html

Microsoft Teams 1.6.00.12455 resolves several bugs and adds lobby bypass, virtual front desk, and QR code sign-in for hotdesks. This is not a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 27.0 is a major update, with updates to libraries and resolves several bugs. This is a security update.
https://nextcloud.com/

Nmap 7.94 resolves several bugs, updates libraries, and adds dozens of new signatures. This is a security update.
https://nmap.org/

Pocketnet-GUI 0.8.49 improves IPFS support, adds option to purge local storage, and resolves several bugs. This is not a security update.
https://pocketnet.app/

PushBullet 501 doesn’t provide a changelog so should be treated as a security update.
https://www.pushbullet.com/

Signal 6.20.2 improves stability and adds scroll-to for mentions. This is not a security update.
https://signal.org/download/windows/
https://signal.org/download/macos/

Signal (Android) 6.22.8 doesn’t provide a changelog so should be treated as a security update.
https://signal.org/android/apk/

Skype 8.97.0.204 resolves several bugs. This is not a security update.
https://www.skype.com/

Syncthing 1.23.5 resolves several bugs. This is not a security update.
https://syncthing.net/

Technitium DNS Server 11.2 adds support for SVCB and HTTPS and unknown record types, PTR App, Weighted Round Robin App and resolves several bugs. This is not a security update.
https://technitium.com/dns/

Telegram 4.8.3 resolves several bugs. This is not a security update.
https://telegram.org/

USB Drive Log 1.12 adds sort-by. This is not a security update.
https://www.nirsoft.net/utils/usb_drive_log.html

Wget 1.21.4 is a security update.
https://eternallybored.org/misc/wget/

WinSCP 6.1 is a major update. This adds many features and resolves several bugs. This is a security update.
https://winscp.net/eng/index.php

Zoom 5.14.11.17466 resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 3.0.9 resolves several bugs and improves tracking and interaction controls. This is not a security update.
https://en.3tene.com/

iTunes 12.12.9.4 is a security update.
https://www.apple.com/itunes/download/

Plex Desktop 1.70.2.3845 resolves several bugs and adds discover together. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.39.2.3822 adds sign-out and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.32.3.7192 adds support for new hardware and resolves several bugs. This is a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

GDevelop 5.1.164 resolves several bugs. This is not a security update.
https://gdevelop.io/download

Lego Studio 2.23.5.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

PS5 23.01-07.40.00 resolves several bugs and improves stability. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Animate 22.0.10 and 23.0.2 are security updates.
https://helpx.adobe.com/security/products/animate/apsb23-36.html

Adobe Commerce and Magento Commerce 2.3.7-p4-ext-3, 2.4.0-ext-3, 2.4.1-ext-3, 2.4.2-ext-3, 2.4.3-ext-3, 2.4.4-p4, 2.4.5-p3, and 2.4.6-p1 are security updates.
https://helpx.adobe.com/security/products/magento/apsb23-35.html

Adobe Experience Manager 2023.4 and 6.5.17.0 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb23-31.html

Adobe Substance 3D Designer 13.0.0 is a security update.
https://helpx.adobe.com/security/products/substance3d_designer/apsb23-39.html

Audacity 3.3.3 resolves several bugs. This is not a security update.
https://www.audacityteam.org/download/

ImageMagick 7.1.1-11 resolves dozens of bugs. This is a security update.
https://imagemagick.org/

Kdenlive 23.04.1 resolves several bugs. This is not a security update.
https://kdenlive.org/

LibreOffice Fresh 7.5.4 resolves 80 bugs. This is not a security update. Remember that the “Fresh” line is beta software so should be avoided by most users.
https://www.libreoffice.org/

LibreOffice 7.4.7 resolves over 50 bugs. While the 7.4 “Still” branch is now end of life, this should be used for the next 6 weeks before 7.5 is released as “Still.”
https://www.libreoffice.org/

Nextcloud Desktop 3.9.0 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.5.3 resolves over a dozen bugs. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 5.0.6 improves cosmetics and resolves several bugs. This is not a security update.
https://www.getpaint.net/

Calibre 6.21.0 resolves several bugs and adds output formats. This is not a security update.
https://calibre-ebook.com/

Adobe Reader DC 23.003.20201 resolves several bugs. This is not a security update.
https://get.adobe.com/reader

Adobe Reader DC Patch 23.001.20174 resolves a stability bug. This is not a security update.
https://get.adobe.com/reader

Adobe Reader DC Patch (Mac) 23.001.20177 resolves a stability bug. This is not a security update.
https://get.adobe.com/reader

Security Software Updates

One or more of these is likely to be of interest to most people.

