Updates 2023-01-10

Happy New Year, Folks!

Today is Patch Tuesday for January, 2023.

This month brings over 200 application updates and over 100 major hacks. It’s the lightest month we’ve seen in a while, with only about 3 GB of updates for most users.

This Month in Technology

3Commas, Aetna ACE, Antwerp, Belgium, Argonne (ANL), Astro, Avem Health Partners, Azienda Ospedaliera di Alessandria hospital, Bay City Health & Rehabilitation Center, Benchmark, BetMGM, BitKeep crypto wallet users, BMW, Bosselman Energy, Inc. Employee Health Benefits Plan, Brookhaven (BNL), BTC.com, CA Department of Finance, Captify Health, Careportal, Chick-fil-A, CircleCI, Citrix ADC and Gateway, CoinTracker, Comcast Xfinity, Consulate Health Care, Copper Mountain Mining Corporation, Cott Systems, Deezer, Degroof Petercam, Digipolis, DoorDash, Empresas Públicas de Medellín, FBI’s InfraGard, Fitzgibbon Hospital, Five Guys, Flying Blue, Foundcare, Inc., FuboTV, Gemini crypto exchange, Ghost CMS, GitHub auth, Google Home smart speaker, Grupo Estrategas EMM, H-Hotels, Hawaiian Eye Center, Hospital for Sick Children (SickKids), Indian Railway Catering and Tourism Corp, Intrado, John F. Kennedy International Airport taxi dispatch system, JsonWebToken, Kubernetes clusters, L. Knife & Son, Inc. Employee Benefits Plan, Lake Charles Memorial Health System, LastPass (“most” data was encrypted), Lawrence Livermore National Laboratories (LLNL), Legacy Hospice, LEGO BrickLink, Live Oak Surgery Center, Louis A. Johnson Veterans’ Administration Medical Center, Mango Markets, Maternal & Family Health Services, Maybank, Medicare, MedStar Mobile Healthcare, Mercedes, 60,000+ Microsoft Exchange servers, Midwest Orthopaedic Consultants, S.C., Monarch, Netgear WiFi routers, New Vision Dental, Okta, Port of Lisbon Administration, Prairie Lakes Healthcare System, PyTorch, Quality Behavioral Health, Queensland University of Technology, Rackspace, SAIF Corp, Sargent & Lundy, SevenRooms, Shibuya Ward office in Tokyo, Slack, SlideTeam, Social Blade, Synology, Telas Palo Grande, The Elizabeth Hospice, The Guardian, The Malaysian Election Commission, Three Rivers Provider Network, Toyota, TPG Telecom Ltd, Twitter, Uber, UK Schools, UK’s Department for Environment, Food & Rural Affairs, Ukrainian Government (because they pirated Windows), Ukrainian Ministry of Defense, Universidad De La Salle, University of Havana, University of Miami, Verisma Systems, Inc., VSCode Marketplace, Wabtec Corporation, Windows Problem Reporting, YITH WooCommerce Gift Cards Premium, and Zoho ManageEngine have reportedly been hacked or compromised this month.

ChatGPT, the latest AI designed to make humanity obsolete, is already being used to develop malwareAdobe is using your content to train their AI. 

Microsoft still hasn’t gone all-in on Windows 11. Google Chrome (and all other Chromium-based browsers – Edge, Brave, Vivaldi and so on) will no longer support Windows 7, 8, 8.1, or Server 2012/2012 R2 in only a month. The latest build of iTunes is not compatible with the end-to-end encryption feature on iOS/iPadOS.

The only government caught bombing people not party to the Russo-Ukrainian war says cyberattacks should be considered war crimes. The FTC is planning to kill the US economy, while the FCC has decided to regulate space.

Now for the good news:

Almost every ‘conspiracy theory‘ that people had about twitter turned out to be true. The FBI has seized domains involved in DDoS attacks.

John Deere will finally allow farmers to repair their own equipment. This is a major movement in conjunction with the Right to Repair, and could save farmers millions on production expenses.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 3
GB in updates today. Let’s get started.

Windows 11 22H2 still isn’t ready for prime time, so hold off for at least another month.

Microsoft released updates to address 90 vulnerabilities in .NET Core, 3D Builder, Azure Service Fabric Container, Microsoft Bluetooth Driver, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Local Security Authority Server (lsasrv), Microsoft Message Queuing, Microsoft Office, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft WDAC OLE DB provider for SQL, Visual Studio Code, Windows ALPC, Windows Ancillary Function Driver for WinSock, Windows Authentication Methods, Windows Backup Engine, Windows Bind Filter Driver, Windows BitLocker, Windows Boot Manager, Windows Credential Manager, Windows Cryptographic Services, Windows DWM Core Library, Windows Error Reporting, Windows Event Tracing, Windows IKE Extension, Windows Installer, Windows Internet Key Exchange (IKE) Protocol, Windows iSCSI, Windows Kernel, Windows Layer 2 Tunneling Protocol, Windows LDAP – Lightweight Directory Access Protocol, Windows Local Security Authority (LSA), Windows Local Session Manager (LSM), Windows Malicious Software Removal Tool, Windows Management Instrumentation, Windows MSCryptDImportKey, Windows NTLM, Windows ODBC Driver, Windows Overlay Filter, Windows Point-to-Point Tunneling Protocol, Windows Print Spooler Components, Windows Remote Access Service L2TP Driver, Windows RPC API, Windows Secure Socket Tunneling Protocol (SSTP), Windows Smart Card, Windows Task Scheduler, Windows Virtual Registry Provider, Windows Workstation Service and MSRT (~1.5 GB). This includes security updates. A reboot is required.

Google Chrome OS 108.0.5359.172 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Ventura (13.x) means that macOS Catalina (10.15) and older are no longer supported. If you can not install at least macOS Big Sur (11) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

DS4Windows 3.2.3 resolves a bug with the Shift Modifier trigger. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Nvidia Driver 474.11 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Xerox Smart Start 1.7.71.0 doesn’t provide a changelog so should be treated as a security update.
https://www.support.xerox.com/en-us/content/143617

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.46.153 is a security update.
https://brave.com/

Google Chrome 108.0.5359.124 is a security update.
https://www.google.com/chrome/

Microsoft Edge 108.0.1462.76 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 108.0.2 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Vivaldi 5.6.2867.50 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.10.8 resolves a couple bugs. This is not a security update.
https://getmailspring.com/

Spark 3.2.2.40861 improves stability and resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.2.2.40859 improves stability and resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 102.6.1 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.1.7 improves command-line controls and resolves dozens of bugs. This is not a security update.
https://anydesk.com/en/downloads

curl 7.87.0 resolves dozens of bugs. This is not a security update.
https://curl.haxx.se/windows/

Dropbox 164.4.7914 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 172.0.0.28.215 is a security update.
https://www.messenger.com/download

FreeFileSync 11.29 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 69.0 is a security update.
https://drive.google.com/start

Npcap 1.72 resolves a couple bugs. This is not a security update.
https://nmap.org/npcap/

Prosody 0.12.2 is a security update.
https://prosody.im/download/start

Rclone 1.61.1 adds several new features and resolves many bugs. This is not a security update.
https://rclone.org/

Signal (Android) 6.6.3 doesn’t provide a public changelog so should be treated as a security update.
https://signal.org/android/apk/

Signal 6.1.0 resolves several bugs. This is not a security update.
https://signal.org/download/windows/

Skype 8.91.0.404 adds automatic audio translation. Really. This is not a security update.
https://www.skype.com/

Syncthing 1.23.0 resolves several bugs. This is not a security update.
https://syncthing.net/

Telegram 4.5.3 resolves a bug. This is not a security update.
https://telegram.org/

Zoom 5.13.4.11835 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Bitwig Studio 4.4.6 resolves a couple bugs. This is not a security update.
https://www.bitwig.com/download/

darktable 4.2.0 resolves dozens of bugs. This is not a security update.
https://www.darktable.org/

iTunes 12.12.7.1 resolves several bugs and improves compatibility. This is not a security update.
https://www.apple.com/itunes/download/

Kodi 19.5 doesn’t provide a changelog so should be treated as a security update.
https://kodi.tv/

Plex Desktop 1.60.1.3413 improves album art and Discover behavior, and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.31.1.3412 improves album art and adds an option to dismiss Discover What to Watch. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Unreal Media Server 15.0 improves streaming capabilities. This is a security update.
http://www.umediaserver.net/umediaserver/download.html

Winamp 5.9.1.10029 updates libraries and resolves several bugs. This is a security update.
https://www.winamp.com/player/

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2022.11.1.56 resolves several bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.1.155 integrates direct access to the Asset Store and resolves several bugs. This is not a security update.
https://gdevelop.io/download

Steam 2023.12.01 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 22.003.20310 is a security update.
https://get.adobe.com/reader

Adobe Acrobat 22.003.20310 and 20.005.30436 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb23-01.html

Adobe InDesign 18.1 and 17.4.1 are security updates.
https://helpx.adobe.com/security/products/indesign/apsb23-07.html

Adobe InCopy 18.0 and 17.4 are security updates.
https://helpx.adobe.com/security/products/incopy/apsb23-08.html

Adobe Dimension 3.4.7 is a security update.
https://helpx.adobe.com/security/products/dimension/apsb23-10.html

Audacity 3.2.3 adds support for audio.com and resolves several bugs. This is not a security update.
https://www.audacityteam.org/download/

Calibre 6.11.0 adds automatic editing of CSS and resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Krita 5.1.5 resolves several bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

Notepad++ 8.4.8 updates libraries and resolves over a dozen bugs. This is not a security update.
https://notepad-plus-plus.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

DNSQuerySniffer 1.90 adds Show High Resolution Duration option. This is not a security update.
https://www.nirsoft.net/utils/dns_query_sniffer.html

Gpg4win 4.1.0 improves certificate handling and resolve several bugs. This is not a security update.
https://www.gpg4win.org/download.html

HTTP Toolkit 1.12.2 doesn’t provide a changelog so should be treated as a security update.
https://httptoolkit.tech/

KeePass 2.53 adds keyboard controls and history and filter improvements. This is not a security update.
https://keepass.info/

MalwareBytes Anti-Malware 4.5.19 resolves several bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

ProtonVPN 2.3.2 adds new languages. This is not a security update.
https://protonvpn.com/download

