Merry Christmas, Folks!
Today is Patch Tuesday for December 2019.
Note: shortly after publishing, Google released Chrome 79.0.3945.79.
Windows 10, version 1909, is available. This version is minor compared to previous Windows 10 upgrades. Nevertheless, don’t do it yet. There is nothing so critically important in 1909 that the update can’t wait a month. Wait for it.
https://www.microsoft.com/en-us/software-download/windows10
Windows 7 will fall completely out of support in only 35 days. Don’t run out the clock. If you are running a licensed version of Windows 7 or 8 you can still upgrade to Windows 10 and have a supported version of Windows for the foreseeable future. Get it done before it’s too late. Don’t want to do it yourself? Call me!
There is a lot of talk right now about enabling POSready mode to gain additional time for Windows 7. This *does* work, but I recommend against it. POSready mode is designed to allow existing third-party software to continue to operate in the Windows 7 ecosystem, but Microsoft and most third-party developers will stop support when Windows 7 is end-of-life (EOL). This means that while your OS itself will continue to receive security updates, most other apps will not. If your device is used as a typical PC this means your risk will still significantly increase by relying on POSready with unmaintainable third-party applications.
Christmas is only a couple weeks away which means it’s that time of year when the best and worst of humanity is exposed. This time of year brings stress and urgency to everything, and that means people are more likely to be targeted for common phishing schemes, malicious attachments (invoices and holiday letters), end-of-year insurance scams, and advance fee fraud. You’ll be targeted by phone and email and the deluge won’t subside until mid-to-late January. Don’t be afraid to hang up and delete. It really is better to be safe than sorry.
If you’ve read more than a couple of my newsletters you’ve seen me hate on Avast regularly. Last week I was actually considering easing off and giving them another chance. Then I received diet spam FROM AVAST BUSINESS! I’ve reconsidered. If you’re using any of this software you should remove it immediately. Avast can’t be trusted. Having any of their software installed significantly increases the risk to your devices, and should be treated as a malware infection as far as I’m concerned.
Now back to our regularly scheduled program. The typical computer should see roughly 2 GB in updates today. Let’s get started.
Microsoft released updates for Windows, Internet Explorer, .NET, Servicing Stack, hardware drivers, and MSRT (~1 GB). This includes security updates. A reboot is required.
Apple released updates for macOS Catalina 10.15.2, Mojave Security Update 2019-002, and High Sierra Security Update 2019-007, iOS 13.3, iOS 12.4.4, iPadOS 13.3, Safari 13.0.4, Xcode 11.3, watchOS 5.3.4, watchOS 6.1.1, and tvOS 13.3. These are security updates. Use Apple Software Update to install the most current versions.
watchOS 6.1.1 and watchOS 5.3.4 are security updates. Use the Watch app on your iPhone to install the most current version.
tvOS 13.3 is a security update. Use System, Software Update to install the most current version.
macOS Catalina (10.15) is available. If you don’t have to, don’t install it. Mojave (10.14) will be supported for almost 2 more years.
iOS 13.3, iOS 12.4.4, and iPadOS 13.3 are security updates. Use Settings, General, Software Update to install the most current update.
Google Chrome OS 78.0.3904.106 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.
Adobe Flash Player 32.0.0.303 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.
Important Notes
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.
The now-current release of the Windows 10 (1909) is a pretty small update so will install quickly. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com
Driver Updates
If you’re using this hardware – these updates are for you.
BullZip PDF Printer 11.11.0.2804 adds High-DPI support, printing page range, and copy+paste support for UTF16 characters. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download
Display Driver Uninstaller 18.0.2.0 improves Nvidia cleanup.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu
Dymo Label 8.7.3 doesn’t provide a changelog, so should be treated as a security update.
https://www.dymo.com/en-US/online-support/dymo-user-guides
MS Mouse and Keyboard Center 20191127 adds support for newer hardware. This is not a security update.
https://www.microsoft.com/accessories/en-us/downloads/mouse-keyboard-center
Nvidia 441.66 adds image sharpening for Vulkan and OpenGL, support for newer hardware, and multiple security fixes. This is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us
Browser Updates
One or more of these are likely to be of interest to everyone.
