Welcome back, Folks!
Today is Patch Tuesday for March, 2022. It’s a big one. This month is ugly – and not just in the tech world. It seems that in the same breath that the elite acknowledged and swept the COVID hysteria under the rug, admitting their intervention was entirely propaganda, every government, financial system, media outlet, and software vendor has chosen to simultaneously swallowed a new collection of (quickly disproven) propaganda without the slightest hint of irony. Sigh. We can only do what we can do, but do not be afraid to talk about it. Censorship is how you make enemies, not friends.
This Month in Technology
A1 Hrvatska, Adafruit, Aetna ACE, Allen ISD, Alliance Physical Therapy Group, LLC, Amazon Alexa, AON, Ascension Michigan (single affiliated covered entity) ACE, Asterisk, Asustor NAS devices, Axeda agent, Axis Communications, Baltimore Mayor’s Office of Children and Family Success, Beetle Eye, Belarus online services, Bible Fellowship Church Homes, Bronx Addiction Services Integrated Concepts Systems, Inc., CA State Bar, CareOregon Advantage, Caritas Internationalis, CBORD’s GET Mobile security platform, Charlotte Radiology, Cisco’s Email Security Appliance, Coinbase, Community Medical Center, Comprehensive Health Services LLC, Conti ransomware gang, Credit Suisse, Crossroads Health, CVS Pharmacy, dozens of COVID passport apps, Dr. Morrow, Element Vape, Englewood Health, EPIC Pharmacy Network, Inc., Expeditors International, Extend Fertility, Family Christian Health Center, Family Fare LLC, Fleetwood Area School District, FlexBooker, Gems Education, GiveSendGo/Canadian Freedom Convoy, Google Android, Harbour Plaza Hotel, Hays USD 489, Highland Hospital, Houston Health Department, Intel CPU vulnerabilities can expose your cryptographic keys, International Committee of the Red Cross, Internet Society (ISOC), Ireland’s Health Service, Jackson County Hospital District, JAX Spine and Pain Centers, Jersey City Medical Center, KLAYswap, La Posada at Park Centre, Inc., LAPSUS$, LendUs, Liberty of Oklahoma Corporation, Logan Health Medical Center, MacGeneration, Memorial Hermann Health System, Meyer, Microsoft, Microsoft App Store, Microsoft Azure, Microsoft Exchange, Microsoft SQL Servers, Mizuno, Monongalia Health System, more than 500 Magento 1-based online stores, Morley Companies, Moscow Stock Exchange, Motorola Solutions Inc, new form of distributed denial of service attack, New York State’s Joint Commission on Public Ethics, Nvidia (and it’s BAD), Ohlone College, Oklahoma City Police Department Rape Kit information, Okta Advanced Server Access, PressReader, Priority Health, PROMESA, Puma, Reality Winner’s Twitter account, Rompetrol, Russian TV stations, Samsung Electronics (including source code), San Francisco 49ers, SAP Internet Communication Manager, Sberbank, Sea Mar Community Health Centers, Seneca Nation Health System, South Shore Hospital, Swissport, T-Mobile, Taylor, Ganson & Perrin LLP, TfNSW, the Russian Military, Town Home Care, LLC, Toyota Motor Corp., UK’s Foreign Office, UK’s Information Commissioner’s Office, Ukraine local government websites, Ukrainian Cabinet of Ministers, Ukrainian Ministry of Defense, Ukrainian Ministry of Foreign Affairs, Ukrainian Verkhovna Rada, UMass Memorial Health, Inc., 52 organizations from multiple US critical infrastructure sectors, US defense contractors, US Radiology Specialists, Inc., Viasat, Visual Voice Mail, Vodafone Portugal, VxWorks-based Smart Infusion Pumps, Washington Department of Licensing, WatchGuard firewalls, Williamsville Central School District, Zabbix servers, Zenly, and Zoe Therapy Services have been hacked.
Slack and Twitter both had large outages.