ProtonVPN (macOS) 3.0.11 adds new languages. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.6.5 resolves several bugs and improves reliability. This is not a security update.
https://www.adlice.com/download/roguekiller/

Tails 5.8 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.46.0 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

Open Broadcaster Software 29.0.0 adds several new encoders and decoders, and resolves several bugs. This is not a security update.
https://obsproject.com/

SnagIt 23.0.2 improves Grab Text feature and resolves several bugs. This is not a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.9.6 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

HandBrake 1.6.0 adds several transcoding options, updates libraries, and resolves several bugs. This is not a security update.
https://handbrake.fr/

StreamFab 6.1.0.2 improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.19 adds automatic relinking of Mendeley citations, and resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.9.12 improves reliability and resolves several bugs. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.9.12 improves reliability and resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/

AOMEI Partition Assistant 9.13.1 resolves several bugs. This is not a security update.
https://www.diskpart.com/

Bitwarden 2022.12.0 resolves several bugs. This is not a security update.
https://bitwarden.com/

CCleaner 6.07.10191 improves startup speed and resolves several bugs. This is not a security update.
https://www.ccleaner.com/

Cygwin 3.4.3 resolves a couple bugs. This is not a security update.
https://cygwin.com/

Dell Command Update 4.7.1 doesn’t provide release notes for this build, so it should be treated as a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

DesktopOK 10.61 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 3.2.242.0 adds a portable version, improves extension support, syntax highlighting, selection keys, and updates libraries. This is not a security update.
https://dngrep.github.io/

DMDE 4.0.2.804 resolves several bugs. This is not a security update.
https://dmde.com/

Etcher 1.13.2 resolves several bugs and updates dependencies. This is not a security update.
https://www.balena.io/etcher/

Fido 1.40 improves error handling. This is not a security update.
https://github.com/pbatard/Fido/releases

Go 1.19.5 resolves several bugs. This is not a security update.
https://go.dev/

GoodSync 12.1.4 resolves several bugs. This is not a security update.
https://www.goodsync.com/

grepWin 2.0.12 resolves several bugs. This is not a security update.
https://github.com/stefankueng/grepWin/releases/latest

Homedale 2.05 improves logging and SSID reporting. This is not a security update.
https://www.the-sz.com/products/homedale/

Memtest86+ 6.01 resolves a couple bugs. This is not a security update.
https://www.memtest.org/

NetworkInterfacesView 1.26 add Interface Index column. This is not a security update.
https://www.nirsoft.net/utils/network_interfaces.html

NTLite 2.3.9.9020 updates languages and components. This is not a security update.
https://www.ntlite.com/download/

osquery 5.7.0 provides several table updates, introduces security_profile_info, and resolves several bugs. This is not a security update.
https://osquery.io/downloads

PowerToys 0.66.0 improves installer and resolves dozens of bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 9.4.1 imposes new licensing restrictions for free accounts. This is not a security update.
https://www.roboform.com/

ScreenConnect 22.10.10924.8404 adds several new security features and controls, and resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Superpaper 2.2.1 resolves several bugs. This is not a security update.
https://github.com/hhannine/superpaper/

TeamViewer 15.37.3 resolves a couple bugs. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

Unity 2022.2.1 resolves several bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

Ventoy 1.0.87 resolves several bugs. This is not a security update.
https://www.ventoy.net/en/index.html

WinScan2PDF 8.41 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

ZoomText 2023 2023.2212.21.400 adds Freeze View and Early Adopter support. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

GitHub Desktop 3.1.3 resolves several bugs. This is not a security update.
https://desktop.github.com/

NASM 2.16.01 resolves several bugs. This is not a security update.
https://www.nasm.us/index.php

Node.js 19.4.0 resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/

Node.js 18.13.0 resolves several bugs. This is not a security update.
https://nodejs.org/en/

SQLite 3.40.1 resolves a couple bugs. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.74.2 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.14.4 resolves dozens of bugs. This is not a security update.
https://ppsspp.org/downloads.html

VMware Workstation Player 17.0.0 improves TPM, adds support for newer operating systems, adds encryption, and updates OpenGL 4.3 and WDDM 1.2. This is a security update.
https://customerconnect.vmware.com/downloads/#all_products

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.21 corrects a couple bugs. This is not a security update.
https://coppermine-gallery.net/

Drupal 9.5.1 resolves several bugs. This is not a security update.
https://drupal.org/download

HumHub 1.13.0 improves module integration, Spaces, adds Open Graph, diagnostics and several other features. This is not a security update.
https://www.humhub.com/en/download

ISPConfig 3.2.9 adds 2FA and support for latest Ubuntu, and resolves several bugs. This is not a security update.
https://www.ispconfig.org/ispconfig/download/

jQuery 3.6.3 resolves the CSS.supports selector bug. This is not a security update.
https://code.jquery.com/

Piwigo 13.4.0 resolves several bugs. This is not a security update.
https://piwigo.org/

SpamAssassin 4.0.0 is a major update adding full Unicode support, parsing for many more URL forms and TLDs, and resolves several bugs. This is not a security update.
https://spamassassin.apache.org/downloads.cgi

BuddyPress 11.0.0 improves performance, adds webp support, and resolves dozens of bugs. This is a security update.
https://wordpress.org/extend/plugins/buddypress/

Contact Form 7 5.7.2 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Social Post Feed 4.1.6 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

Postie 1.9.63 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/postie/

Raw HTML 1.6.4 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/raw-html/

Register IP – Multisite 1.9.1 resolves a couple bugs. This is not a security update.
https://wordpress.org/extend/plugins/register-ip-multisite/

WooCommerce 7.2.2 resolves dozens of bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Mail SMTP 3.7.0 improves cleanup and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/

WP Update Server 2.0.1 improves compatibility. This is not a security update.
https://github.com/YahnisElsts/wp-update-server

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2022-10-11

Welcome back, Folks!

Today is Patch Tuesday for October, 2022. This month brings a new major version of Windows 11, and impending new version of Windows 10. That’s on top of the 120 major hacks, and another 150+ application updates this month. This is actually the lightest month we’ve had in a while, with less than 3 GB of updates for most users.

This Month in Technology

2K Games, a high-profile Hawaiian financial company, Airplane WiFi networks, Albanian State Police, American Airlines, Anesthesia Associates of El Paso PA, Anesthesia Associates of Maryland LLC, Anesthesia Services of San Joaquin PC, Argentina’s Ministry of Economy, Ask.FM, Bell Technical Solutions, Bhinneka, Binance, Bitbucket Server, Bonita Springs Retirement Village, Inc., Bronx Anesthesia Services PC, Centerstone of Tennessee, Inc., Centre Hospitalier Sud Francilien, Chase UK, Chilean Judiciary, Chilean Ministry of Defense, City of Tucson, Columbia River Mental Health Services, Comision Nacional de Acreditación in Chile, Comm100 Live Chat, CommonSpirit Health, Consorci Sanitari Integral, Costa Group, Country Doctor Community Clinic, CSI Laboratories (again!), The Coeur Group, Dialog, Digital Network System, DLS Motors, Easterseals-Goodwill Northern Rocky Mountain, Inc., Elbit Systems of America, Empress EMS, Extended MLTC, an F-35 Lightning II fighter aircraft components supplier, Fast Company, FishPig, FMC Services, LLC, FortiOS, FortiProxy, Fredericksburg Anesthesia Services LLC, Guatemala’s foreign ministry, Hampton Public Library, Hazleton Anesthesia Services PC, Independence, Intel, Jaime Câmara, Johnson Fitness and Wellness, Kaye-Smith Enterprises, Inc., Kiwi Farms, Landmark Management Services, Latam government, Lloyd’s of London, Lynbrook Anesthesia Services PC, Magellan Rx Management, Magento, Makler, Mexican Military, Microsoft Endpoint Configuration Manager, Microsoft Exchange, hundreds of Microsoft SQL servers, Monroe Ear Nose and Throat Associates, PC, National Institute for Drug and Food Surveillance, Neurology Center of Nevada, New York Racing Association, Northern California Fertility Medical Center, Okta Auth0, Optus, Oracle Cloud, Orange Southwest Supervisory District, Palm Springs Anesthesia Services PC, Peru’s Instituto De Desarrollo Profesional, Physician’s Business Office, Inc., Providence WA Anesthesia Services PC, Puigcerda Hospital, Quintal, redONE Network Sdn Bhd, REDTONE Digital BHD Network, Reelfoot Family Walk-In Clinic, Reid and Riege, P.C., Reidville Fire Department, Resource Anesthesiology Associates of CA A Medical Corporation, Resource Anesthesiology Associates of IL PC, Resource Anesthesiology Associates PC, Revolut, Rockstar Games, Seattle Children’s Hospital, Seesaw, Shangri-La Group, Smith, Gambrell & Russell, LLP, South Redford School District, Starbucks, State Bar of Georgia, State of Colorado, Swachhata, TAP Air Portugal, Telstra, Tessie Cleveland Community Services Corp, The Icon Group, Toyota, Transit Finance, Trend Micro Apex One, Trillium Health Inc., U.S. Dept of Defense, Uber (more), Universidad Internacional Del Ecuador, Upstate Anesthesia Services PC, UW Medicine, Wakanim, WhatsApp, Wintermute, Zimbra, and Zoho ManageEngine have reportedly been hacked or compromised this month.

MEC has shared with us why Microsoft Exchange has proven to be such a large target. 350+ million email accounts spread across over 300,000 physical servers, where (demonstrably) security lapses are commonplace. Even with that, it has nothing to do with the recent spate of outlook crashes or certificate issues on MS products.

There’s more evidence demonstrating the risk of pirated software. Twitter neglected to log out devices after password resets. And Dell drivers are being used to hijack computers.

The newest version of Windows 11 was released less than 3 weeks ago. It has problems. Among the many issues with the latest release of Windows 11 include
file copy performance, Windows Hello failure, provisioning, Remote Desktop, printer issues, Intel audio, NVIDIA GeForce Experience, and NVIDIA gaming performance, and those are just the ones that have made the news so far. If you’re planning to upgrade to the latest build of Windows 11, wait another month or two.

Now for the good news:

It turns out the theoretial protection of tinfoil hats may have actually been a government conspiracy. Really. How is this good news? You don’t have to worry about making sure you have tinfoil available anymore! 🙂

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly
GB in updates today. Let’s get started.

