Updates 2022-09-13

Welcome back, Folks!

Today is Patch Tuesday for September, 2022. This month brings new major versions of iOS, tvOS, watchOS, and impending new versions of Windows 11 and Windows 10. That’s on top of the 120 major hacks, and over 150 application updates this month. Even with all that, it’s actually a pretty light month, with only about 3 GB of updates for most users.

This Month in Technology

Advanced (NHS MSP), Akamai, Akasa Air, Albanian government, Ally Bank, Amazon, Argentina’s Judiciary of Córdoba, Armed Forces General Staff agency of Portugal (EMGFA), Atlantic Dialysis Management Services, Atlassian Bitbucket Server, an “automotive supplier“, Avamere Health Services LLC, Baker & Taylor, Banorte, Block, BOGA Group, Bombardier Recreational Products (BRP), BrandNewTube, BSA Hospice of the Southwest, California Department of Corrections and Rehabilitation (CDCR), Celanese Medical Plan, Center Hospitalier Sud Francilien (CHSF), Cerebral Medical Group, P.A., Chester Upland School District, Chile Consumer Protection Agency, Chile’s government, Cisco (more), Common Ground Healthcare Cooperative, Conifer Revenue Cycle Solutions, CorrectHealth, CS.MONEY, Damart, DaVita Inc., DESFA, DigitalOcean, Dominican Republic’s Instituto Agrario Dominicano, DoorDash, EmergeOrtho, energy providers worldwide, Entrust, Eurocell, Family Medicine Centers, Farmville Internal Medicine, First Street Family Health, Forsyth County medical office, Franklin College, General Bytes, General Health System, Gestore dei Servizi Energetici SpA (GSE), Go-Ahead, Health Advantage, Henderson & Walton Women’s Center, P.C., Holdcroft Motor Group, HP Support Assistant, Hyundai, InterContinental Hotels Group PLC (IHG), IRS, Japan government, KeyBank, Kickstarter (?), LA USD (more), Lamoille Health Partners, LastPass, Lee County Emergency Medical Services, Liberty Counsel, MailChimp, Major Cineplex, Major Development PCL, Medical Mutual of Ohio, Methodist Craig Ranch Surgical Center, Methodist McKinney Hospital, Microsoft Teams, Montenegro government (and lied about it), Mossad, Nelnet Serving, Neopets, Nereus Finance, New Free DAO, NorthStar HealthCare Consulting LLC, Northwestern Medical Center, Novant Health, over 130 organizations via Okta, OMNI Healthcare, INC, OneTouchPoint, Onyx Technology LLC, Orange Cyberdefense, Overlake Medical Center & Clinics, Plex, Practice Resources LLC, Priti Patel Physician PC, Prowers  County Hospital District, PT Jasamarga Tollroad Operator, QNAP Photo Station, QuestionPro, Rug Pull Finder, Samsung, San Diego American Indian Health Center, San Francisco 49ers, Sando, Savannah College of Art and Design, Sephora, SFERRA, Sheppard Robson, Shipyaari, ShitExpress, Signal, SitePoint, South Staffordshire Water, Specialized Treatment Facility, Sri Lanka Department of Examinations, Starlink’s Dishy McFlatface, START.ru, Stratford University, TAP Air Portugal, Tesla cars, The North Face, TikTok, Trinity Health, Tulsa Tech, Twilio, Twitter, U-Haul, UK’s National Health Service, USAble Mutual Insurance Company, Valley Baptist Medical Center – Brownsville, Valley Baptist Medical Center – Harlingen, Warner Norcross & Judd, Xinai Electronics, and Zimbra Collaboration Suite have reportedly been hacked or compromised this month.

75% of retailers and 52% of supply chains report being hacked in 2021. Those numbers don’t reflect well on the security state of the nation. 🙁

Patreon fired their entire security department. What this means for you: if you’re still using Patreon, now is the best time to stop.  The Zoom installer can get you hacked. Facebook and Twitter will soon be shunning the CIA. (/sarc)

After updates last month, MS Office would crash if you floated your mouse over Outlook contacts. The version was pulled, but a new version wasn’t released until today. Microsoft released a virus definitions update that falsely identified every Electron app as malware on September 4th (the Labor Day holiday weekend). While it took only 13 hours before they released a fix, it was 13 hours too long for many who thought their browsers had been compromised. Edge 105 wouldn’t start if you had policies enabled relating to data reporting. Completely removing the policies was the only workaround. Tabs are coming to Windows Explorer in a “Moment.” I think they should probably call them Hot Flashes. Or Whims.

