Updates 2020-06-03

Welcome back, Folks!

It’s not Patch Tuesday, but updates from Microsoft, Apple, Google, Mozilla, and many others have triggered an out-of-cycle update.

This Month in Technology

It took Apple over a month to resolve a security issue in their custom OAuth implementation, which would provide app-level access to any site that used Sign in with Apple given only an email address. Facebook and Google both suffered similar XSS issues recently, as did a very popular WordPress plugin.

Not accepting vulnerability reports doesn’t mean the vulnerabilities don’t exist, Apple. Even after vowing now to, Apple is still recording everything you say and do as long as you have Siri enabled.

It still surprises me that people that don’t read the documentation and license agreements still feel the need to sue over their failure to understand how software works. For anyone reading this years from now, browsers load web pages. “Incognito” mode (or any other privacy mode) simply prevents your data from being shared IN THE BROWSER between different sessions. It otherwise does not prevent any websites from operating exactly as they would if you were loading the web page in any other browser. As always, don’t do anything online that you don’t want to be tracked to you. Period.

Even so, eBay, Citibank, TD Bank, Ameriprise, Chick-fil-a, Equifax, and many more websites are performing port scans of visitors computers. If you’re concerned about your privacy, imagine the power companis like eBay and Equifax would have if they collected and consolidated details about every remote support platform installed and used by every visitor to their websites. We’re talking about hundreds of millions of people relying on companies that don’t have the best track record of keeping data safe in the first place.

Veracode reports that about 70% of all mobile and desktop applications contain open-source bugs. This reminds me of one of my favorite computer quotes: Every non-trivial program contains at least one bug. Every non-trivial program can be simplified by at least one line of code. The conclusion of the last two laws: Every non trivial program can be simplified to one line of code, and it will contain a bug.

A widely used EU Cookie Consent image is being used to distribute malware. Directly linking to third-party scripts and images has some serious long-term drawbacks.

As was expected by anyone that can math or understand science, suicide (as a result of the government lockdown) has killed more in California than the plandemic COVID-19. This is, of course, after churches are being burned to the ground for daring to try to serve the same people that currently frequent Walmart, Target and Lowes.

The Spectra exploit demonstrates just how easy it’s going to be to abuse the GACT/Contact Tracing services on many devices.

Now for the good news:

Windows 10 v2004 has been released. Make sure you’ve installed v1909 recently so you won’t be forced into the new build before they work out the bugs. I don’t see a lot of differences between v2004 and v1909 that most people would benefit from, anyway, but these releases tend to take a couple months to work out most of the bugs. For example, many Windows policies are erased during the upgrade which can result in local accounts being forced into using inescapable Microsoft accounts for users that don’t understand that “not now” is an option.

Let’s Get Busy

Apple released updates for macOS Catalina 10.15.5, macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra, Windows Migration Assistant 2.2.0.0, iCloud for Windows 7.19, iCloud for Windows 11.2, Safari 13.1.1, Xcode 11.5, iOS 13.5.1, iPadOS 13.5.1, tvOS 13.4.6, watchOS 5.3.7, watchOS 6.2.6, and iTunes 12.10.7. These are security updates.

iOS 13.5.1 and 12.4.7 are security updates. Use Settings, General, Software Update to install the most current version. This version also adds the Orwellian contact tracing feature at the system level. While “disabled” by default, you may validate that it is disabled in Settings, Privacy, Health, COVID-19 Exposure Logging, and turn off Exposure Logging.

iPadOS 13.5.1 is a security update. Use Settings, General, Software Update to install the most current version.

tvOS 13.4.6 is a security update. Use Settings, General, Updates to install the most current version.

watchOS 5.3.7 and 6.2.6 are security updates. Use your updated iPhone to install the most current version through the Watch app.
https://support.apple.com/en-us/HT204641

Google has released security updates for Android 9 and 10 which will gradually be published by individual vendors and available to you in the coming weeks. This version also adds the Orwellian contact tracing feature. Disabling Location and Bluetooth will disable the current version of contact tracing.

Google Chrome OS 83.0.4103.77 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.5 resolves an AMD audio bug. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Intel Driver and Support Assistant 20.6.22 improves OEM device support, performance and resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Logitech Options 8.20.329 adds support for Edge and resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options

nVidia 446.14 improves VRSS in Onward and resolves several stability, performance, and battery life issues. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.9.76 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 83.0.4103.97 is a security update. Use Menu, Help, About to install the most current version.

Microsoft Edge 83.0.478.44 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 77.0 and 77.0.1 are security updates. Use Menu, Help, About to install the most current version.

Firefox ESR 68.9.0 is a security update. Use Menu, Help, About to install the most current version.

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.7.8 is a security update.
https://getmailspring.com/

OutlookAttachView 3.40 changes the Image Preview feature to Preview Pane which will show other attachment types than images. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Internet Updates

One or more of these are likely to be of interest to everyone.

Trillian 6.3.0.5 resolves @mentions. This is not a security update.
https://www.trillian.im/

Trillian Mac 6.3.0.3 resolves a tooltip bug and removes some unused entitlements. This is not a security update.
https://www.trillian.im/

FileZilla Client 3.48.1 is not a security update.
https://filezilla-project.org/

FreeFileSync 10.24 resolves several bugs, improves compatibility, adds new macros and improves error handling. This is not a security update.
https://www.freefilesync.org/download.php

Zoom 5.0.26213.0602 resolves several bugs, enables GIPHY, improves privacy controls and admin controls, improves unmute behavior, and adds waiting room ringtone. This is not a security update.
https://zoom.us/

WinSCP 5.17.6 resolves several bugs. The installation package is a security update.
https://winscp.net/eng/index.php

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.10.7 is a security update. Use Apple Software Update to install the most current version.

