Welcome back, Folks!
Today is Patch Tuesday for October 2020.
This Month in Technology
For those in our local community, the biggest news is that AT&T has abandoned DSL in rural America, reducing Internet access options even further for our friends and neighbors.
The US Treasury has announced that it is now illegal to pay your federal taxes.
The Universal Health Services was hacked (all 400+ locations!) and infected with ransomware, so was Software AG, the U.S. Department of Veterans Affairs (VA) was hacked again, the Department of Homeland Security (DHS) was hacked, the Las Vegas school system was hacked – and since they didn’t pay the ransom student details were leaked, Docsketch was hacked, and the United Nations (UN) International Maritime Organization was hacked. Razer made a boo-boo, and even coffee makers are now being used for ransomware distribution. Grindr was hacked, Microsoft’s Windows XP source code was leaked, almost any current iPhone can be listened into from 20 feet away using only an AM radio, and access to your RMM (Remote Monitoring and Management) is being sold to attackers. Evidence exists that your anti-virus is helping the bad guys, and BitDefender is still weak security.
Facebook has been hacked (for years), Facebook for Android has been hacked again, Office 365 & Outlook have been down repeatedly over the last month, Fitbit malware – distributed by Fitbit – can be used to take over your internal network and exfiltrate your data to the web, Bluetooth is still the weakest wireless link, your Comcast XR11 TV remote can be used to listen in to your conversations, BitLocker encryption is vulnerable to a sleep-mode bypass (aka, yet another reason not to use sleep mode), HP Device Manager flaw is a big deal, but not as big a deal as Windows Error Reporting being used to infect your PC.
Apple’s initial iOS 14 release killed batteries on many iPhones, (so did the recent ChromeOS update), Apple’s latest security fix (10.15.7) can kill performance on your Mac, but only if you use Mac software (rolls eyes). Hint: disable and re-enable Find My Mac to fix it. And that’s nothing compared to their T2 security chip vulnerability.
“The” secure reimplementation of BIOS, UEFI, was designed to make security at boot a thing of beauty and prevent third-parties from being able to hijack the boot process. Unfortunately, it simply provided a false sense of security.
2FA via SMS is also a much lower fruit than many realize, but not nearly as bad as SSO.
Many others have joined in the case against Apple & Google’s rent-seeking, who charge significantly more for their “services” than even the federal government, but portray themselves as victims. Insane rules and hypocritical requirements force developers to charge for free services or force users out of their application in order to even be allowed into the Apple ecosystem. What can we really expect from a SF bay area “green” company that lies about their recycling program? Hopefully the courts will use Apple’s own words against them, in that Apple claims that their AppStore is a place to “reliably” download “safe” apps.
Former Facebook data scientist exposes her complicity with atrocities and abuse by governments and MNCs.
The Supreme Court heard arguments on the Oracle v Google IP fight suffered the same problem that most legal battles over technology do: poor arguments. Google’s defense failed to explain the distinctive nature of APIs as guides rather than code. Sure, they provide access to the functionality of the code, but are not, in and of themselves, code. The entire argument could be easily equated to vehicles. One does not need to know nor expose the specific design of a Ferrari 911 to know that the vehicle should stop at a stop sign nor yield at a yield sign. The vehicle itself (code – reasonably subject to IP) can operate on any road as long as the traffic signs (APIs) are in place. The signage is consistent across most of the world, even where languages differ greatly. So should the APIs be universally available.
In the current world of tech censorship and cancel culture, nobody can really argue against the necessity for Section 230 to be revised. However, most calls for revision would create an even more abhorrent system where public discourse can not be held without risk of liability to completely unrelated parties.
If you take government money, you are subject to the same rules as government, so says RFK, Jr.
In the new “get woke, go broke” era, it should come as no surprise that when you pander to racists and terrorists, you will be investigated.
Research shows that the lockdowns were not only anti-science, but caused far more harm than the virus itself. On the subject of fraud, are we still supposed to believe that the government’s “kill a fly with a nuke” response to COVID is really all the result of bats in an Asian wet market or that masks actually do anything at all?
One would think fraud would be front page news, but the MSM is much more likely to ignore than acknowledge it. To paraphrase Stalin, “A single case of fraud is a tragedy; a million cases are just a statistic.”