Chainsaw 2.6.2 resolves a rule parsing bug. This is not a security update.
https://github.com/countercept/chainsaw

KeePass 2.54 adds triggers, global URL overrides, password generator profiles, improvements to exports and reporting, and resolves several bugs. This is not a security update.
https://keepass.info/

OpenSSL 3.1.1 is a security update.
https://slproweb.com/products/Win32OpenSSL.html

OpenSSL 1.1.1u is a security update.
https://www.openssl.org/source/

ProtonVPN (macOS) 3.1.4 resolves several bugs. This should be treated as a security update.
https://protonvpn.com/download

Radmin VPN 1.3.4570.5 doesn’t provide a changelog so should be treated as a security update.
https://www.radmin-vpn.com/

RogueKiller 15.10.0 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

SuperAntiSpyware 10.0.1252 is a security update.
https://www.superantispyware.com/download.html

Stinger 12.2.0.614 should be treated as a security update.
https://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Tails 5.14 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.50.0 resolves dozens of bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Velociraptor 0.6.9 should be treated as a security update.
https://github.com/Velocidex/velociraptor/releases/latest

YARA 4.3.2 is a security update.
https://github.com/VirusTotal/yara/

Capture Updates

These are unlikely to be of interest to most people.

Open Broadcaster Software 29.1.2 resolves dozens of bugs. This is not a security update.
https://obsproject.com/

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.1.0.8 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

iMazing HEIC Converter 2.0.9 doesn’t provide a changelog so should be treated as a security update.
https://imazing.com/heic

MakeMKV 1.17.4 adds support for new encodings and resolves several bugs. This is not a security update.
https://www.makemkv.com/download/

PDF Creator 5.1.1 resolves a couple bugs. This is not a security update.
https://www.pdfforge.org/pdfcreator

StreamFab 6.1.2.6 adds support for new sources and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 1.0.2.0 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.10.7 resolves dozens of bugs. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.10.7 resolves dozens of bugs. This is not a security update.
https://1password.com/downloads/windows/

7-Zip 23.00 resolves several bugs and improves performance in some situations. This is not a security update.
https://www.7-zip.org/

AppResourcesUsageView 1.05 adds sort-by option. This is not a security update.
https://www.nirsoft.net/utils/app_resources_usage_view.html

BatteryHistoryView 1.05 adds sort-by option. This is not a security update.
https://www.nirsoft.net/utils/battery_history_view.html

Bitwarden 2023.5.0 resolves several bugs. This is not a security update.
https://bitwarden.com/

CCleaner 6.12.10490 resolves several bugs. This is not a security update.
https://www.ccleaner.com/

ControlMyMonitor 1.37 adds support for abbreviated IDs and improves compatibility. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

CurrPorts 2.75 adds support for additional IP location databases. This is not a security update.
https://www.nirsoft.net/utils/cports.html

Dell Command Update 4.9.0 resolves several bugs and improves stability. This should be treated as a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

Dell OS Recovery Tool 2.3.7515 doesn’t provide a changelog so should be treated as a security update.
https://www.dell.com/support/home/uk/en/ukbsdt1/drivers/osiso/recoverytool

dnGrep 3.2.330.0 resolves several bugs. This is not a security update.
https://dngrep.github.io/

email-oauth2-proxy 2023-05-18 resolves several bugs. This is not a security update.
https://github.com/simonrob/email-oauth2-proxy

ESEDatabaseView 1.72 adds sort-by and open recent file support. This is not a security update.
https://www.nirsoft.net/utils/ese_database_view.html

Everything 1.4.1.1024 is a security update.
https://www.voidtools.com/

Everything Toolbar 1.1.1 resolves a couple bugs. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

Fido 1.50 removes inactive downloads and adds UEFI Shell 2.2 23H1. This is not a security update.
https://github.com/pbatard/Fido/releases

FileTypesMan 1.97 resolves a support annoyance. This is not a security update.
https://www.nirsoft.net/utils/file_types_manager.html

Fing 3.3.1 resolves several bugs. This is not a security update.
https://www.fing.com/products/fing-desktop-download-windows

FullEventLogView 1.78 adds full screen mode. This is not a security update.
https://www.nirsoft.net/utils/full_event_log_view.html