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.06.01 adds “Play Next”, direct IP connectivity for Remote Play, P2P improvements, and resolves several bugs. This is not a security update.

PlayStation PS4 7.51 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/system-updates/ps4/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.009.20067 resolves several stability and reliability issues. This is not a security update. Use Help, Check for updates to get the most current version.

Atom 1.47.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/

Audacity 2.4.1 resolves several bugs. This is not a security update.
https://www.fosshub.com/Audacity.html

LibreOffice Fresh 6.4.4 resolves nearly 100 bugs. This is not a security update. Be advised that “Fresh” is the beta version and should be avoided by most people.
https://www.libreoffice.org/

Lightworks NLE 2020.1 resolves hundreds of bugs and adds several new features. This is not a security update.
https://www.lwks.com/

Paint.net 4.2.12 resolves several bugs and improves metadata export between formats. This is not a security update.
https://www.getpaint.net/

MyPaint 2.0.1 resolves several bugs, including a repetitive load image quality loss bug. This is not a security update.
https://github.com/mypaint/mypaint/releases/latest

Security Software Updates

One or more of these is likely to be of interest to most people.

RogueKiller 14.5.0 updates the RKSvc, core engine, and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.27.10 resolves several bugs. This is not a security update.

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.24.2 resolves FFmpeg compatibility. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.8.9 adds support for new encodings and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

DesktopOK 7.27 adds delete confirmation. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Easy2Boot 2.03 resolves several bugs and updates libraries. This is not a security update.
https://www.fosshub.com/Easy2Boot.html

Etcher 1.5.96 updates libraries and resolves several bugs. This should be treated as a security update.
https://www.balena.io/etcher/

GoodSync 11.2.0 improves compatibility and stability. This is not a security update.
https://12pd.com/click?goodsync

MPI Tool Kit 0.099 doesn’t provide a changelog so should be treated as a security update.
https://www.fosshub.com/Easy2Boot.html

MS ISO Downloader 8.37 adds images for developer and insider releases of Win10 build 19628, Office 2016/2019 for Mac, and resolves accessibility issues. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

PointerStick 4.11 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.18.1 adds Run and Keyboard manager, and resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

TeamViewer 15.6.7 improves performance of multi-participant sessions, allows disabling the Outlook add-in during installation, and resolves several bugs. This is not a security update.
https://www.teamviewer.com/en/download/windows/

WakeMeOnLan 1.86 updates the internal MAC address database. This is not a security update.
https://www.nirsoft.net/utils/wake_on_lan.html

WinScan2PDF 5.41 improves detection of multi-function devices. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.33 resolves network drive access issues, improves export/import accuracy, and resolves several bugs. This is not a security update.
https://antibody-software.com/web/software/software/wiztree-finds-the-files-and-folders-using-the-most-disk-space-on-your-hard-drive/

ControlMyMonitor 1.26 now displays an error code if unable to parse settings from the display. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

Cygwin 3.1.5 adds support for WSL symlinks and resolves several bugs. This is not a security update.
https://cygwin.com/

DesktopOK 7.41 resolves installation and removal bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.67 adds an option to uninstall the selected device. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

FileLocator Pro 8.5.2946 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

NetworkInterfacesView 1.21 adds Interface LUID column. This is not a security update.
https://www.nirsoft.net/utils/network_interfaces.html

Bitcoin 0.20.0 improves reliability and stability, removes dependency on OpenSSL, and resolves several bugs. This is not a security update.
https://bitcoin.org/en/download

NTLite 1.9.0.7490 adds several new setting controls and resolves several bugs.
https://www.ntlite.com/download/

WinScan2PDF 5.51 improves translations. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Windows 10 Media Creation Tool v2004 is now available. This is not a security update.
https://www.microsoft.com/en-us/software-download/windows10

Developer Updates

These are unlikely to be of interest to most people.

ADB 30.0.0 adds support for wireless pairing, incremental APK installation, client-side support for compression of various commands with Android 11, and improves performance. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Inno Setup 6.0.5 is a security update.
https://www.jrsoftware.org/isdl.php

Node.js 14.4.0 resolves dozens of bugs. This is a security update.
https://nodejs.org/en/

Node.js 12.18.0 is a security update.
https://nodejs.org/en/

Android Studio 4.0.0.16 is a major update and adds several new features and improvements. This is not a security update.
https://developer.android.com/studio

SQLite 3.32.1 is a security update.
https://www.sqlite.org/download.html

TortoiseSVN 1.14.0 resolves several bugs. This is not a security update.
https://tortoisesvn.net/downloads.html

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.8-137981 resolves several bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 8.9.0 is the final minor build of the 8.x series and updates libraries and resolves several bugs. Drupal 8.8.6 and 8.7.14 are security updates.
https://drupal.org/download

HumHub 1.5.2 resolves over 25 bugs. This is not a security update.
https://www.humhub.com/en/download

Nextcloud Server 19.0.0 adds document collaboration to video chats, password-less login, performance improvements, guest groups and more. This should be treated as a security update.
https://nextcloud.com/

Joomla 3.9.19 is a security update.
https://www.joomla.org/

phpList 3.5.4 is a security update.
https://www.phplist.org/

ScreenConnect 20.5.28493.7445 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Autoptimize 2.7.2 resolves several bugs. This is a security update.

BuddyPress 6.0.0 is a major update adding several new features and resolving many bugs. This is a security update.

Contact Form 7 5.1.9 resolves several bugs. This is not a security update.

myStickymenu 2.4.1 is a cosmetic update. This is not a security update.

Postie 1.9.52 resolves a category parsing bug. This is not a security update.

WooCommerce 4.2.0 resolves dozens of bugs. This is not a security update.

bbPress 2.6.5 doesn’t provide a changelog so should be treated as a security update.

