Updates 2018-11-13

Hi, Folks!

It’s Patch Tuesday and it’s a big one. Every major vendor has released security updates and there’s many smaller vendor updates released today, as well.

But before we get to that I want to briefly talk about something else. You’ve surely heard the phrase “Internet of Things” or “IoT”. This describes the common and growing practice of everything touching the Internet all the time. Besides the computers you have in your office and living room, the phone in your pocket, and the tablets you have littered across random flat surfaces across your home, there are now cars, toasters, refrigerators, light bulbs, irrigation systems, air conditioners, instant pots, and a million other things that are now Internet-enabled for our convenience or simply for the novelty of it. Nearly all of these devices don’t talk to the Internet directly, but through a router or modem which connects each of the devices at a specific location to the Internet through your Internet Service Provider. While it’s possible to hijack your light bulbs, fridge, and coffee maker, the low-hanging fruit of most networks is and always will be the router. This oft-overlooked device is poorly maintained and directly accessible from the Internet making it easy prey for attackers. Currently there’s a botnet called BCMUPnP_Hunter that has hijacked over 100,000 routers and is using them (and your Internet connection) to send spam and phishing messages.

In each case it could have been avoided.

All hardware is supported and maintained by the vendor for a limited time ranging from a mere 6 months to a decade. However, having it be “supported” is one thing – actually installing the firmware and software updates that would have prevented this and similar infections or proactively replacing end-of-life (EOL) hardware is critical. This neglect is like starving to death at a buffet. The updates and EOL information is out there, but you need to know your network (or hire someone to) and maintain or replace each device that touches it.

Know your network!

Now back to our regularly scheduled program.

The typical computer should see roughly 4gb in updates today. Let’s get started.

The first major update to macOS Mojave was released this week, as well as the first major update to iOS 12. Windows 10 v1809 has been released again. This version was pulled for the last two months because of a show-stopper bug that resulted in deleting user files of people with a specific configuration. That issue is now resolved, but it highlights the importance of letting other people be the guinea pig for major updates like this. Updates are important. Don’t get me wrong. Stability is more important, though, and there’s no reason to put a stable, secure, and supported operating system at risk with what amounts to a beta release. Microsoft maintains several versions of Windows 10 and there’s no reason to rush to the latest build. Install their standard security updates, but wait on new releases.

Windows 10 v1809 is about 3gb when downloaded by the Windows Upgrader/Windows Update, so expect it to randomly install for any Windows 10 Home user over the next month, consuming 3gb of bandwidth to get it done. If you have a slow connection, it could end up trying to download 3gb per day per device, so you would be better off downloading the installer yourself and installing it to ensure that the upgrade completes. That said, you should, of course, postpone upgrading to 1809 for the next couple months and let the rest of the world be the beta testers.

In any case, sometimes we all need that reminder: run your backups *now*.

Microsoft released Windows 10 v1809 and updates to Windows, Flash, Edge, Internet Explorer, and MSRT (~3gb). This includes security updates. A reboot is required.

Apple released macOS Mojave 10.14.1, macOS Mojave 10.14.1 Supplemental for MacBook Air, Security Update 2018-002 for High Sierra, Security Update 2018-005 for Sierra, iOS 12.1, tvOS 12.1, watchOS 5.1.1, Safari 12.0.1, iCloud for Windows 7.8, and iTunes 12.9.1. This includes security update. Use Apple Software Update to install these updates. A reboot is required.

Adobe Flash Player 31.0.0.148 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 70.0.3538.76 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 29-1.2 is a new major version offering modularity, GNOME 3.30, Vagrant images, and more. This is not a security update.
https://getfedora.org/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The now-current release of the Windows 10 (1809) will cause your computer to feel unusually slow until it is installed. This is a side-effect of the Windows 10 upgrade cycle, which pushes out 3-6gb through Windows update to get you to the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, it will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.0.3 improves removal and removes paexec to minimize false positives from AV software. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 70.0.3538.102 is a security update. Use Menu, Help, About to install the most current version.

Firefox 63.0.1 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 60.3.0 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 2.1.1337.47 improves quick commands, resolves several bugs, and updates chromium source to v70. This is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.5.2 improves compatibility, stability, performance, and updates libraries. This is a security update.
https://getmailspring.com/

Thunderbird 60.3.0 is a security update. Use Menu, Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

Skype 8.33.0.50 improves group moderation and adds send with enter key. This is not a security update.
https://12pd.com/click?skype

Evernote 6.16.4.8094 resolves several bugs and improves stability. This is not a security update.
https://www.evernote.com/

FileZilla 3.38.1 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 10.6 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

MaxMind GeoIP Data 201811 is a data refresh.
https://dev.maxmind.com/geoip/geolite

Media Updates

These are unlikely to be of interest to most people.