Git SCM 2.41.0 resolves dozens of bugs. This is a security update.
https://git-scm.com/

Go 1.20.5 is a security update.
https://go.dev/

GoodSync 12.2.5 resolves several bugs. This is not a security update.
https://www.goodsync.com/

grepWin 2.0.15 resolves several bugs. This is not a security update.
https://github.com/stefankueng/grepWin/releases/latest

GUIPropView 1.25 adds sort-by and black background support. This is not a security update.
https://www.nirsoft.net/utils/gui_prop_view.html

Homedale 2.06 resolves a crash bug. This is not a security update.
https://www.the-sz.com/products/homedale/

HWiNFO 7.46 resolves several bugs. This is not a security update.
https://www.hwinfo.com/download/

InstalledAppView 1.07 adds sort-by support and resolves a high-DPI bug. This is not a security update.
https://www.nirsoft.net/utils/installed_app_view.html

LastActivityView 1.37 resolves a stability bug. This is not a security update.
https://www.nirsoft.net/utils/computer_activity_view.html

LiveTcpUdpWatch 1.50 adds ASN and Organization columns, and support for additional IP location databases. This is not a security update.
https://www.nirsoft.net/utils/live_tcp_udp_watch.html

ManageWirelessNetworks 1.11 adds sort by support. This is not a security update.
https://www.nirsoft.net/utils/manage_wireless_networks.html

MobileFileSearch 1.45 adds the ability to cancel search with Esc. This is not a security update.
https://www.nirsoft.net/utils/mobile_device_file_search.html

MultiMonitorTool 2.10 adds abbreviated ID support. This is not a security update.
https://www.nirsoft.net/utils/multi_monitor_tool.html

NetRouteView 1.40 adds several new columns and option to copy as route. This is not a security update.
https://www.nirsoft.net/utils/network_route_view.html

NetworkOpenedFiles 1.60 adds support for folder, user and computer filters. This is not a security update.
https://www.nirsoft.net/utils/network_opened_files.html

NTLite 2023.5.9257 resolves several bugs and improves compatibility. This is not a security update.
https://www.ntlite.com/download/

OpenToonz 1.7.1 resolves a stability bug. This is not a security update.
https://github.com/opentoonz/opentoonz/

OSForensics 10.0.1013 resolves several bugs. This is not a security update.
https://www.osforensics.com/download.html

AOMEI Partition Assistant 10.0 is a major update with cosmetic and functional changes. This is not a security update.
https://www.diskpart.com/

PingInfoView 2.30 adds high-resolution ping time support and the ability to hide disabled items. This is not a security update.
https://www.nirsoft.net/utils/multiple_ping_tool.html

PointerStick 6.26 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.70.1 improves stability. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Process Monitor 3.94 resolves a stability bug and restores Copy All functionality. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

PropertySystemView 1.20 adds CopyProperty command-line support. This is not a security update.
https://www.nirsoft.net/utils/windows_property_system_view.html

Recuva 1.53.2096 resolves a detection bug. This is not a security update.
https://www.ccleaner.com/recuva

RoboForm 9.4.8 resolves several bugs. This is not a security update.
https://www.roboform.com/

Rufus 4.1 resolves several bugs. This is not a security update.
https://rufus.ie/en_US/

SimpleWMIView 1.54 adds full screen and sort-by support. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

TeamViewer 15.42.7 resolves several bugs. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

Unity 2022.3.1 resolves dozens of bugs. This is a security update.
https://unity3d.com/get-unity/download/archive

WakeMeOnLan 1.91 updates the internal MAC addresses database. This is not a security update.
https://www.nirsoft.net/utils/wake_on_lan.html

WhyNotWin11 2.5.0.5 resolves several bugs and improves compatibility. This is not a security update.
https://github.com/rcmaehl/WhyNotWin11

WinGet 1.4.11071 resolves dozens of bugs and updates libraries. This is a security update.
https://github.com/microsoft/winget-cli/releases/latest

WinRAR 6.22 improves reliability and resolves stability bugs. This is not a security update.
https://www.rarlab.com/

WizTree 4.14.0.1 resolves several bugs. This is not a security update.
https://www.diskanalyzer.com/

ZoomIt 7.0 adds several new features including screen recording, annotation and editing. This is not a security update.
https://learn.microsoft.com/sysinternals/downloads/zoomit

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 2022.2.1.20 resolves several bugs. This is not a security update.
https://developer.android.com/studio

cx_Freeze 6.15 resolves several bugs and improves compatibility. This is not a security update.
https://cx-freeze.readthedocs.io/en/latest/index.html

