Welcome back, Folks!
Today is Patch Tuesday for July, 2021. Bad patches, bad faith, insufferable heat, and a horrific series of holiday events for security professionals has left me in a foul mood. I’ll try to keep my temper.
This Month in Technology
Apex Legends, ATMs and PoS platforms, Boeing, Cisco Smart Switches, tens of millions of Dell devices, EA (including the source code for dozens of games), Indexsinas, iOS activation lock, the IRS, Kaseya – impacting hundreds of companies and over a million devices, and then, another Linux kernel bug, Luma, NSW Dept of Education, Pling, SolarWinds (again), Southwest Airlines, Swedish Coop supermarkets, VMWare vCenter, Western Digital’s My Book Live devices, and Windows Print Spooler (printnightmare) have been hacked.
Malware was released posing as a Kaseya security update to address their 4th of July horror show, Microsoft signed and published the malware-laden Netfilter rootkit, the Accelion breach keeps getting worse, there’s another strain of ransomware targeting Microsoft Exchange, and 8.4 billion passwords were dumped in a new leak. There has been a 10x increase in businesses targeted by adult phishing messages.
Apple prioritized its own app before competitors in their “fair” app search engine, simply naming a wireless network a certain way can disable iPhone Wi-Fi on devices that connect to it. If it’s an open network, they’ll try to connect to it automatically. Safari broke indexedDB which broke access to almost every web app. Apple uses slave labor while refusing to hire minorities, Siri is still violating your privacy, and if your iPhone is the “key” to your bank or other sensitive information, get a better lock. At least the Woz supports the right-to-repair.
You’re not in charge of your SMART devices. Dell admits to intentionally disabling their hardware. An Australian phone carrier is injecting advertisements into texts. What this says about your use of two-factor authentication (2FA) is that at the very least, your carrier can always access them (and so can any 3-letter agencies). Google has even acknowledged the significance of this risk and is advising developers to stop using texts for 2FA.
Microsoft’s Linux repos, Microsoft Store, and Fastly had major outages. The Fastly CDN outage was caused by “one customer changing a setting.”
Microsoft announced the upcoming release of Windows 11, which has only a handful of significant changes (including an uglier user interface and a requirement for home users to use a Microsoft account). This article is a great summary of why forcing a Microsoft account on their users is a bad idea.
If having the Facebook app itself installed weren’t risky enough…they can analyze the photo of a single word to recreate your handwriting, and identify the source of deepfakes, but they can’t bother to follow their own “important rules.” Facebook can be held liable for their facilitation of sex trafficking.
Secretaries of State continue to promote the false “secure election” claims when they, themselves, hold evidence to the contrary. There is now sufficient evidence to demonstrate that election fraud was the norm in 2020. Dominion blames “human error,” and why wouldn’t they? Liberty dies in darkness.
Epic Games is winning appeal in Australia. Robinhood violated the law by getting in bed with Wall Street, and the SEC is targeting independent investors. SpaceX is being investigated for their Starlink expansion (the heat is on). A federal judge has overturned California firearm ban even while California launches a vaccine passport. The Linux Foundation has jumped the shark, by joining the fracas.
The CDC keeps fudging the VAERS numbers so is it any wonder there are bills to ban a federal vaccination database? Why wouldn’t they when there are over 50,000 dead Americans thanks to the CV19 “vaccines,” and the vast majority of “COVID deaths” are to the vaccinated minority? More than half of all (government-funded) COVID “relief” was either stolen or fraudulent. Airlines are banning those who have received the vaccines and Pakistan is banning those who have not from having cell phones. Fauci keeps lying his way around the media, but that’s common when government meets health care. Profit-driven labs, agenda-driven judges, fake peer review, and “science” (not to be confused with actual science) have produced defective (unless their intent is to kill) and ineffective vaccines, deadly mask mandates, and insane stay-at-home orders, that have caused irreparable damage. Just say no. “Voluntary” does not mean “without consent.”