AB Volvo, Activision Blizzard, Adobe, Airbnb, Apple, Apple Maps, Apple Pay, Aston Martin, BMW, Cisco, Coinbase, Daimler Truck, Dell, Epic Games, Ford Motor Company, Google, Google AdWords, Google Maps, Harley-Davidson, Intel, Jaguar Land Rover, Jolla, Mastercard, Mercedes-Benz, Microsoft, Mitsubishi Motors, Namecheap, Netflix, Nintendo, PayPal, Reddit, Readdle, Samsung Electronics, Snapchat, Spotify, SWIFT, Telegram, The EU, TikTok, Toyota Motor Corporation, Twitter, Ubisoft, Visa, Volkswagen, and YouTube have imposed their own private sanctions on Russia and sometimes Belarus.
In response to software vendors (Apple, Microsoft, Readdle and others) imposing their own form of sanctions on Russia, Russia has passed new a licensing law, effectively greenlighting piracy. After ceasing reporting from Russia, the BBC has launched Tor access in several languages. Meanwhile Russia blocks sites that violate their new propaganda law and even rocket sales to the US.
Elon Musk, never a stranger to controversy, has declared that his Starlink service will not bow to censorship demands.
It was disheartening when Canada stole the bank accounts of anyone who dared to donate to a legal protest and dispatched Antifa and the UN to put down protestors
it was worse when they simply locked down all the banks (or at least realized the damage they were doing to themselves), even if they did quickly reverse their insanity. The Mercury account lockouts affected “a large set of accounts” throughout Africa. Worse yet, the entire world banking system has locked out Russia. By the way, do Google and Apple think that disabling their pay platforms in Russia will be the move that will encourage adoption by the rest of the world?
On the topic of social credit systems, I’d like to address the theory that cryptocurrency can be used in spite of bank interventions and government lockdowns. That’s not always the case, as Coinbase demonstrated this week.
As if spurned to action by the recent release of vaccine information and bribery, Twitch is now banning streamers that share “misinformation,” such as the actual medical fraud vaccine information and research by the vaccine manufacturers themselves…will now be banned.
That’s ok, you can go back to “real life” now that cities are opening back up. Did the science change, is it all part of some greater agenda, or are people just bored?
With such a war on truth and science, how can anyone fall for the Battle of Snake Island, Ghost of Kiev, Ukrainian ransomware, or any of the dozen other examples of legacy media propaganda right now?
The CIA has been conducting bulk surveillance on US citizens and the Supreme Court is okay with police planting hidden cameras throughout your property. Telegram isn’t as secure as you might think it is.
Oh – Let’s talk about Apple AirTags…one lady tracked her shipped goods with them and caught the mover lying about it. I’m more skeptical of this story about exposing a secret intelligence service, but the reality is that stalking and tracking for vehicle/home theft are part of the downside.
Microsoft is testing a new build of Windows 11 Pro that will now require a Microsoft account in order to be able to use Windows. This directly violates their previous statements about not forcing Windows Professional and Enterprise versions to use Microsoft accounts. While this will increase deployment and maintenance costs, the real trouble is going to be with transient users that are forced to login with “a” Microsoft account on a business machine and will no longer be able to easily untie that machine or role account from the deeply embedded Microsoft “features.”
Meris Botnet was used to target a single website with over 21 million requests per second. Google Drive is flagging native macOS files as violating copyright. Another new rootable vulnerability has been discovered for Linux. The EU is trying to mandate weakened security so they can better enforce the GDPR, digital identity and social credit systems.
Now for the good news:
The problem with cryptocurrency is that it necessarily depends on a public ledger (the blockchain). Espresso intends to fix that.
Let’s Get Busy
Now back to our regularly scheduled program.
Patch Tuesday this month is a big one. The typical computer should see roughly 2.2 GB in updates today. Let’s get started.