Get-IMAPAccessToken 2023.5.22 resolves a bug. This is not a security update.
https://github.com/DanijelkMSFT/ThisandThat/blob/main/Get-IMAPAccessToken.ps1

GitHub Desktop 3.2.4 resolves several bugs. This is not a security update.
https://desktop.github.com/

Godot 4.0.3 provides resolution for hundreds of bugs and feature issues. This is not a security update.
https://godotengine.org/

Node.js 20.3.0 updates libraries and resolves several bugs. This is not a security update.
https://nodejs.org/en/

Python 3.11.4 is a security update.
https://www.python.org/downloads/windows/

SQLite 3.42.0 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Unreal Engine 5.2 adds dozens of new features and resolves several bugs. This is not a security update.
https://unrealengine.com/en-US/

Visual Studio Code 1.79.1 adds read-only, automatic copy, Git branch naming, and several other features. This is a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.15.4 resolves several bugs. This is not a security update.
https://www.ppsspp.org/download/

Web Package Updates

These are likely to be of interest only to web developers.

Invision Community 4.7.10 adds Courses, improved email bounce handling, and resolves dozens of bugs. This is not a security update.
https://invisioncommunity.com/

HumHub 1.14.2 resolves several bugs. This is not a security update.
https://www.humhub.com/en

ISPConfig 3.2.10p1 resolves several bugs. This is not a security update.
https://www.ispconfig.org/ispconfig/download/

Joomla 4.3.2 is a security update.
https://www.joomla.org/

jQuery 3.7.0 resolves several bugs and integrates Sizzle directly into jQuery. This is not a security update.
https://code.jquery.com/

ownCloud Client 4.0.0.10896 resolves several bugs. This is not a security update.
https://owncloud.com/desktop-app/

phpList 3.6.13 improves updater process and resolves several bugs. This is not a security update.
https://www.phplist.org/

Piwigo 13.7.0 is a security update.
https://piwigo.org/

SMF 2.1.4 updates libraries and resolves several bugs. This is not a security update.
https://www.simplemachines.org/

WordPress 6.2.2 is a security update.
https://wordpress.org/

BuddyPress 11.2.0 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/buddypress/

Contact Form 7 5.7.7 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

myStickymenu 2.6.3 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/

Really Simple CAPTCHA 2.2 updates minimum requirements and Apache directives. This is not a security update.
https://wordpress.org/extend/plugins/really-simple-captcha/

WooCommerce 7.7.2 resolves dozens of bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Plugin Update Checker 5.1 improves GitHub and GitLab parsing and resolves a couple bugs. This is not a security update.
https://github.com/YahnisElsts/plugin-update-checker/releases/latest

WPBakery 6.13.0 is a security update.
https://wpbakery.com/

WPtouch 4.3.53 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2023-05-09

Welcome back, Folks!

Today is Patch Tuesday for May, 2023.

This month brings news that the current stable release of Windows 10 will be the last version released until it is end of life (EOL) in October 2025. This means it is mature and won’t have annoying operating system changes on a regular basis, unlike Windows 11. There were over 150 major hacks, and over 215 application updates this month. All in all it’s a big month, with about 3.5 GB of updates for most users.

