Updates 2011-08-19

Posted on August 10, 2011 by Shawn K. Hall

Patch Tuesday is here again, folks, and it’s another big one.

Microsoft released 13 updates this month, covering Windows, Office, .NET Framework, Developer Tools, and Internet Explorer. These are all security updates and a reboot is required.
http://update.microsoft.com/

iOS 4.3.4/4.3.5 corrects a long-term PDF exploit in all previous versions of iOS, exploitable as easily as opening the browser. It’s about time. Sigh. 4.3.5 corrects a MITM security flaw. This is a security update. Use iTunes to download and install this update (480-670mb).

QuickTime 7.7 corrects more than a dozen distinct security issues. This is a security update. Use Apple Updater to install this update.

Adobe released security updates for AIR and Flash. Download each of the following, then close all browsers before installing each update.
https://12pd.com/click?air
https://12pd.com/click?flash
https://12pd.com/click?flashie

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Driver Updates

If you’re using this hardware – these updates are for you.

ATI Catalyst 11.7 corrects several bugs, including stability issues on high-performance systems. If you have an ATI video card, you’ll want to install this update right away. This is not a security update.
http://game.amd.com/us-en/drivers_catalyst.aspx

MS IntelliPoint 8.20.468.0 is a driver update for Microsoft mice. No changelog is provided, so this should be treated as a security update. DO NOT use this update with PS/2 mice! If you’re using Microsoft Update you may be prompted to install this there, otherwise, download the version for your hardware here:
http://www.microsoft.com/hardware/en-us/downloads

MS IntelliType x86 8.20.468.0 is a driver update for Microsoft keyboards. No changelog is provided, so this should be treated as a security update. DO NOT use this update with PS/2 keyboards! If you’re using Microsoft Update you may be prompted to install this there, otherwise, download the version for your hardware here:
http://www.microsoft.com/hardware/en-us/downloads

nVidia 280.26 adds newer hardware support and additional feature support (particularly with 3D hardware). This is not a security update.
http://www.nvidia.com/Download/index5.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Safari 5.1 corrects dozens of security issues. Use the Apple Updater to get this update.

Email Updates

One or more of these are likely to be of interest to everyone.

OutlookAttachView 1.72 adds child folder parsing support.
http://www.nirsoft.net/utils/outlook_attachment.html

Internet Updates

One or more of these are likely to be of interest to everyone.

Skype 5.5.0.113 adds support for OS X Lion, grid view, updates contact list view and provides several other minor improvements. This is not a security update.
http://www.skype.com/intl/en/home

IPNetInfo 1.37 corrects lookup source determination. This is not a security update.
http://www.nirsoft.net/utils/ipnetinfo.html

WinSCP 4.3.4 upgrades SSH core to PuTTY 0.61 and fixes several bugs. This is a security update.
http://winscp.net/eng/index.php

Codec Updates

One or more of these are likely to be of interest to everyone.

Vista Codec Package 5.9.8 updates included codecs and libraries, and adds 10bit decoding. To install the update, you must uninstall and reinstall the application. This version works for both Windows XP and Windows Vista.
http://shark007.net/vistacodecpackage.html

Win7 Codec Package 3.0.1 updates included codecs and libraries, adds 10bit decoding and corrects a minor bug. To install the update, you must uninstall and reinstall the application.
http://shark007.net/win7codecs.html

Win x64 Codec Support 3.0.1 updates included codecs and libraries, adds 10bit decoding and corrects a minor bug. This update applies only to 64-bit computers, and requires either the Win7 Codec Package or the Windows Vista Codec package.
http://shark007.net/x64components.html

Media Updates

These are unlikely to be of interest to most people.

iTunes x64 10.4 is a stability and performance update. Use the Apple Updater to install this update. This is not a security update.

MPC HC 1.5.2.3456 adds fp32 support, BluRay chapters, timeline presentation options, display settings, a couple dozen other options and bugfixes, and updated libraries. This should be treated as a security update.
http://mpc-hc.sourceforge.net/

VLC Media Player 1.1.11 corrects a security issue in the AVI demuxer. This is a security update.
http://www.videolan.org/vlc/download-windows.html

Office Updates

One or more of these are likely to be of interest to most people.

