Updates 2021-03-09

Welcome back, Folks!

Today is Patch Tuesday for March, 2021.

This Month in Technology

Gab has been hacked at least a couple more times. (Would you trust the security of a Gab-owned bank?)

A new form of “supply-chain” attack demonstrating dependency vulnerabilities has been used against many major vendors, including Microsoft, Apple, Tesla, and dozens more.

32redAccellionAllergy PartnersAppleBombardierCA DMVClubhouse ChatsCovenant HealthCareCSXD-Link devices, Ecuador’s Ministry of Finance and Banco Pichincha, the European Banking AuthorityEXMOExperian (again), France’s Ministry of HealthGeorgetown County (SC), Hipcam (and other baby monitors), HumanaIBM, over a hundred Italian banksKeepChangeKiaKrogerLakehead UniversityMalaysia AirlinesNess Digital EngineeringNinja FormsNgrokNurseryCam, Oxford University, RealPage, RIPE NCC accountsRockwell Automation PLCsMaza, a Russian Cybercrime forum, SingtelSITA (an airline service provider), SolarCityPayPalQualysSendgrid accounts (to send spam – how could anyone tell the difference?!), Sequoia CapitalSignalT-Mobile, TMS, 15 UK schoolsUnderwriters LaboratoriesUniversal Health ServicesVMWare vCenter ServerWashington State Unemployment DepartmentWawa, Apple’s WebKit, and Yandex have been hacked.

According to a study by Bridewell Consulting, 86% of UK critical national infrastructure organizations have experienced cyber-attacks. I think it would be more accurate to present these numbers as, “14% of UKs critical national infrastructure doesn’t have the technology in place to know they were hacked.”

Even more malware related to the SolarWinds hack has been discovered. Since AWS was used for the SolarWinds hack, shouldn’t Amazon shut AWS down, too?

Microsoft is now admitting that Azure and Exchange source code has been compromised by the SolarWinds attackers.

The big news this month is that a vulnerability in Microsoft Exchange (coincidence?) has resulted in over thirty thousand servers being hackedThis is huge. So what did Microsoft do? Microsoft has announced it has changed their policy to crack down on hosted email accounts that receive a lot of email. Sigh.

Another interesting new tactic, bitsquatting, has proved far more effective than one would think. The demonstration allowed them to hijack thousands of requests intended for Microsoft. Used maliciously, this method will cause serious damage.

Censorship has finally made it before the Supreme Court, but Dr. Suess is only the latest target, while Facebook allowed actual genocide, but forbade discussion about news articles, Google acknowledges their efforts to perform censorship “better,” and Firefox has released a new extension to aid in censorship, while Streamlabs waited for the payment to clear before censoring one paid user. The Beverly Hills Police Department is using the novel approach of playing copyrighted music to prevent their actions from being observed, and Congress is now violating federal law by demanding censorship of media.

It amazes me that people actually trust “fact checkers.” Censorship doesn’t work!

Poland isn’t taking it anymore. Italy is fining Facebook, too.

Tor was hacked years ago, but new implementations (like that in Brave) are still popping up with their own problems.

Another 21 million VPN users were taught the lesson about the difference between customers and products. If you’re not the customer, you’re the product.

Instagram (like parent Facebook) is sharing everything you do with law enforcement. So is Apple’s iCloud.

The Windows 10 implementation of web fonts can be used to hack you. Apple M1 chips (less than 6 months old) have been targeted with several pieces of malware, but we should trust the MORPHEUS chip, right? BTW, M1 Macs are eating their (soldered in) SSDs, too.

It’s not just Google. Apple can disable all of your accounts and services on a whim, too. Or for your name.

Amazon has been caught duplicating products, can they be trusted to sell your products or host your content?

Is half a billion dollars enough to get you to rethink a bad user interface?

The whole point of unified interfaces and consistent logins is to ensure a familiar experience so you know whether you’re visiting the real site. Attackers take advantage of this to build their own imagekits and forms, even using their own fake security measures to convince you you’re on the “real” site since they are forced to validate that *you* are really you.

The malicious Gootkit Trojan can help the SEO of your websites. Just not for you.

Never reuse passwords. Or hard-code them. And don’t use obvious passwords either. But if you do, don’t blame a fabricated intern.

Apple claims that a new (available since 2019, but only recently launched on iOS) application execution technique will make it more difficult for iPhones to be hacked,
while yet another iPhone bug has demonstrated to successfully jailbreak every active iOS/iPhone line.

North Dakota and Arizona may save the Internet by forbidding the ability for vendors to force the use of their own app stores.

While many treat Google’s lockdown of their data APIs in Chromium as a bad thing, I see it as getting Google further out of Chromium – which can only be a net positive.

AT&T and Frontier have consistently abandoned phone networks in California, but we knew that: AT&T said they were going to do this when Title II passed. Sometimes the only thing to make a company following through is enough bad press.

Deepfakes for everyone! While most focus on Deepfakes are about their potential for evil, they can be used for good.

On patents: Intel owes $2.2 billion for saving power, and Apple has violated several biometric patents.

Dr. Fauci has known all along that the PCR test was useless. The WHO has launched their own COVID-specific version of “we investigated ourselves and found we did nothing wrong.” The dystopian concept of vaccine passports has been struck down by the Council of Europe. Unfortunately their power is mostly cosmetic.

The CDC inflated “COVID deaths” over 1600% in violation of multiple federal laws. CDS is real though. COVID has been “really good for CNN ratings,” though. Thousands of people have died in the US from the experimental COVID “vaccines,” (and elsewhere) or suffered from other harm. Many more internationally. Quarantine internment camps are a real thing. People are being harmed from the tests (or forcefully vaccinated), too. You can do something about it. (They sure won’t.) BTW, the CDC has had to remove their claim that vaccines don’t cause Autism.

Pennsylvania, New Mexico, and Texas have joined in on efforts to end lockdown insanity.

Don’t be selfishMasks still don’t work, but masks can kill you. (At least they won’t rape you.)

Keep the pedophile, but ban the words.

Green Energy killed Texas. It shouldn’t have been allowed to happen.

Governors Cuomo and Whitmer are finally being taken to task on their “accidental” murder of thousands of nursing home residents. Don’t expect the President to get involved. Genocide is just “different norms” to him. Instead of those in “National Security” investigating this, they’re convinced their time is better used calling half the population terrorists.

Facebook has had more than 20 million child sex abuse incidents, more than 20x greater than any other website, including Google. Nevertheless, the masses aren’t calling for cancelling Facebook. It’s tolerance when “they” do it.

Speaker Pelosi (who is responsible for security at the House) refused National Guard assistance, supposedly over “optics“, before the staged January 6riot“. Chris Wray lied to Congress about Antifa dressing as Trump supporters. So did former Deputy Attorney General Rod Rosenstein. They’ve knowingly falsified FISA warrants. So is it really any surprise there are calls to shut down the FBI?