This Month in Technology

Alto Calore Servizi, American Bar Association, Americold, Amnesty International Australia, an African telecommunications organization, Apache Superset, APC’s Easy UPS Online Monitoring Software, Apro.cl, automotive Controller Area Network, AvidXchange, Banco de Venezuela, Berkeley, Bitmarck Germany, Bitrue, Blue Shield of California, Bluefield University, Brightline, Caltech, Capita, Cementos Bio-Bio S.A, Cementos Progreso, CH Media, Cisco IOS routers, Cisco PCD, Cisco Phone Adapters, City of Dallas, Texas, Conagua, Constellation Software, 9 cryptocurrency exchange websites, Cummins Behavioral Health Systems, 13 internet domains used for DDoS-for-hire services, Delphi Drug & Alcohol Council, Diocese of Las Vegas, Elastic, Ethan Health, LLC, Eurasia Group, Fairfax County Public Schools, Fincantieri Marine Group, Fortra, FTX, Fullerton India, GDAC, Genova Burns LLC, Google Chrome, Graceworks Lutheran Services, Group Euromotors, Guam Memorial Hospital, a Haarlem (NL) company, Hardenhuish School, HealthPlan Services, Inc., Henry County Hospital, Hillsborough County Supervisor of Elections Office, Hundred Finance, Hyundai, Illumina’s Universal Copy Service, Intel Boot Guard, Intel CPUs, Intel TDX, Iowa Department of Health and Human Services, John Muir Health – Walnut Creek Medical Center, Kabarak University, Kodi Foundation, KuCoin, La Clinica de La Raza, Inc., Lake Dallas Independent School District, Latitude Financial, Level Finance, Lürssen, Mars Area School District, Medtronic, MEO, Merlin, MetaMask, Methodist Family Health, Microsoft SQL servers, MiniMed Distribution Corp., MIT, Modern Cardiology Associates, Montgomery General Hospital, Monument Inc. and Tempest, MSI OEM Signing Keys, Murfreesboro Medical Clinic & SurgiCenter, Naivas Kenya, National Smallbore Rifle Association, NationsBenefits Holdings, LLC, NCR Aloha POS, NextGen Healthcare, Northeastern University, OGUsers, One Brooklyn Health, OrangeTee & Tie, Orqa, Packagist, Papercut, Pathway Healthcare, LLC, Philippines State Agencies, Point32Health, PrestaShop, RaidForums, RentoMojo, Retina & Vitreous of Texas, PLLC, Rheinmetall, Robeson Health Care Corporation, Roskomnadzor, Ruckus Wireless, SafeMoon, Saville Row, Seguros la Occidental, St. Vincent’s Ambulatory Care, Inc., Stanford, SushiSwap, T-Mobile (again), Tasmanian Government, TBK DVR, Tencent QQ, Terravision, TP-Link Archer A21, Trust Wallet, Twitter, two critical infrastructure organizations in the energy sector, two organizations involved in financial trading, Two Rivers Public Health Department, Ukraine, Ukrainian state networks, UMass Amherst, Unique Imaging, Inc, UniSat Wallet, United HealthCare, United Steelworkers Local 286, University of California, San Francisco, University Urology, Unlimited Care, Inc., Upper Peninsula Health Plan, US Consumer Financial Protection Bureau, US military “legacy weapons systems“, Valid Certifcadora, Veeam backup servers, VMware vRealize Log Insight, VMware, Western Digital, WP Advanced Custom Fields, WP Eval PHP, Yearn Finance, Yellow Pages Group, Yucatan government, and Z-Library (again) have reportedly been hacked or compromised this month.

1Password, Bank of Scotland, Google Search, Halifax, Lloyds Bank, Microsoft 365 and Exchange, Reddit, TSB Bank, and Twitter (twice) have suffered from outages this month.

Last months updates broke Microsoft Defender.

Google is finally adding end-to-end encryption to their security authenticator. However, they’re now weakening the security of your Google account by allowing anyone with any of your device PINs or patterns to access your account. If you’ve ever loaned your cell phone or tablet to a five year old to get them to be quiet during a conversation with family, Amazon is giving you another reason to avoid that.

Advertisements (especially via Google and Facebook) remain the #1 method of infecting victims. As if on queue, there will now be more ads in the Microsoft Windows Start Menu. Pirated software is still a very common method to hack a network. Microsoft is adding the ability to opt out of presence detection within Windows 11. 

Apple’s new “rapid security response” patching platform is failing. macOS Silicon isn’t safe from ransomware. 

QR codes are much more dangerous than you can imagine. Know the risks of reselling your used hardware.

Still no punishment when government violates their own rules. The EU is planning to scan all private files on personal devices in violation of privacy rights. The goal of securely classifying and validating organizational ownership of online resources is a lofty one, but this transparency – as proposed via QWACs – would put privacy at increased risk.

Now for the good news:

Apple and Google are finally taking an interest in how their platforms are abused for stalking via Bluetooth.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is large this month. The typical computer should see roughly 3.5 GB in updates today. Let’s get started.

Windows 10 and Windows 11 versions 22H2 should now be installed. Sadly, the new “Moments” features on Windows 11 will insert advertisements in the Start menu and Control Panel. Just another sign of the continuing decline of Windows.