CDBurnerXP 4.5.8.7041 adds the ability to filter drives to only those that are writeable. This is not a security update.
https://cdburnerxp.se/

FastStone Viewer 6.7 improves performance, resolves several bugs, and expands options. This is not a security update.
http://www.faststone.org/FSViewerDetail.htm

Flickr Downloadr 2.7.0.1 doesn’t provide a changelog so should be treated as a security update.
https://flickrdownloadr.com/downloads/

Game Updates

These are unlikely to be of interest to most people.

EA Origin 10.5.30.15625 resolves several bugs. This is not a security update.

Steam 2018.11.08 resolves several bugs and improves stability. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 19.008.20081 is a security update. Use Help, Check for Updates to get the most current version.

Paint.net 4.1.4 improves performance and resolves several bugs. This is not a security update.
https://www.getpaint.net/

LibreOffice Still 6.0.7 resolves dozens of bugs. This is not a security update.
https://www.libreoffice.org/

LibreOffice Fresh 6.1.3 resolves dozens of bugs. This is not a security update.
https://www.libreoffice.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

Gpg4win 3.1.5 resolves many bugs. This is not a security update.
https://www.gpg4win.org/download.html

SuperAntiSpyware 8.0.1024 is a major update adding DND mode, repair and reset modes, and startup monitoring. This is not a security update.
https://www.superantispyware.com/download.html

RogueKiller 13.0.9 updates detection engine and signatures. This is a security update.
https://www.adlice.com/softwares/roguekiller/

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2019.0.1 resolves several bugs and improves stability. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.0.3 adds support for new encodings and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

MakeMKV 1.14.1 improves stability, adds support for new encodings, and new options. This is not a security update.
https://12pd.com/click?makemkv

Utility Updates

These are unlikely to be of interest to most people.

Beyond Compare 4.2.8.23479 resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitcoin 0.17.0.1 resolves several bugs. This is not a security update.
https://bitcoin.org/en/download

Cygwin 2.11.2 is a security update.
https://cygwin.com/

DesktopOK 5.76 resolves a startup bug. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

GoodSync 10.9.16 resolves several bugs, improves user experience, and change default security options. This should be treated as a security update.
https://12pd.com/click?goodsync

ImageUSB 1.4.100 resolves several bugs, adds a new option to fill remaining space with an extended partition. This is not a security update.
https://www.osforensics.com/tools/write-usb-images.html

FileLocator Pro 8.5.2868 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

BulkFileChanger 1.52 adds an option to fill current time to file time command attributes. This is not a security update.
https://www.nirsoft.net/utils/bulk_file_changer.html

DevManView 1.55 adds delay controls. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

USBDeview 2.77 adds delay controls. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

OSForensics 6.1.1004 resolves several bugs. This is not a security update.
https://www.osforensics.com/download.html

WinScan2PDF 4.56 resolves a driver bug. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

CPU-Z 1.87 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

Developer Updates

These are unlikely to be of interest to most people.

Node.js 11.1.0 resolves dozens of bugs. This is a security update.
https://nodejs.org/en/

SQLite 3.25.3 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.7.1 doesn’t provide a detailed changelog, so should be treated as a security update.
https://ppsspp.org/downloads.html

VirtualBox 5.2.22-126460 resolves several bugs and improves compatibility. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Joomla 3.9.0 provides over 250 fixes and improves privacy controls.
https://www.joomla.org/

ModSecurity 3.0.3 resolves several bugs, adds new rules and controls. This is not a security update.
https://github.com/SpiderLabs/ModSecurity/releases

phpList 3.3.6 resolves several bugs and adds new features. This is not a security update.
https://www.phplist.com/download

TinyMCE 4.8.5 resolves several bugs. This is not a security update.
https://www.tinymce.com/download/

Drupal 8.6.2 is a security update.
https://drupal.org/download

Akismet 4.1 adds several new features. This is not a security update.

Contact Form 7 5.0.5 resolves several bugs. This is not a security update.

myStickymenu 2.0.6 resolves the 404 configuration bug. This is not a security update.