Windows 11 22H2 (22621) is a major update for Windows 11, but it has been plagued with issues over the last couple weeks. Give it time before you willingly update.

Microsoft released updates to address 90 vulnerabilities in Active Directory Domain Services, Azure, Azure Arc, Client Server Run-time Subsystem, Microsoft Edge, Microsoft Graphics Component, Microsoft Office, Microsoft Office 365 2209 (15629.20156), Microsoft Office SharePoint, Microsoft Office Word, Microsoft WDAC OLE DB provider for SQL, NuGet Client, Remote Access Service Point-to-Point Tunneling Protocol, Role: Windows Hyper-V, Service Fabric, Visual Studio Code, Windows Active Directory Certificate Services, Windows ALPC, Windows CD-ROM Driver, Windows COM+ Event System Service, Windows Connected User Experiences and Telemetry, Windows CryptoAPI, Windows Defender, Windows DHCP Client, Windows Distributed File System, Windows DWM Core Library, Windows Event Logging Service, Windows Group Policy, Windows Group Policy Preference Client, Windows Internet Key Exchange Protocol, Windows Kernel, Windows Local Security Authority, Windows Local Security Authority Subsystem Service, Windows Local Session Manager, Windows NTFS, Windows NTLM, Windows ODBC Driver, Windows Perception Simulation Service, Windows Point-to-Point Tunneling Protocol, Windows Portable Device Enumerator Service, Windows Print Spooler Components, Windows Resilient File System, Windows Secure Channel, Windows Security Support Provider Interface, Windows Server Remotely Accessible Registry Keys, Windows Server Service, Windows Storage, Windows TCP/IP, Windows USB Serial Driver, Windows Web Account Manager, Windows Win32K, Windows WLAN Service, Windows Workstation Service, and MSRT (~2 GB). This includes security updates. A reboot is required.

Apple released updates for iOS 16.0.3 and watchOS 9.0.2. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS iOS 16.0.3 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 9.0.2 is a security update. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 105.0.5195.134 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 22.10.1 improves stability. This is not a security update.
https://www.amd.com/en/support

Crucial Storage Executive 8.03 does not provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.5.5 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DS4Windows 3.1.6 resolves dozens of issues. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Epson ET-4800 3.01 adds support for newer Remote Print Driver and Epson Photo+ Software. This is not a security update.
https://epson.com/Support/Printers/All-In-Ones/ET-Series/Epson-ET-4800/s/SPT_C11CJ65201

Garmin Express 7.14.0 doesn’t provide a changelog so should be treated as a security update.
https://www.garmin.com/en-US/software/express/

Intel Driver and Support Assistant 22.6.39 resolves several bugs and improves feedback. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Netgear Nighthawk R7960P 1.4.4.94 is a security update.
https://www.netgear.com/support/product/R7960P.aspx#download

Wacom Driver 6.4.0-8 adds support for newer hardware. This is not a security update.
https://www.wacom.com/en-us/support/product-support/drivers

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.44.108 is a security update.
https://brave.com/

Google Chrome 106.0.5249.103 is a security update.
https://www.google.com/chrome/

Microsoft Edge 106.0.1370.34 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 105.0.3 is a security update.
https://www.mozilla.org/en-US/firefox/new/

SeaMonkey 2.53.14 is a security update.
https://www.seamonkey-project.org/

Vivaldi 5.5.2805.35 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

NK2Edit 3.45 resolves several bugs. This is not a security update.
https://www.nirsoft.net/utils/outlook_nk2_edit.html

OutlookAttachView 3.46 improves visual feedback. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Thunderbird 102.3.2 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.52 improves visual feedback. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

Dropbox 158.4.4564 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 164.0.0.8.109 is a security update.
https://www.messenger.com/download

FileZilla Client 3.61.0 should be treated as a security update.
https://filezilla-project.org/

FreeFileSync 11.26 improves performance and resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 64.0.4 resolves several bugs. This is not a security update.
https://drive.google.com/start

Microsoft Teams 1.5.00.21668 adds support for Apple Silicon, group chat reply suggestions, and improves management features. This is not a security update.
https://teams.microsoft.com/downloads

Mumble 1.4.287 improves compatibility. This is not a security update.
https://www.mumble.info/

Nextcloud Server 24.0.6 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Rclone 1.59.2 improves stability. This is not a security update.
https://rclone.org/

Signal 5.62.0 resolves several bugs and improves contact property view. This is not a security update.
https://signal.org/download/windows/

Skype 8.88.0.401 improves stability. This is not a security update.
https://www.skype.com/

Syncthing 1.22.0 resolves several bugs. This is not a security update.
https://syncthing.net/

Technitium DNS Server 9.1 adds certbot support, dashboard improvements, and several other features. This is not a security update.
https://technitium.com/dns/

Telegram 4.2.4 resolves several bugs. This is not a security update.
https://telegram.org/

WinSCP 5.21.5 is a security update.
https://winscp.net/eng/index.php

Zoom 5.12.2.9281 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Bitwig Studio 4.4 improves stability, adds new audio FX packages, and new “spectral devices.” This is not a security update.
https://www.bitwig.com/download/

darktable 4.0.1 resolves dozens of bugs. This is not a security update.
https://www.darktable.org/

MediaMonkey 5.1 resolves several bugs. This is not a security update.
https://www.mediamonkey.com/windows#download

Plex Desktop 1.55.0.3278 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.26.1.3276 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.29.0.6244 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

Epic Games 14.2.4 resolves several bugs. This is not a security update.
https://www.epicgames.com/

GameMaker Studio 2022.9.0.49 improves stability. This is not a security update.
https://www.yoyogames.com/en/gamemaker

Lego Studio 2.22.9.3 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

Nintendo Switch 15.0.0 improves stability, changes a menu, and adds ability to take screenshots in NSO. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

PS4 10.01 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps4/system-software/

PS5 22.02-06.00.01 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2022.10.06 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Animate 21.0.12 and 22.0.8 are security updates.
https://helpx.adobe.com/security/products/animate/apsb22-54.html

Adobe Bridge 12.0.3 and 11.1.4 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb22-49.html

Adobe Experience Manager CS and 6.5.14.0 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html

Adobe Illustrator 26.5 and 25.4.8 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb22-55.html

Adobe InCopy 17.4 and 16.4.3 are security updates.
https://helpx.adobe.com/security/products/incopy/apsb22-53.html

Adobe InDesign 17.4 and 16.4.3 are security updates.
https://helpx.adobe.com/security/products/indesign/apsb22-50.html

Adobe Photoshop 22.5.9 and 23.5 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb22-52.html

Adobe Reader DC 22.003.20258 is a security update.
https://get.adobe.com/reader

Audacity 3.2.1 improves stability. This is not a security update.
https://www.audacityteam.org/download/

Blender 3.3.1 adds hair geometry, improves deforming tools, and several other features. This is not a security update.
https://www.blender.org/download/

Krita 5.1.1 resolves several bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.4.1 resolves dozens of bugs. This is not a security update.
https://www.libreoffice.org/

Notepad++ 8.4.6 adds change history markers and tab context menu improvements. This is not a security update.
https://notepad-plus-plus.org/

PDF-XChange Editor 9.4.364.0 is a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

Calibre 6.6.1 resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Kindle for PC 1.39.65306 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

Security Software Updates

One or more of these is likely to be of interest to most people.

Chainsaw 2.1.1 resolves several bugs. This is not a security update.
https://github.com/countercept/chainsaw

HTTP Toolkit 1.11.0 doesn’t provide a changelog so should be treated as a security update.
https://httptoolkit.tech/

OnionShare 2.6 adds several new features. This is a security update.
https://onionshare.org/

OpenSSL 3.0.6 is a security update.
https://www.openssl.org/source/

OpenSSL 1.1.1r is a security update.
https://www.openssl.org/source/

OSFClone 1.4.1000 updates libraries and core OS. This is a security update.
https://www.osforensics.com/tools/create-disk-images.html

ProtonVPN 2.1.1 is a cosmetic update. This is not a security update.
https://protonvpn.com/download

ProtonVPN for macOS 3.0.3 is a cosmetic update. This is not a security update.
https://protonvpn.com/download

ReactOS 0.4.14.24 resolves dozens of bugs. This should be treated as a security update.
https://reactos.org/

uBlock Origin 1.44.4 resolves the broken :not() operator. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.10.3 adds directory scanning and improves compatibility. This is not a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

Open Broadcaster Software 28.0.3 resolves several bugs. This is not a security update.
https://obsproject.com/

ScreenToGif 2.37.1 resolves several bugs to improves compatibility. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 22.1.2 resolves an activation bug. This is not a security update.
https://download.techsmith.com/snagit/releases/snagit.msi

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.8.9 adds support for new encodings and improved hardware support. This is not a security update.
https://www.dvdfab.cn/download.htm

iMazing HEIC Converter 2.0.2 doesn’t provide a changelog. This is not a security update.
https://imazing.com/heic

PDF Creator 5.0 is a major update adding new features and organizational tools. This is not a security update.
https://www.pdfforge.org/pdfcreator

StreamFab 5.0.5.6 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.15 adds split view improvements, adds math support, PDF improvements, and resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

BgInfo 4.32 now reports Windows Insider builds. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/bginfo

Bitwarden 2022.9.1 resolves several bugs. This is not a security update.
https://bitwarden.com/

CCleaner 6.04.10044 resolves several bugs. This is not a security update.
https://www.ccleaner.com/

Coreinfo 3.6 adds and option to measure inter-CPU latency. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/coreinfo

DesktopOK 10.34 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Etcher 1.7.9 adds update notification and resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Everything 1.4.1.1022 is a security update.
https://www.voidtools.com/

Everything CLI 1.1.0.26 adds -exit, -reindex, and -utf8bom options, and resolves a Unicode write bug. This is not a security update.
https://www.voidtools.com/

Fido 1.35 is the fourth compatibility release for Windows 11 22H2. This is not a security update.
https://github.com/pbatard/Fido/releases

Git SCM 2.38.0 resolves over a dozen bugs. This is not a security update.
https://git-scm.com/

Go 1.19.2 is a security update.
https://go.dev/

GoodSync 12.0.7 resolves several bugs. This is not a security update.
https://www.goodsync.com/

grepWin 2.0.11 resolves several bugs. This is not a security update.
https://github.com/stefankueng/grepWin/releases/latest