Biden (falsely, in case you weren’t aware) believes “a number of officers” lost their lives during the January 6th “riot“, but is allowing actual murderers go free, even though the capitol staff allowed protesters to enter the magnetically locked doors. This is why Speaker Pelosi refused National Guard assistance. If they were there, their cronies couldn’t have staged this “mostly peaceful” false flag.
The US federal government is researching ways to implement their own version of a social credit system. NCLB=>CRT, and now they’re treating humor as racism. Thanks to interventionalism, gas is going to get much more expensive.
All terrorism is sponsored by the FBI, or concealed by them. That’s not an exaggeration. Anyone that’s turned on a TV knows that there are a lot of pedophiles in government. How many do you think are in the FBI?
Threatening to nuke your citizenry approaches the worst thing any President has ever done. When is revolution justified?
Now for the good news:
This heat wave is finally subsiding.
Let’s Get Busy
Now back to our regularly scheduled program.
Patch Tuesday this month is very large. The typical computer should see roughly 2.5 GB in updates today. Let’s get started.
Before I begin I should point out that Microsoft released an out-of-band (OOB) security update last week. For the vast majority of users, the “fix” caused more damage than the risk of compromise. Printers, card readers, even disk drives, suffered problems after installing the update, and in some cases Windows was broken as a result. Instead of tying it to the previously (and well-tested) June patch cycle update, they released the OOB update based on the beta version of the July update. I spent most of this week dealing with the fallout from this very poorly tested patch. Grrr.
Microsoft released updates for Windows, Edge, .NET, Servicing Stack, Internet Explorer, and MSRT (~1.2 GB). This includes security updates. A reboot is required.
Apple released updates for iOS 12.5.4 and iMovie 10.2.4. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.
iOS 12.5.4 is a security update. Use Settings, General, Software Update to install the most current update.
Google Chrome OS 91.0.4472.147 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.
Important Notes
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
The release of macOS Big Sur (11.x) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.
The now-current release of the Windows 10 (v21H1) is very large, for the first time it’s actually smaller than the previous release, but it will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com
Driver Updates
If you’re using this hardware – these updates are for you.
Display Driver Uninstaller 18.0.4.2 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu
Logitech Options 8.54.161 resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options
Nvidia 471.11 resolves several bugs. This is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us
Browser Updates
One or more of these are likely to be of interest to everyone.
Brave 1.26.74 is a security update.
https://brave.com/
Google Chrome 91.0.4472.124 is a security update.
https://www.google.com/chrome/
Microsoft Edge 91.0.864.67 is a security update.
https://www.microsoft.com/en-us/edge/business/download
Firefox 90.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/
Firefox ESR 78.12.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/
Iridium 2021.06.91 is a security update.
https://iridiumbrowser.de/
SeaMonkey 2.53.8 is a security update.
https://www.seamonkey-project.org/
Vivaldi 4.0.2312.38 is a security update.
https://vivaldi.com/
Email Updates
One or more of these are likely to be of interest to everyone.
NK2Edit 3.42 improves high-DPI support. This is not a security update.
https://www.nirsoft.net/utils/outlook_nk2_edit.html
Thunderbird 78.12.0 is a security update.
https://www.thunderbird.net/en-US/
Internet Updates
One or more of these are likely to be of interest to everyone.
Telegram 2.8.4 improves stability. This is not a security update.
https://telegram.org/
AnyDesk 6.3.2 resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads
Dropbox 125.4.3474 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.dropbox.com/
FileZilla Client 3.55.0 improves SFTP and ALPN support, and resolves several bugs. This is not a security update.
https://filezilla-project.org/
FreeFileSync 11.11 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php
Npcap 1.50 resolves several bugs and improves compatibility. This is not a security update.
https://nmap.org/npcap/
Omada Software Controller 4.4.3 resolves dozens of bugs and improves reliability. This should be treated as a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/
WinSCP 5.19.1 resolves several bugs. This is not a security update.
https://winscp.net/eng/index.php
Zoom 5.7.1.543 resolves several bugs. This is a security update.
https://zoom.us/
Media Updates
These are unlikely to be of interest to most people.