Redirection 4.8 resolves two minor bugs and adds importer. This is not a security update.

Social Post Feed 2.15.1 adds several new features. This is not a security update.

Theme My Login 7.1 adds a new dashboard action, improves performance and resolves several bugs. This is not a security update.

W3 Total Cache 0.14.1 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-02-11

Welcome back, Folks!

Today is Patch Tuesday for February 2020.

Microsoft blinked and released three updates to Windows 7 this month, however two of the issues that were resolved were actually caused by their EOL updates released last month. It’s no longer trustworthy, so do not let Windows 7 touch the Internet!

Windows 7 is officially end-of-life (EOL). If you’re still running it, shame on you, and if you are running a licensed version of Windows 7 or 8 you can still upgrade to Windows 10 and have a supported version of Windows for the foreseeable future. Don’t want to do it yourself? Call me!
https://saferpc.info/contact/

The Windows Update engine relies upon a file called “wsusscn2.cab” which is currently choking on download. While there are several Windows updates available today, it looks like the time just to check for updates will be over 2 hours for most devices today. Have patience or wait to start patching until later when they resolve this issue. There’s plenty of other stuff to patch anyway.

This Month in Technology

macOS finally fixes the Sudo bug (after 9 years), but this pales in comparison to the ease at which Mac users are infected through social engineering tactics. If you still think Mac’s are more secure than Windows, you need to see the numbers from MalwareBytes which show the typical Mac is targeted by nearly double the malware that Windows devices are. One special note here is that the users trusted the names of the websites that were involved, mostly a result of allowing domains to expire (a common concept within the broad scheme of domain hijacking).

While we’re on the subject of renewing domains, don’t forget your certificates! TLS/SSL certificates are often an enterprise’s weakest point of failure, especially when they’re not renewed on time. This will become even more important as TLS 1.0 and 1.1 are deprecated over the next couple months, which will prevent most older devices from being able to safely use the Internet at all. How important is certificate trust? Last months certificate hijacking bug allowed a researcher to replicate NSA and Github certificates in less than 24 hours which could be used immediately in MitM and DNS cache poisoning attacks with no effort from the attacker and as little as 10 lines of browser-based code.

Microsoft has decided to end it’s own ad platform within UWP apps, which will seriously hurt the entire UWP ecosystem and likely their users, by encouraging less security- and privacy-concerned third-party platforms to take their place.

This month we’ve seen data dumps from Twitter user details (shortly before a Twitter outage), Trello, Google, half a million servers, routers, and IoT devices, a major cannabis dispensary POS vendor, THSuite, WhatsApp had a major vulnerability (since patched), a Zoom vulnerability allowed hackers to eavesdrop on your calls, Mitsubishi was hacked via their enterprise security software, Trend Micro OfficeScan, and the United Nations was hacked through an unpatched server.

Is your privacy important? Apple bowed to the FBI to prevent fully-encrypted backups, ICE is using cellphone location data to track immigrants, but Avast has decided to stop selling it’s user data and they’re “sorry”, so at least there’s some good news.

Of course, any account can be hacked, even Facebook’s Twitter and Instagram accounts, and the NFL, and this month the City of Oshkosh (WI) and Duplin County (NC) join the “yet another government network hijacked” club.

It’s one thing to be incompetent when it comes to security, but Blizzard doesn’t even understand their users. This month they’re asserting total copyright ownership of any mods their users create and they released Warcraft: Reforged, which is the first game to ever be reviewed this poorly by the userbase. You might give Blizzard some credit for this – after all, they did build the engine that allowed the third-party “Dota” to flourish. LastPass, however, built their own system but accidentally removed their own extension from the Chrome Web Store!

In IoT news, more than 2/3rds of corporate and government entities were compromised with endpoint attacks in 2019, the weakest link might be the building itself or any of tens of millions of devices on a typical corporate or government network, though, as expected, many Huawei IoT devices have a backdoor. A serious public key exposure in Fortinet SIEM allows evildoers to kill your security appliance, and a critial zero-day in SolarWinds RMM allows attackers to hijack your network. Supply chain attacks targeting EOL Windows 7 devices remind us why we should avoid EOL hardware and software, and Phillips Hue lightbulbs are still proving that they weren’t well though-out security-wise. Thousand of WordPress-based websites have been hijacked to redirect visitors to evil sites, and there is always more to security than patching.

Let’s end my soapbox on a happy note: The best news this month might just be that Netflix finally offers an option to disable those #@$& autoplay previews. It’s about time.

Let’s Get Busy

Now back to our regularly scheduled program. The typical computer should see roughly 2.2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Internet Explorer, .NET, Flash, Servicing Stack, and MSRT (~1.2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra, iCloud for Windows 10.9.2, iCloud for Windows 7.17, iOS 13.3.1, iPadOS 13.3.1, iTunes for Windows 12.10.4, Safari 13.0.5, tvOS 13.3.1, and watchOS 6.1.2. These are security updates. Use Apple Software Update to install the most current versions.

iOS 13.3.1 and 12.4.5 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 13.3.1 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 6.1.2 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 13.3.1 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 79.0.3945.123 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Adobe Flash Player 32.0.0.330 is a security update. Take comfort knowing that Flash will be EOL in only 10 months.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (1909) is a pretty small update so will install quickly. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.2 resolves several issues and improves removal procedure. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

BullZip PDF Printer 11.12.0.2816 improves compatibility with Chrome 80+. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Intel Driver and Support Assistant 20.1.5 improves user interface, performance, uninstall, and resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect

nVidia 442.19 adds framerate capping, performance improvements for certain games, VRSS controls, and support for newer hardware. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Garmin Express 6.20 doesn’t provide a changelog so should be treated as a security update.
https://www.garmin.com/en-US/software/express/

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 80.0.3987.100 is a security update. This version is also the predecessor to the new samesite cookie handling behavior that will cause problems for various industries, including ad-services. Use Menu, Help, About to install the most current version.