Kingston SSD Manager 1.5.2.4 doesn’t provide a changelog so should be treated as a security update.
https://www.kingston.com/us/support/technical/ssdmanager

NTLite 2.3.8.8945 improves compatibility. This is not a security update.
https://www.ntlite.com/download/

OSForensics 10.0.1004 improves documentation and reports, and updates several features. This is not a security update.
https://www.osforensics.com/download.html

PowerToys 0.63.0 resolves several bugs and updates dependencies. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

ScreenConnect 22.8.9612.8308 adds key rotation, improved session management, improved compatibility and resolves several bugs. This is a security update.
https://www.connectwise.com/software/control/download

Sysmon 14.1 adds monitoring for FileBlockShredding events. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TaskSchedulerView 1.72 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TeamViewer 15.34.4 improves multi-tab display. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

Unity 2022.1.19 resolves dozens of bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

WinGet 1.3.2691 updates dependencies. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 2021.3.1.16 improves wear OS compatibility. This is not a security update.
https://developer.android.com/studio

AutoIt 3.3.16.1 resolves several bugs. This is not a security update.
https://www.autoitscript.com/autoit3/docs/history.htm

GitHub Desktop 3.1.1 resolves several bugs. This is not a security update.
https://desktop.github.com/

MySQL Server 8.0.31 resolves dozens of bugs. This is not a security update.
https://dev.mysql.com/downloads/installer/

MySQL ConnectorNet 8.0.31 resolves several bugs. This is not a security update.
https://dev.mysql.com/downloads/connector/net/

Node.js 14.20.1 is a security update.
https://nodejs.org/en/

Node.js 16.17.1 is a security update.
https://nodejs.org/en/

Node.js 18.10.0 is a security update.
https://nodejs.org/en/

SQLite 3.39.4 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

TortoiseSVN 1.14.5 resolves several bugs. This is not a security update.
https://tortoisesvn.net/downloads.html

Visual Studio Code 1.72.1 is a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 7.0.0 is a major update adding full encryption support, cloud interop connectivity, new hardware virtualization features and resolves several bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.20 improves compatibility. This is not a security update.
https://coppermine-gallery.net/

Drupal 9.4.8 is a security update.
https://drupal.org/download

Joomla 4.2.3 resolves several bugs. This is not a security update.
https://www.joomla.org/

MailEnable 10.42 and 9.85 are security updates.
https://www.mailenable.com/

Piwigo 13.0.0 adds several new features and updates compatibility options. This is not a security update.
https://piwigo.org/

Akismet 5.0.1 resolves several bugs.
https://wordpress.org/extend/plugins/akismet/

Autoptimize 3.1.2 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

myStickymenu 2.6.1 removes the contact form character limit. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/

Postie 1.9.62 resolves a timezone bug. This is not a security update.
https://wordpress.org/extend/plugins/postie/

Redirection 5.3.4 resolves a “not” bug. This is not a security update.
https://wordpress.org/extend/plugins/redirection/

Simple Lightbox 2.9.2 should be treated as a security update.
https://wordpress.org/extend/plugins/simple-lightbox/

Slider Revolution 6.6.3 resolves a couple bugs. This is not a security update.
https://revolution.themepunch.com/

W3 Total Cache 2.2.6 resolves a Cloudfront compatibility bug. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WP Mail SMTP 3.6.1 resolves several bugs and improves debug controls. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/

WooCommerce 6.9.4 resolves dozens of bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WordPress Importer 0.8 improves compatibility and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/wordpress-importer/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2022-09-13

Welcome back, Folks!

Today is Patch Tuesday for September, 2022. This month brings new major versions of iOS, tvOS, watchOS, and impending new versions of Windows 11 and Windows 10. That’s on top of the 120 major hacks, and over 150 application updates this month. Even with all that, it’s actually a pretty light month, with only about 3 GB of updates for most users.

This Month in Technology

Advanced (NHS MSP), Akamai, Akasa Air, Albanian government, Ally Bank, Amazon, Argentina’s Judiciary of Córdoba, Armed Forces General Staff agency of Portugal (EMGFA), Atlantic Dialysis Management Services, Atlassian Bitbucket Server, an “automotive supplier“, Avamere Health Services LLC, Baker & Taylor, Banorte, Block, BOGA Group, Bombardier Recreational Products (BRP), BrandNewTube, BSA Hospice of the Southwest, California Department of Corrections and Rehabilitation (CDCR), Celanese Medical Plan, Center Hospitalier Sud Francilien (CHSF), Cerebral Medical Group, P.A., Chester Upland School District, Chile Consumer Protection Agency, Chile’s government, Cisco (more), Common Ground Healthcare Cooperative, Conifer Revenue Cycle Solutions, CorrectHealth, CS.MONEY, Damart, DaVita Inc., DESFA, DigitalOcean, Dominican Republic’s Instituto Agrario Dominicano, DoorDash, EmergeOrtho, energy providers worldwide, Entrust, Eurocell, Family Medicine Centers, Farmville Internal Medicine, First Street Family Health, Forsyth County medical office, Franklin College, General Bytes, General Health System, Gestore dei Servizi Energetici SpA (GSE), Go-Ahead, Health Advantage, Henderson & Walton Women’s Center, P.C., Holdcroft Motor Group, HP Support Assistant, Hyundai, InterContinental Hotels Group PLC (IHG), IRS, Japan government, KeyBank, Kickstarter (?), LA USD (more), Lamoille Health Partners, LastPass, Lee County Emergency Medical Services, Liberty Counsel, MailChimp, Major Cineplex, Major Development PCL, Medical Mutual of Ohio, Methodist Craig Ranch Surgical Center, Methodist McKinney Hospital, Microsoft Teams, Montenegro government (and lied about it), Mossad, Nelnet Serving, Neopets, Nereus Finance, New Free DAO, NorthStar HealthCare Consulting LLC, Northwestern Medical Center, Novant Health, over 130 organizations via Okta, OMNI Healthcare, INC, OneTouchPoint, Onyx Technology LLC, Orange Cyberdefense, Overlake Medical Center & Clinics, Plex, Practice Resources LLC, Priti Patel Physician PC, Prowers  County Hospital District, PT Jasamarga Tollroad Operator, QNAP Photo Station, QuestionPro, Rug Pull Finder, Samsung, San Diego American Indian Health Center, San Francisco 49ers, Sando, Savannah College of Art and Design, Sephora, SFERRA, Sheppard Robson, Shipyaari, ShitExpress, Signal, SitePoint, South Staffordshire Water, Specialized Treatment Facility, Sri Lanka Department of Examinations, Starlink’s Dishy McFlatface, START.ru, Stratford University, TAP Air Portugal, Tesla cars, The North Face, TikTok, Trinity Health, Tulsa Tech, Twilio, Twitter, U-Haul, UK’s National Health Service, USAble Mutual Insurance Company, Valley Baptist Medical Center – Brownsville, Valley Baptist Medical Center – Harlingen, Warner Norcross & Judd, Xinai Electronics, and Zimbra Collaboration Suite have reportedly been hacked or compromised this month.

75% of retailers and 52% of supply chains report being hacked in 2021. Those numbers don’t reflect well on the security state of the nation. 🙁

Patreon fired their entire security department. What this means for you: if you’re still using Patreon, now is the best time to stop.  The Zoom installer can get you hacked. Facebook and Twitter will soon be shunning the CIA. (/sarc)

After updates last month, MS Office would crash if you floated your mouse over Outlook contacts. The version was pulled, but a new version wasn’t released until today. Microsoft released a virus definitions update that falsely identified every Electron app as malware on September 4th (the Labor Day holiday weekend). While it took only 13 hours before they released a fix, it was 13 hours too long for many who thought their browsers had been compromised. Edge 105 wouldn’t start if you had policies enabled relating to data reporting. Completely removing the policies was the only workaround. Tabs are coming to Windows Explorer in a “Moment.” I think they should probably call them Hot Flashes. Or Whims.

The only significant outages this month were Microsoft Azure and Microsoft 365.

End-of-life (EOL) means end-of-life. Don’t expect vendors to fix critical vulnerabilities in EOL hardware or software. Usually. This is a win for Apple. This isn’t. And this is just sad.

Google finished their purchase of Mandiant. Even Lloyd’s of London is taking a page out of the terrorism handbook. The IoT (Internet of Things) is far less secure than they claim. In an approach that could only be described as inevitable, the anti-cheat software used to prevent cheating in a video game is being abused to hack computers with it installed.

The concept of software “permissions” is fatally flawed. While this article only demonstrates how it effected the clipboard, it’s a timely reminder to keep your camera and mic physically disabled whenever possible.

When the Federal government has no respect for the law, is it any surprise that law enforcement are tracking you without warrants. Duh.

Now for the good news:

While there’s not a lot of good news in tech, we can at least have some fun with it. Check out these barcode ponies.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is about average this month. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates to address 64 vulnerabilities in .NET and Visual Studio, .NET Framework, Azure Arc, Cache Speculation, HTTP.sys, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft Windows ALPC, Microsoft Windows Codecs Library, Network Device Enrollment Service (NDES), SPNEGO Extended Negotiation, Visual Studio Code, Windows Common Log File System Driver, Windows Credential Roaming Service, Windows Defender, Windows Distributed File System (DFS), Windows DPAPI (Data Protection Application Programming Interface), Windows Enterprise App Management, Windows Event Tracing, Windows Group Policy, Windows IKE Extension, Windows Kerberos, Windows Kernel, Windows LDAP – Lightweight Directory Access Protocol, Windows ODBC Driver, Windows OLE, Windows Photo Import API, Windows Print Spooler Components, Windows Remote Access Connection Manager, Windows Remote Procedure Call, Windows TCP/IP, Windows Transport Security Layer (TLS), and MSRT (~3 GB). This includes security updates. A reboot is required.