Microsoft released updates for .NET and Visual Studio, HEIF Image Extension, HEVC Video Extension, Microsoft 365, Raw Image Extension, Remote Desktop client, VP9 Video Extension, Windows 10, Windows 7, Windows 8.1, Windows RT, Windows Server, Azure Site Recovery, Microsoft Defender for Endpoint, Microsoft Defender for IoT, Microsoft Edge, Microsoft Exchange Server, Microsoft Intune, Microsoft Office Visio, Microsoft Office Word, Microsoft Windows ALPC, Microsoft Windows Codecs Library, Paint 3D, Role: Windows Hyper-V, Skype Extension for Chrome, Tablet Windows User Interface, Visual Studio Code, Windows Ancillary Function Driver for WinSock, Windows CD-ROM Driver, Windows Cloud Files Mini Filter Driver, Windows COM, Windows Common Log File System Driver, Windows DWM Core Library, Windows Event Tracing, Windows Fastfat Driver, Windows Fax and Scan Service, Windows HTML Platform, Windows Installer, Windows Kernel, Windows Media, Windows PDEV, Windows Point-to-Point Tunneling Protocol, Windows Print Spooler Components, Windows Remote Desktop, Windows Security Support Provider Interface, Windows SMB Server, Windows Update Stack, XBox, and MSRT (~1.5 GB). This includes security updates. A reboot is required.
Apple released updates for iOS 15.3.1 and iPadOS 15.3.1, macOS Monterey 12.2.1, macOS Big Sur 11.6.4, Security Update 2022-002 Catalina, Safari 15.3, and watchOS 8.4.2. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.
iOS 15.3.1 is a security update. Use Settings, General, Software Update to install the most current update.
iPadOS 15.3.1 is a security update. Use Settings, General, Software Update to install the most current update.
watchOS 8.4.2 are security updates. Use the Watch app on your iPhone to install the most current version.
Google Chrome OS 98.0.4758.107 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.
Important Notes
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.
The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 6 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com
Driver Updates
If you’re using this hardware – these updates are for you.
Display Driver Uninstaller 18.0.4.9 improves cleanup. This is not a security update.
HP M281cdw Firmware 20211221 resolves the network stability issue from the previous firmware that effectively disabled the device.
Logitech Options 9.60.87 is a security update.
Browser Updates
One or more of these are likely to be of interest to everyone.
Brave 1.36.111 is a security update.
Firefox 98.0 is a security update.
Firefox ESR 91.7.0 is a security update.
Google Chrome 99.0.4844.51 is a security update.
Microsoft Edge 99.0.1150.36 is a security update.
SeaMonkey 2.53.11 is a security update.
Vivaldi 5.1.2567.57 is a security update.
Email Updates
One or more of these are likely to be of interest to everyone.
Mailspring 1.10.0 is a major update to the underlying code, adding ARM support, improved spellcheck, performance, and port improvements. This is not a security update.
Thunderbird 91.6.2 is a security update.
Internet Updates
One or more of these are likely to be of interest to everyone.
AnyDesk 7.0.6 improves password management and resolves several bugs. This should be treated as a security update.
curl 7.82.0 resolves dozens of bugs and adds several new automations. This is not a security update.
Dropbox 143.4.4161 doesn’t provide a changelog so should be treated as a security update.
FileZilla Client 3.58.0 updates libraries, log details and prepares for 2FA support. This is not a security update.
FileZilla Server 1.3.0 is a security update.
FreeFileSync 11.18 resolves several bugs. This is not a security update.
Omada Software Controller 5.1.7 resolves several bugs, adds new services and features, increases hard limits, and adds support for newer hardware. This is not a security update.
Skype 8.81.0.268 resolves several bugs and adds ability to revoke and recreate profile. This is not a security update.
Syncthing 1.19.1 resolves several bugs. This is not a security update.
WinSCP 5.19.6 is a security update.
Zoom 5.9.7.3931 is a security update.
Media Updates
These are unlikely to be of interest to most people.
darktable 3.8.1 improves performance and stability, and resolves several bugs. This is not a security update.
iTunes 12.12.2.2 doesn’t provide a changelog so should be treated as a security update.
Plex Desktop 1.41.0.2876 resolves DVR and LiveTV bugs, and improves search. This is not a security update.
Plex Home Theater 1.12.0.2884 resolves several bugs, resolution and MPV improvements, and improves stability. This is not a security update.