Some states are finally allowing election audits, with evidence of 6% discrepancies in every single race, others as much as 78%, and other serious math problems, while others refuse to release ballots for inspection, purge election data, or allow the FBI to shred ballots without oversight or inspection. Then they poison the people they are forcing to guard them.

Is it any surprise that their Section 230 “reforms” are designed to completely silence online discourse? After all, the President doesn’t understand what “clandestine” means. (Quick tip: If you announce your intentions on the MSM, it’s not clandestine!)

The Babylon Bee is probably the best news site on the Internet, not because they actually have any news, but because they shine a light on the fraud that passes for news today.

Now for the good news:

California has finally been allowed to implement their own brand of Net Neutrality. I strongly oppose Net Neutrality, as getting government involved in something (even under the auspices of protection) always results in unintended consequences. This is, fortunately, no exception. CA Net Neutrality can now be used by myself and others to target Big Tech to penalize them for their continuous acts of censorship.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, Internet Explorer, and MSRT (~2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Big Sur 11.2.3, watchOS 7.3.2, Safari 14.0.3, iOS 14.4.1 and iPadOS 14.4.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.4.1 is a security update. Use Settings, General, Software Update to install the most current update.

iPadOS 14.4.1 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.3.2 is a security update. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 88.0.4324.186 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

BullZip PDF Printer 12.2.0.2902 resolves several bugs. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Display Driver Uninstaller 18.0.3.7 improves cleanup and adds network path support. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DirectX 9.29.1974.1 doesn’t provide a changelog, so should be treated as a security update.

nVidia 461.72 adds support for newer hardware and resolves several bugs. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.21.74 resolved several bugs. This is a security update.
https://brave.com/

Google Chrome 89.0.4389.82 is a security update.
https://www.google.com/chrome/

Microsoft Edge 89.0.774.48 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 86.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.8.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 3.6.2165.40 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.8.0 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Mumble 1.2.19 is a security update.
http://wiki.mumble.info/wiki/Main_Page

Prosody 0.11.8 is a security update.
https://prosody.im/download/start

Trillian 6.4.0.5 resolves a settings bug. This is not a security update.
https://www.trillian.im/

Dropbox 117.4.378 does not provide a changelog so should be treated like a security update.
https://www.dropbox.com/

FreeFileSync 11.8 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Zoom 5.5.13142.0301 resolves several bugs, improves grid view, and better indicates when content is being shared. This is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.12 adds 3 new types of motion, show/hide shortcut, and resolves several bugs. This is not a security update.
https://en.3tene.com/

Flickr Downloadr 3.3.4.1 updates the Docker image. This is not a security update.
https://flickrdownloadr.com/downloads/

Office Updates

One or more of these are likely to be of interest to most people.

Atom 1.55.0 allows git configuration without a repository. This is not a security update.
https://atom.io/

IcoFX 3.5.1 resolves several bugs. This is not a security update.
https://icofx.ro/

LibreOffice Fresh 7.1.1 resolves almost a hundred bugs. Remember that this is beta software, so should be avoided for the stable version whenever possible. This should be treated as a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.1.3 is a security update.
https://nextcloud.com/

Notepad++ 7.9.3 adds new folder features that now prevent it working on Windows XP. If you are still running XP you should really consider switching to Linux, but if you must continue to use XP then use Notepad++ 7.9.2. This is not a security update.
https://12pd.com/click?npp32

VideoCleaner 5.8 improves Matrix, Sharpening and Mask features. This is not a security update.
https://videocleaner.com/download.html

Adobe Connect 11.2 is a security update.
https://helpx.adobe.com/security/products/connect/apsb21-19.html

Adobe Creative Cloud Desktop Application 5.4 is a security update.
https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html

Adobe Framemaker 2020.0.2 is a security update.
https://helpx.adobe.com/security/products/framemaker/apsb21-14.html

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.16 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

OpenSSL 1.1.1j is a security update.
https://www.openssl.org/source/

RogueKiller 14.8.5 updates core and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Wireless Network Watcher 2.25 improved compatibility with high-DPI. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

Capture Updates

These are unlikely to be of interest to most people.

VideoCacheView 3.06 adds support for the new cache partitioning structure in chromium-based browsers. This is not a security update.
https://www.nirsoft.net/utils/video_cache_view.html

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.16.1 resolves several bugs and adds ARM support. This is not a security update.
https://12pd.com/click?makemkv

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.8 adds native M1 support and resolves dozens of bugs. This is a security update.
https://1password.com/downloads/mac/

1Password for Windows 7.6.793 improves performance and resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/

CCleaner 5.77.8521 improves cleaning and resolves several bugs. This is a security update.
https://www.ccleaner.com/

ControlMyMonitor 1.28 improves compatibility with high DPI. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

Coreinfo 3.52 adds reporting for CET (shadow stack). This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/coreinfo

Cygwin 3.1.7 resolves several bugs. This is not a security update.
https://cygwin.com/

Dell Command Update 4.1 is a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

DesktopOK 8.66 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Eraser 6.2.0.2992 doesn’t provide a changelog so should be treated as a security update.
https://eraser.heidi.ie/download/

Everything Toolbar 0.6.2 adds an installer, drag & drop support, elevation support, and more. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

Homedale 1.93 adds an option to set the gps baud rate from the command line. This is not a security update.
https://www.the-sz.com/products/homedale/

IsMyHdOK 3.01 resolves a bug in screenshot generation. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.0.0.7820 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSFMount 3.1.1000 updates drivers and improves CLI support. This is not a security update.
https://www.osforensics.com/tools/mount-disk-images.html

PointerStick 5.05 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

QuickSetDNS 1.31 adds option to start hidden. This is not a security update.
https://www.nirsoft.net/utils/quick_set_dns.html

TeamViewer 15.15.5 was released. The TeamViewer release notes have been unavailable for months now, so while it might be a security update, it would be safer to remove TeamViewer until these issues are resolved.
https://www.teamviewer.com/en/download/windows/

TraceRouteOK 2.42 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

WinScan2PDF 6.91 adds support for multi-page TIF and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.37 improves compatibility, refresh behavior, and resolves several bugs. This is not a security update.
https://wiztreefree.com/

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.33.05 resolves several bugs and improves compatibility. This is not a security update.
https://www.autohotkey.com/download/

Node.js 12.21.0 is a security update.
https://nodejs.org/en/

Node.js 14.16.0 is a security update.
https://nodejs.org/en/

Node.js 15.11.0 resolves dozens of bugs. This is a security update.
https://nodejs.org/en/

TortoiseSVN 1.14.1 resolves several bugs. This is not a security update.
https://tortoisesvn.net/downloads.html

Visual Studio Code 1.54 resolves an extension dependency bug. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.11.3 resolves several bugs. This is not a security update.
https://ppsspp.org/downloads.html

Web Package Updates

These are likely to be of interest only to web developers.