Notepad++ 5.9.3 adds a vertical file switcher, active folding area highlighting, recent file list configuration option and a couple minor bug fixes. This is not a security update.
http://notepad-plus-plus.org/

Kindle for PC 1.6.1 Build 32800 adds “collections” and Book Extras, which allows access to reviews, character profiles, quotes, themes and glossaries from Shelfari. This is not a security update.
https://12pd.com/click?kindle4pc

Security Software Updates

One or more of these is likely to be of interest to most people.

MalwareBytes’ Anti-Malware 1.51.1 corrects minor update, various cosmetic, and permissions-related issues. This should be treated as a security update.
http://www.malwarebytes.org/products/malwarebytes_free

Wireshark 1.6.1 fixes a number of bugs. This is not a security update.
http://www.wireshark.org/

Capture Updates

These are unlikely to be of interest to most people.

Fraps 3.4.6 fixes several minor bugs. This is not a security update.
http://www.fraps.com/

VideoCacheView 1.97 adds tray icon support, accelerator keys and process selection. This is not a security update.
http://www.nirsoft.net/utils/video_cache_view.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 8.1.1.2 adds hybrid disc support, improves conversion speed, updates libraries and corrects several minor bugs. This is not a security update.
http://www.dvdfab.com/download.htm

Utility Updates

These are unlikely to be of interest to most people.

CCleaner 3.09.1493 adds OS X support, Firefox 6, wildcard folders, improved performance, and minor UI tweaks. This is not a security update.
http://www.piriform.com/ccleaner

Daemon Tools Lite 4.41.3 adds APE image file support, SPTD 1.78, and bugfixes for application compatibility with Power2Go and PowerDVD. This is not a security update.
http://www.daemon-tools.cc/eng/products/dtLite

Hamachi 2.1.0.122 adds IPv6 support, and corrects bugs in network connectivity when changes occur. This is not a security update.
http://help.logmein.com/SelfServiceDownloads

Process Explorer 15.01 is a major update, and adds GPU utilization and memory monitoring on Vista and higher. It also adds the ability to restart services, has a smaller memory footprint, and has visually cleaner performance graphs. This is not a security update.

RoboForm 7.4.1 adds Firefox 6 support, merges installers for RF Desktop and Everywhere, discontinues support for U3, and changes licensing rules. Bugfixes in Chrome and Opera adapaters. This is not a security update.
https://12pd.com/click?rf

Goodsync 8.7.6 corrects S3, UPNP, UI, GSTP behaviors and fixes RoboForm integration. This is not a security update.
https://12pd.com/click?goodsync

Wireless Network Watcher 1.15 adds background scanning, new device alert and custom tagging options. This is not a security update.
http://www.nirsoft.net/utils/wireless_network_watcher.html

Developer Updates

These are unlikely to be of interest to most people.

MySQL 5.5.15 corrects a number of bugs, most notably a couple memory leaks in CREATE INDEX under InnoDB, data corruption in MyISAM when using GEOMETRY columns, and data consistency bugs when using ALTER TABLE. This is not a security update.
http://www.mysql.com/downloads/mysql/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 4.1.0 is a major update, adding cloning support, improved wizard processes, WDDM for Windows guests, SATA hdd hotplugging, and dozens of other bugfixes and improvements. This is not a security update.
http://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

phpMyAdmin 3.4.3.2 corrects several exploitable bugs. This is a security update.
http://www.phpmyadmin.net/home_page/news.php

bbPress 2.0-rc-2 is released, which fixes a bunch of bugs, adds BuddyPress and Multisite integration. This is not a “release” version, but it does signal that bbPress 2 will be released VERY soon. Yay!
http://wordpress.org/extend/plugins/bbpress/

Cookies For Comments 0.5.4 adds a rejection message and reduces code complexity (WP 3.1+ only). This is not a security update.
http://wordpress.org/extend/plugins/cookies-for-comments/

WPtouch 1.9.33 improves security checks throughout the plugin. This is a security update.
http://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2011-03-08

Posted on March 8, 2011 by Shawn K. Hall

Hey folks!

Microsoft released four updates today for Patch Tuesday. Use Windows Update to obtain updates to Windows and MS Office. This includes security updates. Total size of these updates is under 10mb. A reboot is required.
http://update.microsoft.com/

Adobe released security updates (again) for Flash Player last week. Use both links below to download the current versions, close all browsers after download and then install them one at a time.
https://12pd.com/click?flash
https://12pd.com/click?flashie

Looking for an upgrade?