Firefox 73.0 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 68.5.0 is a security update. Use Menu, Help, About to install the most current version.

Iridium 2019.11.78 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 2.10.1745.27 is a security update. Use Menu, Help, About to install the most current version.

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 68.5.0 is a security update. Use Menu, Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

MaxMind GeoLite: Due to their interpretation of the CCPA (California Consumer Privacy Act), MaxMind has opted to no longer provide direct downloads of their IP information databases. An account and agreement to perform updates immediately upon publishing new releases and removal of all existing copies is now required. Due to this we will no longer be listing MaxMind on SaferPC. I suggest you integrate their automatic update service into your existing platform to ensure that you can comply with their new usage agreement.

Prosody 0.11.4 improves performance and resolves several bugs. This is not a security update.
https://prosody.im/download/start

BrowsingHistoryView 2.36 adds option to delete Chrome and Firefox history records. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

FreeNAS 11.3 is a major update offering improved performance, security controls, community plugin integration, improved granularity of alerts and more. This is not a security update.
https://www.freenas.org/download-freenas-release/

Npcap 0.9987 is a security update.
https://nmap.org/npcap/

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.10.4 is a security update. Use Apple Software Update to install the most current version.

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.01.20 resolves several bugs and improves reliability of Remote Play. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.006.20034 is a security update. Use Help, Check for Updates to get the most current version.

Adobe DNG 12.2 adds support for new hardware. This is not a security update.
Mac: https://supportdownloads.adobe.com/detail.jsp?ftpID=6879
Win: https://supportdownloads.adobe.com/detail.jsp?ftpID=6881

Adobe Experience Manager 6.5.0-31870 and 6.4.0-31868 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb20-08.html

Adobe Digital Editions 4.5.11 is a security update.
https://helpx.adobe.com/security/products/Digital-Editions/apsb20-07.html

Adobe Framemaker 2019.0.5 is a security update.
https://helpx.adobe.com/security/products/framemaker/apsb20-04.html

Adobe Illustrator CC 24.0.2 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb20-03.html

Artweaver 7.0.4 resolves several bugs and improves performance with impasto and PSD text layers. This is not a security update.
https://www.artweaver.de/

Atom 1.44.0 resolves several bugs. This is not a security update.
https://atom.io/

LibreOffice Still 6.3.4 is a major update adding a wide variety of new features and performance improvements. This is not a security update.
https://www.libreoffice.org/

LibreOffice Fresh 6.4.0 resolves almost 500 bugs, including security issues. The typical user should run LibreOffice Still (stable), not Fresh (beta).
https://www.libreoffice.org/

Lightworks NLE 14.5 adds dozens of new features, export options, media codecs, and over a hundred bugs. This should be treated as a security update.
https://www.lwks.com/

Notepad++ 7.8.4 adds JSON and Workspace improvements, and resolves a crash bug. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 4.2.9 resolves several bugs and improves performance. This is not a security update.
https://www.getpaint.net/

Security Software Updates

One or more of these is likely to be of interest to most people.

QubesOS 4.0.3 is a security update.
https://www.qubes-os.org/downloads/

elementaryOS 5.1.2 is a security update.
https://elementary.io/

RogueKiller 14.1.1 resolves several bugs. This is a security update.
https://www.adlice.com/download/roguekiller/

TinyWall 3.0 improves reliability, user interface, exception controls, and resolves several bugs. This is not a security update.
https://tinywall.pados.hu/

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.20.2 resolves several bugs. This is not a security update.
https://www.fosshub.com/ScreenToGif.html

Converter Updates

These are unlikely to be of interest to most people.

MKVToolnix 43.0.0 resolves several bugs and improves user interface defaults options from command line. This is not a security update.
https://www.fosshub.com/MKVToolNix.html

DVDFab 11.0.7.1 resolves several bugs and adds support for newer encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

RoboForm 8.6.6 improves compatibility and resolves several bugs. This is not a security update.
https://www.roboform.com/

Easy2Boot 1.B8A improves compatibility and user-interface. This is not a security update.
https://www.fosshub.com/Easy2Boot.html

1Password for Mac 7.4.2 improves compatibility and resolves several bugs. This is not a security update.
https://1password.com/downloads/mac/

ControlMyMonitor 1.25 adds option to put icon in tray. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

DesktopOK 6.84 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.66 adds Class GUID column. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

Etcher 1.5.76 updates libraries and resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Everything CLI 1.1.0.18 doesn’t provide a changelog, so should be treated as a security update.
https://www.voidtools.com/

FileLocator Pro 8.5.2944 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Fing 8.8.2 improves user interaction and resolves several bugs. This is not a security update.
https://community.fing.com/

GoodSync 10.10.21 improves performance and reliability, resolves several bugs. This is not a security update.
https://www.goodsync.com/

MS ISO Downloader 8.31 adds support for new media. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

OSFMount 3.0.1005 adds command-line options to load physical or logical emulation only, and resolves a permissions bug. This is not a security update.
https://www.osforensics.com/tools/mount-disk-images.html

SetDefaultBrowser 1.4 adds support for Chromium-based Edge. This is not a security update.
https://kolbi.cz/blog/2017/11/10/setdefaultbrowser-set-the-default-browser-per-user-on-windows-10-and-server-2016-build-1607/

TaskSchedulerView 1.54 adds options to select/deselect all to column chooser. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

USBDeview 2.86 adds mode option for Regedit call, to support opening with or without elevation.
https://www.nirsoft.net/utils/usb_devices_view.html

WinScan2PDF 5.21 improves WIA compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.32 resolves several bugs, adds options to export file types to CSV, filterexclude, and command-line supporter activation. This is not a security update. On the note of Supporters – this software is amazing. Use it. And donate.
https://antibody-software.com/web/software/software/wiztree-finds-the-files-and-folders-using-the-most-disk-space-on-your-hard-drive/

Developer Updates

These are unlikely to be of interest to most people.