Adminer 4.8.0 adds several new features and improves compatibility. This is not a security update.
https://www.adminer.org/en/

Docker Desktop 3.2.1 updates the Docker Engine. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.1.5 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

HumHub 1.8.0 adds a bunch of new features, improves permissions, brute force delays, style and administration improvements, and resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 3.9.25 is a security update.
https://www.joomla.org/

MailEnable 10.32 resolves several bugs and adds LDAP support. This is not a security update.
https://www.mailenable.com/

Nextcloud Server 21.0.0 improves performance (up to 10x!), collaboration, groupware and more. This is not a security update.
https://nextcloud.com/

OpenPetra 2021.02 adds several new features, improvements, and resolves bugs. This is not a security update.
https://www.openpetra.org/

phpList 3.6.1 improves short URLs, PHP8 support, and security improvements. This is a security update.
https://www.phplist.org/

phpMyAdmin 5.1.0 resolves several bugs, improves compatibility, and adds several new options. This is not a security update.
https://www.phpmyadmin.net/

ScreenConnect 21.3.2160.7699 resolves several bugs, renamed End to Delete, and improves compatibility. This is not a security update.
https://www.connectwise.com/software/control/download

YOURLS 1.8.1 improves IDN, UTF8, time zone, and PHP8 support, removes support for PHP 7.2, and resolves several bugs. This is not a security update.
https://yourls.org/

WordPress 5.7 resolves several bugs and adds a few new features, improving accessibility, and (finally) adding a feature to update HTTP to HTTPS links throughout your site when you switch to HTTPS. This is not a security update.
https://wordpress.org/

Akismet 4.1.9 improves handling of pingbacks in XML-RPC calls. This is not a security update.

BuddyPress 7.2.0 resolves several bugs. This is not a security update.

Conditional Widgets 3 improves translation support. This is not a security update.

Contact Form 7 5.4 adds Sendinblue support, updates libraries and improves reliability and compatibility. This is not a security update.

Social Post Feed 2.19 improves error handling and reporting, cleanup, resolves several bugs and updates libraries. This is not a security update.

myStickymenu 2.5.1 improves instructions and compatibility. This is not a security update.

Postie 1.9.55 improves compatibility and removes legacy image sizing feature. This is not a security update.

Really Simple CAPTCHA 2.1 improves hash comparison. This is not a security update.

W3 Total Cache 2.1.1 resolves several bugs and adds information links and ogg caching support. This is not a security update.

WooCommerce 5.1.0 is a major update. This version improves compatibility, localization, and resolves dozens of bugs. This is not a security update.

WordPress Zero Spam 5.0.9 resolves several bugs and improves spam detection. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2015-05-12

Hi, Folks!

It’s Patch Tuesday! It’s a pretty heavy load today, with several updates that require direct interaction. The typical computer should see roughly 400mb in updates. Let’s get started.

Microsoft released 24 updates to address issues in Windows, Internet Explorer, Microsoft Security Essentials, Silverlight, .NET, and Microsoft Office (~250mb). This includes security updates. A reboot is required.
http://update.microsoft.com/

Apple released updates for OS X, OS X Server, Safari, iCloud, RAW compatibility, and several drivers. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

Adobe Reader and Acrobat 11.0.11 are security updates. Since Adobe has released Adobe Acrobat DC the native update engine has become unreliable for 11.x versions. You may need to either switch to Adobe Acrobat DC or have significant patience to download the 11.0.11 update.

Adobe AIR 17.0.0.172 is a security update.
Win: https://12pd.com/click?air
Mac: https://12pd.com/click?airmac

Adobe Flash Player 17.0.0.188 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 15.1.0.2 improves cleanup. This is not a security update.
http://www.wagnardmobile.com/DDU/

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 42.0.2311.152 is a security update.

Firefox 38.0 is a security update. Use Help, About to install the most current version.

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 31.7.0 is a security update. Use Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

Dropbox 3.4.6 provides several bug fixes. This is not a security update.
https://12pd.com/click?dropbox

Evernote 5.8.6.7519 fixes several bugs, including crash and reliability. This is not a security update.

BrowsingHistoryView 1.69 corrects a bug parsing IE data on some platforms. This is not a security update.
http://www.nirsoft.net/utils/browsing_history_view.html

IPInfoOffline 1.41 corrects IP parsing issue. This is not a security update.
http://www.nirsoft.net/utils/ip_country_info_offline.html

Adobe Shockwave 12.1.8.158 is a security update. If you do not have Shockwave DO NOT install it now!
https://12pd.com/click?shockwave

Media Updates

These are unlikely to be of interest to most people.

CDBurnerXP 4.5.5.5571 is a security update.
https://12pd.com/click?cdbxp

Plex Media Server 0.9.12.1.1079 corrects several stability bugs. This is not a security update.
https://plex.tv/downloads/1/archive

VLC Media Player 2.2.1 is a security update.

Unreal Media Server 11.0 adds Live Channel a/v switching, rebroadcasting, and improved stability. This is not a security update.
http://www.umediaserver.net/umediaserver/download.html

Unreal Streaming Media Player 7.0 adds support for Live Channels, time-shifting, improves UMS over HTTPS, and improved buffering. This is not a security update.
http://www.umediaserver.net/umediaserver/download.html

Game Updates

These are unlikely to be of interest to most people.

PlayStation 2.51 is a stability update. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Notepad++ 6.7.7 fixes a minor bug. This is not a security update.
https://12pd.com/click?npp

Security Software Updates

One or more of these is likely to be of interest to most people.

OpenSSL 1.0.2a is a security update.

Windows Defender Offline 20150430 is a security update.
http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline

DrWeb CureIt! 10.0.5 is a security update.
https://www.freedrweb.com/download+cureit+free/?lng=en

Avast! Home Edition 10.2.2218 improves stability and performance. This is not a security update.
http://www.avast.com/free-antivirus-download

MalwareBytes’ Anti-Malware 2.1.6 is a security update.
http://www.malwarebytes.org/products/malwarebytes_free

DNSQuerySniffer 1.45 adds the ability to capture queries from loopback address. This is not a security update.
http://www.nirsoft.net/utils/dns_query_sniffer.html

SmartSniff 2.17 added “Find in Upper Pane” option. This is not a security update.
http://www.nirsoft.net/utils/smsniff.html

Wireless Network Watcher 1.79 updates internal MAC address database. This is not a security update.
http://www.nirsoft.net/utils/wireless_network_watcher.html

RogueKiller 10.6.3 adds detections, fixes search bug, improves UI and other bug fixes. This is not a security update.
http://www.adlice.com/softwares/roguekiller/

MSRT 5.24 is a security update.
http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx

Capture Updates

These are unlikely to be of interest to most people.

Greenshot 1.2.6.7 updates Picasa support and improves editor. This is not a security update.
http://sourceforge.net/projects/greenshot/

VideoCacheView 2.85 added the ability to scan only files within a configurable recent period. This is not a security update.
http://www.nirsoft.net/utils/video_cache_view.html

XSplit Gamecaster 2.2.1502.1751 improves YouTube Live support. This is not a security update.
http://www.xsplit.com/get/

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 9.1.9.9 updates encryption support, corrects more than 20 bugs. This is not a security update.
http://www.dvdfab.cn/download.htm

TEncoder 4.5.7 does not provide a changelog, so should be treated as a security update.
http://tencoder.sourceforge.net/

Utility Updates

These are unlikely to be of interest to most people.