The only significant outages this month were Microsoft Azure and Microsoft 365.

End-of-life (EOL) means end-of-life. Don’t expect vendors to fix critical vulnerabilities in EOL hardware or software. Usually. This is a win for Apple. This isn’t. And this is just sad.

Google finished their purchase of Mandiant. Even Lloyd’s of London is taking a page out of the terrorism handbook. The IoT (Internet of Things) is far less secure than they claim. In an approach that could only be described as inevitable, the anti-cheat software used to prevent cheating in a video game is being abused to hack computers with it installed.

The concept of software “permissions” is fatally flawed. While this article only demonstrates how it effected the clipboard, it’s a timely reminder to keep your camera and mic physically disabled whenever possible.

When the Federal government has no respect for the law, is it any surprise that law enforcement are tracking you without warrants. Duh.

Now for the good news:

While there’s not a lot of good news in tech, we can at least have some fun with it. Check out these barcode ponies.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is about average this month. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates to address 64 vulnerabilities in .NET and Visual Studio, .NET Framework, Azure Arc, Cache Speculation, HTTP.sys, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft Windows ALPC, Microsoft Windows Codecs Library, Network Device Enrollment Service (NDES), SPNEGO Extended Negotiation, Visual Studio Code, Windows Common Log File System Driver, Windows Credential Roaming Service, Windows Defender, Windows Distributed File System (DFS), Windows DPAPI (Data Protection Application Programming Interface), Windows Enterprise App Management, Windows Event Tracing, Windows Group Policy, Windows IKE Extension, Windows Kerberos, Windows Kernel, Windows LDAP – Lightweight Directory Access Protocol, Windows ODBC Driver, Windows OLE, Windows Photo Import API, Windows Print Spooler Components, Windows Remote Access Connection Manager, Windows Remote Procedure Call, Windows TCP/IP, Windows Transport Security Layer (TLS), and MSRT (~3 GB). This includes security updates. A reboot is required.

Apple released updates for iOS 12.5.6 and 16.0, iPadOS 15.6.1, macOS Big Sur 11.7, macOS Monterey 12.5.1 and 12.6, Safari 15.6.1 and 16.0. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 12.5.6 and 16.0 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 15.6.1 is a security update. Use Settings, General, Software Update to install the most current update.

tvOS 16.0 is a security update. Use System, Software Update to install the most current version.

watchOS 9.0 is a security update. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 105.0.5195.112 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The new versions of Windows 10 and Windows 11 are expected within the next month. This release is the first in Microsoft’s new “Moments” behavior. We knew this would eventually happen last year when they threw in the towel on their 6-month OS release cadence and switch to a 1-year cadence, then last month announced that they would instead release a new major build every 3 years but release smaller feature updates (called “Moments”) whenever they wanted to. I think they missed their chance to call them “Whims”. If their recent cadence changes demonstrate anything, it’s that it’s all on a Windows Whim anyway. 🙂

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 22.8.2 resolves several bugs and improves compatibility. This is not a security update.
https://www.amd.com/en/support

BullZip PDF Printer 14.0.0.2944 removes features. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Dymo Connect for Desktop 1.3.2.18 improves compatibility, but still not supported on Windows 11. This is not a security update.
https://www.dymo.com/label-makers-printers/labelwriter-label-printers/dymo-labelwriter-450-duo-thermal-label-printer/SAP_1752267.html

Intel Driver and Support Assistant 22.5.34 improves stability and resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.43.89 is a security update.
https://brave.com/

Google Chrome 105.0.5195.102 is a security update.
https://www.google.com/chrome/

Microsoft Edge 105.0.1343.33 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 104.0.2 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 102.2.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 5.4.2753.47 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.10.5 is a security update.
https://getmailspring.com/

Thunderbird 102.2.2 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.0.14 is a security update.
https://anydesk.com/en/downloads

curl 7.85.0 resolves over a hundred bugs. This is a security update.
https://curl.haxx.se/windows/

Dropbox 156.4.4908 improves context menu behavior. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 159.0.0.23.221 is a security update.
https://www.messenger.com/download

FreeFileSync 11.25 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 63.0 is a security update.
https://drive.google.com/start

Mumble 1.4.274 resolves over a dozen bugs. This is not a security update.
https://www.mumble.info/

Nextcloud Server 24.0.5 updates libraries and resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Nmap 7.93 is a security update.
https://nmap.org/

Npcap 1.71 is a security update.
https://nmap.org/npcap/

Omada Software Controller 5.5.6 improves reliability, compatibility, and resolves an access bug. This is not a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Pocketnet-GUI 0.8.11 resolves several bugs. This is not a security update.
https://pocketnet.app/