Apple released updates for iOS 12.5.6 and 16.0, iPadOS 15.6.1, macOS Big Sur 11.7, macOS Monterey 12.5.1 and 12.6, Safari 15.6.1 and 16.0. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 12.5.6 and 16.0 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 15.6.1 is a security update. Use Settings, General, Software Update to install the most current update.

tvOS 16.0 is a security update. Use System, Software Update to install the most current version.

watchOS 9.0 is a security update. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 105.0.5195.112 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The new versions of Windows 10 and Windows 11 are expected within the next month. This release is the first in Microsoft’s new “Moments” behavior. We knew this would eventually happen last year when they threw in the towel on their 6-month OS release cadence and switch to a 1-year cadence, then last month announced that they would instead release a new major build every 3 years but release smaller feature updates (called “Moments”) whenever they wanted to. I think they missed their chance to call them “Whims”. If their recent cadence changes demonstrate anything, it’s that it’s all on a Windows Whim anyway. 🙂

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 22.8.2 resolves several bugs and improves compatibility. This is not a security update.
https://www.amd.com/en/support

BullZip PDF Printer 14.0.0.2944 removes features. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Dymo Connect for Desktop 1.3.2.18 improves compatibility, but still not supported on Windows 11. This is not a security update.
https://www.dymo.com/label-makers-printers/labelwriter-label-printers/dymo-labelwriter-450-duo-thermal-label-printer/SAP_1752267.html

Intel Driver and Support Assistant 22.5.34 improves stability and resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.43.89 is a security update.
https://brave.com/

Google Chrome 105.0.5195.102 is a security update.
https://www.google.com/chrome/

Microsoft Edge 105.0.1343.33 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 104.0.2 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 102.2.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 5.4.2753.47 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.10.5 is a security update.
https://getmailspring.com/

Thunderbird 102.2.2 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.0.14 is a security update.
https://anydesk.com/en/downloads

curl 7.85.0 resolves over a hundred bugs. This is a security update.
https://curl.haxx.se/windows/

Dropbox 156.4.4908 improves context menu behavior. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 159.0.0.23.221 is a security update.
https://www.messenger.com/download

FreeFileSync 11.25 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 63.0 is a security update.
https://drive.google.com/start

Mumble 1.4.274 resolves over a dozen bugs. This is not a security update.
https://www.mumble.info/

Nextcloud Server 24.0.5 updates libraries and resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Nmap 7.93 is a security update.
https://nmap.org/

Npcap 1.71 is a security update.
https://nmap.org/npcap/

Omada Software Controller 5.5.6 improves reliability, compatibility, and resolves an access bug. This is not a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Pocketnet-GUI 0.8.11 resolves several bugs. This is not a security update.
https://pocketnet.app/

Signal 5.58.0 doesn’t provide a detailed changelog so should be treated as a security update.
https://signal.org/download/windows/

Skype 8.87.0.406 resolves several bugs and adds quoting for all content types. This is not a security update.
https://www.skype.com/

Syncthing 1.21.0 resolves two bugs and adds several new features. This is not a security update.
https://syncthing.net/

Telegram 4.1.1 resolves several bugs. This is not a security update.
https://telegram.org/

Trillian 6.5.0.24 improves reliability, media and diagnostics. This is not a security update.
https://www.trillian.im/

WinSCP 5.21.3 resolves a couple bugs. This is not a security update.
https://winscp.net/eng/index.php

Zoom 5.11.11.8425 resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 3.0.4 resolves several bugs. This is not a security update.
https://en.3tene.com/

iTunes 12.12.5.1 is a security update.
https://www.apple.com/itunes/download/

Picard 2.8.3 resolves a crash bug. This is not a security update.
https://picard.musicbrainz.org/

Plex Desktop 1.53.1.3225 improves watchlist, resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.25.1.3248 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.28.2.6151 resolves a stability bug. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

Epic Games 14.2.1 resolves several bugs. This is not a security update.
https://www.epicgames.com/

GameMaker Studio 2022.8.1.37 adds several new features, removes redundant and unused features, and resolves over 150 bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker

Lego Studio 2.22.8.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

PS4 10.0 adds zoom and magnify options in the browser, and improves Remote Play. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps4/system-software/

PS5 22.02-06.00.00 adds dozens of new features and bug fixes. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2022.08.18 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Animate 21.0.12 and 22.0.8 are security updates.
https://helpx.adobe.com/security/products/animate/apsb22-54.html

Adobe Bridge 12.0.3 and 11.1.4 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb22-49.html

Adobe Experience Manager 6.5.14.0 is a security update.
https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html

Adobe Illustrator 23.5 and 25.4.8 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb22-55.html

Adobe InCopy 17.4 and 16.4.3 are security updates.
https://helpx.adobe.com/security/products/incopy/apsb22-53.html

Adobe InDesign 17.4 and 16.4.3 are security updates.
https://helpx.adobe.com/security/products/indesign/apsb22-50.html

Adobe Photoshop 22.5.9 and 23.5 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb22-52.html

Adobe Reader DC 22.002.20212 is a security update.
https://get.adobe.com/reader

Calibre 6.4.0 adds several new management and organizational features, and resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Krita 5.1.0 resolves dozens of bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.4.1 adds over 500 bug fixes and features changes. This is a security update. Please remember that LibreOffice Fresh is beta software. Most users should use LibreOffice Still.
https://www.libreoffice.org/

LibreOffice 7.3.6 resolves over 50 bugs. This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.6.0 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.4.5 updates libraries and resolves a dozen bugs. This should be treated as a security update.
https://notepad-plus-plus.org/

Paint.net 4.3.12 resolves several bugs. This is not a security update.
https://www.getpaint.net/

PDF-XChange Editor 9.4.363.0 resolves several stability and reliability bugs. This is not a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

Security Software Updates

One or more of these is likely to be of interest to most people.

.NET Framework 4.8.1 adds native support for Arm64, forms, and tooltips improvements. This is not a security update.
https://dotnet.microsoft.com/en-us/download/dotnet-framework/net481

Hashcat 6.2.6 adds a return code for self-test failure. This is not a security update.
http://hashcat.net/hashcat/#downloadlatest

Johnny 2.2 adds several new modes, file formats, export options and resolves several bugs. This is not a security update.
https://openwall.info/wiki/john/johnny

KeePass 2.52 adds several new features, improves GUI and automation, and resolves a couple bugs. This is not a security update.
https://keepass.info/

ProtonVPN 2.0.6 improves DNS resolution. This is not a security update.
https://protonvpn.com/download

ProtonVPN (macOS) 3.0.2 now automatically logs you in when visiting the ProtonVPN website. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.6.1 updates core, adds clipboard protection, and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

SanDisk PrivateAccess 6.3.10 doesn’t provide a changelog so should be treated as a security update.
https://kb.sandisk.com/app/answersweb/detailweb/a_id/21996

Tails 5.4 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.44.2 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Velociraptor 0.6.6 resolves several bugs. This is not a security update.
https://github.com/Velocidex/velociraptor/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

Open Broadcaster Software 28.0.1 adds dozens of new features, bug fixes, and performance improvements. This is not a security update.
https://obsproject.com/

ScreenToGif 2.37.1 resolves a couple bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.8.6 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

StreamFab 5.0.5.2 improves reliability and performance with some websites. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.13 resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.9.4 resolves dozens of bugs. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.9.5 resolves dozens of bugs. This is not a security update.
https://1password.com/downloads/windows/

AOMEI Partition Assistant 9.10.0 resolves several bugs and adds ability to delete large files. This is not a security update.
https://www.diskpart.com/

Agent Ransack 2022.3341 updates libraries and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

CCleaner 6.03.10002 increases the nag factor and resolves several crash bugs. This is not a security update.
https://www.ccleaner.com/

ControlMyMonitor 1.36 adds option to start as hidden. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

Coreinfo 3.53 now handles NUMA nodes with more than 64 processors. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/coreinfo

CPU-Z Installer 2.02 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

Cygwin 3.3.6 resolves a dozen bugs. This is not a security update.
https://cygwin.com/

DesktopOK 10.16 resolves a couple bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 3.0.154.0 resolves several bugs. This is not a security update.
https://dngrep.github.io/

Drive Snapshot 1.50 adds SFTP support and support for newer operating systems. This is not a security update.
http://www.drivesnapshot.de/en/

Everything 1.4.1.1020 is a security update.
https://www.voidtools.com/

Fido 1.31 improves compatibility. This is not a security update.
https://github.com/pbatard/Fido/releases

FileLocator Pro 2022.3341 updates libraries and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Git SCM 2.37.3 resolves several bugs. This is not a security update.
https://git-scm.com/

GoodSync 12.0.2 resolves dozens of bugs and improves compatibility. This is a security update.
https://www.goodsync.com/

NTLite 2.3.8.8890 improves compatibility. This is not a security update.
https://www.ntlite.com/download/

osquery 5.5.1 adds and updates several new tables, and resolves several bugs. This is not a security update.
https://osquery.io/downloads

PointerStick 5.95 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.62.0 adds Screen Ruler, Quick Accent, Text Extractor (OCR), and resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

ScreenConnect 22.7.8783.8255 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SearchMyFiles 3.22 resolves a couple bugs. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

SimpleWMIView 1.52 adds option to show milliseconds. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

Ookla Speedtest CLI 1.2.0
https://www.speedtest.net/apps/cli

Sysmon 14.0 adds a new event type, FileBlockExecutable, that prevents processes from creating executable files in specified locations, and includes several performance improvements and bug fixes. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TcpLogView 1.36 is a security update.
https://www.nirsoft.net/utils/tcp_log_view.html

TeamViewer 15.33.7 resolves several bugs. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

TraceRouteOK 3.13 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

Unity 2022.1.16 updates libraries and resolves dozens of bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

USBDeview 3.06 resolves several bugs. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

WhyNotWin11 2.5.0.3 resolves several bugs. This is not a security update.
https://github.com/rcmaehl/WhyNotWin11

WinScan2PDF 8.22 adds reverse scan order. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 4.10 resolves several bugs. This is not a security update.
https://www.diskanalyzer.com/

Developer Updates

These are unlikely to be of interest to most people.