Annette put together a great article about our various iPhone accessories over the weekend, when we weren’t travelling to Auburn or Galt to visit family. The beauty of something as beloved as the iPhone is that it generates a lot of accessories – devices and features specifically designed to work with it and extend the existing capabilities. One of her favorites? In Your Face! Read more:
http://retailbandit.com/2011/03/useful_iphone_accessories/

Important Notes

Driver Updates

If you’re using this hardware – these updates are for you.

MS IntelliPoint 8.01.249.0 adds mouse detection, multiple mouse button assignments, smooth scrolling improvements and elimination of PS/2 support (yes, that means your older mice will no longer work!). FIRST, ensure that you’re using a USB mouse (where it plugs into your computer should NOT be round), then get the update from the address below or from Windows Update:
http://www.microsoft.com/hardware/download/download.aspx?category=MK

BullZip PDF 7.2.0.1288 adds append, multipage, background processing improvements, and 64-bit Ghostscript support. This is not a security update.
http://www.bullzip.com/products/pdf/info.php#download

Browser Updates

One or more of these are likely to be of interest to everyone.

Firefox 3.6.15 (and 3.6.14) were released this week to address security and stability issues. This is a security update. Use Help, Check for Updates to obtain the current version.
http://www.mozilla.com/en-US/firefox/

SeaMonkey 2.0.12 corrects security and stability issues. This is a security update. Use Help, Check for Updates to obtain the current version.
http://www.seamonkey-project.org/releases/

HTTrack 3.44.1 fixes an important reliability bug, correcting problems with corrupted downloads when performing an update. This is not a security update.
http://www.httrack.com/page/2/en/index.html

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 3.1.9 (and 3.1.8) were released this week to address security and stability issues. This is a security udpate. Use Help, Check for Updates to obtain the current version.
http://www.mozillamessaging.com/en-US/thunderbird/

OutlookAttachView 1.60 adds command-line support and reduces memory footprint. This is not a security update.
http://www.nirsoft.net/utils/outlook_attachment.html

Internet Updates

One or more of these are likely to be of interest to everyone.

WinSCP 4.3.2 corrects a number of bugs, upgrades SSL libraries and improves session security. This should be treated as a security update.
http://winscp.net/eng/index.php

Codec Updates

One or more of these are likely to be of interest to everyone.

Win7 Codec Package 2.7.6 updates included codecs. To install the update, you must uninstall and reinstall the application.
http://shark007.net/win7codecs.html

Win x64 Codec Support 2.8.0 updates included codecs. This update applies only to 64-bit computers, and requires either the Win7 Codec Package or the Windows Vista Codec package.
http://shark007.net/x64components.html

Media Updates

These are unlikely to be of interest to most people.

iTunes 10.2 corrects a number of image, media and input parsing vulnerabilities. This is a security update. Use the Apple Updater to install the most current version.
http://www.apple.com/itunes/

CDBurnerXP 4.3.8.2523 provides better support for video DVDs, power saving controls and compatibility defaults. This is not a security update.
http://cdburnerxp.se/

MPC HC x64 1.5.1.2903 updates included libraries and corrects a hardware incompatibility with the Sandy Bridge processor. This is not a security update.
http://sourceforge.net/projects/mpc-hc/

Office Updates

One or more of these are likely to be of interest to most people.

Inkscape 0.48.1 corrects several regressions, improvements in performance, stability and various tool functions. This should be treated as a security update.
http://www.inkscape.org/

Paint.net 3.5.8 fixes stability issues and multiple crash bugs. This is not a security update.
http://www.getpaint.net/

Security Software Updates

One or more of these is likely to be of interest to most people.

Avast! Home Edition 6.0.1000 is a new major release, incorporating “auto sandbox” to minimize threats from unknown programs, web reputation ratings, safezones, script shield, site blocking, factory settings reset, behavior shield improvements and fixes to USB safe removal and Outlook integration. This version also incorporates the voice of a local Murphys resident (and employee at mlode). This is a security update. If you’re using a previous version of Avast!, download the current build below and install.
http://www.avast.com/free-antivirus-download

Capture Updates

These are unlikely to be of interest to most people.

Fraps 3.3.1 adds full Win7 SP1 support, an option to capture only external audio, and several minor bugfixes. This is not a security update.
http://www.fraps.com/

SiteShoter 1.41 adds a new command line option for improved automation. This is not a security update.
http://www.nirsoft.net/utils/web_site_screenshot.html

Education updates

One or more of these are likely to be of interest to most people.