NextScripts Social Networks Auto-Poster 4.2.8 is a security update.

Redirection 3.6.2 improves compatibility. This is not a security update.

WooCommerce 3.5.1 resolves several bugs. This is not a security update.

WPtouch 4.3.33 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2018-05-08

Hi, Folks!

The next build of Windows 10 v1803 was released last week. While Microsoft has given 1803 the nod, on half the computers I’ve tested it on there are driver conflicts. Don’t be the guinea pig. For at least the next month, when you’re prompted that “the new version of Windows is ready,” just say no! I’ll report here when I believe it is safe for most users. Unfortunately, if you’re running the Home version of Windows 10, you may not be given the option to say no. Restart your computer during the 1803 download and this will buy you some time.

Note that since 1803 is now released, some older versions are EOL (end-of-life). If your version of Windows 10 is older than 1607 (build 14393), then it is no longer supported and CAN NOT be secured: Update now, or remove it from the Internet.

It’s Patch Tuesday and it’s a big one.

The typical computer should see roughly 2.6gb in updates today. Let’s get started.

Microsoft released updates to Windows, Edge, .NET, Office, Flash, Internet Explorer, and MSRT (~2gb). This includes security updates. A reboot is required.

Apple released macOS Security Update 2018-001 10.13.4, Safari 11.1 (11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4), and Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 11.3.1 is a security update. Use Settings, General, Software Update to install the most current version.

Google Chrome OS 66.0.3359.137 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Adobe Flash Player 29.0.0.171 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Fedora 28-1.1 is a major update, adding several new features including improved battery life and security. This is a security update.
https://getfedora.org/en/workstation/download/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The now-current release of the Windows 10 (1803) will cause your computer to feel unusually slow until it is installed. This is a side-effect of the Windows 10 upgrade cycle, which pushes out 6gb through Windows update to get you to the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, it will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients at The Farmory, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

UniFi Controller 5.7.23 resolves several bugs. This is not a security update.
https://www.ubnt.com/download/

BullZip PDF Printer 11.7.0.2716 resolves setup issues, 64-bit compatibility improvements, and bug fixes. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Display Driver Uninstaller 17.0.8.6 adds support for the latest release of Windows 10, and removal improvements. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Dymo Label 8.7.1 resolves performance issues. This is not a security update.
https://dls.dymo.com/en-US/Pages/DLS8Download.aspx

Intel Driver Update 3.3.1 adds support for newer hardware, improves reliability, and resolves upgrade bug. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 66.0.3359.139 is a security update. Use Menu, Help, About to install the most current version.

Firefox 59.0.3 improves stability. This is not a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 52.7.4 improves stability. This is not a security update. Use Menu, Help, About to install the most current version.

SeaMonkey 2.49.3 is a security update. Use Menu, Help, About to install the most current version.

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 52.7.0 is a security update. Use Menu, Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

FreeFileSync 10.0 removes installer ads, adds parallel sync support, GUI improvements, and more. This is not a security update.
https://www.freefilesync.org/download.php

MaxMind GeoIP Data 201805 is a data refresh.
https://dev.maxmind.com/geoip/

Npcap 0.99-r5 is a security update.
https://nmap.org/npcap/

Java 8u171 is a security update.
https://www.java.com/en/download/manual.jsp

Media Updates

These are unlikely to be of interest to most people.

FastStone Viewer 6.5 improves Import and Video Player, resolves several bugs. This is not a security update.
http://www.faststone.org/FSViewerDetail.htm

VLC Media Player 3.0.2 resolves dozens of bugs. This is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

EA Origin 10.5.18.58059 resolves several bugs. This is not a security update.
https://www.origin.com/en-us/download

PlayStation PS4 5.53-01 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/system-updates/ps4/

RetroPie 4.4 adds support for newer hardware, and updates libraries. This is a security update.
https://retropie.org.uk/

Office Updates

One or more of these are likely to be of interest to most people.

Scribus 1.4.7 improves stability. This is not a security update.
https://www.scribus.net/

Kindle for PC 1.23.1 Build 50133 does not provide a changelog, so should be treated as a security update.
https://www.amazon.com/kindleforpc

Security Software Updates

One or more of these is likely to be of interest to most people.