Google Chrome 79.0.3945.79 is a security update. Use Menu, Help, About to get the most current version.
Firefox 71.0 is a security update. Use Menu, Help, About to get the most current version.
Firefox ESR 68.3.0 is a security update. Use Menu, Help, About to get the most current version.
Email Updates
One or more of these are likely to be of interest to everyone.
Thunderbird 68.3.0 is a security update. Use Menu, Help, About to get the most current version.
Internet Updates
One or more of these are likely to be of interest to everyone.
BrowsingHistoryView 2.30 adds History File and Record ID columns. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html
FileZilla Client 3.46.0 resolves a crash, and updates dependencies. This is a security update.
https://filezilla-project.org/
FreeFileSync 10.18 adds parallel processing, grid sort, filter counts, improved responsiveness and bug fixes. This is not a security update.
https://www.freefilesync.org/download.php
MaxMind GeoIP2 201912 is a data refresh.
https://dev.maxmind.com/geoip/
WinSCP 5.15.9 is a security update.
https://winscp.net/eng/index.php
Media Updates
These are unlikely to be of interest to most people.
CDBurnerXP 4.5.8.7128 improves error handling. This should be treated as a security update.
https://cdburnerxp.se/
Game Updates
These are unlikely to be of interest to most people.
Steam 2019.12.05 resolves several bugs, returns Small Mode, updates libraries, and adds GUI improvements. This should be treated as a security update.
Office Updates
One or more of these are likely to be of interest to most people.
Adobe Acrobat DC 19.021.20058 is a security update. Use Menu, Help, Check for updates to get the most current version.
Adobe Reader DC 19.021.20058 is a security update. Use Menu, Help, Check for updates to get the most current version.
Adobe Photoshop CC 20.0.8 and 21.0.2 are security updates. Use Adobe Creative Cloud to install the most current version.
Artweaver 7.0.3 resolves several bugs. This is not a security update.
https://www.artweaver.de/
Krita 4.2.8 improves disk write reliability, and resolves several bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/
Notepad++ 7.8.2 resolves several bugs and returns the hotkeys to the save prompt. This is not a security update.
https://12pd.com/click?npp
Paint.net 4.2.8 updates libraries, improves performance, resolves several bugs, and adds self-repair with /repair. This should be treated as a security update.
https://www.getpaint.net/
Security Software Updates
One or more of these is likely to be of interest to most people.
Caine 11.0 adds several new features and apps, updates libraries, and updates core. This is a security update.
https://www.caine-live.net/
HTTP Toolkit 0.1.17 doesn’t provide a changelog so should be treated as a security update.
https://httptoolkit.tech/
RogueKiller 14.0.0.16 updates core engine, resolves several bugs, adds real time protection and documents protection. This should be treated as a security update.
https://www.adlice.com/softwares/roguekiller/
Capture Updates
These are unlikely to be of interest to most people.
SnagIt 2020.0.3 resolves an Editor launch bug. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe
Converter Updates
These are unlikely to be of interest to most people.
MKVToolnix 41.0.0 adds many new features, improves meta storage, resolves several bugs. This is not a security update.
https://www.fosshub.com/MKVToolNix.html
DVDFab 11.0.6.4 adds support for new encodings, new hardware, adds Enlarger AI and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm
MakeMKV 1.14.7 adds support for new encodings, resolves a file name variable expansion bug. This is not a security update.
https://12pd.com/click?makemkv
Utility Updates
These are unlikely to be of interest to most people.
Beyond Compare 4.3.3.24545 resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4
Bitcoin 0.19.0.1 integrates a tool to analyze and reduce memory consumption, adds and updates many RPC functions. This is not a security update.
https://bitcoin.org/en/download
CPU-Z Installer 1.91 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html
Dell Command Update 3.1 adds CLI support, automatic suspension of BitLocker for BIOS updates, enhances return codes for CLI, update scheduling, and resolves several bugs. This is not a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en
DesktopOK 6.79 resolves a false AV alert. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK
DevManView 1.65 adds shortcut creation, and adds option to start remote registry service for automation. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html
Drive Snapshot 1.48 adds support for newer OSes, resolves encryption bugs. This is a security update.
http://www.drivesnapshot.de/en/
Etcher 1.5.69 updates libraries, resolves several bugs, and improves compatibility. This is not a security update.