ADB 33.0.3 resolves several bugs. This is a security update.
https://developer.android.com/studio/releases/platform-tools

AutoHotkey 1.1.34.04 resolves several bugs. This is a security update.
https://www.autohotkey.com/download/

Docker Desktop 4.12.0 upgrades libraries and fixes dozens of bugs. This is a security update.
https://www.docker.com/products/docker-desktop

Get-IMAPAccessToken 2022.9.1 improves consistency and updates documentation. This is not a security update.
https://github.com/DanijelkMSFT/ThisandThat/blob/main/Get-IMAPAccessToken.ps1

Go 1.19.1 is a security update.
https://go.dev/

GitHub Desktop 3.0.8 resolves several bugs. This is not a security update.
https://desktop.github.com/

Node.js 18.9.0 updates libraries and resolves several bugs. This should be treated as a security update.
https://nodejs.org/en/

Node.js 16.17.0 updates libraries and resolves several bugs. This should be treated as a security update.
https://nodejs.org/en/

SQLite 3.39.3 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.71.1 is a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.13.2 resolves several bugs. This is not a security update.
https://ppsspp.org/downloads.html

VirtualBox 6.1.38 resolves several bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Dada Mail 11.19.0 resolves several bugs, adds new features, and updates libraries. This is a security update.
https://dadamailproject.com/

HumHub 1.12.1 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 4.2.2 is a security update.
https://www.joomla.org/

jQuery 3.6.1 resolves several bugs. This is not a security update.
https://code.jquery.com/

MailEnable 10.41 updates utilities, and resolves over a dozen bugs. This is not a security update.
https://www.mailenable.com/

OpenCart 4.0.1.1 resolves several bugs. This should be treated as a security update.
https://www.opencart.com/

ownCloud Client 2.11.1.8438 resolves several bugs. This is not a security update.
https://owncloud.com/desktop-app/

WordPress 6.0.2 is a security update.
https://wordpress.org/

Autoptimize 3.1.1.1 resolves a stability bug. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

BuddyPress 10.4.0 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/buddypress/

Contact Form 7 5.6.3 adds new validation features. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.0 resolves several bugs and adds new options within the installer. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

myStickymenu 2.6 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/

Redirection 5.3.3 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/redirection/

Simple Lightbox 2.9.1 adds support for new media formats, improves compatibility, and resolves a validation bug. This is not a security update.
https://wordpress.org/extend/plugins/simple-lightbox/

Slider Revolution 6.5.31 resolves a minor bug. This is not a security update.
https://revolution.themepunch.com/

Sucuri Security 1.8.35 resolves a referer bug. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

WooCommerce 6.8.2 resolves dozens of bugs, improves reliability, compatibility and adds several new tests and flows. This is a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Mail SMTP 3.5.2 resolves a self-diagnostic bug. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/

WPtouch 4.3.44 is a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

 

 

Updates 2022-06-14

Welcome back, Folks!

Today is Patch Tuesday for June, 2022. It’s the biggest update series in well over a year.

This Month in Technology

AA Traveller, Acuity International’s Comprehensive Health Services, Adecco, Aesto Health, Aimware, Alameda Health System, Allaire Healthcare Group, Allwell Behavioral Health Services, Amart Furniture, Aon PLC, Apple iPhones (even when off), Apple M1 CPUs, Apple Watches, Arnprior Regional Health, Associated Ophthalmologists of Kansas City, P.C., Atlassian Confluence Server and Data Center, AU Health, Bangladesh government, Bank of Zambia, Behavioral Health Partners of Metrowest, LLC, BJC Health System, BlackBerry Fans, Bored Ape Yacht Club, Bryan County Ambulance Authority, Burman & Zuckerbrod Ophthalmology Associates, P.C., Capital One, Capsule, Carinthia, Austria, Central Florida Inpatient Medicine, Chicago Public Schools, CHRISTUS Health, Cisco IOS, Comstar LLC, Costa Rican Social Security Fund, Cypress Healthcare, LLC, Dis-Chem, DivX SubTitles, East Tennessee Children’s Hospital, Fanpass, Finkelstein Eye Associates, Fishman Vision, Football World Cup 2022 qualifier between Wales and Ukraine, Foxconn, Fred Hutchinson Cancer Center, General Motors, Genetics & IVF Institute, GitHub, GitLab, Greenland’s healthcare services, Healthcare Assistance Plan for Employees of Seventh-day Adventist Organization of the North American Division, Heidell, Pittoni, Murphy & Bach, LLP, Heroku, Homestead Hospice & Palliative Care, HP BIOS, 70 Indian government websites, John Knox Village of Florida, Kaiser Foundation Health Plan of Washington, Kaiser Permanente, Kiddos’ Clubhouse, Mandiant, McCoy Vision Center, McKenzie Health System, Memorial Community Health, Inc., MGM Resorts, Microsoft Teams, Mindpath Care Centers, North Carolina, PLLC, Mississippi Sports Medicine and Orthopaedic Center, Moyes Eye Center, PC, Nikkei, NLB Corporation, North Alabama Bone & Joint Clinic, P.C., North Lakes Pain Consultants, Northern Rockies Orthopaedics, Novartis, NuLife Med, LLC, Numrich Gun Parts, OE Enterprises, Inc, OGUsers, Oklahoma City Indian Clinic, Omnicell, Orangeburg Eye Center, Oswego County Opportunities, Inc, Otherside Metaverse, Palermo, Italy, Paragon Cheats, Parker-Hannifin Corporation, Partnership HealthPlan of California, PayHere, Pegasus Airlines, Platinum Hospitalists LLP, Preen.Me, QNAP NAS, Quantum Imaging & Therapeutic Associates, Quincy, Illinois, Rainier Arms, ReadNovel, RiverKids Pediatric Home Health, Russian Ministry of Construction, Housing and Utilities, Sberbank, Scarborough Health Network, Schneck Medical Center, Screencastify, Shaker Heights City School District in Ohio, Shields Health Care Group, Shoreline Eye Group, SirHurt, SonicWall Secure Mobile Access (SMA) 1000 Series, South Australia’s Treasury, SpiceJet, Stevens & Lee, Summit Healthcare Association, Sylvester Eye Care, Telegraph, Tesla Model 3, Tesla Model Y, Texas Department of Insurance, Texas Department of Transportation, The Multiple Sclerosis Center of Atlanta, Travis-CI, Trend Micro, U.S. Drug Enforcement Administration (DEA), University of Chicago Medical Center, Val Verde Regional Medical Center, Versus Market, Viasat, Virginia Mason Medical Center, Wagner Heights Nursing and Rehabilitation Center, Washington University School of Medicine, Wendy’s, and Windows 11 have reportedly been hacked or compromised this month.

Netgear broke the Orbi firmware. I’ve been warning about the privacy risks of Wi-Fi for years. It’s finally going mainstream. A pirated version of CCleaner is yet again being used to hijack user accounts.

Apple allowed 1.6 million malicious apps onto the Apple AppStore, then later removed them.

The next time someone uses the argument that “how is a web-based business supposed to stay alive without ads” to decry your use of an ad blocker, send them this link about how third-party trackers (like the ones used in Google and DuckDuckGo) are collecting everything you type.

Now for the good news:

Intuit has finally acknowledged they’re being used to send phishing messages. They’re not going to put an end to it, but they finally have admitted that it’s a widespread source of phishing emails.

Oh, and the UK has declared that defensive attacks” are legal.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates to address 62
vulnerabilities in .NET Framework, AV1 Video Extension, Azure OMI, Azure RTOS, Azure Service Fabric Container, HEVC Video Extensions, Microsoft Endpoint Configuration Manager, Microsoft File Server, Microsoft Office, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Photos App, Microsoft SharePoint Server, Microsoft SQL Server, Microsoft Windows ALPC, Microsoft Windows Codecs Library, Microsoft Windows Support Diagnostic Tool (MSDT), Remote Volume Shadow Copy Service (RVSS), Visual Studio, Windows App Store, Windows Autopilot, Windows Container Isolation FS Filter Driver, Windows Container Manager Service, Windows DCOM Server, Windows Defender, Windows Encrypting File System (EFS), Windows File History Service, Windows Hyper-V, Windows Installer, Windows iSCSI, Windows Kerberos, Windows Kernel, Windows LDAP, Windows Media, Windows Media Center, Windows Network Address Translation, Windows Network File System, Windows PowerShell, Windows SMB, Windows WinSock, and MSRT (~2.5 GB). This includes security updates. A reboot is required.

Apple released updates for iOS 15.5, iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.7, Security Update 2022-004 Catalina, watchOS 8.6, tvOS 15.5.1, Safari 15.5, Xcode 13.4, and iTunes 12.12.4. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 15.5 is a security update. Use Settings, General, Software Update to install the most current update.

iPadOS 15.5 is a security update. Use Settings, General, Software Update to install the most current update.

tvOS 15.5.1 is a security update. Use System, Software Update to install the most current version.

watchOS 8.6 are security updatess. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 101.0.4951.72 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Garmin Express 7.13.1 doesn’t provide a changelog so should be treated as a security update.
https://www.garmin.com/en-US/software/express/

Nvidia Driver 473.62 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.39.111 is a security update.
https://brave.com/

Google Chrome 102.0.5005.115 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 102.0.1245.41 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 101.0.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 91.10.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

Iridium 2022.04.100 is a security update. Use Menu, Help, About to install the most current version.
https://iridiumbrowser.de/

Vivaldi 5.3.2679.55 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 91.10.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.0.10 resolves an error reporting bug. This is not a security update.
https://anydesk.com/en/downloads

curl 7.83.1 resolves dozens of bugs. This is not a security update.
https://curl.haxx.se/windows/

DNSDataView 1.65 adds a new command-line parameter. This is not a security update.
https://www.nirsoft.net/utils/dns_records_viewer.html

Dropbox 150.4.5000 resolves several bugs. This is not a security update. (btw, thank you Dropbox for finally releasing a changelog!)
https://www.dropbox.com/

FileZilla Client 3.60.1 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.21 adds volume GUID support, case conflicts, and resolves several bugs. This is a security update.
https://www.freefilesync.org/download.php

Google Drive 59.0 adds support for client-side encryption, system-level search shortcuts, and resolves several bugs. This is not a security update.
https://drive.google.com/start

Nextcloud Server 24.0.1 resolves several bugs. This is not a security update.
https://nextcloud.com/

Prosody 0.12.1 adds CORS controls and resolves several bugs. This is not a security update.
https://prosody.im/download/start

PuTTY 0.77 is a major update adding several new features, networking and security features, and resolves many bugs. This should be treated as a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Signal 5.45.1 improves language leveling and data sync. This is not a security update.
https://signal.org/download/windows/

Skype 8.83.0.408 resolves several bugs. This is not a security update.
https://www.skype.com/

Syncthing 1.20.2 resolves several bugs. This is not a security update.
https://syncthing.net/

Technitium DNS Server 8.1.3 resolves several bugs. This is not a security update.
https://technitium.com/dns/