Plex Media Server 1.25.6.5577 resolves several bugs, improves collection, smart filtering, and reliability during media changes and replacement. This is not a security update.
Adobe Photoshop 22.5.6 and 23.2 are security updates.
Adobe Illustrator 26.1.0 is a security update.
Adobe After Effects 22.2.1 and 18.4.5 are security updates.
Game Updates
These are unlikely to be of interest to most people.
Epic Games 13.2.0 resolves several bugs. This is not a security update.
GameMaker Studio 2022.2.0.614 adds Text-In-Sequence, Track-In-Sequence, changes array behavior, updates libraries, and resolves dozens of bugs. This is not a security update.
Steam 2022.03.04 resolves over 20 bugs. This is not a security update.
PlayStation PS5 21.02-04.51.00 improves performance. This is not a security update.
Office Updates
One or more of these are likely to be of interest to most people.
Atom 1.60.0 improves usability and resolves dozens of bugs. This is not a security update.
IcoFX 3.7 resolves several bugs and improves compatibility. This is not a security update.
LibreOffice Fresh 7.3.1 resolves over a hundred bugs, including crash and freeze issues. This is not a security update. Remember that the Fresh line is beta software and should be avoided in favor of the Still (stable) version by most users.
Nextcloud Desktop 3.4.3 resolves several bugs. This is not a security update.
Notepad++ 8.3.2 resolves several bugs. This is not a security update.
Paint.net 4.3.8 resolves several bugs and updates libraries. This is not a security update.
Calibre 5.38.0 resolves several bugs and adds new news sources. This is not a security update.
Adobe Reader DC 22.001.20085 is a security update.
Security Software Updates
One or more of these is likely to be of interest to most people.
MalwareBytes Anti-Malware 4.5.4 resolves a dozen bugs. This is not a security update.
RogueKiller 15.4.0 resolves several bugs. This is not a security update.
uBlock Origin 1.41.8 resolves several bugs. This is not a security update.
Velociraptor 0.6.3 adds several new features and improves performance. This is not a security update.
Wireless Network Watcher 2.30 adds custom context menu items option. This is not a security update.
Capture Updates
These are unlikely to be of interest to most people.
Elgato Game Capture HD 3.70.56 updates Twitch API. This is not a security update.
Open Broadcaster Software 27.2.3 resolves dozens of bugs. This is not a security update.
ScreenToGif 2.36 resolves several bugs and adds new installation packages and package types. This is not a security update.
Converter Updates
These are unlikely to be of interest to most people.
DVDFab 12.0.6.3 adds support for new encodings and resolves several bugs. This is not a security update.
IsoBuster 4.9.1 doesn’t provide a detailed changelog so should be treated as a security update.
MakeMKV 1.16.7 improves reliability and resolves several bugs. This is not a security update.
Utility Updates
These are unlikely to be of interest to most people.
Agent Ransack 2022.3307 resolves several bugs and adds new columns for Folder Depth, Product Version, File Version, and filtering for Owner and Product Version. This is not a security update.
Autoruns 14.09 resolves a reliability bug. This is not a security update.
Bitwarden 1.31.3 resolves several bugs. This is not a security update.
Carbonite 6.4.1 resolves two bugs. This is not a security update.
CPU-Z 2.00 adds support for new hardware. This is not a security update.
DesktopOK 9.71 resolves several bugs. This is not a security update.
DMDE 4.0.0.800 adds Btrfs support, improves ReFS, and resolves several bugs. This is not a security update.
dnGrep 3.0.29.0 resolves several bugs. This is not a security update.
Etcher 1.7.7 updates libraries, improves updater, and resolves several bugs. This is a security update.
FileLocator Pro 2022.3307 resolves several bugs and adds new columns for Folder Depth, Product Version, File Version, and filtering for Owner and Product Version. This is not a security update.
GoodSync 11.10.5 resolves dozens of bugs. This is not a security update.
grepWin 2.0.10 improves cosmetics. This is not a security update.
Nextcloud Server 23.0.2 updates libraries and resolves dozens of bugs. This is not a security update.