Godot 3.2 improves reliability, performance, stability and resolves almost 2,000 bugs. This should be treated as a security update.
https://godotengine.org/

Node.js 13.8.0 is a security update.
https://nodejs.org/en/

SQLite 3.31.1 adds generated columns, hard heap limits, improved pragma, dbstat aggregated mode support, open nofollow, and resolves an internal schema compatibility issue. This compatibility fix is temporary, so fix your applications if you currently rely on parsing the data structure via internal schema. This is a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.42 resolves several bugs, improves user interface, additional preference controls, task management, and more. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.2-135663 resolves several bugs and improves compatibility. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Adminer 4.7.6 resolves several bugs. This is not a security update.
https://www.adminer.org/en/

Drupal 8.8.2 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

HumHub 1.4.0 updates libraries and resolves dozens of bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 3.9.15 is a security update.
https://www.joomla.org/

Magento 2.3.4, 2.2.11, 1.14.4.4, 1.9.4.4 are security updates.
https://helpx.adobe.com/security/products/magento/apsb20-02.html

Nextcloud Hub 18.0.0 is a major update adding improved file, flow, photos, calendar, mail, and talk integration, and ONLYOFFICE support. This is not a security update.
https://nextcloud.com/

ScreenConnect 19.6.26659.7340 is a security update.
https://www.connectwise.com/software/control/download

SpamAssassin 3.4.4 is a security update.
http://spamassassin.apache.org/downloads.cgi

YOURLS 1.7.6 is a security update.
https://yourls.org/

bbPress 2.6.4 is a security update.

Interactive World Map 3.1.4 is a major update that resolves several issues. This is not a security update.

myStickymenu 2.3.4 resolves several bugs. This is not a security update.

Postie 1.9.41 resolves regex bug and now attempts to process only 1 email at a time. This is not a security update.

Sucuri Security 1.8.23 updates key updater and improves user interface. This is not a security update.

W3 Total Cache 0.13.1 resolves several bugs. This is not a security update.

WooCommerce 3.9.1 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2018-12-11

Hi, Folks!

It’s Patch Tuesday and since last week was a huge out-of-cycle update (thanks, Adobe!) it’s a pretty small one. We have the regular updates from Microsoft but only a handful of other applications have been patched this week.

The typical computer should see roughly 2gb in updates today. Let’s get started.

Microsoft released updates for Windows, Internet Explorer, .NET, and MSRT (~2gb). This includes security updates. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The now-current release of Windows 10 (1809) will cause your computer to feel unusually slow until it is installed. This is a side-effect of the Windows 10 upgrade cycle, which pushes out 3-6gb through Windows update to get you to the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, it will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Intel Driver Update 3.7 adds support for SSD tools, Intel RST, Optane, and resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Browser Updates

One or more of these are likely to be of interest to everyone.

Firefox 64.0 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 60.4.0 is a security update. Use Menu, Help, About to install the most current version.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 19.010.20064 is a security update. Use Help, Check for Updates to install the most current version.

Nextcloud Desktop 2.5.1 adds compatibility for Nextcloud Server 15 and resolves several bugs. This is not a security update.
https://nextcloud.com/

Security Software Updates

One or more of these is likely to be of interest to most people.

RogueKiller 13.0.16 adds signatures. This is not a security update.
https://www.adlice.com/download/roguekiller/

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2019.1.0 adds integration to Windows Snipping Tool and Snip & Sketch, and resolves several bugs. This is a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Utility Updates

These are unlikely to be of interest to most people.

ControlMyMonitor 1.11 adds an option to export monitor list from the command line. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

GoodSync 9.9.19 adds support for the new GoodSync account. This is not a security update.
https://12pd.com/click?goodsync

FileLocator Pro 8.5.2880 resolves several bugs. This is not a security update.
http://www.mythicsoft.com/filelocatorpro/download

FolderChangesView 2.26 redesigns the Choose Folder window to improve visibility on low-resolution devices. This is not a security update.
https://www.nirsoft.net/utils/folder_changes_view.html

SearchMyFiles 2.90 adds ability to limit results to only folder names. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

SetDefaultBrowser 1.3 improves browser compatibility. This is not a security update.
https://kolbi.cz/blog/2017/11/10/setdefaultbrowser-set-the-default-browser-per-user-on-windows-10-and-server-2016-build-1607/

SetUserFTA 1.7.1 resolves a false AV detection. This is not a security update.
https://kolbi.cz/blog/2017/10/25/setuserfta-userchoice-hash-defeated-set-file-type-associations-per-user/

Autoruns 13.93 adds support for HKCU scanning from CLI and fixes a bug that prevented UserInitMprLogonScript from being scanned. This should be treated as a security update.
https://live.sysinternals.com/

Handle 4.21 fixes a race condition that could cause a bluescreen. This should be treated as a security update.
https://live.sysinternals.com/

ProcessExplorer 16.22 fixes a race condition that could cause a bluescreen. This should be treated as a security update.
https://live.sysinternals.com/

SDelete 2.02 adds a progress filter. This is not a security update.
https://live.sysinternals.com/

Sigcheck 2.71 resolves several bugs. This is not a security update.
https://live.sysinternals.com/

Sysmon 8.2 resolves several bugs. This should be treated as a security update.
https://live.sysinternals.com/

VMMap 3.25 fixes a profiling bug. This is not a security update.
https://live.sysinternals.com/

Developer Updates

These are unlikely to be of interest to most people.