Trillian 6.5.0.20 resolves several bugs. This is not a security update.
https://www.trillian.im/

Trillian Mac 6.5.0.14 resolves dozens of bugs. This is not a security update.
https://www.trillian.im/

TrueNAS Core 13.0 resolves dozens of bugs. This is a security update.
https://www.truenas.com/download-truenas-core/

Wget2 2.0.1 is a security update.
https://gitlab.com/gnuwget/wget2/-/releases

Zoom 5.10.7.6120 adds Zoom Whiteboard sharing and resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.12.4.1 is a security update.
https://www.apple.com/itunes/download/

Picard 2.8.1 updates libraries and resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

Plex Desktop 1.46.1.3056 improves compatibility and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.18.0.3023 improves compatibility and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.27.0.5897 resolves several bugs and improves stability. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

Epic Games 14.0.12 resolves several bugs. This is not a security update.
https://www.epicgames.com/

GameMaker Studio 2022.5.1.16 updates runtime. This is not a security update.
https://www.yoyogames.com/en/gamemaker

Nintendo Switch 14.1.2 improves stability. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

PlayStation PS5 22.01-05.10.00 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2022.05.31 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

Calibre 5.43.0 resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Inkscape 1.2 adds pages, markers and dashes, more gradient controls, performance improvements and resolves several bugs. This is not a security update.
https://inkscape.org/release/

LibreOffice Fresh 7.3.4 resolves over 80 bugs. This is not a security update. Remember that the Fresh line is beta software and should be avoided by most users.
https://www.libreoffice.org/

LibreOffice 7.2.7 resolves almost 50 bugs. This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.5.1 resolves 20 bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.4.2 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 4.3.11 improves dark theme and updates plugins. This is not a security update.
https://www.getpaint.net/

PDF Candy Desktop 2.93 doesn’t provide a changelog so should be treated as a security update.
https://pdfcandy.com/

Adobe Animate 21.0.11 and 22.0.6 are security updates.
https://helpx.adobe.com/security/products/animate/apsb22-24.html

Adobe Bridge 12.0.2 is a security update.
https://helpx.adobe.com/security/products/bridge/apsb22-25.html

Adobe Illustrator 26.3.1 and 25.4.6 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb22-26.html

Adobe InCopy 17.3 and 16.4.2 are security updates.
https://helpx.adobe.com/security/products/incopy/apsb22-29.html

Adobe InDesign 17.3 and 16.4.2 are security updates.
https://helpx.adobe.com/security/products/indesign/apsb22-30.html

RoboHelp Server 11.3 is a security update.
https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html

Security Software Updates

One or more of these is likely to be of interest to most people.

RogueKiller 15.5.3 is a security update.
https://www.adlice.com/download/roguekiller/

Tails 5.1 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.43.0 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.7.4 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.8 resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.9.5 is a security update.
https://1password.com/downloads/mac/

AccessChk 6.15 resolves a crash bug. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk

Agent Ransack 2022.3326 resolves several bugs and dds support for new policies and file types. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

AOMEI Partition Assistant 9.8.0 improves compatibility. This is not a security update.
https://www.diskpart.com/

Bitwarden 2022.5.1 resolves several bugs and improves integration and compatibility. This is not a security update.
https://bitwarden.com/

Cygwin 3.3.5 resolves several bugs. This is not a security update.
https://cygwin.com/

DesktopOK 9.91 adds system-wide dark theme controls. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 3.0.64.0 resolves several bugs, improves performance and reliability. This is not a security update.
https://dngrep.github.io/

Everything 1.4.1.1017 updates localizations and resolves a search history bug. This is not a security update.
https://www.voidtools.com/

Fido 1.29 adds UEFI Shell 2.2 support. This is not a security update.
https://github.com/pbatard/Fido/releases

FileLocator Pro 2022.3326 resolves several bugs and dds support for new policies and file types. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Go 1.18.3 is a security update.
https://go.dev/

GoodSync 11.11.2 is a security update.
https://www.goodsync.com/

NTLite 2.3.6.8785 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSFMount 3.1.1001 improves command-line verbosity and error reporting. This is not a security update.
https://www.osforensics.com/tools/mount-disk-images.html

osquery 5.3.0 resolves several bugs. This is not a security update.
https://osquery.io/downloads

PowerToys 0.59.0 resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

RAMMap 1.61 improves compatibility. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/rammap

ScreenConnect 22.5.7881.8171 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SmartMonTools 7.3 resolves several bugs and improves compatibility. This is not a security update.
https://smartmontools.org/

Sysmon 13.34 resolves several bugs. This should be treated as a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TaskSchedulerView 1.71 adds a new switch to control column display and export. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TeamViewer 15.30.3 improves user interface and resolves a send-to bug. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

TraceRouteOK 3.01 improves internal networking. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

Unity 2022.1.4 improves performance and resolves several bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

USBDeview 3.05 adds WCID column. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

WinScan2PDF 7.81 improves multi-monitor support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.34.03 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

Android Studio 2021.2.1.15 resolves several bugs. This is not a security update.
https://developer.android.com/studio

GitHub Desktop 3.0.2 resolves several bugs. This is not a security update.
https://desktop.github.com/

Node.js 14.19.3 updates OpenSSL. This is not a security update.
https://nodejs.org/en/

Node.js 16.15.1 updates OpenSSL. This is not a security update.
https://nodejs.org/en/

Node.js 17.9.1 is a security update.
https://nodejs.org/en/

Node.js 18.3.0 is a security update.
https://nodejs.org/en/

Visual Studio Code 1.68.0 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 9.2.21 is a security update.
https://drupal.org/download

Drupal 9.3.15 resolves several bugs. This is not a security update.
https://drupal.org/download

HumHub 1.11.2 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 4.1.4 resolves several bugs. This is not a security update.
https://www.joomla.org/

OpenCart 4.0.0.0 is major update adding many new features and libraries. This is not a security update.
https://www.opencart.com/

phpList 3.6.8 resolves several bugs. This is not a security update.
https://www.phplist.org/

phpMyAdmin 5.2.0 updates libraries and resolves several bugs. This is not a security update.
https://www.phpmyadmin.net/

YOURLS 1.9.1 updates libraries and resolves several bugs. This is not a security update.
https://yourls.org/

WordPress 6.0 is a major update adding several new features, including block locking, performance, accessibility and new design tools. This is not a security update.
https://wordpress.org/

Akismet 4.2.4 only updates documentation. This is not a security update.
https://wordpress.org/extend/plugins/akismet/

BuddyPress 10.3.0 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/buddypress/

Contact Form 7 5.5.6.1 resolves Constant Contact API changes and improves compatibility. This should be treated as a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Social Post Feed 4.1.4 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

Duplicator 1.4.6 resolves several bugs. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

myStickymenu 2.5.9 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/

Slider Revolution 6.5.24 resolves several bugs. This is not a security update.
https://revolution.themepunch.com/

Sucuri Security 1.8.31 resolves a path bug. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

Theme My Login 7.1.5 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/theme-my-login/

WooCommerce 6.5.1 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2022-01-11

Welcome back, Folks!

Today is Patch Tuesday for January, 2022.

It’s a big one. This month has been insane. There’s always a surge in hacking events near holidays, but this month had almost double the *known* hacking events from previous months. What’s worse is that many of the vulnerabilities used were known weeks and sometimes years in advance, though the patches were not yet installed or the specific applications and services were simply not being maintained or secured. Grrrr.

This Month in Technology

A New Leaf, Inc., Advocate Aurora HealthAlabama Department of Rehabilitation ServicesAll in One SEOAmediaAndrew Sauchelli, DMDApache httpdApple Blossom Family PracticeAzure App ServiceBansley and Kiener (B&K), Belgium’s MilitaryBernalillo CountyBioPlus Specialty Pharmacy Services LLCBrazil’s Health MinistryBroward HealthC.E. Niehoff & CompanyChaddockCiox HealthCommission on ElectionsCOVID-19 Home TestsCrawford County Assessors OfficeDaniel J. Edelman Holdings, Inc., DatPiff, The De Montfort SchoolDouglas C Morrow ODPCDuneland School CorporationEvanston Township High SchoolExpresso and SICFertility Centers of Illinois, PLLC, FinalSiteFlexBookerFlorida Digestive Health Specialists LLP, Forensic Science IrelandFresenius Kabi infusion pump systemsGarrett metal detectorsGeorgia Bone & Joint Surgeons, P.C., Google Docs Comment PlatformGrass Valley, CAGumtreeH2 DatabaseHellmann Worldwide LogisticsImpresaInetum GroupiPhone 13James Kagan, MDJefferson Surgical ClinicKearsarge Regional School DistrictLastPassLog4j (several times)Loyola University Medical CenterLuxemburg-Casco School DistrictmacOS powerdirMcMenaminsMedQuest Pharmacy, Inc., Microsoft Active DirectoryMicrosoft TeamsMonkey Kingdom (via Grape), Monongalia Health System Inc., Monroe Public SchoolsMonterey Peninsula Unified School DistrictNetgear NighthawkNorthwest Broward Orthopaedics AssociatesNorth Shore Hebrew Academy High SchoolOG department storeONUSOregon Eye SpecialistsPeck & Associates, PC, Pithadia Medical Professional Services, Inc., ProtempsPulseTVQNAPRavkooRedLine StealerRhode Island Public Transit AuthorityR.R. Donnelley & SonsRunning Warehouse LLC, Sainsbury’sSaltzer HealthSaskatchewan Liquor and Gaming AuthoritySEGAShelley School DistrictShutterflySkate Warehouse LLC, Skin Care Specialty PhysiciansSotheby’s Realty’s BrightcoveSouthern Orthopaedic AssociatesSpar StoresStandard BankSuperior PlusSurgery Group SCT-MobileTackle Warehouse LLC, Tennis Warehouse LCC, Tiyuli and LametayelUAW Retiree Medical Benefits TrustUberUbisoftUK Defence AcademyUltimate Kronos GroupUS Commission on International Religious FreedomUScellular, Utah Department of Health, Virginia Division of Capitol PoliceVirginia General AssemblyVolvoWalgreen Co., WD MyCloudWelfare, Pension and Annuity Funds of Local No. ONE, I.A.T.S.E., and Zoho UEM have been hacked.