NTLite 2.3.4.8643 resolves several bugs. This is not a security update.
osquery 5.2.2 updates libraries, improves compatibility, and resolves several bugs. This is a security update.
AOMEI Partition Assistant 9.6.1 resolves several bugs. This is not a security update.
PowerToys 0.56.2 adds new features and resolves several bugs. This is not a security update.
ProcessMonitor 3.89 resolves a crash bug. This is not a security update.
Recuva 1.53.2065 adds telemetry. This is not a security update.
Macrium Reflect 8.0.6636 resolves several bugs. This is not a security update.
ScreenConnect 22.2.7029.8094 resolves several bugs. This is not a security update.
SimpleWMIView 1.48 adds quick-filter option “begins with.”
Sysmon 13.33 resolves a crash bug and improves memory handling. This is not a security update.
TaskSchedulerView 1.70 adds option to open task folder and enable or disable header line in exports. This is not a security update.
Unity 2021.2.14 updates libraries and resolves several bugs. This is not a security update.
Wazuh Agent 4.2.5 resolves several bugs. This is a security update.
WifiInfoView 2.75 adds MAC Group column, MAC Group filtering and 64-bit build. This is not a security update.
WinGet 1.1.12653 resolves dozens of bugs. This is not a security update.
WinRAR 6.11 improves reliability and compatibility. This is not a security update.
WinScan2PDF 7.55 improves reliability. This is not a security update.
WizTree 4.08 adds custom filtering for full scan results. This is not a security update.
ZoomText 2022.2202.36.400 adds new voices and languages, improves compatibility, and resolves several bugs. This is not a security update.
Developer Updates
These are unlikely to be of interest to most people.
ADB 33.0.0 resolves a crash bug. This is not a security update.
Docker Desktop 4.5.1 is a security update.
GitHub Desktop 2.9.11 resolves several bugs. This is not a security update.
Godot 3.4.3 resolves dozens of bugs. This is not a security update.
Node.js 16.14.0 resolves dozens of bugs. This is not a security update.
Node.js 17.6.0 updates libraries and resolves dozens of bugs. This is not a security update.
SQLite 3.38.0 resolves several bugs and updates syntax and compatibility. This is not a security update.
Visual Studio Code 1.65.1 is a security update.
Web Package Updates
These are likely to be of interest only to web developers.
Dada Mail 11.18.0 adds LWP support and resolves an invalid mailbox bug. This is not a security update.
Drupal 9.2.13 is a security update.
Drupal 9.3.7 is a security update.
Joomla 4.1.0 is a major update adding task scheduling, child template overrides, accessibility improvements and syntax highlighting. This is not a security update.
MailArchiva 8.7.4 improves performance. This is not a security update.
MailEnable 10.38 updates libraries and resolves several bugs. This is not a security update.
phpList 3.6.7 resolves several bugs. This is not a security update.
phpMyAdmin 5.1.3 is a security update.
SMF 2.1.1 is a major update release with several new features, and improves compatibility and reliability. This update will disable any mods and custom themes and some older mods and themes will need changes to be compatible. This is not a security update.
WordPress 5.9.1 resolves over 80 bugs. This is not a security update.
Antispam Bee 2.11.0 resolves several bugs. This is not a security update.
BuddyPress 10.1.0 resolves several bugs. This is not a security update.
Contact Form 7 5.5.6 resolves several bugs. This is not a security update.
Slider Revolution 6.5.18 resolves several bugs. This is not a security update.
Social Post Feed 4.1.2 resolves several bugs. This is not a security update.
myStickymenu 2.5.8 resolves a couple bugs and adds cosmetic and layout features. This is not a security update.
Widgets on Pages 1.6.0 is a security update.
WooCommerce 6.3.0 is a security update.
WP Mail SMTP 3.3.0 improves compatibility and resolves several bugs.
WordPress Zero Spam 5.2.15 is a security and woke-ness update. Since they’re now injecting content of their own choice into your website, they can no longer be trusted and you should remove this plugin from your websites.
That’s all for now folks. Keep it clean out there. 😉
Regards,
Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/