Kodu 1.0.111.0 integrates now world-sharing options for interacting with the Kodu development community. Also corrects several bugs related to network storage, and tutorial improvements. This is not a security update.
http://community.research.microsoft.com/blogs/kodu/default.aspx

Utility Updates

These are unlikely to be of interest to most people.

CCleaner 3.04.1389 adds support for Win7 SP1, improved Safari, Chrome, and Opera support, as well as a number of additional detections and cleaning controls. This also corrects several minor bugs and improves file detection security. This should be treated as a security update.
http://www.piriform.com/ccleaner

DriveLetterView 1.01 adds “Open Device in RegEdit” option. This is not a security update.
http://www.nirsoft.net/utils/drive_letter_view.html

Goodsync & Goodsync2Go 8.6.5.5 corrects issues with Folder Connect, scripting, and HTTP storage. This is not a security update.
https://12pd.com/click?goodsync

NirCmd 2.50 adds additional volume controls (including app-dependent volume control!) as well as audio device details. Fixes a bug in tray timeout. This is not a security update.
http://www.nirsoft.net/utils/nircmd.html

Speccy 1.09.231 adds Win7 SP1 support, fan speed support, voltages, shaders, hotfix detection, battery stability detection, support for multiple NICs, improved RAM, socket, peripheral and video detection. This is not a security update.
http://www.piriform.com/speccy

USBDeview 1.87 adds Device ID Instance column. This is not a security update.
http://www.nirsoft.net/utils/usb_devices_view.html

Developer Updates

These are unlikely to be of interest to most people.

TortoiseSVN 1.6.13 updates dependencies and increases load retries for TBlame. This is not a security update.
http://tortoisesvn.net/downloads

SQLiteSpy 1.9.0 updates SQLite engine. Adds support for loadable extensions. This is not a security update.
http://www.yunqa.de/delphi/doku.php/products/sqlitespy/index

CogTool 1.1.5 simplifies installation and use on Windows machine, especially for 64-bit support. This should be treated as a security update.
http://cogtool.hcii.cs.cmu.edu/

Web Package Updates

These are likely to be of interest only to web developers.

WordPress 3.1 makes over 800 changes to the WordPress engine, including hundreds of bug fixes, ranging from stability and scalability fixes to security. This is a security update. 3.1 is a major update, so while it is essential you update for the added security, there may be changes that effect compatibility with various plugins and themes. After updating, please check functionality exposed by plugins and themes to ensure there are no conflicts (unfortunately, there are likely to be many).
http://wordpress.org/download/

BuddyPress 1.2.8 adds compatibility to WordPress 3.1 and a new option to use either the WP admin bar or the BP BuddyBar. This is not a security update, but upgrading is required if using WordPress 3.1.
http://buddypress.org/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2010-09-05

Posted on September 5, 2010 by Shawn K. Hall

Hey folks!

Microsoft has released a registry changeset that enables Windows PC’s to alter the search order for DLL’s, eliminating the current working directory from the search path. This will very effectively eliminate the vast majority of the vulnerabilities that might be exploited from the current series of errant DLL calls in popular applications. While this specific issue has been known for over a decade, it is only recently that this mehodology has been widely exploited. Using the registry changes at the link below CAN break existing applications, so MAKE A BACKUP! However, the altered behavior really is how DLL’s have been used in most applications for years, so it is unlikely that it will negatively affect your computing environment. Use the “Fix It” at the link below to install or change this behavior.
http://support.microsoft.com/kb/2264107

MacBook firmware corrects freeze and crash issues. This is not a security update. Use the Apple Updater to install this update.

iWork 9.0.4 fixes several issues, particularly within table formatting and certain other layout issues. This is not a security update. Use the Apple Updater to install this update.

Adobe Shockwave 11.5.8.612 is a security update. If you have Shockwave installed (and you probably do), please update ASAP. This is a security update. Be sure to UNCHECK any optional toolbars and addons both during download AND during installation.
http://get.adobe.com/shockwave

Silverlight 4.0.50826.0 corrects several stability and performance issues, and a potential security vulnerability when used through RDP. This is a security update. You’ll need to close ALL browsers before installing the update.
http://www.microsoft.com/getsilverlight/

Time Lost is Never Recovered

I’ve been using a password management tool for about a year now that I truly doubt I could live without. When I initially learned of Roboform, I was very hesitant to even give it a chance. After all, I already have all my passwords recorded, painstakingly, and extremely well organized. And this didn’t allow me to add other information to the records that I might someday need (like the specific email address tied to an account). Nevertheless, I gave it a chance, just in case it really did make my web working any faster. You should too.