Wireshark 2.6.0 adds several new features, updates libraries, adds support for new protocols and capture formats. This is a security update.
https://www.wireshark.org/

Gpg4win 3.1.1 is a security update.
https://www.gpg4win.org/download.html

RogueKiller 12.12.16 adds detections. This is a security update.
https://www.adlice.com/softwares/roguekiller/

SanDisk SecureAccess 3.01 improves performance and start-up, support file streaming, adds automatic logout on time-out. This should be treated as a security update.
http://kb.sandisk.com/app/answers/detail/a_id/2399

TDSSKiller 3.1.0.17 is a security update.
https://support.kaspersky.com/viruses/utility#TDSSKiller

Fedora Security 28-1.1 is a security update.
https://labs.fedoraproject.org/security/download/index.html

Capture Updates

These are unlikely to be of interest to most people.

XSplit Broadcaster 3.3.1805.0302 resolves several bugs, including crash issues. This is not a security update.
https://www.xsplit.com/get/

XSplit Gamecaster 3.3.1805.0401 resolves several bugs. This is not a security update.
https://www.xsplit.com/get/

Converter Updates

These are unlikely to be of interest to most people.

CDex 2.02 improves reliability and resolves several bugs.
https://cdex.mu/?q=download

DVDFab 10.0.9.0 adds support for new encodings and resolves bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

MakeMKV 1.12.2 adds support for new encodings, improves reliability and stability. This is not a security update.
https://12pd.com/click?makemkv

Utility Updates

These are unlikely to be of interest to most people.

7-Zip 18.05 is a security update.
https://www.7-zip.org/

NTLite 1.6.0.6174 improves integration and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

8GadgetPack 26.0 adds support for the next release of Windows 10. This is not a security update.
https://8gadgetpack.net/

GoodSync 10.8.9 improves performance and resolves bugs. This is a security update.
https://www.goodsync.com/

RoboForm 8.4.9 resolves several bugs. This is not a security update.
https://12pd.com/click?rf

CPU-Z Installer 1.85 adds support for newer hardware, adds Spectre detection, and resolves several bugs. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 5.18 resolves a detection bug. This is not a security update.
http://www.softwareok.com/?seite=Freeware/DesktopOK

CurrPorts 2.51 adds creation timestamp column. This is not a security update.
https://www.nirsoft.net/utils/cports.html

WifiInfoView 2.32 adds option to save to JSON. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

Sysmon 7.02 resolves a memory leak. This should be treated as a security update.
https://sysinternals.com/

TaskSchedulerView 1.41 resolves command line option bugs. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

WinScan2PDF 4.22 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.21 resolves several bugs, improves performance and stability, and extends export options. This is not a security update.
http://antibody-software.com/web/software/software/wiztree-finds-the-files-and-folders-using-the-most-disk-space-on-your-hard-drive/

WSUS Offline 11.3 removes support for 1511, resolves several bugs, including the removal of UPX packing to reduce false detections.
http://download.wsusoffline.net/

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 3.1.2.0 resolves several bugs. Use Help, Check for Updates to get the most current version.
https://developer.android.com/studio/index.html

GitHub Desktop 3.3.6 updates libraries. This should be treated as a security update.
https://desktop.github.com/

MySQL 8.0.11 resolves dozens of bugs. This should be treated as a security update.
https://www.mysql.com/downloads/installer/

SQLite 3.23.1 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

StrawberryPerl 5.26.2.1 is a security update.
http://strawberryperl.com/

Web Package Updates

These are likely to be of interest only to web developers.

Joomla 3.8.7 resolves several bugs. This is not a security update.
https://www.joomla.org/

Drupal 8.5.3 is a security update.
https://drupal.org/download

phpList 3.3.2 is a security update.
https://www.phplist.com/download

TinyMCE 4.7.12 resolves several bugs. This is not a security update.
https://www.tinymce.com/download/

phpMyAdmin 4.8.0.1 is a security update.
https://www.phpmyadmin.net/home_page/news.php

ScreenConnect 6.6.18120.669 resolves several bugs. This is not a security update.
https://www.screenconnect.com/Download

myStickymenu 2.0.5 cleans up admin code. This is not a security update.

NextScripts Social Networks Auto-Poster 4.2.3 adds support for Facebook profiles and pages, improves security and resolves several bugs. This should be treated as a security update.

Postie 1.9.21 resolves compatibility with older versions of PHP.

Sucuri Security 1.8.15 adds filtering for options, improved controls. This is not a security update.

W3 Total Cache 0.9.7 resolves several bugs, improves several options, including default behavior and configuration improvements.

WooCommerce 3.3.5 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/