Microsoft released updates to address 49 vulnerabilities in Microsoft Bluetooth Driver, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office, Microsoft Office Access, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Office Word, Microsoft Teams, Microsoft Windows Codecs Library, Reliable Multicast Transport Driver (RMCAST), Remote Desktop Client, SysInternals, Visual Studio Code, Windows Backup Engine, Windows Installer, Windows iSCSI Target Service, Windows Kernel, Windows LDAP – Lightweight Directory Access Protocol, Windows MSHTML Platform, Windows Network File System, Windows NFS Portmapper, Windows NTLM, Windows OLE, Windows RDP Client, Windows Remote Procedure Call Runtime, Windows Secure Boot, Windows Secure Socket Tunneling Protocol (SSTP), Windows SMB, Windows Win32K, and MSRT (~2 GB). This includes security updates. A reboot is required.

Apple released updates for AirPods and Beats. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

Fedora 38-1.6 is a security update. This major version adds improved hardware support, modern security benefits, and updates libraries and resources.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Ventura (13.x) means that macOS Catalina (10.15) and older are no longer supported. If you can not install at least macOS Big Sur (11) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current — and final — release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is now stable and can be upgraded to if your hardware supports it, but I recommend you continue to use Windows 10 until early 2025 before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 23.4.3 improves performance and compatibility. This is not a security update.
https://www.amd.com/en/support

Daemon Tools Lite 11.2.0 adds VeraCrypt support, improves ARM compatibility and resolves several bugs. This is not a security update.
https://www.daemon-tools.cc/products/dtLite

Display Driver Uninstaller 18.0.6.3 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Drivers by Seagull 2023.2 adds another 300+ printer and device drivers, encrypted hardware and RFID support. This is a security update.
https://www.seagullscientific.com/support/downloads/drivers/

DS4Windows 3.2.10 resolves several bugs. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Netgear Genie R6400 1.0.1.78 is a security update.
https://www.netgear.com/support/product/R6400.aspx#download

TP-Link Archer AX21 v1.20.230426 is a security update.
https://www.tp-link.com/us/support/download/archer-ax21/v1.20/#Firmware

Wacom Driver 6.4.2-1 resolves several bugs. This is not a security update.
https://www.wacom.com/en-us/support/product-support/drivers

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.51.110 is a security update.
https://brave.com/

Firefox 113.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Google Chrome 113.0.5672.92 is a security update.
https://www.google.com/chrome/

Google Chrome 109.0.5414.141 is a security update. The 109 version is now only supported on Windows Server 2012 and 2012r2.
https://www.google.com/chrome/

Microsoft Edge 112.0.1722.71 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Microsoft Edge 109.0.1518.78 is a security update. The 109 version is now only supported on Windows Server 2012 and 2012r2.
https://www.microsoft.com/en-us/edge/business/download

Microsoft Edge WebView2 113.0.1774.35 is a security update.
https://developer.microsoft.com/en-us/microsoft-edge/webview2/

Vivaldi 6.0.2979.18 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

OutlookAttachView 3.50 adds From and To scan filtering. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

ProtonMail (Android) 3.0.14 improves stability and performance. This is not a security update.
https://proton.me/mail/download

Spark 3.4.2.48202 resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.4.2.48201 resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 102.10.1 improves compatibility and resolves several bugs. This is not a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.1.11 improves stability. This is not a security update.
https://anydesk.com/en/downloads

AnyDesk (macOS) 7.0.2 resolves several bugs and improves integration. This is not a security update.
https://anydesk.com/en/downloads

Dropbox 173.4.6706 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 186.0.0.10.221 is a security update.
https://www.messenger.com/download

FileZilla Client 3.64.0 updates libraries. This should be treated as a security update.
https://filezilla-project.org/

Google Drive 74.0 is a security update.
https://drive.google.com/start

Microsoft Teams 1.6.00.11166 is a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 26.0.1 is a security update.
https://nextcloud.com/

Npcap 1.75 is a security update.
https://nmap.org/npcap/

Signal 6.16.0 resolves several bugs. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 6.19.8 doesn’t provide a changelog so should be treated as a security update.
https://signal.org/android/apk/

Skype 8.96.0.403 adds several new features and improves stability. This is not a security update.
https://www.skype.com/

Technitium DNS Server 11.1.1 is a security update.
https://technitium.com/dns/

Telegram 4.8.1 resolves several bugs. This is not a security update.
https://telegram.org/

Telegram (Android) 9.6.0 resolves several bugs. This is not a security update.
https://telegram.org/apps

WinSCP 5.21.8 is a security update.
https://winscp.net/eng/index.php

Zoom 5.14.7.15877 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 3.0.7 is a security update.
https://en.3tene.com/