3tene 2.0.16 adds snow, rain and fire effects, resolves several bugs. This is not a security update.
https://en.3tene.com/
darktable 3.6.0 adds several new features, resolves dozens of bugs and updates hardware support. This is not a security update.
https://www.darktable.org/install/
Flickr Downloadr 3.4.0.1 resolves several bugs and removes defunct platforms. This is not a security update.
https://flickrdownloadr.com/downloads/
Plex Media Server 1.23.4.4805 improves AAC encoding quality, hardware compatibility, play queueing specials and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server
VLC Media Player 3.0.16 is a security update.
https://www.videolan.org/vlc/
Game Updates
These are unlikely to be of interest to most people.
PlayStation PS5 21.01-03.21.00 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/
Steam 2021.07.13 resolves dozens of bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0
Office Updates
One or more of these are likely to be of interest to most people.
Krita 4.4.5 resolves dozens of bugs. This should be treated as a security update.
https://krita.org/en/download/krita-desktop/
LibreOffice Fresh 7.1.4 resolves 80 bugs. This is a security update.
https://www.libreoffice.org/
Nextcloud Desktop 3.2.4 resolves several bugs. This is not a security update.
https://nextcloud.com/
Notepad++ 8.1.1 adds/improves dark mode, resolves performance and stability bugs. This is not a security update.
https://notepad-plus-plus.org/
Adobe Dimension 3.4.3 is a security update.
https://www.adobe.com/products/dimension.html
Adobe Illustrator 25.3 is a security update.
https://www.adobe.com/creativecloud/catalog/desktop.html
Adobe Framemaker 2019.8 and 2020.2 are security updates.
https://helpx.adobe.com/framemaker/kb/framemaker-downloads.html
Adobe Acrobat and Reader 2021.005.20058, 2020.004.30006, and 2017.011.30199 are security updates. Use Help, Check for Updates to install the most current version.
Adobe Bridge 11.1 is a security update.
https://www.adobe.com/in/products/bridge.html
Security Software Updates
One or more of these is likely to be of interest to most people.
Gpg4win 3.1.16 updates libraries and resolves several bugs. This is a security update.
https://www.gpg4win.org/download.html
Hashcat 6.2.2 improves automation, adds new hash-modes and resolves several bugs. This is not a security update.
https://hashcat.net/hashcat/#downloadlatest
RogueKiller 15.0.8 updates engine and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/
Tails 4.20 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html
uBlock Origin 1.36.2 is a security update.
https://github.com/gorhill/uBlock/releases/latest
Capture Updates
These are unlikely to be of interest to most people.
ScreenToGif 2.32.1 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest
SnagIt 2021.4.2 resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe
VideoCacheView 3.07 improves Firefox compatibility. This is not a security update.
https://www.nirsoft.net/utils/video_cache_view.html
Converter Updates
These are unlikely to be of interest to most people.
IsoBuster 4.8 adds ReFS support, dmg, adf, and hdf file support, metadata parsing, Amiga partitions, block range addressing and search support. This is not a security update.
https://www.isobuster.com/download.php
MakeMKV 1.16.4 improves decoding, compatibility, and resolves several bugs. This is not a security update.
https://www.makemkv.com/download/
Utility Updates
These are unlikely to be of interest to most people.
1Password for Mac 7.8.6 resolves several bugs. This is not a security update.
https://1password.com/downloads/mac/
1Password for Windows 7.7.810
https://1password.com/downloads/windows/
8GadgetPack 34.0 resolves several bugs and improves compatibility. This is not a security update.
https://8gadgetpack.net/
AccessChk 6.14 adds support for NULL DACL reporting. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk
Aomei Partition Assistant 9.3 adds option to create portable version, resolves an app mover bug. This is not a security update.
https://www.diskpart.com/
Bitwarden 1.27.1 resolves several bugs. This is not a security update.