The moment I read that Nintendo’s lawyers said Joy-Con Drift “wasn’t a real problem” I knew they would be sued.
Now for the good news – since I’m making up for last month, I’ll give you three:
Adobe Flash will finally be dead in only 79 days.
Free, limitless power from graphene could literally change everything.
A “vaccine” of sorts has been developed to protect against some forms of ransomware.
Let’s Get Busy
Now back to our regularly scheduled program.
Patch Tuesday this month is huge. The typical computer should see roughly 2.5 GB in updates today. Let’s get started.
Microsoft released updates for Windows, Edge, .NET, Servicing Stack, Flash, and MSRT (~ 1.5 GB). This includes security updates. A reboot is required.
Apple released updates for iOS 14.0.1 and iPadOS 14.0.1, tvOS 14.0.2, Safari 14.0, watchOS 7.0.2, macOS Catalina 10.15.7, macOS Mojave 10.14.6, macOS High Sierra 10.13.6, iCloud for Windows 7.21, iCloud for Windows 11.4, iTunes for Windows 12.10.9, and Xcode 12.0. These are security updates.
iOS 14.0.1 is a security update. Use Settings, General, Software Update to install the most current version. This version also adds the Orwellian contact tracing feature at the system level. While “disabled” by default, you may validate that it is disabled in Settings, Privacy, Health, COVID-19 Exposure Logging, and turn off Exposure Logging.
iPadOS 14.0.1 is a security update. Use Settings, General, Software Update to install the most current version.
tvOS 14.0.2 is a security update. Use Settings, General, Updates to install the most current version.
watchOS 7.0.2 is a security update. Use your updated iPhone to install the most current version through the Watch app.
Adobe Flash Player 32.0.0.445 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac
Google has released security updates for Android 9 and 10 which will gradually be published by individual vendors and available to you in the coming weeks. This version also adds the Orwellian contact tracing feature. Disabling Location and Bluetooth will disable the current version of contact tracing.
Google Chrome OS 85.0.4183.133 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.
Important Notes
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.
The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com
Driver Updates
If you’re using this hardware – these updates are for you.
Display Driver Uninstaller 18.0.3.3 improves removal of DCH CP on older builds of Windows. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu
Logitech Options 8.30.310 resolves several bugs adds profiles for Zoom and MS Teams. This is not a security update.
https://www.logitech.com/en-us/product/options
Logitech Options (macOS) 8.30.293 resolves several bugs adds profiles for Zoom and MS Teams. This is not a security update.
https://www.logitech.com/en-us/product/options
nVidia 456.71 adds support for new hardware and improves support for COD beta and other games. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us
Crucial Storage Executive 6.06 doesn’t provide a changelog so should be treated as a a security update.
https://www.crucial.com/support/storage-executive
Browser Updates
One or more of these are likely to be of interest to everyone.
Brave 1.15.72 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/
Google Chrome 86.0.4240.80 is a security update. Use Menu, Help, About to install the most current version.
Microsoft Edge 86.0.622.38 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download
Firefox 81.0.2 is a security update. Use Menu, Help, About to install the most current version.
Firefox ESR 78.3.1 is a security update. Use Menu, Help, About to install the most current version.
SeaMonkey 2.53.4 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/
Vivaldi 3.3.2022.47 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/
Email Updates
One or more of these are likely to be of interest to everyone.
Thunderbird 78.3.2 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/
Internet Updates
One or more of these are likely to be of interest to everyone.
Dropbox 107.4.443 resolves bugs and adds more. This is not a security update.
https://www.dropbox.com/
Zoom 5.3.53291.1011 changes automatic update behavior, and improves poll and link behaviors. This is not a security update.
https://zoom.us/
Prosody 0.11.7 is a security update.
https://prosody.im/download/start
FreeFileSync 11.2 resolves several bugs, improves layout and key bindings. This is not a security update.
https://www.freefilesync.org/download.php
Nmap 7.91 adds support for new profiles and fingerprints, and resolves several bugs. This is a security update.
https://nmap.org/
Npcap 1.00 resolves two minor bugs. This is not a security update.
https://nmap.org/npcap/
Technitium DNS Server 5.3 resolves several bugs. This is not a security update.
https://technitium.com/dns/
Media Updates
These are unlikely to be of interest to most people.