GoodSync 9.9.20 improves performance and stability. This is not a security update.
https://12pd.com/click?goodsync

Bitcoin 0.10.1 is a bug fix. This is not a security update.
http://bitcoin.org/en/download

CintaNotes 2.8.6 fixes several bugs, including stability and sync issues. This is not a security update.
http://cintanotes.com/download

Cygwin 2.0.0 is a major update and bugfix release. This should be treated as a security update.
http://cygwin.com/

CrucialScanner 20150506 does not provide a changelog, so should be treated as a security update.
http://www.crucial.com/systemscanner/index.aspx

Process Hacker 2.34 provides several cosmetic and stability updates. This is not a security update.
http://processhacker.sourceforge.net/

TeamViewer 10.0.41459 provides several bug fixes. This is not a security update.
http://www.teamviewer.com/en/download/windows.aspx

FileLocator Pro 7.5.2092 corrects several bugs. This is not a security update.
http://www.mythicsoft.com/filelocatorpro/download

DiskSmartView 1.10 fixes a reliability bug. This is not a security update.
http://www.nirsoft.net/utils/disk_smart_view.html

FolderChangesView 1.71 corrects a deleted file bug. This is not a security update.
http://www.nirsoft.net/utils/folder_changes_view.html

Password Security Scanner 1.33 adds portable Firefox support. This is not a security update.
http://www.nirsoft.net/utils/password_security_scanner.html

USBDeview 2.42 adds the ability to view device capabilities. This is not a security update.
http://www.nirsoft.net/utils/usb_devices_view.html

WakeMeOnLan 1.71 updates the internal MAC address database. This is not a security update.
http://www.nirsoft.net/utils/wake_on_lan.html

WifiInfoView 1.80 adds the ability to determine maximum supported speed of 802.11ac networks. This is not a security update.
http://www.nirsoft.net/utils/wifi_information_view.html

CCleaner 5.05.5176 improves cleanup. This is not a security update.
https://12pd.com/click?ccleaner

Sysmon 3.0 improves process tracking and filters. This is not a security update.
http://sysinternals.com/

Autoruns 13.3 adds reporting of GP extension DLLs and adds target processes tracking. This is a security update.
http://sysinternals.com/

RegJump 1.1 adds the -c option to jump to the path stored in the copy/paste clipboard.
http://sysinternals.com/

WuInstall 2.3.5 fixes a cache reporting bug and improves inline documentation. This is not a security update.

Seagate HDD Diagnostics 1.4.0.2 does not provide a changelog, so should be treated as a security update.
http://knowledge.seagate.com/articles/en_US/FAQ/202435en

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.5.36 is a security update.
http://coppermine-gallery.net/

Dada Mail 8.0.2 is a bugfix release. This is not a security update.
http://dadamailproject.com/

ownCloud Client 1.8.1 provides a number of performance and reliability updates. This is a security update.
https://owncloud.org/install/

phpMyAdmin 4.4.6 corrects several bugs. This is not a security update.
http://www.phpmyadmin.net/home_page/news.php

Plupload 2.1.3 does not provide a changelog, so should be treated as a security update.
http://www.plupload.com/

TinyMCE 4.1.10 is a bugfix release. This is not a security update.
http://www.tinymce.com/download/download.php

Drupal 7.37 fixes several bugs. This is not a security update.
http://drupal.org/download

jQuery 1.11.3 and 2.1.4 fixes several bugs. This is not a security update.
http://jquery.com/download/

SMF 2.0.10 fixes several bugs. This is not a security update.
http://download.simplemachines.org/

WordPress 4.1.2 is the 4th security update in the last month. Update ASAP!

Autoptimize 1.9.4 is a compatibility bug fix. This is not a security update.

bbPress 2.5.7 improves URL output. This is not a security update.

BuddyPress 2.2.3.1 does not provide a changelog, so should be treated as a security update.

Conditional Widgets 2.2 fixes a number of bugs and adds hide on desktop/mobile support. This is not a security update.

Contact Form 7 4.1.2 adds div and quiz wrapper elements. This is not a security update.

Easy Bootstrap Shortcode 4.4.0 is a security update.

FV Top Level Categories 1.7 adds new translations. This is not a security update.

Postie 1.6.19 adds support for future posting and improves DAP LiveLinks compatibility. This is not a security update.

Raw HTML 1.4.15 fixes a minor bug. This is not a security update.

Redirection 2.3.15 fixes an admin bug. This is not a security update.

Theme My Login 6.3.12 is a security update.

WooCommerce 2.3.8 provides dozens of fixes, including style, hook and API updates. This is not a security update.

WPtouch 3.7.8 updates translations, fixes several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2014-09-16

Hi, Folks!

It’s catch-up Tuesday! A few vendors were not ready for updates last week, so delayed their security releases until today.

Apple released a security update for iTunes. This update will also be required to use iOS 8 which will be released later this week. Use Apple Software Update to install these updates. A reboot is required.

Adobe Reader 11.0.09 is a security update. Use Help, Check for Updates to install the latest version.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 13.1.0.0 improves cleanup routine. This is not a security update.
http://www.wagnardmobile.com/DDU/

Browser Updates

One or more of these are likely to be of interest to everyone.

Firefox 32.0.1 is a security update. Use Help, About to install the most current version.

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 31.1.1 is a security update. Use Help, About to install the most current version.

OutlookAttachView 2.71 fixes a stability bug and adds new filename export variables. This is not a security update.
http://www.nirsoft.net/utils/outlook_attachment.html

Media Updates

These are unlikely to be of interest to most people.

CDBurnerXP 4.5.4.5067 improves disk detection and suggestions, fixes several bugs. Ths is not a security update.
http://cdburnerxp.se/

iTunes 11.4 is a security update. Use Apple Software Updater to install the most current version.

Game Updates

These are unlikely to be of interest to most people.

SteamOS 10-Sep-2014 is a security update.
http://store.steampowered.com/steamos/download/?ver=custom

Converter Updates

These are unlikely to be of interest to most people.