https://www.balena.io/etcher/
GoodSync 10.10.15 resolves several bugs, improves and weakens security options (yes, really). This version should be avoided until they get their stuff together.
https://www.goodsync.com/
Homedale 1.86 improves the dot-chart. This is not a security update.
https://www.the-sz.com/products/homedale/
MS ISO Downloader 8.24 adds support for new media. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool
NTLite 1.8.0.7240 adds several options for new features, resolves bugs. This is not a security update.
https://www.ntlite.com/download/
OSForensics 7.1.1002 resolves several bugs and improves reliability. This should be treated as a security update.
http://www.osforensics.com/download.html
Password Security Scanner 1.50 adds support for Windows Credentials passwords, and resolves a couple bugs. This is not a security update.
https://www.nirsoft.net/utils/password_security_scanner.html
RoboForm 8.6.5 resolves an upgrade data conversion bug, improves experience when changing Master password, improves login from RF behavior, and resolves several other bugs. This is not a security update.
https://12pd.com/click?rf
SearchMyFiles 3.07 resolves a bug. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html
TraceRouteOK 1.61 adds window position saving, resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK
USBDeview 2.85 adds option to create shortcuts. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html
WinScan2PDF 5.11 improves WIA reliability, performance. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF
WirelessKeyView 2.11 improves output formatting and adds explore from here option. This is not a security update. Note that downloads are not password protected. This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html
WSUS Offline 11.8.3 updates supercedence list, resolves several bugs. This is not a security update.
http://download.wsusoffline.net/
Developer Updates
These are unlikely to be of interest to most people.
AutoHotkey 1.1.32.00 resolves several bugs, adds InputHook OnKeyUp callback, adds support for PixelSearch in fast mode. This is not a security update.
https://www.autohotkey.com/download/
Android Studio 3.5.3.0 improves stability and performance, resolves several bugs. This is not a security update.
https://developer.android.com/studio/index.html
Godot 3.1.2 resolves over 400 bugs. This is a security update.
https://godotengine.org/
Node.js 13.3.0 resolves several bugs, and updates libraries. This should be treated as a security update.
https://nodejs.org/en/
StrawberryPerl 5.30.1.1 updates core to 5.30.1 and updates libraries. This is not a security update.
http://strawberryperl.com/
Web Package Updates
These are likely to be of interest only to web developers.
Drupal 8.8.0 makes several feature-level and requirements changes (recommended PHP is now 7.2+), removes several features and modules, updates libraries, and improves code consistency. This should be treated as a security update.
https://drupal.org/download
Brackets 1.14.1 is a security update.
http://brackets.io/
MailEnable 10.28 resolves several bugs, and adds recurring tasks and custom special folders. This is not a security update.
https://www.mailenable.com/
phpMyAdmin 4.9.2 resolves several bugs and improves compatibility. This is a security update.
https://www.phpmyadmin.net/
ScreenConnect 19.5.26030.7282 improves server compatibility. This is not a security update.
https://www.connectwise.com/software/control/download
ColdFusion 2018 Update 7 is a security update.
https://helpx.adobe.com/coldfusion/kb/coldfusion-2018-update-7.html
bbPress 2.6.2 resolves several bugs. This is not a security update.
BuddyPress 5.1.0 resolves several bugs. This is not a security update.
Contact Form 7 5.1.6 resolves an incompatible CSS bug. This is not a security update.
Custom Facebook Feed 2.12.2 resolves a bug. This is not a security update.
FV Top Level Categories 1.9.1 improves compatibility. This is not a security update.
Multisite Enhancements 1.5.2 resolves several bugs. This is not a security update.
Redirection 4.5.1 resolves broken canonical redirects. This is not a security update.
NextScripts Social Networks Auto-Poster 4.3.11 adds WordPress 5.3 support, resolves several bugs. This is not a security update.
Sucuri Security 1.8.22 adds several new checks. This is not a security update.
W3 Total Cache 0.11.0 resolves several bugs, improves compatibility and performance, and adds lazy loading. This is not a security update.
WooCommerce 3.8.1 resolves several bugs. This is not a security update.
That’s all for now folks. Keep it clean out there. 😉
Regards,
Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/