Signal 5.58.0 doesn’t provide a detailed changelog so should be treated as a security update.
https://signal.org/download/windows/

Skype 8.87.0.406 resolves several bugs and adds quoting for all content types. This is not a security update.
https://www.skype.com/

Syncthing 1.21.0 resolves two bugs and adds several new features. This is not a security update.
https://syncthing.net/

Telegram 4.1.1 resolves several bugs. This is not a security update.
https://telegram.org/

Trillian 6.5.0.24 improves reliability, media and diagnostics. This is not a security update.
https://www.trillian.im/

WinSCP 5.21.3 resolves a couple bugs. This is not a security update.
https://winscp.net/eng/index.php

Zoom 5.11.11.8425 resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 3.0.4 resolves several bugs. This is not a security update.
https://en.3tene.com/

iTunes 12.12.5.1 is a security update.
https://www.apple.com/itunes/download/

Picard 2.8.3 resolves a crash bug. This is not a security update.
https://picard.musicbrainz.org/

Plex Desktop 1.53.1.3225 improves watchlist, resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.25.1.3248 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.28.2.6151 resolves a stability bug. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

Epic Games 14.2.1 resolves several bugs. This is not a security update.
https://www.epicgames.com/

GameMaker Studio 2022.8.1.37 adds several new features, removes redundant and unused features, and resolves over 150 bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker

Lego Studio 2.22.8.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

PS4 10.0 adds zoom and magnify options in the browser, and improves Remote Play. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps4/system-software/

PS5 22.02-06.00.00 adds dozens of new features and bug fixes. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2022.08.18 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Animate 21.0.12 and 22.0.8 are security updates.
https://helpx.adobe.com/security/products/animate/apsb22-54.html

Adobe Bridge 12.0.3 and 11.1.4 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb22-49.html

Adobe Experience Manager 6.5.14.0 is a security update.
https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html

Adobe Illustrator 23.5 and 25.4.8 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb22-55.html

Adobe InCopy 17.4 and 16.4.3 are security updates.
https://helpx.adobe.com/security/products/incopy/apsb22-53.html

Adobe InDesign 17.4 and 16.4.3 are security updates.
https://helpx.adobe.com/security/products/indesign/apsb22-50.html

Adobe Photoshop 22.5.9 and 23.5 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb22-52.html

Adobe Reader DC 22.002.20212 is a security update.
https://get.adobe.com/reader

Calibre 6.4.0 adds several new management and organizational features, and resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Krita 5.1.0 resolves dozens of bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.4.1 adds over 500 bug fixes and features changes. This is a security update. Please remember that LibreOffice Fresh is beta software. Most users should use LibreOffice Still.
https://www.libreoffice.org/

LibreOffice 7.3.6 resolves over 50 bugs. This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.6.0 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.4.5 updates libraries and resolves a dozen bugs. This should be treated as a security update.
https://notepad-plus-plus.org/

Paint.net 4.3.12 resolves several bugs. This is not a security update.
https://www.getpaint.net/

PDF-XChange Editor 9.4.363.0 resolves several stability and reliability bugs. This is not a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

Security Software Updates

One or more of these is likely to be of interest to most people.

.NET Framework 4.8.1 adds native support for Arm64, forms, and tooltips improvements. This is not a security update.
https://dotnet.microsoft.com/en-us/download/dotnet-framework/net481

Hashcat 6.2.6 adds a return code for self-test failure. This is not a security update.
http://hashcat.net/hashcat/#downloadlatest

Johnny 2.2 adds several new modes, file formats, export options and resolves several bugs. This is not a security update.
https://openwall.info/wiki/john/johnny

KeePass 2.52 adds several new features, improves GUI and automation, and resolves a couple bugs. This is not a security update.
https://keepass.info/

ProtonVPN 2.0.6 improves DNS resolution. This is not a security update.
https://protonvpn.com/download

ProtonVPN (macOS) 3.0.2 now automatically logs you in when visiting the ProtonVPN website. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.6.1 updates core, adds clipboard protection, and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

SanDisk PrivateAccess 6.3.10 doesn’t provide a changelog so should be treated as a security update.
https://kb.sandisk.com/app/answersweb/detailweb/a_id/21996

Tails 5.4 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.44.2 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Velociraptor 0.6.6 resolves several bugs. This is not a security update.
https://github.com/Velocidex/velociraptor/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

Open Broadcaster Software 28.0.1 adds dozens of new features, bug fixes, and performance improvements. This is not a security update.
https://obsproject.com/