Norton 360 is now opting you in for their CPU cryptomining if you have their software installed. The very same software designed to protect you from evildoers that would take advantage of your computer to do this kind of thing…is now doing it. Apple has released an Android app under the auspice of helping users discover Tracker devices that might be tracking them…by enabling your device to allow them to communicate with the Apple Tracker network. Firefox still doesn’t properly support OCSP stapling. Dell BIOS updates are crashing devices. Microsoft has integrated their own financing platform into Edge.

Microsoft rang in the new year by breaking Microsoft Exchange (on-prem) for every server that had filtering enabled (almost all of them). Microsoft acknowledged the problem about 20 hours after it began and released resolution steps by deleting and rebuilding the scanning engine about 31 hours after it began. Sonicwall, too.

CloudflareAWS, Twitch, Zoom, PSN, Slack, Hulu, Imgur have had extended outages this month.

Please, for all that is holy, check your backups!

Phishing is an ever-growing problem. Sophos reminds us how to check for scams like this.

Now for the good news:

Mozilla has added Secure DNS to Firefox, now enabled by default. Unfortunately, this bypasses DNS filtering options you may have assigned yourself – so if you use Firefox you’ll need to enable your own DoH URLs within the settings.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is pretty big. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates for.NET Framework, Microsoft Dynamics, Edge, Exchange Server, Microsoft Office, SharePoint, Microsoft Teams, Active Directory, CLFS, Windows Cryptographic Services, Windows Defender, DirectX, Windows Installer, Windows RDP, Windows Remote Desktop, ReFS, Windows Security Center, Windows Storage Spaces, Windows Tile Data Repository, Windows UEFI, Windows User Profile Service, and MSRT (~2 GB). This includes security updates. A reboot is required.

Apple released updates for Safari 15.2. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

Google Chrome OS 96.0.4664.111 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 6 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.4.7 removes support for Vista, updates libraries, and improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.34.80 is a security update.
https://brave.com/

Google Chrome 97.0.4692.71 is a security update.
https://www.google.com/chrome/

Microsoft Edge 97.0.1072.55 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 96.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 91.5.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Iridium 2021.12.96 is a security update.
https://iridiumbrowser.de/

SeaMonkey 2.53.10.2 is a security update.
https://www.seamonkey-project.org/

Vivaldi 5.0.2497.35 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 91.5.0 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk (macOS) 6.4.0 resolves a couple bugs. This is not a security update.
https://anydesk.com/en/downloads

curl 7.81.0 is a security update.
https://curl.haxx.se/windows/

Dropbox 139.4.4896 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Server 1.2.0 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.16 updates libraries and resolves several bugs. This is a security update.
https://www.freefilesync.org/download.php

Omada Software Controller 5.0.29 is a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Prosody 0.11.11 resolves several bugs. This is not a security update.
https://prosody.im/download/start

Syncthing 1.18.6 improves usability. This is not a security update.
https://syncthing.net/

Telegram 3.4.3 resolves several bugs. This is not a security update.
https://telegram.org/

Zoom 5.9.1.2581 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

darktable 3.8.0 makes nearly 4,000 changes including performance, bug fixes, new hardware support and more. This should be treated as a security update.
https://www.darktable.org/install/

Picard 2.7.2 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

TuneIn 1.25.0 does not provide a changelog so should be treated as a security update.
https://tunein.com/radio/home/

Game Updates

These are unlikely to be of interest to most people.

Steam 2022.12.16 resolves several bugs. This is not a security update.
https://store.steampowered.com/about/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 21.011.20039 is a security update.
https://get.adobe.com/reader

Adobe Acrobat and Reader 21.011.20039, 20.004.30020, and 17.011.30207 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb22-01.html

Adobe Illustrator 26.0.2 and 25.4.3 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb22-02.html

Adobe Bridge 12.0.1 and 11.1.3 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb22-03.html

Adobe InCopy 16.4.1 is a security update.
https://helpx.adobe.com/security/products/incopy/apsb22-04.html

Adobe InDesign 16.4.1 is a security update.
https://helpx.adobe.com/security/products/indesign/apsb22-05.html

Audacity 3.1.3 improves stability. This is not a security update.
https://www.audacityteam.org/download/

Krita 5.0.2 is a major update. This version adds several features, resolves bugs and improves stability and reliability. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.2.5 resolves almost 100 bugs. This is not a security update. The “Fresh” line is beta software and should be avoided in favor of the stable version (“Still”) by most users.
https://www.libreoffice.org/

Nextcloud Desktop 3.4.1 resolves several bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.2 improves stability. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 4.3.7 resolves a stability bug. This is not a security update.
https://www.getpaint.net/

Security Software Updates

One or more of these is likely to be of interest to most people.

elementary OS 6.1
https://elementary.io/

Gpg4win 4.0.0 is a major update adding several new features and updates libraries. This is a security update.
https://www.gpg4win.org/download.html

KeePass 2.50 improves performance and generator, updates libraries, and resolves several bugs. This is not a security update.
https://keepass.info/

OpenSSL 1.1.1m is a security update.
https://www.openssl.org/source/

OpenSSL 3.0.1 is a security update.
https://curl.se/windows/

OpenSSL 3.0.1 is a security update.
https://slproweb.com/products/Win32OpenSSL.html

ReactOS 0.4.13 provides over 250 bug fixes and improvements. This is not a security update.
https://reactos.org/

RogueKiller 15.1.5 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Tails 4.26 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

TinyWall 3.2.5 resolves several bugs. This is not a security update.
https://tinywall.pados.hu/

uBlock Origin 1.40.6 improves reliability. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.35.4 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

HandBrake 1.5.1 updates libraries, resolves several bugs and improves stability and reliability. This is not a security update.
https://handbrake.fr/

IsoBuster 4.9 adds support for new hardware, new formats, and resolves several bugs. This is not a security update.
https://www.isobuster.com/download.php

Utility Updates

These are unlikely to be of interest to most people.

7-Zip 21.07 adds VHDX support, improved parameter handling and compatibility. This is not a security update.
https://www.7-zip.org/

Agent Ransack 2022.3283 improves performance and reliability, and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

Aomei Partition Assistant 9.6.0 resolves several bugs and improves compatibility. This is not a security update.
https://www.diskpart.com/

Autoruns 14.07 resolves several bugs. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Active Directory Explorer 1.51 fixes a Windows Store packaging crash. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer

CacheSet 1.02 fixes a 64 bit OS regression. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/cacheset

Beyond Compare 4.4.1.26165 resolves several bugs and improves compatibility. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

ControlMyMonitor 1.31 adds a new parameter for Secondary displays. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

CPU-Z 1.99 adds support for new hardware and resolves a couple bugs. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 9.51 adds dark mode. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 2.9.482.0 resolves several bugs. This is not a security update.
https://dngrep.github.io/

Etcher 1.7.3 is a security update.
https://www.balena.io/etcher/

Everything 1.4.1.1015 resolves several bugs. This is not a security update.
https://www.voidtools.com/

Everything CLI 1.1.0.21 resolves several bugs. This is not a security update.
https://www.voidtools.com/

FileLocator Pro 2022.3283 provides performance and reliability improvements. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

GoodSync 11.10.0 resolves several bugs and improves stability. This is not a security update.
https://www.goodsync.com/

Homedale 2.02 improves colors. This is not a security update.
https://www.the-sz.com/products/homedale/

Macrium Reflect 8.0.6495 doesn’t provide a changelog, so should be treated as a security update.
https://www.macrium.com/reflectfree

NTLite 2.3.2.8526 updates libraries and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

osquery 5.1.0 adds resource limiting, new objects, and resolves several bugs. This is not a security update.
https://osquery.io/downloads

PowerToys 0.53.1 adds several new features and resolves bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Process Monitor 3.87 fixes resolves several bugs. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

Samsung Magician 7.0.1 is a major update, but doesn’t provide a changelog so should be treated as a security update.
https://www.samsung.com/semiconductor/minisite/ssd/download/tools/

SearchMyFiles 3.16 is a cosmetic update. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

Sysmon 13.31 improves reliability. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TeamViewer 15.25.8 fixes a VOIP bug. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

TraceRouteOK 2.71 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

WifiInfoView 2.72 updates the internal MAC database and resolves a high-DPI bug. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

ZoomText 2022.2112.10.400 resolves several bugs and improves display. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

Maraura 3.9.7 updates Java support and libraries, and resolves several bugs. This is a security update.
http://arianne.sourceforge.net/engine/marauroa.html

Docker Desktop 4.3.2 updates the scan engine to detect log4j vulnerabilities. This is a security update.
https://www.docker.com/products/docker-desktop

Godot 3.4.2 updates libraries and resolves several bugs. This is a security update.
https://godotengine.org/

Node.js 12.22.9 is a security update.
https://nodejs.org/en/

Node.js 14.18.3 is a security update.
https://nodejs.org/en/

Node.js 16.13.2 is a security update.
https://nodejs.org/en/

Node.js 17.3.1 is a security update.
https://nodejs.org/en/

SQLite 3.37.2 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 9.3.2 resolves a major stability bug. This is not a security update.
https://drupal.org/download

HumHub 1.10.3 is a security update.
https://www.humhub.com/en/download

MailArchiva 8.5.6 resolves several bugs. This is not a security update.
https://mailarchiva.com/

ownCloud Server 10.9 is a security update.
https://owncloud.org/install/

Piwigo 12.2.0 resolves several bugs. This is not a security update.
https://piwigo.org/

ScreenConnect 21.14.5924.8013 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SMF 2.0.19 is a security update.
https://www.simplemachines.org/

WordPress 5.8.3 is a security update.
https://wordpress.org/

Slider Revolution 6.5.14 updates libraries and resolves several bugs. This is not a security update.
https://revolution.themepunch.com/

WPBakery 6.8.0 improves compatibility and resolves several bugs. This is not a security update.
https://wpbakery.com/

Autoptimize 2.9.5 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

BuddyPress 9.2.0 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/buddypress/

Social Post Feed 4.1.1 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

Postie 1.9.59 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/postie/

NextScripts Social Networks Auto-Poster 4.3.25 is a security update.
https://wordpress.org/extend/plugins/social-networks-auto-poster-facebook-twitter-g/

Visual Composer 41.1 improves compatibility. This is not a security update.
https://visualcomposer.com/

WooCommerce 6.1.0 is a major update, resolving several bugs and adding features. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WordPress Zero Spam 5.2.9 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/zero-spam/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/