FFmpeg 2.4 updates libraries and fixes bugs. This is not a security update.
http://ffmpeg.org/download.html

DVDFab 9.1.6.8 adds support for new protections, new device output formats, improved hardware support and several other bugs. This is not a security update.
http://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

GoodSync 9.9.7.8 improves performance, and fixes several crash bugs. This is not a security update.
https://12pd.com/click?goodsync

CintaNotes 2.7.2 simplifies sidebar, improves preferences, defaults and editor behavior. Fixes several bugs. This is not a security update.
http://cintanotes.com/download

TeamViewer 9.0.32494 simplifies interface, improves reboot behavior, and other bug fixes. This is not a security update.
http://www.teamviewer.com/en/download/windows.aspx

UpdateChecker 1.041 updates the icons and fixes several bugs. This is not a security update.
http://www.filehippo.com/updatechecker

Agent Ransack 2014.825 fixes a single-quote bug in XML UTF. This is not a security update.
http://mythicsoft.com/agentransack/download

Autoruns 12.03 fixes several bugs. This is not a security update.
http://sysinternals.com/

Process Explorer 16.04 fixes a bug in Virus Total submission and adds Windows Store package names. This is not a security update.
http://sysinternals.com/

Handle 4 now works with standard-user rights. This is not a security update.
http://sysinternals.com/

ProcDump 7.01 fixes several bugs. This is not a security update.
http://sysinternals.com/

RegJump 1.02 now works on 64-bit Windows. This is not a security update.
http://sysinternals.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 4.3.16-95972 fixes a couple dozen bugs, including reliability, stability and performance issues. This is not a security update.
http://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

phpMyAdmin 4.0.10.3, 4.1.14.4 and 4.2.8.1 are security updates.
http://www.phpmyadmin.net/home_page/news.php

Dada Mail 7.2.1 improves message archives. This is not a security update.
http://dadamailproject.com/download/

Helicon Ape 3.1.0.139 fixes a wildcard warning bug. This is not a security update.
http://www.helicontech.com/ape/download.html

Autoptimize 1.9.1 fixes two bugs. This is not a security update.

BuddyPress 2.0.3 is a security update.

Conditional Widgets 2.0.5 works toward fixing strict warnings. DOES NOT update its own settings properly on multisite networks! This is not a security update.

Easy Bootstrap Shortcode 4.3.4 adds a shortcode for jumbotron. This is not a security update.

Multisite Enhancements 1.0.6 adds child theme display. This is not a security update.

WooCommerce 2.2.3 fixes over a dozen bugs and improves reliability for refunds. This is a security update.
That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2014-06-10

Hi, Folks!

It’s Patch Tuesday!

It’s been a month already, so if you haven’t changed all your passwords, please do it now. Then come back. I’ll still be here.

Microsoft released 7 updates for Windows, Office, and Internet Explorer. This includes security updates (~60mb). A reboot is required. Some of the vulnerabilities these updates resolve apply to Windows XP but will never be patched on that platform. Upgrade to Windows 7 NOW or switch to a new computer.
http://update.microsoft.com/

Apple released updates for Safari, OS X, Java, iTunes and MacBook Air SMC. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

Adobe Flash Player 14.0.0.125 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Adobe AIR 14.0.0.110 is a security update.
Win: https://12pd.com/click?air
Mac: https://12pd.com/click?airmac
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

BullZip PDF 10.6.0.2267 adds support for Ghostscript 9.14 and fixes installation error. This is not a security update.
https://12pd.com/click?bullzippdf

nVidia 337.88 provides universal performance improvements with all DirectX environments/games, updates device compatibility, improves specific gaming performance and other fixes. This is not a security update.
https://12pd.com/click?nvidia

Samsung Kies 20140527 does not provide a changelog (or even version information!) so should be treated as a security update.
http://www.samsung.com/ca/support/usefulsoftware/KIES/JSP

PlayStation 4 1.71 adds changes to support existing PSN features and improves stability. This is not a security update, but is required for continued online functionality.
http://us.playstation.com/support/systemupdates/ps4/index.htm

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 35.0.1916.153 is a security update. Use Menu, About to get the most current version.

Firefox 30.0 fixes over 3,600 bugs (yes, really), including scripting, debugging, plugin behavior and much more. While none of the bugs are flagged security, the scope of changes suggest this should be treated as a security update. Use Help, About to get the most current version.

Opera 22.0.1471.50 is a security update. Use Menu, About to get the most current version.

HTTrack 3.48.13 corrects several bugs and updates libraries. This is a security update.
http://www.httrack.com/page/2/en/index.html

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 24.6.0 is a security update. Use Menu, About to get the most current version.

OutlookAttachView 2.68 adds secondary column sorting support. This is not a security update.
http://www.nirsoft.net/utils/outlook_attachment.html

Internet Updates

One or more of these are likely to be of interest to everyone.

Adobe Shockwave 12.1.2.152 is a security update.
https://12pd.com/click?shockwave

Java 7u60 updates time zone data, changes expiration behavior, and fixes well over 100 bugs. This is not a security update. If you do not need Java, or do not have Java installed, DO NOT INSTALL IT NOW!
http://www.java.com/en/download/manual.jsp

Mumble 1.2.6 is a security update.
http://blog.mumble.info/

Evernote 5.4.0.3698 improves offline security. This is a security update.
http://www.evernote.com/

BrowsingHistoryView 1.52 corrects an access bug with remote viewing. This is not a security update.
http://www.nirsoft.net/utils/browsing_history_view.html

IPNetInfo 1.55 adds the ability to automatically retry failed queries. This is not a security update.
http://www.nirsoft.net/utils/ipnetinfo.html

Dropbox 2.8.3 does not provide a changelog, so should be treated as a security update.
https://12pd.com/click?dropbox

FileZilla 3.8.1 is a security update.
http://filezilla-project.org/

WinSCP 5.5.4 is a security update.
http://winscp.net/eng/index.php

Codec Updates

One or more of these are likely to be of interest to everyone.

Win7 Codec Package 7 Codecs Advanced 4.6.4 updates included codecs. To install the update, you must uninstall and reinstall the application.
http://shark007.net/win7codecs.html

Media Updates

These are unlikely to be of interest to most people.

CDBurnerXP 4.5.4.4852 updates libraries, fixes several bugs. This is not a security update.
https://12pd.com/click?cdbxp

iTunes 11.2.2 is a security update. Use the Apple Software Updater to get the most current version.

Office Updates

One or more of these are likely to be of interest to most people.

Notepad++ 6.6.4 adds the ability to centralize your settings via Dropbox. This is not a security update.
https://12pd.com/click?npp

IcoFX 2.7 improves crop, trim, color dialog, rounded rectangle behavior, and others. This is not a security update.
http://icofx.ro/

SketchUp 14.1.1282 corrects several dozen non-security bugs. This is not a security update.
http://www.sketchup.com/

Scribus 1.4.4 corrects a number of bugs, improves several features and adds PDF/X-1a export, integrated barcode support, full support for OpenICC, and more. This is not a security update.
http://www.scribus.net/

Security Software Updates

One or more of these is likely to be of interest to most people.

OpenSSL 1.0.1h is a security update.

MalwareBytes’ Anti-Malware 2.0.2 corrects more than a dozen bugs, improves reliability, stability and performance, as well as cosmetic improvements. This is a security update.
https://12pd.com/click?mbam

Capture Updates

These are unlikely to be of interest to most people.