ScreenToGif 2.37.1 resolves a couple bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.8.6 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

StreamFab 5.0.5.2 improves reliability and performance with some websites. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.13 resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.9.4 resolves dozens of bugs. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.9.5 resolves dozens of bugs. This is not a security update.
https://1password.com/downloads/windows/

AOMEI Partition Assistant 9.10.0 resolves several bugs and adds ability to delete large files. This is not a security update.
https://www.diskpart.com/

Agent Ransack 2022.3341 updates libraries and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

CCleaner 6.03.10002 increases the nag factor and resolves several crash bugs. This is not a security update.
https://www.ccleaner.com/

ControlMyMonitor 1.36 adds option to start as hidden. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

Coreinfo 3.53 now handles NUMA nodes with more than 64 processors. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/coreinfo

CPU-Z Installer 2.02 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

Cygwin 3.3.6 resolves a dozen bugs. This is not a security update.
https://cygwin.com/

DesktopOK 10.16 resolves a couple bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 3.0.154.0 resolves several bugs. This is not a security update.
https://dngrep.github.io/

Drive Snapshot 1.50 adds SFTP support and support for newer operating systems. This is not a security update.
http://www.drivesnapshot.de/en/

Everything 1.4.1.1020 is a security update.
https://www.voidtools.com/

Fido 1.31 improves compatibility. This is not a security update.
https://github.com/pbatard/Fido/releases

FileLocator Pro 2022.3341 updates libraries and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Git SCM 2.37.3 resolves several bugs. This is not a security update.
https://git-scm.com/

GoodSync 12.0.2 resolves dozens of bugs and improves compatibility. This is a security update.
https://www.goodsync.com/

NTLite 2.3.8.8890 improves compatibility. This is not a security update.
https://www.ntlite.com/download/

osquery 5.5.1 adds and updates several new tables, and resolves several bugs. This is not a security update.
https://osquery.io/downloads

PointerStick 5.95 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.62.0 adds Screen Ruler, Quick Accent, Text Extractor (OCR), and resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

ScreenConnect 22.7.8783.8255 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SearchMyFiles 3.22 resolves a couple bugs. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

SimpleWMIView 1.52 adds option to show milliseconds. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

Ookla Speedtest CLI 1.2.0
https://www.speedtest.net/apps/cli

Sysmon 14.0 adds a new event type, FileBlockExecutable, that prevents processes from creating executable files in specified locations, and includes several performance improvements and bug fixes. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TcpLogView 1.36 is a security update.
https://www.nirsoft.net/utils/tcp_log_view.html

TeamViewer 15.33.7 resolves several bugs. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

TraceRouteOK 3.13 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

Unity 2022.1.16 updates libraries and resolves dozens of bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

USBDeview 3.06 resolves several bugs. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

WhyNotWin11 2.5.0.3 resolves several bugs. This is not a security update.
https://github.com/rcmaehl/WhyNotWin11

WinScan2PDF 8.22 adds reverse scan order. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 4.10 resolves several bugs. This is not a security update.
https://www.diskanalyzer.com/

Developer Updates

These are unlikely to be of interest to most people.

ADB 33.0.3 resolves several bugs. This is a security update.
https://developer.android.com/studio/releases/platform-tools

AutoHotkey 1.1.34.04 resolves several bugs. This is a security update.
https://www.autohotkey.com/download/

Docker Desktop 4.12.0 upgrades libraries and fixes dozens of bugs. This is a security update.
https://www.docker.com/products/docker-desktop

Get-IMAPAccessToken 2022.9.1 improves consistency and updates documentation. This is not a security update.
https://github.com/DanijelkMSFT/ThisandThat/blob/main/Get-IMAPAccessToken.ps1

Go 1.19.1 is a security update.
https://go.dev/

GitHub Desktop 3.0.8 resolves several bugs. This is not a security update.
https://desktop.github.com/

Node.js 18.9.0 updates libraries and resolves several bugs. This should be treated as a security update.
https://nodejs.org/en/

Node.js 16.17.0 updates libraries and resolves several bugs. This should be treated as a security update.
https://nodejs.org/en/

SQLite 3.39.3 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.71.1 is a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.13.2 resolves several bugs. This is not a security update.
https://ppsspp.org/downloads.html

VirtualBox 6.1.38 resolves several bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Dada Mail 11.19.0 resolves several bugs, adds new features, and updates libraries. This is a security update.
https://dadamailproject.com/

HumHub 1.12.1 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 4.2.2 is a security update.
https://www.joomla.org/

jQuery 3.6.1 resolves several bugs. This is not a security update.
https://code.jquery.com/