Node.js 11.4.0 is a security update.
https://nodejs.org/en/

Web Package Updates

These are likely to be of interest only to web developers.

Nextcloud Server 15.0.0 is a major update. This version adds social networking, 2FA, security hardening, PDF conversion, collaboration improvements, mobile improvements, performance improvements, full-text search, and more. This adds new security controls, so should be treated as a security update.
https://nextcloud.com/

phpMyAdmin 4.8.4 is a security update.
https://www.phpmyadmin.net/home_page/news.php

Contact Form 7 5.1 adds support for reCAPTCHA v3, Constant Contact integration, and Dark Mode. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2018-12-06

Hi, Folks!

It’s not Patch Tuesday, but Adobe, Microsoft, Apple, Google and many others have released updates this week.

“Yet another” zero-day Adobe Flash exploit is being used to actively hack computers as they browse the Internet. Most browsers have Flash baked-in now, so are actively building updates to patch this new vulnerability. While you should patch your browser, you should also disable Flash across your device and within each browser as the best defense against the lowest-hanging fruit in security today: Adobe Flash.

The typical computer should see approximately 500mb of updates. Let’s get started.

Microsoft released an out-of-cycle security update to address issues in Edge, IE and Flash (~20mb). This is a security update. A reboot is required.

Oh, btw, did you see that MS is planning to replace the engine in Edge with the same engine used by Chrome? This should help you dismiss the nagging feeling that maybe Edge might be faster or more stable than Chrome or other Chromium-based browsers.

Apple released updates for macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra, iOS 12.1.1, Safari 12.0.2, Shortcuts 2.1.2, iCloud for Windows 7.9, iTunes 12.9.2 for Windows, tvOS 12.1.1, and watchOS 5.1.2. These are security updates. Use the Apple App Store or Apple Software Update to install the most current versions.

iOS 12.1.1 is a security update. Use Settings, General, Software Update to install the most current version.

watchOS 5.1.2 is a security update. Use your updated iPhone to install the most current version through the Watch app.
https://support.apple.com/en-us/HT204641

tvOS 12.1.1 is a security update. Use Settings, General, Updates to install the most current version.

Google Chrome OS 70.0.3538.110 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Adobe Flash Player 32.0.0.101 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.0.4 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

nVidia 417.22 improves compatibility with new hardware. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 71.0.3578.80 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 2.1.1337.51 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Iridium 2018.11.70 is a security update (but still a major version behind the core chromium security patch level).
https://iridiumbrowser.de/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.5.3 resolves several bugs. This is not a security update.
https://getmailspring.com/

NK2Edit 3.38 adds select all and unselect all to the column selection window. This is not a security update.
https://www.nirsoft.net/utils/outlook_nk2_edit.html

Internet Updates

One or more of these are likely to be of interest to everyone.

Prosody 0.11.1 resolves several bugs. This is not a security update.
https://prosody.im/download/start

WinSCP 5.13.5 is a security update.
https://winscp.net/eng/index.php

FileZilla 3.39.0 resolves an empty file timestamp bug. This is not a security update.
https://filezilla-project.org/

MaxMind GeoIP Data 201812 is a data refresh.
https://dev.maxmind.com/geoip/geolite

WGet 1.20 updates libraries. This should be treated as a security update.
https://eternallybored.org/misc/wget/

Media Updates

These are unlikely to be of interest to most people.

Flickr Downloadr 3.2.0.1 resolves several bugs and adds support for simultaneous downloads. This is not a security update.
https://flickrdownloadr.com/downloads/

Game Updates

These are unlikely to be of interest to most people.

EA Origin 10.5.31.17411 resolves several bugs. This is not a security update.
https://www.origin.com/en-us/download

Steam 2018.11.27 resolves several bugs. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Paint.net 4.1.5 resolves several bugs and improves performance. This is not a security update.
https://www.getpaint.net/

Security Software Updates

One or more of these is likely to be of interest to most people.

Wireshark 2.6.5 is a security update.
https://www.wireshark.org/

OpenSSL 1.0.2q is a security update.

RogueKiller 13.0.15 resolves several bugs and adds signatures. This is not a security update.
https://www.adlice.com/softwares/roguekiller/

TDSSKiller 3.1.0.24 adds detection for new malware. This should be treated as a security update.
https://support.kaspersky.com/viruses/utility#TDSSKiller

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.14.2 resolves several bugs and adds support for new encodings. This is not a security update.
https://www.makemkv.com/download/

DVDFab 11.0.0.7 resolves several bugs and adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

NTLite 1.7.1.6630 resolves a duplicate entry bug. This is not a security update.
https://www.ntlite.com/download/

GoodSync 10.9.19 changes some cosmetic information related to licensing and activation. This is not a security update.
https://12pd.com/click?goodsync

ControlMyMonitor 1.10 improves command-line support. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

DesktopOK 5.79 improves performance. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DiskMaker X 8.0.3 resolves an updater bug. This is not a security update.
https://diskmakerx.com/

HWMonitor 1.38 resolves a bug with multiple graphics devices and adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

IsMyHdOK 1.61 improves performance and output style. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

LessMSI 1.6.3 only changes metadata. This is not a security update.
https://lessmsi.activescott.com/

FileLocator Pro 8.5.2878 adds support for portable device searching and resolves a language bug. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

FolderChangesView 2.25 vastly improves utility of program by assigning command to folder changes with metainfo from watched folder. This is not a security update.
https://www.nirsoft.net/utils/folder_changes_view.html

SearchMyFiles 2.90 adds option to include only folders. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

USBDeview 2.78 adds an option to configure the application from the command line. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

WirelessKeyView 2.06 adds an option to export all items. This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html

OSForensics 6.1.1005 resolves several bugs. This is not a security update.
https://www.osforensics.com/download.html