Open Broadcaster Software 0.624 Beta corrects several stability and sync bugs. This is not a security update.
http://obsproject.com/

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 9 9.1.5.0 fixes several stability and reliability bugs, adds support for new discs. This is not a security update.
http://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

Synergy 1.5.0 makes progress on the sticky key bug. This is not a security update.
http://synergy-project.org/

RoboForm 7.9.7 fixes stability problems with Firefox & Chrome and improves accessibility. This is not a security update.
https://12pd.com/click?roboform

GoodSync 9.8.6 restores direct command-line functionality, improves UI, provides improved self-diagnostics. This is not a security update.
https://12pd.com/click?goodsync

CintaNotes 2.6.1 improves search, selection, and provides a number of usability fixes. This is not a security update.
http://cintanotes.com/

CCleaner 4.14.4707 improves Firefox support, adds new application support, minor UI improvements and bug fixes. This is not a security update.
https://12pd.com/click?ccleaner

WifiChannelMonitor 1.0 is a new release from Nirsoft. WifiChannelMonitor is an amazing utility for troubleshooting and scanning your Wi-Fi networks. This is the first release but it has quite an amazing feature set already.
http://www.nirsoft.net/utils/wifi_channel_monitor.html

MyEventViewer 2.11 adds secondary column sorting support and the ability to hide events meeting certain conditions. This is not a security update.
http://www.nirsoft.net/utils/my_event_viewer.html

WifiInfoView 1.60 adds percent column, fixes command-line scanning and adds the ability to scan repeatedly via the command line. This is not a security update.
http://www.nirsoft.net/utils/wifi_information_view.html

Autoruns 12.0 now reports the presence of batch file and executable image entries in the WMI database, a vector used by some types of malware. This is a security update.
http://sysinternals.com/

Procdump 7.0 improves support for lightweight reflection dumps on Windows 7 and Windows 8, adds debug print statements as a new trigger type, has support for memory commit duration triggers, and now includes an option to unregister Procdump as the system last-chance exception debugger. This is not a security update.
http://sysinternals.com/

BFGMiner 4.1.0 provides several bugfixes. This is not a security update.
https://github.com/luke-jr/bfgminer/

Hamachi 2.2.0.193 improves error reporting. This is not a security update.
http://help.logmein.com/SelfServiceDownloads

LogMeIn Mac 4.1.4401 and LogMeIn Win 4.1.4400 are security updates.
http://help.logmein.com/SelfServiceDownloads

Recover Keys 8.0.3.110 doesn’t provide a distinct changelog so should be treated as a security update.
http://recover-keys.com/en/download.html

Developer Updates

These are unlikely to be of interest to most people.

SQLite Database Browser 3.1.0 adds plotting, SQLite 3.8.2 grammar fix, file association fix for OS X, and updated license. This is not a security update.
http://sqlitebrowser.org/

MySQL 5.6.19 corrects a number of stability and reliability bugs, including crash bugs. This is not a security update.
http://www.mysql.com/downloads/installer/

TortoiseSVN 1.8.7 corrects several bugs. This is not a security update.
http://tortoisesvn.net/downloads.html

TortoiseGit 1.8.9.0 corrects over a dozen bugs, primarily related to UI and usability. This is not a security update.
http://code.google.com/p/tortoisegit/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 4.3.12-93733 corrects a couple dozen stability and reliability bugs. This is a security update.
http://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Dada Mail 7.0.4 corrects a bug with Amazon SES. This is not a security update.
http://dadamailproject.com/download/

phpMyAdmin 4.2.3 corrects a handful of bugs and imposes new minimal PHP (5.3) and MySQL (5.5) version requirements. This is not a security update.
http://www.phpmyadmin.net/home_page/news.php

Plupload 2.1.2 does not provide a changelog, so should be treated as a security update.
http://www.plupload.com/

Autoptimize 1.8.5 improves Apache compatibility, updates libraries, adds improved exclusion filters, and treats multisite sites distinctly for cache purging. This is not a security update.

bbPress 2.5.4 corrects several bugs. This is not a security update.

Cloudflare Cache Purge 1.0.7 fixes ajax bug. This is not a security update.

Conditional Widgets 1.8 simplifies UI. This is not a security update.

Easy Bootstrap Shortcode 4.3.1 fixes bugs and updates design. This is ot a security update.

Email Log 1.7.3 improves compatibility. This is not a security update.

Front End Upload 0.6.1 updates included libraries. This should be treated as a security update.

Multisite Enhancements 1.0.5 adds favicon support and fixes active plugin list. This is not a security update.

Quick Cache 140605.1 adds 404 caching, branched cache structure, auto-caching, auto-purge of specific sectional pages, improved compatibility, debugging, and several bug fixes. This is not a security update.

Smart YouTube 4.2.4 makes og:image optional. This is not a security update.

WooCommerce 2.1.10 provides a number of new features and bug fixes, including some major performance improvements for very large sites. This should be treated as a security update.

WP Edit 1.9 fixes RSS feed, makes cosmetic changes. This is not a security update.

WPtouch 3.3.4 updates libraries, improves mobile detection, adds WP 3.9.1 compatibility, fixes several bugs. This should be treated as a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2014-05-13

Hi, Folks!

It’s Patch Tuesday! Or should I say, it’s Heartbleed Fix Day!?

Over the last month, the world has made quite the news out of a popular open source security library, OpenSSL. SSL is the underlying framework for nearly all secure communication and encryption in the world, and OpenSSL is the library which powers over 2/3rds of this. This isn’t the first time that a security issue has been discovered in OpenSSL, and it surely won’t be the last. But this particular bug enables attackers to collect information from the memory of affected services and applications, effectively creating such a significant weakness that hundreds of vendors scrambled to patch the bug, while millions of accounts from thousands of sites and services were potentially compromised.

One of the worst aspects of a popular bug like this is that everyone and their mother has their own opinion of it’s ramifications, with some dismissing it entirely and others currently shaping a second (or third) layer of tinfoil. The truth is somewhere in between. This bug has dramatic significance to the security world. Cisco routers are affected (most with no fix in sight or anticipated), as are many ATM’s, many applications for every operating system platform, including email clients & servers, browsers, web servers, financial applications, routers, modems, middleware and dedicated security hardware. Some of these the individual vendors have said will never be updated. Many others require manual installation of the current OpenSSL libraries or recompiling.

As a rule, any application that touches the Internet or network should be treated as vulnerable until patched or verified to be secure. Over the course of the last month almost every affected vendor has released updates to address the vulnerability. Unfortunately, nothing short of a complete hardware and software audit can determine if you are vulnerable.

If you run a website or other web-accessible service, then before *and* after patching your software, hardware and devices, you should take the time to re-key your SSL certificates.

The important thing to understand about this vulnerability is that it first introduced over 2 years ago and only publicly disclosed last month. This means that all “secure” traffic over the entire last two years should be treated as suspect.

Change all your passwords. All of them. Really.

Re-key your SSL certificates.

Ensure that all your browsers and mobile devices are configured to check for certificate revocation.

Meanwhile, the first major exploit for now-defunct Windows XP was discovered in use the day after support for XP ended. In a move that surprised many in the security industry (myself included), Microsoft released an update to address this vulnerability to all current versions of Windows, and included a patch for XP, as well. This was a fantastic stop-gap for those still running XP, but is likely only an act of good faith, and will be the very last one you’ll see for XP.