MailEnable 10.41 updates utilities, and resolves over a dozen bugs. This is not a security update.
https://www.mailenable.com/

OpenCart 4.0.1.1 resolves several bugs. This should be treated as a security update.
https://www.opencart.com/

ownCloud Client 2.11.1.8438 resolves several bugs. This is not a security update.
https://owncloud.com/desktop-app/

WordPress 6.0.2 is a security update.
https://wordpress.org/

Autoptimize 3.1.1.1 resolves a stability bug. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

BuddyPress 10.4.0 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/buddypress/

Contact Form 7 5.6.3 adds new validation features. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.0 resolves several bugs and adds new options within the installer. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

myStickymenu 2.6 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/

Redirection 5.3.3 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/redirection/

Simple Lightbox 2.9.1 adds support for new media formats, improves compatibility, and resolves a validation bug. This is not a security update.
https://wordpress.org/extend/plugins/simple-lightbox/

Slider Revolution 6.5.31 resolves a minor bug. This is not a security update.
https://revolution.themepunch.com/

Sucuri Security 1.8.35 resolves a referer bug. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

WooCommerce 6.8.2 resolves dozens of bugs, improves reliability, compatibility and adds several new tests and flows. This is a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Mail SMTP 3.5.2 resolves a self-diagnostic bug. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/

WPtouch 4.3.44 is a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

 

 

Updates 2020-03-10

Welcome back, Folks!

Today is Patch Tuesday for March 2020.

The next build of Windows 10 is just around the corner. If you don’t want to be the guinea pig I strongly suggest you update to v1909 within the next month. This will grant you a reprieve from the new version for a couple months. Let everyone else beta test and you can upgrade when they’ve worked out the bugs.

Windows 7 is still end-of-life (EOL). If you’re still running it, shame on you, and if you are running a licensed version of Windows 7 or 8 you can still upgrade to Windows 10 and have a supported version of Windows for the foreseeable future. Don’t want to do it yourself? Call me!
https://saferpc.info/contact/

This Month Week in Technology

In 2019, Android reportedly had the most vulnerabilities of any OS, but in its defense, there are literally dozens of manufacturers that build on Android and many of the issues stem from these third-parties. Also, if you’re running Android, you really should also be using SnoopSnitch which can identify whether security updates have been applied to your device or if it’s been abandoned by the vendor.

Movies like Eagle Eye demonstrated how easy it was for a malicious actor to observe your mobile remotely, but if you have a smart assistant enabled (such as Alexa, Siri, Google Assistant, Cortana) then it is possible to remotely control it using audio signals that are beyond the range of human hearing.

There’s more evidence than ever that selling your Intellectual Property to a third party puts your users at risk. It’s very common in browser extensions and website plugins. It doesn’t matter how secure the core engine is if the user installs a malicious or defective extension/plugin. There’s always a line, though, right? Facebook is actually suing an SDK maker for harvesting the data that…Facebook collected.

Netgear has issued security patches for almost 50 router models. If you use Wi-Fi then, by it’s very nature, you’re susceptible to being tracked. The protocol itself is your enemy since it requires that it transmit all your “known” networks on a regular basis during a heartbeat connection status report. Even if you disable Wi-Fi everywhere except trusted locations, those trusted locations can be still be compromised due to weak security in the on-device encryption key. Intel and AMD CPUs for nearly a decade have had significant flaws that allow data exfiltration by unprivileged users.

More than a million enterprise Microsoft accounts have been compromised, primarily through password reuse. Guys, NEVER reuse passwords! Defense contractors getting hacked isn’t really anything new, but you’d think they had better backups so they wouldn’t have to pay half-million dollar ransoms.

Malware authors evade detection in many ways. One of the most common diagnostic tests for malicious software is to run it within a virtual machine. As expected, developers can detect and disable their malware within these environments. The Malware Evasion Encyclopedia provides advice to educate researchers to keep one step ahead of the malware.

.NET Core 3.0 is dead. Long live .NET Core! Oh, and switching to 3.1 is easy.

I’ll end my soapbox on a happy note:

A new Wi-Fi chip design for IoT devices consumes only 1/5000th of the energy of current models. Wow!

Let’s Get Busy

Now back to our regularly scheduled program. Thanks to the monster of updates pushed during “weekly update February”, Patch Tuesday this month is pretty light. The typical computer should see roughly 1.1 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Internet Explorer, Servicing Stack, and MSRT (~600 MB). This includes security updates. A reboot is required.