Plex Desktop 1.67.2.3705 is a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.38.2.3738 resolves several bugs. This is a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.32.1.6999 resolves several bugs. This is a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Winamp 5.9.1 is a security update.
https://www.winamp.com/

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2023.4.0.84 resolves dozens of bugs.
https://www.yoyogames.com/en/gamemaker

Lego Studio 2.23.4.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

Nintendo Switch 16.0.3 improves stability. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

PS5 23.01-07.20.00 improves stability and performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2023.04.26 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 23.001.20143 is a security update.
https://get.adobe.com/reader

Adobe Substance 3D Painter 8.3.1 is a security update.
https://helpx.adobe.com/security/products/substance3d_painter/apsb23-29.html

Audacity 3.3.2 doesn’t provide a changelog so should be treated as a security update.
https://www.audacityteam.org/download/

Calibre 6.17.0 resolves several bugs and improves compression. This is not a security update.
https://calibre-ebook.com/

ImageMagick 7.1.1-8 resolves several bugs. This is not a security update.
https://imagemagick.org/

LibreOffice Fresh 7.5.3 resolves over a hundred bugs. This is a security update. The “Fresh” line is beta software. Please use the Still version which is stable software.
https://www.libreoffice.org/

Nextcloud Desktop 3.8.1 is a security update.
https://nextcloud.com/

PDF Candy Desktop 2.94 doesn’t provide a changelog so should be treated as a security update.
https://pdfcandy.com/

Security Software Updates

One or more of these is likely to be of interest to most people.

Cloudflare WARP 2023.04.27 doesn’t provide a changelog so should be treated as a security update.
https://1.1.1.1/

Cloudflare WARP (macOS) 2023.04.17 doesn’t provide a changelog so should be treated as a security update.
https://1.1.1.1/

HTTP Toolkit 1.12.6 doesn’t provide a changelog so should be treated as a security update.
https://httptoolkit.tech/

MalwareBytes Anti-Malware 4.5.27 resolves several bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

ProtonVPN 2.4.2 provide cosmetic improvements. This is not a security update.
https://protonvpn.com/download

ProtonVPN (macOS) 3.1.3 improves proof of effect cosmetics and compatibility. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.9.0 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Stinger 12.2.0.603 adds detections. This is not a security update.
https://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Tails 5.12 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.49.2 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

YARA 3.1 fixes several bugs. This should be treated as a security update.
https://github.com/VirusTotal/yara/

Capture Updates

These are unlikely to be of interest to most people.

Camtasia 23.0.2 resolves several bugs. This is not a security update.
https://www.techsmith.com/video-editor.html

Open Broadcaster Software 29.1.0 resolves dozens of bugs. This should be treated as a security update.
https://obsproject.com/

ScreenToGif 2.38 improves high-DPI compatibility. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.1.0.5 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

iMazing HEIC Converter 2.0.7 doesn’t have a changelog so should be treated as a security update.
https://imazing.com/heic

PDF Creator 5.1 adds ARM64 support, improves automation, and resolves several bugs. This is not a security update.
https://www.pdfforge.org/pdfcreator

StreamFab 6.1.2.1 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 1.0.1.8 improves performance. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.26 resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.10.6 resolves dozens of bugs and improves compatibility. This is a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.10.6 resolves dozens of bugs and improves compatibility. This is not a security update.
https://1password.com/downloads/windows/

Agent Ransack 2022.3389 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

Bitwarden 2023.4.0 is a security update.
https://bitwarden.com/

CCleaner 6.11.10455 resolves several bugs and improves compatibility. This is not a security update.
https://www.ccleaner.com/

DesktopOK 10.81 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DMDE 4.0.6.806 resolves several bugs. This is not a security update.
https://dmde.com/

dnGrep 3.2.306.0 updates libraries and implements several new features. This is not a security update.
https://dngrep.github.io/

Everything Toolbar 1.0.5 resolves several bugs. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

Fido 1.45 removes Windows 7 ISO download option since it’s no longer available for download. This is not a security update.
https://github.com/pbatard/Fido/releases

FileLocator Pro 2022.3389 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Fing 3.2 no longer provides a changelog so should be treated as a security update.
https://www.fing.com/products/fing-desktop-download-windows

Git SCM 2.40.1 is a security update.
https://git-scm.com/

Go 1.20.4 is a security update.
https://go.dev/

GoodSync 12.2.2 resolves several bugs and introduces a new encrypted file system option. This is not a security update.
https://www.goodsync.com/

grepWin Portable 2.0.13 resolves several bugs. This is not a security update.
https://github.com/stefankueng/grepWin/releases/latest