Rufus 3.4 resolves several bugs and improves compatibility. This is not a security update.
https://rufus.ie/en_IE.html

WinScan2PDF 4.64 improves performance and WIA compatibility, and adds support for rotating every other page to resolve issues with older duplex scanners. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

WinMerge 2.16.0 adds x64 support, resolves several bugs, adds support for Win7+ jump list feature (really!), HiDPI support, 3-way merge, advanced search patterns, and many more. This is not a security update.
https://winmerge.org/

Node.js 11.3.0 is a security update.
https://nodejs.org/en/

SQLite 3.26.0 resolves several bugs and improves storage and sanity checks. This is not a security update.
https://www.sqlite.org/download.html

StrawberryPerl 5.28.1.1 is a security update.
https://strawberryperl.com/

Web Package Updates

These are likely to be of interest only to web developers.

Joomla 3.9.1 resolves over 40 bugs. This is not a security update.
https://www.joomla.org/

Adminer 4.7.0 improves compatibility and resolves several bugs. This is not a security update.
https://www.adminer.org/en/

TinyMCE 4.9.1 resolves several bugs. This is not a security update.
https://www.tiny.cloud/get-tiny/

Drupal 8.6.4 resolves dozens of bugs, improves i18n, improves unit testing. This is not a security update.
https://drupal.org/download

MailEnable 10.20 resolves several bugs, including SPF and SNI-compatibility improvements. This is not a security update.
https://www.mailenable.com/

Nextcloud Server 14.0.4 resolves dozens of bugs, improves sanity and security. This should be treated as a security update.
https://nextcloud.com/

ScreenConnect 6.9.21027.6898 resolves a compatibility issue on IE for guests. This is not a security update.
https://www.screenconnect.com/Download

WordPress 5.0 is a major update primarily focused on switching to Gutenberg as the default editor, adding several new design and styling features, and over 40 bug fixes. This is not a security update.
https://wordpress.org/

Autoptimize 2.4.4 resolves a cronjob editor bug. This is not a security update.

BuddyPress 4.1.0 resolves several bugs. This is not a security update.

Custom Facebook Feed 2.8 adds several new features and improves compatibility. This is not a security update.

Postie 1.9.26 resolves a category bug. This is not a security update.

WooCommerce 3.5.2 resolves several bugs, improves self-diagnostics, and improves integration. This is not a security update.

WP Mail SMTP 1.4.1 should be treated as a security update.

WPtouch 4.3.34 improves cosmetics for Gutenberg compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2018-11-13

Hi, Folks!

It’s Patch Tuesday and it’s a big one. Every major vendor has released security updates and there’s many smaller vendor updates released today, as well.

But before we get to that I want to briefly talk about something else. You’ve surely heard the phrase “Internet of Things” or “IoT”. This describes the common and growing practice of everything touching the Internet all the time. Besides the computers you have in your office and living room, the phone in your pocket, and the tablets you have littered across random flat surfaces across your home, there are now cars, toasters, refrigerators, light bulbs, irrigation systems, air conditioners, instant pots, and a million other things that are now Internet-enabled for our convenience or simply for the novelty of it. Nearly all of these devices don’t talk to the Internet directly, but through a router or modem which connects each of the devices at a specific location to the Internet through your Internet Service Provider. While it’s possible to hijack your light bulbs, fridge, and coffee maker, the low-hanging fruit of most networks is and always will be the router. This oft-overlooked device is poorly maintained and directly accessible from the Internet making it easy prey for attackers. Currently there’s a botnet called BCMUPnP_Hunter that has hijacked over 100,000 routers and is using them (and your Internet connection) to send spam and phishing messages.

In each case it could have been avoided.

All hardware is supported and maintained by the vendor for a limited time ranging from a mere 6 months to a decade. However, having it be “supported” is one thing – actually installing the firmware and software updates that would have prevented this and similar infections or proactively replacing end-of-life (EOL) hardware is critical. This neglect is like starving to death at a buffet. The updates and EOL information is out there, but you need to know your network (or hire someone to) and maintain or replace each device that touches it.

Know your network!

Now back to our regularly scheduled program.

The typical computer should see roughly 4gb in updates today. Let’s get started.

The first major update to macOS Mojave was released this week, as well as the first major update to iOS 12. Windows 10 v1809 has been released again. This version was pulled for the last two months because of a show-stopper bug that resulted in deleting user files of people with a specific configuration. That issue is now resolved, but it highlights the importance of letting other people be the guinea pig for major updates like this. Updates are important. Don’t get me wrong. Stability is more important, though, and there’s no reason to put a stable, secure, and supported operating system at risk with what amounts to a beta release. Microsoft maintains several versions of Windows 10 and there’s no reason to rush to the latest build. Install their standard security updates, but wait on new releases.

Windows 10 v1809 is about 3gb when downloaded by the Windows Upgrader/Windows Update, so expect it to randomly install for any Windows 10 Home user over the next month, consuming 3gb of bandwidth to get it done. If you have a slow connection, it could end up trying to download 3gb per day per device, so you would be better off downloading the installer yourself and installing it to ensure that the upgrade completes. That said, you should, of course, postpone upgrading to 1809 for the next couple months and let the rest of the world be the beta testers.

In any case, sometimes we all need that reminder: run your backups *now*.

Microsoft released Windows 10 v1809 and updates to Windows, Flash, Edge, Internet Explorer, and MSRT (~3gb). This includes security updates. A reboot is required.

Apple released macOS Mojave 10.14.1, macOS Mojave 10.14.1 Supplemental for MacBook Air, Security Update 2018-002 for High Sierra, Security Update 2018-005 for Sierra, iOS 12.1, tvOS 12.1, watchOS 5.1.1, Safari 12.0.1, iCloud for Windows 7.8, and iTunes 12.9.1. This includes security update. Use Apple Software Update to install these updates. A reboot is required.