I now have over 400 logins stored within Roboform. Website management is greatly eased – instead of having to retype my username (if I can remember it) and password, I’m now using completely (and I mean COMPLETELY) random passwords generated by Roboform, storing the passwords in an encrypted vault and in a free backup online. I can login to any of these sites with literally one click. If I don’t remember the URL for one of the sites I need to access, that information is stored within the ‘login’, as are any other ‘notes’ you wish to include as well.

You can also add other details, contacts, notes, bookmarks, identity profiles and more – all within the same interface. If you are filling out a form online (such as creating an account on a site), it’ll actually prompt you to save the information. The next time you’re back to the site it provides direct access to the stored login you created minutes, or even years before. Click it, you’re logged in. Whew.

That’s all cool, but what if you’re one of us that uses multiple computers and devices. Great! Roboform is cross-platform, works in most browsers (Internet Explorer, Firefox, Chrome and others), works on most mobiles (iPhone, BlackBerry, Windows Mobile, Android and more), and directly within any web browser that supports JavaScript. Yes, seriously. Did I mention it actually synchronizes the data between each device for you? Talk about a time saver!

Check it out!
https://12pd.com/click?roboform

Yes, there is a free version – and it supports up to ten logins. If you need more than that, the full version is on sale this holiday weekend.

Important Notes

Driver Updates

If you’re using this hardware – these updates are for you.

ATI Catalyst 10.8 adds OpenGL ES 2.0 support, and other performance improvements. This is not a security update.
http://game.amd.com/us-en/drivers_catalyst.aspx

MS IntelliPoint 8.0.225.0 (MS mouse drivers) is a major version update, but with little along the details. Due to timing, I expect this to be a security update related to the DLL hijacking issues seen prominently today. Treat as a security update.
http://www.microsoft.com/hardware/download/download.aspx?category=MK

MS IntelliType 8.0.225.0 (MS keyboard drivers) is a major version update. Like IntelliPoint, I expect this to be a security update related to the DLL hijacking issues. Treat as a security update.
http://www.microsoft.com/hardware/download/download.aspx?category=MK

Email Updates

One or more of these are likely to be of interest to everyone.

Redemption 5.0.0.2174 adds 64-bit support, and a dozen other nifty developer capabilities, such as an onProgress event and account ordering. This is not a security update.
http://www.dimastr.com/redemption/

Internet Updates

One or more of these are likely to be of interest to everyone.

uTorrent 2.0.4 fixes a DLL hijack exploit, peer exchange exploit, WebUI security issues, adds grouping, and other cosmetic changes. This is a security update.
http://www.utorrent.com/downloads

Google Earth 5.2 improves embeddable functionality, adds track, multitrack functions, elevation profiles and improves file import capabilities. This is not a security update.
http://earth.google.com/

Codec Updates

One or more of these are likely to be of interest to everyone.

Win x64 Codec Support 2.6.6 updates included codecs and corrects several bugs. This is likely a fix related to the popular DLL injection security issues going on, so should be treated as a security update. This applies only to 64-bit computers, and requires either the Win7 Codec Package or the Windows Vista Codec package.
http://shark007.net/x64components.html

Win7 Codec Package 2.6.2 updates included codecs and corrects several bugs. This is likely a fix related to the popular DLL injection security issues going on, so should be treated as a security update. To install the update, you must uninstall and reinstall the application.
http://shark007.net/win7codecs.html

Media Updates

These are unlikely to be of interest to most people.

iTunes 10.0 is a major version release, and adds several long-awaited features, including Win7 taskbar support (about time!), album grouping, and native media key support. Finally, these features offered in competing products for the last decade grace the “cosmetically” superior iTunes interface. This is a security update. Use the Apple Updater to obtain and install the most recent version.