Google Chrome OS 80.0.3987.137 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (1909) is a pretty small update so will install quickly. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

BullZip PDF Printer 11.13.0.2823 resolves an SFTP bug. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Intel Driver and Support Assistant 20.2.9 resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect

nVidia 442.59 adds support for new hardware and resolves several bugs. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Logitech Options 8.10.154 adds support for newer hardware and resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 80.0.3987.132 is a security update. Use Menu, Help, About to install the most current version.

Firefox 74.0 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 68.6.0 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 2.11.1811.47 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Internet Updates

One or more of these are likely to be of interest to everyone.

WinSCP 5.17.2 resolves several bugs and disables TLS 1.3 by default. This is not a security update.
https://winscp.net/eng/index.php

Npcap 0.9988 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Office Updates

One or more of these are likely to be of interest to most people.

Notepad++ 7.8.5 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Nextcloud Desktop 2.6.4 resolves several bugs. This is not a security update.
https://nextcloud.com/

Security Software Updates

One or more of these is likely to be of interest to most people.

NSudo 8.0 resolves several bugs, improves reliability, and reduces file size. This is not a security update.
https://github.com/M2Team/NSudo/releases/latest

TinyWall 2.1.15 now offers the upgrade to 3.0.0 on 64-bit systems. 3.0.0 is in beta and provides user interface, performance, stability and reliability improvements. It is, however, beta software, so should be avoided until it is stable.
https://tinywall.pados.hu/

uBlock Origin 1.25.2 resolves several bugs and improves GUI. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.22 resolves several bugs and improves automatic update. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 2020.1.1 adds SharePoint sharing, and resolves several bugs. This is a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.15.0 updates the user interface, adds new preferences for LibMMBD integration, and improves reliability. This is not a security update.
https://www.makemkv.com/download/

MKVToolnix 44.0.0 adds attachment drag and drop, improves reliability, and resolves several bugs. This is not a security update.
https://www.fosshub.com/MKVToolNix.html

DVDFab 11.0.7.7 adds support for new encodings, new profiles, and adds BluPath feature. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.4.750 adds several new features, including Windows Hello support, rewritten interface engine, improved display support, and over 80 fixes and improvements. This is not a security update.
https://1password.com/downloads/windows/

Beyond Compare 4.3.4.24657 updates libraries, resolves several bugs, and improves compatibility. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitcoin 0.19.1 resolves several bugs. This is not a security update.
https://bitcoin.org/en/download

DesktopOK 6.88 updates the language file. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DMDE 3.6.1.773 adds support for 64-bit macOS. This is not a security update.
https://dmde.com/

Everything 1.4.1.965 resolves several bugs. This is not a security update.
https://www.voidtools.com/

Fing 8.9.0 resolves several bugs and integrates a database of supported devices (Fingpedia), this is not a security update.
https://community.fing.com/

GoodSync 10.10.26 improves compatibility and status reporting. This is not a security update.
https://12pd.com/click?goodsync

Rufus 3.9 resolves several bugs and improves compatibility. This is not a security update.
https://rufus.ie/en_IE.html

TeamViewer 15.3.8497 resolves compatibility bug with hash authentication, but disables hash auth for settings. This is not a security update.
https://www.teamviewer.com/en/download/windows/

WSUS Offline 11.9 is the last version to support Windows 7, updates supersedence URLs, and resolves several bugs. This is not a security update.
https://download.wsusoffline.net/

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 3.6.1.0 resolves several bugs. This is not a security update.
https://developer.android.com/studio/index.html

Godot 3.2.1 resolves several bugs. This is not a security update.
https://godotengine.org/

Node.js 13.10.1 resolves several bugs. This is not a security update.
https://nodejs.org/en/

TortoiseGit 2.10.0 updates libraries and resolves several bugs. This is not a security update.
https://tortoisegit.org/

Visual Studio Code 1.43 adds a search editor, shangle controls, minimap improvements, column selection, and more. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Joomla 3.9.16 is a security update.
https://www.joomla.org/

Drupal 8.8.3 resolves over 50 bugs and updates libraries. This is not a security update.
https://drupal.org/download

HumHub 1.4.3 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

ScreenConnect 20.1.27036.7360 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Contact Form 7 5.1.7 adds LTR support and adds a cosmetic change to warning. This is not a security update.

Email Log 2.3.2 improves compatibility, user interface, and resolves a couple bugs. This is not a security update.

Simple Lightbox 2.8.1 improves compatibility. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.13 resolves several bugs and improves compatibility. This is not a security update.