https://bitwarden.com/
Dell Command Update 4.2.1 doesn’t provide a changelog. This should be treated as a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en
DesktopOK 9.11 adds support for Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK
DevManView 1.75 adds support for sorting by menu. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html
Everything Toolbar 0.7.1 improves keyboard support, added options and integration, and resolves several bugs. This is not a security update.
https://github.com/stnkl/EverythingToolbar/
Fido 1.20 adds Windows 7 ISO downloads. This is not a security update.
https://github.com/pbatard/Fido/releases
GoodSync 11.7.6 resolves several bugs. This is not a security update.
https://www.goodsync.com/
Homedale 1.97 resolves a bug. This is not a security update.
https://www.the-sz.com/products/homedale/
NetworkTrafficView 2.41 adds support for sorting by menu. This is not a security update.
https://www.nirsoft.net/utils/network_traffic_view.html
NTLite 2.1.2.8074 adds Windows 11 support and updates components. This is not a security update.
https://www.ntlite.com/download/
osquery 4.9.0 updates libraries, adds log rotation, improves table options, startup and shutdown time, and resolves other bugs. This is not a security update.
https://osquery.io/downloads
PointerStick 5.33 adds support for Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick
PowerToys 0.41.3 resolves stability issues. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest
Process Monitor 3.83 resolves several bugs. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
RoboForm 9.1.5 resolves several bugs. This is not a security update.
https://www.roboform.com/
Strings 2.54 improves handling of files containing long strings. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/strings
Sysmon 13.22 improves performance and resolves a sub-rule bug. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
TCPView 4.13 fixes a bug with connection state filtering. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview
TraceRouteOK 2.55 updates signature and languages. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK
USBDeview 3.02 improves high-DPI support and adds support for sorting by menu. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html
WinRAR 6.02 is a security update.
https://www.rarlab.com/
WinScan2PDF 7.22 adds Windows 11 support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF
WizTree 4.01 adds several new filter features, multiple simultaneous drive support, performance improvements, and adds cosmetic options. This is not a security update.
https://wiztreefree.com/
Developer Updates
These are unlikely to be of interest to most people.
Android Studio 4.2.2.0 resolves several bugs. This is not a security update.
https://developer.android.com/studio
Node.js 16.4.2 is a security update.
https://nodejs.org/en/
Node.js 12.22.3 is a security update.
https://nodejs.org/en/
Node.js 14.17.3 is a security update.
https://nodejs.org/en/
SQLite 3.36.0 improves EXPLAIN, BOM skipping, and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html
Visual Studio Code 1.58 resolves several bugs. This is not a security update.
https://code.visualstudio.com/
Web Package Updates
These are likely to be of interest only to web developers.
Dada Mail 11.14.1 updates libraries, adds limits to Forward to a Friend, and resolves several bugs. This is not a security update.
https://dadamailproject.com/
Docker Desktop 3.5.2 resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop
Drupal 9.2.1 resolves several bugs. This is not a security update.
https://drupal.org/download
MailEnable 10.35 is a security update.
https://www.mailenable.com/
Nextcloud Server 22.0.0 adds Circles support, integrates chat and tasks, approval workflows, PDF signing, and resolves over 600 bugs. This is not a security update.
https://nextcloud.com/
ScreenConnect 21.9.4007.7863 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download
Akismet 4.1.10 resolves several bugs and improve API requests. This is not a security update.
Conditional Widgets 3.1 announced their native incompatibility with WP 5.8+ and how to continue to use it. This is not a security update.
Duplicator 1.4.2 resolves several bugs and updates package diagnostics. This is not a security update.
myStickymenu 2.5.3 resolves several bugs. This is not a security update.
Visual Composer 37.0 resolves several bugs, improves compatibility, and adds user interface improvements. This is not a security update.
W3 Total Cache 2.1.5 is a security update.
WooCommerce 5.5.0 resolves dozens of bugs. This is not a security update.
WP Mail SMTP 2.9.0 adds scheduler, improved notifications, and resolves several bugs. This is not a security update.
That’s all for now folks. Keep it clean out there. 😉
Regards,
Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/