3tene 2.0.6 improves sensitivity calculations, light focal management, and resolves several bugs. This is not a security update.
https://en.3tene.com/
iTunes for Windows 12.10.9 is a security update. Use Apple Software Update to install the most current version.
Game Updates
These are unlikely to be of interest to most people.
Steam 2020.10.07 resolves several bugs. This is not a security update.
Office Updates
One or more of these are likely to be of interest to most people.
Notepad++ 7.9 adds several new features and fixes over a dozen bugs. This is not a security update.
https://notepad-plus-plus.org/
Adobe Reader DC 20.012.20048 resolves several bugs. This is not a security update.
Artweaver 7.0.7 resolves several bugs. This is not a security update.
https://www.artweaver.de/
Atom 1.52.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/
Blender 2.90.1 resolves several bugs. This is not a security update.
https://www.blender.org/download/
Lightworks NLE 2020.1.1 resolves several bugs. This is not a security update.
https://www.lwks.com/
Microsoft Office for Mac 2016/2019 is a security update.
Krita 4.4.0 improves fill layers, multigrid, screentone, brushes, API improvements and more. This is a security update.
https://krita.org/en/download/krita-desktop/
LibreOffice Fresh 7.0.2 resolves over a hundred bugs. This is a security update.
https://www.libreoffice.org/
Nextcloud Desktop 3.0.2 resolves a dozen bugs. This is not a security update.
https://nextcloud.com/
Security Software Updates
One or more of these is likely to be of interest to most people.
OpenSSL 1.1.1h resolves several bugs and improves compatibility. This is not a security update.
https://www.openssl.org/source/
KeePass 2.46 adds several features including TLS 1.3 and mass edit capabilities, as well as resolving bugs, and other improvements. This is not a security update.
https://keepass.info/
RogueKiller 14.7.3 resolves several bugs. This is a security update.
https://www.adlice.com/download/roguekiller/
TinyWall 3.0.8 resolves several bugs. This is not a security update.
https://tinywall.pados.hu/
uBlock Origin 1.30.4 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest
Capture Updates
These are unlikely to be of interest to most people.
ScreenToGif 2.27.3 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest
SnagIt 2020.1.5 resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe
Converter Updates
These are unlikely to be of interest to most people.
DVDFab 12.0.0.1 is a major update with several improvements. This version improves the GUI and adds several new output profiles. This is not a security update.
https://www.dvdfab.cn/download.htm
AVStoDVD 2.8.9 resolves several bugs, improves performance and updates libraries. This should be treated as a security update.
https://sites.google.com/site/avstodvdmain/
MakeMKV 1.15.3 resolves several bugs, introduces TOR/VPN support, adds support for new stream types. This is not a security update.
https://www.makemkv.com/download/
Utility Updates
These are unlikely to be of interest to most people.
1Password for Windows 7.6.785 resolves a bug. This is not a security update.
https://1password.com/downloads/windows/
Beyond Compare 4.3.7.25118 resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4
Bitwarden 1.22.2 resolves bugs. This should be treated as a security update.
https://bitwarden.com/
CCleaner 5.72.7994 resolves several bugs and improves compatibility. This is not a security update.
https://www.ccleaner.com/
CPU-Z 1.94 adds support for new hardware and resolves several bugs. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html
DesktopOK 7.95 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK
DevManView 1.72 resolves an output bug. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html
Etcher 1.5.109 is a security update.
https://www.balena.io/etcher/
Everything 1.4.1.992 is a security update.
https://www.voidtools.com/
GoodSync 11.3.8 resolves several bugs. This is not a security update.
https://www.goodsync.com/
IsMyHdOK 2.51 resolves bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK
LessMSI 1.7.0 improves messaging. This is not a security update.
https://lessmsi.activescott.com/
MS ISO Downloader 8.40 adds support for new Dell models and images, new Win10 builds and adds hash reporting to images. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool
NTLite 2.0.0.7656 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/
Aomei Partition Assistant 8.10 improves display and startup. This is not a security update.
https://www.diskpart.com/
PSAppDeploy 3.8.3 adds several new features and resolves bugs. This is not a security update.