WooCommerce 4.0.0 is a major update adding over 70 changes and fixes, updated libraries, and feature improvements. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2010-02-24

Hey folks!

Microsoft has released out-of-cycle updates: between four and six of them depending on your version of Windows: one for native scripting for a newly released standard, one for time-zone compatability, service packs for .NET Frameworks 2 and 3, and reliability changes to Windows Activation core files. On Windows 7 platforms, the last of these is UNCHECKED by default, but very necessary: the current spate of rogueware does corrupt the Windows and Office licensing files, which is directly responsible for some machines not booting correctly after this months’ Patch Tuesday series. A reboot is required. You should visit Microsoft Update immediately to install them.
  http://update.microsoft.com/


Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.


Internet Updates
One or more of these are likely to be of interest to everyone.

Firefox 3.5.8 was released this week to address several security and stability issues. If you haven’t yet upgraded to 3.6, you need to either install this update, or go all the way to 3.6 ASAP. This is a security update.
  http://mozilla.com/firefox/

FileZilla 3.3.2 adds speed limits, performance improvements, and better mouse controls, as well as fixing a number of other bugs. This is not a security update.
  http://filezilla-project.org/

SeaMonkey 2.0.3 uses the Firefox codebase, so includes the same security and stability fixes you see in this week’s Firefox release, as well as a large number of additional fixes for crash bugs and other issues. This is a security update. ONLY if you have SeaMonkey installed, get the update with “Help, Check for Updates” or here:
  http://www.seamonkey-project.org/

Pidgin 2.6.6 corrects a wide array of bugs across multiple services, including some remotely exploitable vulnerabilities. If you use Pidgen, you should upgrade immediately. This is a security update.
  http://www.pidgin.im/

ICQ 7.0.1211 integrates into Facebook and Twitter, as well as a number of bug fixes. Since this is closed source and no incremental changelog is available, this should be treated as a security update. IF YOU ALREADY have ICQ installed, update it now.
  http://www.icq.com/download/


Office Updates
One or more of these are likely to be of interest to most people.

Notepad++ 5.6.7 fixes a crash bug, and a couple cosmetic issues. This is not a security update.
  http://sourceforge.net/projects/notepad-plus/files/


Security Software Updates
One or more of these is likely to be of interest to most people.

SuperAntiSpyware 4.34.1000 includes performance and user rights changes, and adds native 64bit support (though this functionality is still beta). This is a security update.
  http://www.superantispyware.com/

Ad-Aware 8.2.0.0 adds email scanning, network monitoring, and rootkit removal to it’s list of features provided in all versions, including Ad-Aware Free. This should be considered a security update.
  http://www.lavasoft.com/products/ad_aware_free.php


Media Updates
These are unlikely to be of interest to most people.

ATI Catalyst Drivers 10.2 fixes dozens of non-security bugs, and adds various additional features and new hardware support. This is not a security update. If you use an ATI video card, check for updates here:
  http://support.amd.com/us/gpudownload/Pages/index.aspx

Vista Codec Package 5.5.9 corrects an interface bug and updates to several codecs. This is not a security update.
  http://shark007.net/vistacodecpackage.html

GPU-Z 0.3.9 adds various additional hardware. This is not a security update.
  http://www.techpowerup.com/downloads/SysInfo/GPU-Z/


Utility Updates
These are unlikely to be of interest to most people.

VMware Player 3.0.1 corrects a multi-core bug that would seriously limit performance on newer hardware, as well as several other bugs. This is not a security update.
  http://www.vmware.com/products/player/

WinSCP 4.2.6 corrects several bugs, including a memory leak and multiple reliability issues. This is not a security update.
  http://winscp.net/eng/index.php


Developer updates:
These are unlikely to be of interest to most people.

Inno Setup 5.3.8 adds various updates and settings changes, including new default settings that will aid in Windows Logo certification for your application releases. This is not a security update.
  http://www.jrsoftware.org/isdl.php

MySQL 5.1.44 is a reliability and bug fix release, correcting a number of minor bugs, and a couple bugs that could cause data loss during certain commands. This is not a security update.
  http://www.mysql.com/downloads/mysql/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2009-07-07

Hey folks!

Microsoft has released an out of cycle security patch for the .NET Framework. This is a critical update, and corrects a remotely exploitable vulnerability that can be exploited through webpages visited in Internet Explorer **or** Firefox. It is very important that you install this update if you use Windows, even if Internet Explorer is not your default browser.
  http://update.microsoft.com/
While you’re there, make sure you’re getting the other important “optional” updates and drivers, which will only be listed if you select “custom” or select the option to “view all available updates” within the Vista update dialog.