ImgBurn 2.5.2.0 adds dozens of new features, performance, reliability and cosmetic improvements, including the removal of the ‘forced’ Uniblue marketing, and a couple potential security vulnerabilities. This is a security update.
http://imgburn.com/index.php?act=download

VLC Media Player 1.1.4 fixes the DLL security issue facing many applications today. This is a security update.
http://www.videolan.org/vlc/download-windows.html

Google Sketchup 8.0 adds geo-location modeling, color terrain maps, photo-matching, and a Building Maker plugin that helps speed the process of modeling buildings. This is not a security update.
http://www.sketchup.com/

Security Software Updates

One or more of these is likely to be of interest to most people.

SuperAntiSpyware 4.42.1000 resolves a compatibility issue with McAfee, updates detection libraries. This is not a security update.
http://www.superantispyware.com/download.html

Utility Updates

These are unlikely to be of interest to most people.

CCleaner 2.35.1223 adds session cleaning, additional browser variants and newer applications, improves include/exclude, startup functionality, and accuracy, as well as other minor changes. This is not a security update.
http://www.piriform.com/ccleaner

Speccy 1.04.173 adds 64-bit support, multiple-user installation option, improved version detection and better stability on Win7. This is not a security update.
http://www.piriform.com/speccy

Goodsync & Goodsync2Go 8.3.3.3 adds several options to facilitate cleanup of the archive data, corrects multiple crash bugs, improves performance and adds several additional tracking options. This is not a security update.
http://www.goodsync.com/download/affs/goodsync-x12pd.exe

GPU-Z 0.4.6 corrects temperature detection, broken BIOS parsing and improves support for various hardware. This is not a security update.
http://www.techpowerup.com/downloads/SysInfo/GPU-Z/

Web Package Updates

These are likely to be of interest only to web developers.

phpMyAdmin 3.3.6 corrects several minor bugs. This is not a security update.
http://www.phpmyadmin.net/home_page/news.php
That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2010-03-31

Posted on March 31, 2010 by Shawn K. Hall

Hey folks!

Before I begin this time I’d like to take a moment to point out the prescient Dilbert comic from Monday. This Tuesday there were more updates released in any single day, throughout the day, than since last Fall. Many, unfortunately, will require reboots.
http://www.dilbert.com/strips/comic/2010-03-29

Microsoft has released an out-of-cycle security update for Internet Explorer. One of the vulnerabilities it corrects is actively being exploited against IE6 and IE7, though this includes updates to IE8 as well. This is a security update. A reboot is required.
http://update.microsoft.com/

Apple has been busy this month:

OSX 10.6.3 and update 2010-002, iPhone Configuration Utility, Final Cut Studio, iMovie, Aperture, Logic Express & Pro, and more than a dozen printer drivers (including a Bounjour Print Services client). This includes several security updates, at least four of which are remotely exploitable and in the wild now. The most common flaw within these vulnerabilities is an overrun within TIFF image processing, which effectively allows an attacker to do anything they like with your Mac if ANY of the flawed applications are installed on your machine, simply by getting you to visit a webpage. This is a security update. Use the “Apple Updater” to get the most recent versions of all affected software. If that doesn’t work (errors are raised during download, for example) use the following link to individually download and install each update (using the Apple Updater as a guide to which downloads are required):
http://support.apple.com/downloads/

iTunes 9.1 and Quicktime 7.6.6 were also released today. These are both security updates. The vulnerabilities can be exploited simply by opening an evil site (or a trusted site with ads on it) within any browser on your computer. Ideally, you should use the Apple Updater, but if that doesn’t work for you (or you didn’t install it), you can obtain the updates at the links below. If you have iTunes installed, use:
http://apple.com/download/itunes
Otherwise, install only the QuickTime update, and ONLY if you already have Quicktime installed:
http://apple.com/download/quicktime

Java Runtime 6u19 adds a couple dozen bugfixes, including “mitigating” (though not exactly eliminating) more than one significant security issue. This is a security update. All users should update ASAP:
http://www.java.com/en/download/installed.jsp?detect=jre&try=1
If you’re using a 64bit machine and use both 32bit and 64bit browsers, you should also install the 64bit version, available here:
http://www.java.com/en/download/manual.jsp

Important Notes

Driver Updates
If you’re using this hardware – these updates are for you.