And now, back to our regularly scheduled update series…

Microsoft released 10 updates for Windows, Office, Internet Explorer, .NET, Visual Studio and MSRT. This includes security updates (~95mb). A reboot is required. Approximately half of these patch vulnerabilities that are either actively being exploited or were publicly disclosed.
http://update.microsoft.com/

Apple released updates for iOS, Apple TV, AirPort, OS X and printer drivers. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

Adobe Flash Player 13.0.0.214 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Adobe AIR 13.0.0.111 is a security update.
Win: https://12pd.com/click?air
Mac: https://12pd.com/click?airmac

Java 7u55 is a security update. DO NOT INSTALL Java if you do not already have it installed! Remove it if you have any doubt whatsoever that you might need it. You can always install it again if you need it. If you do have it installed, make sure you update all versions that are installed, including both the 32-bit and 64-bit versions for your operating system, if both are installed.
http://www.java.com/en/download/manual.jsp

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Catalyst x64 14.4 corrects a device compatibility bug. This is not a security update.
https://12pd.com/click?atidriver

BullZip PDF Printer 10.5.0.2262 is now FIPS compliant, improves encryption, adds share installation, and improved troubleshooting. This is not a security update.
https://12pd.com/click?bullzippdf

Browser Updates

One or more of these are likely to be of interest to everyone.

Firefox 29.0.1 is a security update. Use Help, About to install the most current version.

Google Chrome 34.0.1847.131 is a security update. Use Menu, About to install the most current version.

SeaMonkey 2.26 is a security update. Use Help, About to install the most current version.

HTTrack 3.48.6 fixes several bugs. This is not a security update.
http://www.httrack.com/page/2/en/index.html

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 24.5.0 is a security update. Use Help, About to get the most current version.

NK2Edit 2.92 corrects a cosmetic bug. This is not a security update.
http://www.nirsoft.net/utils/outlook_nk2_edit.html

Internet Updates

One or more of these are likely to be of interest to everyone.

Adobe Shockwave 12.1.1.151 is a security update.
https://12pd.com/click?shockwave

Silverlight 5.1.30214 is a security update.
http://www.microsoft.com/silverlight/

Nmap 6.46 adds Heartbleed detection and fixes several crash bugs. This is not a security udpate.
http://nmap.org/

WinSCP 5.5.3 is a security update.
http://winscp.net/eng/index.php

Dropbox 2.6.33 fixes several reliability bugs. This is not a security update.
https://12pd.com/click?dropbox

DynDNS Updater 5.0.2 improves reliability with IPv6 and a service bug. This is not a security update.
https://www.dyndns.com/

Evernote 5.3.1.3363 fixes a reliability bug. This is not a security update.
http://www.evernote.com/

Google Drive 1.11 improves setup, adds service shortcuts and improves performance. This is not a security update.
https://drive.google.com/start

BrowsingHistoryView 1.51 corrects a search bug. This is not a security update.
http://www.nirsoft.net/utils/browsing_history_view.html

Media Updates

These are unlikely to be of interest to most people.

CDBurnerXP 4.5.3.4746 updates included libraries and fixes an audio compilation bug. This is not a security update.
http://cdburnerxp.se/

MPC HC 1.7.5 updates closed captioning, fixes CC-related crash bugs. This is not a security update.
http://sourceforge.net/projects/mpc-hc/

XBMC 13.0 is a major update that adds Android hardware decoding, performance improvements to Raspberry Pi and Android, stereoscopic 3D rendering, improved touchscreen support, UPnP, subtitles, and much more.
http://xbmc.org/

Game Updates

These are unlikely to be of interest to most people.

Minecraft 1.7.9 is a security update.
http://www.minecraft.net/

EA Origin 9.4.7.2799 does not provide a detailed change log so should be treated as a security update.

PS4 1.70 adds a number of new features and fixes. This is not a security update.
http://us.playstation.com/support/systemupdates/ps4/index.htm

SteamOS 07-May-2014 is a security update.
http://store.steampowered.com/steamos/download/?ver=custom

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader 11.0.07 is a security update. Use Help, Check for Updates to install the most current version.

Adobe Acrobat 11.0.07 is a security update. Use Help, Check for Updates to install the most current version.

OpenOffice 4.1.0 corrects over 300 bugs and improves reliability and several features. This is not a security update.
http://www.openoffice.org/download/

Adobe Illustrator 16.2.2 is a security update. Use the Adobe Updater to install the most current version.

Adobe FrameMaker 12.0.2 is a security update. Use the Adobe Updater to install the most current version.

Adobe Premiere Pro CC 7.2.2 is a bug fix release. Use the Adobe Updater to install the most current version.

Notepad++ 6.6.2 improves session handling, reliability, stability, and corrects several bugs. This is not a security update.
https://12pd.com/click?npp

Artweaver 4.5.3 fixes several bugs including a crash. This is not a security update.
http://www.artweaver.de/

Security Software Updates

One or more of these is likely to be of interest to most people.

Avast! Home Edition 9.0.2018 improves stability and reliability, especially within the stream filtering capability. This should be treated as a security update.
http://www.avast.com/free-antivirus-download

AVG Anti-Virus 2014.4577 corrects a handful of bugs including several performance improvements. This should be treated as a security update.
http://free.avg.com/us-en/download-free-antivirus

OpenSSL 1.0.1g is a security update.
https://www.openssl.org/

DNSQuerySniffer 1.25 adds cosmetic improvements and can now optionally add itself to the Windows firewall allow list. This is not a security update.
http://www.nirsoft.net/utils/dns_query_sniffer.html

RouterPassView 1.53 adds support for more hardware. This is not a security update.
http://www.nirsoft.net/utils/router_password_recovery.html

SmartSniff 2.10 can now optionally add itself to the Windows firewall allow list. This is not a security update.
http://www.nirsoft.net/utils/smsniff.html

Wireshark 1.10.7 corrects several bugs, improves protocol handling. This is not a security update.
http://www.wireshark.org/

Capture Updates

These are unlikely to be of interest to most people.

Greenshot 1.1.9.13 corrects several bugs and adds string replacement for output and color scaling. This is not a security update.
https://12pd.com/click?greenshot

Open Broadcaster Software 0.622 Beta corrects a reliability bug. This is not a security update.
http://obsproject.com/

SnagIt 12.0.0 is a major update including a dozen new features, removing text capture, improved editor, and video trimming. This and newer versions no longer support Windows XP or Vista. This is not a security update.
http://download.techsmith.com/snagit/enu/snagit.exe

VideoCacheView 2.67 corrects a cosmetic bug. This is not a security update.
http://www.nirsoft.net/utils/video_cache_view.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 9.1.4.2 adds rotation, mp4 and mkv support, several crash bugs, and adds multiple source support. This is not a security update.
http://www.dvdfab.cn/download.htm

MakeMKV 1.8.10 improves reliability for discs with errors, improves performance, and several bug fixes. This is not a security update.
http://www.makemkv.com/download/

Utility Updates

These are unlikely to be of interest to most people.