Adobe Flash Player 31.0.0.148 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 70.0.3538.76 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 29-1.2 is a new major version offering modularity, GNOME 3.30, Vagrant images, and more. This is not a security update.
https://getfedora.org/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The now-current release of Windows 10 (1809) will cause your computer to feel unusually slow until it is installed. This is a side-effect of the Windows 10 upgrade cycle, which pushes out 3-6gb through Windows update to get you to the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, it will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.0.3 improves removal and removes paexec to minimize false positives from AV software. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 70.0.3538.102 is a security update. Use Menu, Help, About to install the most current version.

Firefox 63.0.1 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 60.3.0 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 2.1.1337.47 improves quick commands, resolves several bugs, and updates chromium source to v70. This is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.5.2 improves compatibility, stability, performance, and updates libraries. This is a security update.
https://getmailspring.com/

Thunderbird 60.3.0 is a security update. Use Menu, Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

Skype 8.33.0.50 improves group moderation and adds send with enter key. This is not a security update.
https://12pd.com/click?skype

Evernote 6.16.4.8094 resolves several bugs and improves stability. This is not a security update.
https://www.evernote.com/

FileZilla 3.38.1 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 10.6 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

MaxMind GeoIP Data 201811 is a data refresh.
https://dev.maxmind.com/geoip/geolite

Media Updates

These are unlikely to be of interest to most people.

CDBurnerXP 4.5.8.7041 adds the ability to filter drives to only those that are writeable. This is not a security update.
https://cdburnerxp.se/

FastStone Viewer 6.7 improves performance, resolves several bugs, and expands options. This is not a security update.
http://www.faststone.org/FSViewerDetail.htm

Flickr Downloadr 2.7.0.1 doesn’t provide a changelog so should be treated as a security update.
https://flickrdownloadr.com/downloads/

Game Updates

These are unlikely to be of interest to most people.

EA Origin 10.5.30.15625 resolves several bugs. This is not a security update.

Steam 2018.11.08 resolves several bugs and improves stability. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 19.008.20081 is a security update. Use Help, Check for Updates to get the most current version.

Paint.net 4.1.4 improves performance and resolves several bugs. This is not a security update.
https://www.getpaint.net/

LibreOffice Still 6.0.7 resolves dozens of bugs. This is not a security update.
https://www.libreoffice.org/

LibreOffice Fresh 6.1.3 resolves dozens of bugs. This is not a security update.
https://www.libreoffice.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

Gpg4win 3.1.5 resolves many bugs. This is not a security update.
https://www.gpg4win.org/download.html

SuperAntiSpyware 8.0.1024 is a major update adding DND mode, repair and reset modes, and startup monitoring. This is not a security update.
https://www.superantispyware.com/download.html

RogueKiller 13.0.9 updates detection engine and signatures. This is a security update.
https://www.adlice.com/softwares/roguekiller/

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2019.0.1 resolves several bugs and improves stability. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.0.3 adds support for new encodings and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

MakeMKV 1.14.1 improves stability, adds support for new encodings, and new options. This is not a security update.
https://12pd.com/click?makemkv

Utility Updates

These are unlikely to be of interest to most people.

Beyond Compare 4.2.8.23479 resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitcoin 0.17.0.1 resolves several bugs. This is not a security update.
https://bitcoin.org/en/download

Cygwin 2.11.2 is a security update.
https://cygwin.com/

DesktopOK 5.76 resolves a startup bug. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

GoodSync 10.9.16 resolves several bugs, improves user experience, and change default security options. This should be treated as a security update.
https://12pd.com/click?goodsync

ImageUSB 1.4.100 resolves several bugs, adds a new option to fill remaining space with an extended partition. This is not a security update.
https://www.osforensics.com/tools/write-usb-images.html

FileLocator Pro 8.5.2868 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

BulkFileChanger 1.52 adds an option to fill current time to file time command attributes. This is not a security update.
https://www.nirsoft.net/utils/bulk_file_changer.html

DevManView 1.55 adds delay controls. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

USBDeview 2.77 adds delay controls. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

OSForensics 6.1.1004 resolves several bugs. This is not a security update.
https://www.osforensics.com/download.html

WinScan2PDF 4.56 resolves a driver bug. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

CPU-Z 1.87 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

Developer Updates

These are unlikely to be of interest to most people.

Node.js 11.1.0 resolves dozens of bugs. This is a security update.
https://nodejs.org/en/

SQLite 3.25.3 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.7.1 doesn’t provide a detailed changelog, so should be treated as a security update.
https://ppsspp.org/downloads.html

VirtualBox 5.2.22-126460 resolves several bugs and improves compatibility. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Joomla 3.9.0 provides over 250 fixes and improves privacy controls.
https://www.joomla.org/

ModSecurity 3.0.3 resolves several bugs, adds new rules and controls. This is not a security update.
https://github.com/SpiderLabs/ModSecurity/releases

phpList 3.3.6 resolves several bugs and adds new features. This is not a security update.
https://www.phplist.com/download

TinyMCE 4.8.5 resolves several bugs. This is not a security update.
https://www.tinymce.com/download/

Drupal 8.6.2 is a security update.
https://drupal.org/download

Akismet 4.1 adds several new features. This is not a security update.

Contact Form 7 5.0.5 resolves several bugs. This is not a security update.

myStickymenu 2.0.6 resolves the 404 configuration bug. This is not a security update.

NextScripts Social Networks Auto-Poster 4.2.8 is a security update.

Redirection 3.6.2 improves compatibility. This is not a security update.

WooCommerce 3.5.1 resolves several bugs. This is not a security update.

WPtouch 4.3.33 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/