NVIDIA Forceware 197.13 increases performance and exposed features for several newer games. This is not a security update.
http://www.nvidia.com/Download/index5.aspx?lang=en-us

ATI Catalyst Drivers 10.3 introduces support for various additional hardware and mobility support under Windows 7, as well as optimizations for recent games. This is not a security update.
http://support.amd.com/us/gpudownload/Pages/index.aspx

IntelliPoint 7.1 corrects several bugs and enables repeating macros, configured through custom button assignments. This is not a security update.
http://www.microsoft.com/hardware/download/download.aspx?category=MK

Internet Updates
One or more of these are likely to be of interest to everyone.

Firefox 3.6.2 corrects a half dozen security issues, as well as several other stability bugs. This is a security update. If you have firefox installed, update NOW!
http://www.mozilla.com/en-US/firefox/

Hamachi 2.0.2.84 provides the simplest VPN setup I’ve ever seen. As no changelog is provided, this should be considered a security update.
https://secure.logmein.com/products/hamachi2/

Skype 4.2.0.155 fixes a URL security bug as well as a payment issue. This is a security update.
http://www.skype.com/getconnected/

Safari 4.0.5 is a security and stability release. This is a security update.
http://apple.com/download/safari

Opera 10.51 corrects over 2 dozen bugs in the 10.50 version, including two remotely exploitable security bugs. This is a security update.
http://www.opera.com/browser/

Trillian for Mac 1.0 Build 105: Universal binary and Facebook/XMPP integration! This is not a security update.
http://trillian.im/

Trillian 1.1 for iPhone: Landscape, Facebook Chat, 7-day signout, various filters, UI improvements and more consistent connection preferences pulled from the desktop application. This is not a security update.
Get it from the App Store.

Yahoo! Messenger 10.0.0.1258 corrects several unidentified security bugs. This is a security update.
http://messenger.yahoo.com/

GoodSync 8.1.9 fixes a crash on uninstall, logoff issues, provides the ability to sync on a schedule, network queuing for enterprise distribution, adds a new “Good Explorer” system for navigating the remote structure, batch activations, FTP syncing fixes, SFTP security update, and adds a “Sync on Logoff” feature. This is a security update.
http://www.goodsync.com/download/goodsync.exe

uTorrent 2.0 Build 18620 fixes a minor settings bug. This is not a security update.
http://www.utorrent.com/

FileZilla 3.3.2.1 corrects a half-dozen bugs, including issues with site-specific bookmarks & file-renaming. This is not a security update.
http://filezilla-project.org/download.php?type=client

SmartFTP 4.0.1085.0 fixes several issues in “find” functionality, as well as a remote browser sorting bug. This is not a security update.
http://www.smartftp.com/download/

Miranda 0.8.17 provides two new minor features and several fixes to Gadu-Gadu, MSN Messenger and Jabber protocol handling. This is a security update.
http://www.miranda-im.org/download/

Office Updates
One or more of these are likely to be of interest to most people.

Intuit released a 235mb update to QuickBooks that, among other things, corrects a really annoying PDF printing compatibility issue on 64bit machines, as well as Payroll and Sales Tax bug fixes (if you’ve experienced them, you know exactly what I’m talking about). This is not a security update.
http://support.quickbooks.intuit.com/support/ProductUpdates.aspx

Scribus 1.3.6 adds new scripting functionality, usability improvements and broader color palettes, in addition to much anticipated documentation updates. This is not a security update.
http://www.scribus.net/?q=downloads

Adobe released a security update to Premiere Elements, which should be installed by any Adobe Premier users. This is a security update. Use Help, Check for Updates, or download the updater from the link below:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4653

Security Software Updates
One or more of these is likely to be of interest to most people.

Malwarebytes Anti-Malware 1.45 adds an update scheduler, new flash scan option, web policy blocking, stability and performance improvements, and heuristics engine updates. This is a security update.
http://www.malwarebytes.org/mbam.php

SuperAntiSpyware 4.35.1000 introduces “Rootkit Uncover” to help detect and remove deeply hidden malware, as well as engine updates. This version also incorporates a 32/64 merged installer so if you’re downloading for multiple computers you no longer have to worry about whether it’s the right install package. This is a security update.
http://www.superantispyware.com/superantispywarefreevspro.html
Note that SAS now provides a portable scanner, too, available here:
http://www.superantispyware.com/portablescanner.html

AntiVir Personal 10.0.0.561 is a major update for Avira AntiVir. Several additional features (a “pile” of features according to Avira) are included in this releas, including “generic repair” (which attempts to make additional repairs to a system instead of simply deleting the infected files), ProActiv (behavior tracking), improved installation process, and (for the premium version) extensive parental control features. This is a security update.
http://www.free-av.com/en/download/index.html

Media Updates
These are unlikely to be of interest to most people.