CintaNotes 2.6 adds search and replace, improved export and editor, and a dozen bugfixes. This is not a security update.
http://cintanotes.com/download

Bitcoin 0.9.1 is a security update.
http://bitcoin.org/en/download

BFGMiner 3.10.0 is a security update.
https://github.com/luke-jr/bfgminer/

CGMiner 4.3.1 is a security update.
https://github.com/ckolivas/cgminer

MultiBit 0.5.18 is a security update.
https://multibit.org/

FileLocator Pro 7.2.2042 fixes a NEAR bug. This is not a security update.
http://www.mythicsoft.com/filelocatorpro/download

GoodSync 9.8.4 is a security update.
https://12pd.com/click?goodsync

GPU-Z 0.7.8 improves reliability and adds support for newer hardware. This is not a security update.
http://www.techpowerup.com/downloads/SysInfo/GPU-Z/

Intel CPU Diagnostic 2.10.0.0 adds newer hardware support. This is not a security update.
https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=19792

LogMeIn 4.1.438x is a security update.
http://help.logmein.com/SelfServiceDownloads

Hamachi 2.2.0.188 corrects a stability bug. This is not a security update.
http://help.logmein.com/SelfServiceDownloads

NetworkTrafficView 1.85 adds cosmetic improvements and can now optionally add itself to the Windows firewall allow list. This is not a security update.
http://www.nirsoft.net/utils/network_traffic_view.html

WifiInfoView 1.55 improves cosmetic layout, adds more information about security mechanisms and updates internal MAC addresses file. This is not a security update.
http://www.nirsoft.net/utils/wifi_information_view.html

FolderChangesView 1.63 adds quick access to File Properties. This is not a security update
http://www.nirsoft.net/utils/folder_changes_view.html

ProduKey 1.66 adds a command-line option to suppress error messages. This is not a security update.
http://www.nirsoft.net/utils/product_cd_key_viewer.html

Acronis True Image (WDC) 16.0.0.5962 updates improves Windows 8.1 support. This is not a security update.
http://support.wdc.com/product/downloaddetail.asp?swid=119&wdc_lang=en

CCleaner 4.13.4693 improves compatibility with Windows 8.1.1, Chrome, Opera, unmounted disks and various other fixes. This is not a security update.
https://12pd.com/click?ccleaner

Defraggler 2.18.945 adds performance reporting, Quick Optimize for SSD, improved health reporting, and other fixes. This is not a security update.
https://12pd.com/click?defraggler

Speccy 1.26.698 improves SMART support, Windows 8.1 compatibility, hardware detection and other fixes. This is not a security update.
https://12pd.com/click?speccy

Recover Keys 8.0.3.109 does not provide a changelog, so should be treated as a security update.
http://recover-keys.com/en/download.html

AccessChk 5.2 adds support for file and printer shares, adds filtering options for viewing accesses related to specified accounts and now includes the System Access Control List (SACL) when it dumps security descriptors. This is a security update.
http://sysinternals.com/

PsExec 2.11 fixes a bug in the implementation of the execute as local system option on Windows Server 2003. This is a security update.
http://sysinternals.com/

Sigcheck 2.1 now reports a file’s entropy, can dump information about catalog files, and can list the certificates installed in the per-user and machine certificate store. This is a security update.
http://sysinternals.com/

VMMap 3.12 fixes several reliability bugs. This is a security update.
http://sysinternals.com/

Developer Updates

These are unlikely to be of interest to most people.

TortoiseSVN 1.8.6 is a security update.
http://tortoisesvn.net/downloads.html

Virtual Machine Updates

These are unlikely to be of interest to most people.

VMware Player 6.0.2 is a security update.
http://www.vmware.com/products/player/

Web Package Updates

These are likely to be of interest only to web developers.

phpMyAdmin 4.2.1 corrects several bugs. This is not a security update.
http://www.phpmyadmin.net/home_page/news.php

Adminer 4.1.0 adds brute-force detection and fixes several bugs. This is not a security update.
http://www.adminer.org/en/

Drupal 7.28 is a bugfix following shortly after another security update. Treat this as a security update.
http://drupal.org/download

phpList 3.0.6 is a security update.
http://www.phplist.com/download

Dada Mail 7.0.3 fixes several bugs. This is not a security update.
http://dadamailproject.com/download/

MailEnable 8.50 adds global search and TinyMCE support to webmail, improved indexing engine, reduced bandwidth requirements, improved ActiveSync and Autodiscovery support. This is not a security update.
http://www.mailenable.com/

ScreenConnect 4.3.6563.5232 corrects a handful of bugs, including improved clickonce behavior and search/filter sorting. This is not a security update.
http://www.screenconnect.com/Download

WordPress 3.9.1 fixes 34 bugs in the recent 3.9 release. This is not a security update.
http://wordpress.org/

Activate Update Services 1.0.7 provides no changes. This is not a security update.

Anti-Splog 2.1.1 fixes a reliability update with IP blocking. This is not a security update.

Autoptimize 1.8.4 corrects a comment storage bug. This is not a security update.

bbPress 2.5.3 fixes several bugs. This is not a security update.

BuddyPress 2.0.1 fixes a couple dozen bugs with the new 2.0 release. This is not a security update.

BuddyStream 3.2.5 is a compatibility update. This is not a security update.

Conditional Widgets 1.7 is a cosmetic update. This is not a security update.

Contact Form 7 3.8.1 is a security update.

Cookies For Comments 0.5.5 is a security update.

Easy Bootstrap Shortcode 4.2.1 corrects a missing file bug. This is not a security update.

Email Log 1.7.2 fixes a bug in registration. This is not a security update.

Multisite Enhancements 1.0.4 fixes a couple bugs. This is not a security update.

Multisite Plugin Manager 3.1.4 fixes a major stability bug. This is not a security update.

Raw HTML 1.4.12 updated for WP 3.9 compatibility. This is not a security update.

Smart YouTube 4.2.3 corrects Facebook sharing. This is not a security update.

Theme Authenticity Checker 1.5.2 updated for WP 3.9 compatibility. This is not a security update.

Top Commentators Widget 1.4.2 is a compatibility update. This version WILL NOT work with WP 3.9+! This is not a security update.

Ultimate TinyMCE 5.3 is a compatibility update. This version WILL NOT work with WP 3.9+! This is not a security update.

WooCommerce 2.1.8 corrects a couple dozen bugs, improves reliability and consistency. This is not a security update.

WP Update Server 20140421 improves logging consistency. This is not a security update.

WP Edit 1.8 adds font px support, updates TinyMCE and corrects a path bug. This is not a security update.

WPtouch 3.2.4.1 corrects WPML behavior, adds Windows Phone support and updates output, languages and product links. This is not a security update.

Zemanta 1.2.4 fixes an upload filename bug. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/