https://psappdeploytoolkit.com/
RoboForm 8.9.4 resolves several bugs, including the QuickBooks compatibility issue that prevented display of registers and Chrome that caused freezes.
https://12pd.com/click?rf
Process Monitor 3.60 adds support for multiple filter item selection and decoding for new file system control operations and error status codes. While not a security updates, this improves the analytical data collection, thus increasing security awareness.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
Procdump 10.0 adds support for dump cancellation and CoreCLR processes. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procdump
Sysmon 12.0 resolves several bugs and adds support for capturing clipboard operations. While not a security updates, this improves the analytical data collection, thus increasing security awareness.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
SysInternals released new builds of many of their applications, as well as ARM versions. While the changes on many of the updates are poorly documented and SysInternals apps are generally more secure than apps distributed elsewhere, you should assume that any updates have security ramifications. If they’re not security updates, they may improve the context or analytical data that is exposed, thus increasing the security awareness of the tools.
https://live.sysinternals.com/
TeamViewer 15.10.5 resolves a licensing bug. This is not a security update.
https://www.teamviewer.com/en/download/windows/
USBDeview 3.01 adds an option to copy the contents of the active cell. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html
USB Oblivion 1.14.0.0 addes support for new modules. This is not a security update.
http://www.cherubicsoft.com/en/projects/usboblivion
WifiChannelMonitor 1.65 adds support for detection of new protocols. This is not a security update.
https://www.nirsoft.net/utils/wifi_channel_monitor.html
WifiInfoView 2.65 adds support for detection of new protocols. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html
WirelessKeyView 2.20 adds support for displaying WiFi QR Codes. This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html
WinGet 0.2.2521 updates libraries and adds new verbs. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest
WinScan2PDF 6.06 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF
Developer Updates
These are unlikely to be of interest to most people.
Android Studio 4.1.0.19 integrates database and emulation, improves diagnostics, and resolves several bugs. This is not a security update.
https://developer.android.com/studio
Godot 3.2.3 resolves over a hundred bugs and improves stability. This is not a security update.
https://godotengine.org/
Node.js 14.13.1 resolves several bugs. This is a security update.
https://nodejs.org/en/
Node.js 12.19.0 updates libraries, and resolves dozens of bugs. This is a security update.
https://nodejs.org/en/
Visual Studio Code 1.50 improves accessibility features, pinned tabs, adds ARM support, and resolves several bugs. This is not a security update.
https://code.visualstudio.com/
TortoiseGit 2.11.0 updates libraries and resolves several bugs. This is not a security update.
https://tortoisegit.org/
Web Package Updates
These are likely to be of interest only to web developers.
Dada Mail 11.12.0 adds image embedding and resizing, improved scheduling capabilities, library updates and bug fixes. This is not a security update.
http://dadamailproject.com/
Drupal 9.0.7 resolves dozens of bugs. This is a security update.
https://drupal.org/download
Docker Desktop 2.4.0.0 updates libraries and resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop
Nextcloud Server 20.0.0 updates libraries, adds a new dashboard, Talk bridging support, and several other new features and improvements. This is not a security update.
https://nextcloud.com/
HumHub 1.6.4 is a security update.
https://www.humhub.com/en/download
Joomla 3.9.22 resolves several bugs. This is not a security update.
https://www.joomla.org/
OpenPetra 2020.09 resolves several bugs. This is not a security update.
https://www.openpetra.org/
phpMyAdmin 4.9.6 and 5.0.3 are security updates.
https://www.phpmyadmin.net/
Autoptimize 2.7.8 is a security update.
BuddyPress 6.3.0 resolves bugs. This is not a security update.
Email Log 2.4.3 adds a new filter and enhances nonce. This is not a security update.
Social Post Feed 2.17 adds support for new embed types. This is not a security update.
WooCommerce 4.5.2 resolves a couple bugs. This is not a security update.
WP Mail SMTP 2.4.0 updates libraries, improves compatibility, and resolves several bugs. This is not a security update.
W3 Total Cache 0.15.1 resolves several bugs. This is not a security update.
WordPress Zero Spam 4.10.2 improves compatibility. This is not a security update.
That’s all for now folks. Keep it clean out there. 😉
Regards,
Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/