Speaking of Vista…every single computer running Vista that I’ve seen in the last month had yet to install the Vista SP2 package! Folks, this is a big deal, and should not be avoided or dismissed lightly. It’s been out just shy of two months now, and is the only method for obtaining some of the security fixes within the (300mb+ for 32bit or 550mb+ for 64bit) package. Either use the Windows Update tool or download the package for your processor type from here:
  http://technet.microsoft.com/en-us/windows/dd262148.aspx

These last couple weeks Apple has released several security, stability and performance updates for Mac OSX, including firmware updates for a number of devices, Time Capsule, iPhoto, MacBook, Final Cut Pro, and other updates. Most importantly, Apple has finally taken it upon themselves to update the Mac Java environment to resolve a number of security issues that have been used for *over a year* to exploit OSX in the wild. Use the system updater, or visit:
  http://support.apple.com/downloads/

Mozilla has released an update to Firefox, to version 3.5. This update includes security and stability fixes, including remote exploits. It is now also the first browser to include certain advanced new aspects of the HTML5 spec that, unfortunately, are almost non-existent in the real-world Internet. If you have Firefox installed, you are advised to update ASAP.
  Mozilla Firefox: Help > Check for Updates
  http://www.mozilla.com/en-US/firefox/

Nullsoft has released another security patch for Winamp Media Player, to version 5.56. Notable among the fixes is better support for external devices including the iPod, and better support for accessing your iTunes library. If you use WinAMP, get the update here:
  http://www.winamp.com/player

This last week must have been a full moon or something, because *three* very popular freeware applications released updates that *all* had serious flaws. Two of those have since been patched and re-released, and we’re in a holding pattern for the third.

FileZilla Client 3.2.6.1 quickly followed the release of 3.2.6 a few days ago. This is a reliability
update, but adds a couple nifty security features as well. If you don’t know what FTP is, you don’t need it.
  http://filezilla-project.org/download.php?type=client

CD Burner XP 4.2.4.1420 was released and re-released this week, first breaking pretty much any ISO features, then correcting the issues with a timely patch. This version also includes several user interface enhancements, safer command parsing and a couple edge bugs that most people would probably not have noticed. While not a security update, the new ability to set a user-defined temp folder for caching can increase stability quite a bit, especially for older or slower computers.
  http://cdburnerxp.se/en/download

Notepad++ 5.4.4 was released a few days ago, correcting a dozen outstanding issues, butt adding a couple significant bugs. Most importantly, keyboard shortcuts are broken, so I suspect a number of the core users have reverted back to the “safe” 5.4.3 version. While you could update to the 5.4.4 release, it’s probably safer to wait another week or so to resolve the new bugs.
  http://sourceforge.net/projects/notepad-plus/files/

Security- and maintenance-conscious individuals will find that Syncaid is written “just for them.” I released version 1.0.40 last week, which adds several features to the engine, including the ability (as options) to queue decompression or execute downloaded files automatically. I wrote this engine specifically to aid in troubleshooting and repair of systems that are either infected or woefully neglected in maintenance. Having used it privately to synchronize updates for things like AVG and Stinger for over a year, I finally decided to publish it online several months ago, and have posted a number of “Sync” files for use with it as well. Learn more, and get it here:
  https://saferpc.info/syncaid/

For servers & websites:

phpMyAdmin 3.2.0.1 came out last week, fixing a bug that could be used to inject code from one user into anothers session. It requires MySQL 5+ and PHP 5.2+. Get it here:
  http://www.phpmyadmin.net/home_page/downloads.php

One other note about scripts like this…you should read the README files. Quite often people hosting with us simply upload the entire package without checking to see what is actually required, and what is not. In the case of phpMyAdmin, several of the folders (“scripts”, “setup” and “contrib”) have no use for most users, or any user after the package is successfully configured. The same is true for services like LimeSurvey, phpBB and others, including anything that has a “samples” directory. This is especially significant this week, following the recent automated defacements targeting vulnerable “sample” scripts released with FCKeditor – one of the most popular WYSIWYG editors used on the web. Dump the samples, folks!

MySQL Server 5.1.36 was released late last month, correcting a large number of bugs, including some crash, corruption and security issues. Get it here:
  http://dev.mysql.com/downloads/mysql/5.1.html

In new web packages, bbPress has *finally* been officially released in a 1.0 series! Most significantly, this forum package integrates directly into the WordPress/WPMU authentication system, so it can easily be used in conjunction with WPMU to immediately extend the capabilities of your online community site.
  http://bbpress.org/download/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/