IsMyHdOK 3.88 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

Kingston SSD Manager 1.5.2.6 doesn’t provide a changelog so should be treated as a security update.
https://www.kingston.com/us/support/technical/ssdmanager

Memtest86+ 6.20 adds support for newer hardware and resolves a couple bugs. This is not a security update.
https://www.memtest.org/

NetworkInterfacesView 1.30 adds secondary sorting and sorting by menu. This is not a security update.
https://www.nirsoft.net/utils/network_interfaces.html

NetworkTrafficView 2.44 adds dark background option and sort by to the toolbar. This is not a security update.
https://www.nirsoft.net/utils/network_traffic_view.html

NTLite 2023.4.9228 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSForensics 10.0.1010 resolves several bugs. This is not a security update.
https://www.osforensics.com/download.html

PowerToys 0.69.1 improves stability adn resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

PSAppDeploy 3.9.3 resolves several bugs. This is not a security update.
https://psappdeploytoolkit.com/

PsExec 2.43 fixes a regression with -c. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

RoboForm 9.4.7 is a security update.
https://www.roboform.com/

Rufus 4.0 resolves several bugs and improves stability. This version now requires Windows 8 and newer. This is not a security update.
https://rufus.ie/en_US/

ScreenConnect 23.3.13.8507 resolves several bugs and breaks application compatibility with older instances. This is not a security update.
https://www.connectwise.com/software/control/download

Synergy 1.14.7 adds ability to bind client to specific network and resolves several bugs. This is not a security update.
https://symless.com/synergy/

Sysmon 14.16 adds new ArchiveDirectory system integrity controls and improves compatibility. This is a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TCPView 4.19 fixes a bug with the 32-bit version. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview

TeamViewer 15.41.9 resolves several bugs. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

Unity 2022.2.18 resolves dozens of bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

WifiInfoView 2.80 adds full screen mode. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 2022.2.1.19 adds several new features. This is not a security update.
https://developer.android.com/studio

GitHub Desktop 3.2.3 resolves a dozen bugs. This is not a security update.
https://desktop.github.com/

Java 8u371 is a security update.
https://www.java.com/en/download/manual.jsp

MySQL ConnectorNet 8.0.33 is a security update.
https://dev.mysql.com/downloads/connector/net/

MySQL Server 8.0.33 is a security update.
https://dev.mysql.com/downloads/installer/

Node.js 18.16.0 adds single-file executable support, improved URL parsing, and resolves a dozen bugs. This is not a security update.
https://nodejs.org/en/

Node.js 19.9.0 improves URL parsing and resolves several bugs. This is not a security update.
https://nodejs.org/en/

Node.js 20.1.0 adds several new features and updates dependencies. This is not a security update.
https://nodejs.org/en/

Rustup 1.26.0 resolves a dozen bugs and adds several new features. This is not a security update.
https://www.rust-lang.org/

VC Runtime 14.34.31938.0 is a security update.
https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist

Visual Studio Code 1.78.1 improves accessibility, color schemes, profile templates, and other features. This is a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 7.0.8 is a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.25 resolves several bugs. This is not a security update.
https://coppermine-gallery.net/

Drupal 9.4.15 is a security update.
https://drupal.org/download

Joomla 4.3.1 resolves several bugs. This is not a security update.
https://www.joomla.org/

OpenCart 4.0.2.1 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.opencart.com/

Antispam Bee 2.11.3 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/antispam-bee/

Autoptimize 3.1.7 is a security update.
https://wordpress.org/extend/plugins/autoptimize/

Contact Form 7 5.7.6 resolves a couple bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.4 doesn’t provide a changelog so should be treated as a security update.
https://wordpress.org/plugins/duplicator/#developers

Sucuri Security 1.8.39 resolves an API error. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

Widgets on Pages 1.7.0 is a security update.
https://wordpress.org/extend/plugins/widgets-on-pages/

WooCommerce 7.6.1 resolves dozens of bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WordPress Importer 0.8.1 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/wordpress-importer/

WP Cerber Security 9.5.4 improves compatibility. This is not a security update.
https://wpcerber.com/

WP Mail SMTP 3.8.0 resolves several bugs and improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/

W3 Total Cache 2.3.2 resolves several bugs. This should be treated as a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WPBakery 6.11.0 resolves several bugs. This is not a security update.
https://wpbakery.com/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/