Picasa 3.6 Build 105.56 corrects numerous crash bugs and a couple translation errors. This is not a security update.
http://google.com/picasa/

CDBurnerXP 4.3.0.1977 adds additional functionality, as well as a dozen bugs. This is not a security update.
http://www.cdburnerxp.se/

ImgBurn 2.5.1.0 adds numerous features, and corrects dozens of bugs. This is not a security update.
http://www.imgburn.com/index.php?act=download

Any Video Converter 3.04 incorporates newer codecs and hardware support. This is not a security update.
http://www.any-video-converter.com/

Windows 7 Codec Package 2.4.5 updates several codecs, corrects several MKV handling issues, and fixes a couple interface bugs. This is not a security update.
http://shark007.net/win7codecs.html

Vista Codec Package 5.6.5 updates several codecs and fixes a couple interface bugs. This is not a security update. Note that Vista Codec Package DOES support Windows XP. If you’re having trouble on an older machine getting web or downloaded audio or video to play, try this Codec package!
http://shark007.net/vistacodecpackage.html

Utility Updates
These are unlikely to be of interest to most people.

VirtualBox 3.1.6.59338, the first release since the Oracle buyout of Sun, provides several dozen fixes, including stability and performance changes. This is not a security update.
http://www.virtualbox.org/wiki/Downloads

iPhone Configuration Utility 2.2 and MobileMe Control Panel 1.5.1 both add support for the iPad, as well as correcting other issues, including the TIFF security issue detailed above. If you don’t use these applications, don’t install them. 🙂 This is a security update.
http://support.apple.com/kb/DL926 (iPhone Config)
http://support.apple.com/kb/DL769 (MobileMe CP)

CPU-Z 1.54 provides additional hardware detection support. This is not a security update.
http://www.cpuid.com/cpuz.php

GPU-Z 0.4.0 includes support for newer hardware, as well as correcting a couple minor bugs. This is not a security update.
http://www.techpowerup.com/downloads/1781/TechPowerUp_GPU-Z_v0.4.0.html

CCleaner 2.30.1130 improves performance and reliability for cleaning. This is not a security update.
http://www.piriform.com/ccleaner/download

Microsoft has released updates to several SysInternals tools, including Process Explorer (expands upon the categorical details within each process), VMMap (correcting a mathematical error under 64bit) and DiskView (providing better disk mapping performance). This is not a security update.
http://www.sysinternals.com/

Web Package Updates
These are likely to be of interest only to web developers.

phpMyAdmin 3.3.1 corrects a handful of bugs, primarily related to the recent user interface changes. This is not a security update.
http://www.phpmyadmin.net/home_page/downloads.php

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2009-08-26

Posted on August 26, 2009 by Shawn K. Hall

Hey folks!

Since Windows 7 is finally being released (yay!), expect many hardware manufacturers to launch a huge series of driver updates over the next month or two. I’m already seeing updates for Logitech mice & keyboards, nVidia video cards, and Microsoft input devices (everything from webcams, headsets, mice and keyboards). While normally I encourage driver updates as soon as they’re released, unless you’re a hard-core gamer or are experiencing stability issues with your current hardware, you will probably want to hold off at least until mid-September, as most of those companies releasing updates today will release fixes for those updates again over the course of the next month.

Speaking of Windows 7…I’ve been using it for several months now and am very impressed. The performance issues Vista imposed are gone, and it is a far smoother experience than I would have expected. While there will be some issues that are hard to cope with (currently DQSD isn’t natively supported, nor are several other applications I *require*, like Spambayes and Trillian Astra, Annette “needs” her Zuma to work better than it does now, and the concept of “quick launch” is redesigned, causing a bit of a struggle for many) initially, I think it’s a huge improvement over both Windows XP and Vista, and on better video cards there are plenty of new user-interface improvements that will help task users work faster. This will be an operating system I’m happy to install across my computers again.

One last note: Over the last week I’ve seen another surge in “AVXP” malware infections from some of the “safe” top-ten search results pages in both Google and Bing. Be VERY careful out there right now! If you are browsing a WEB PAGE and a popup tells you that it has discovered “security risks” or other issues with your computer DO NOT install anything! Close the window (it’s safest to use ALT+F4) and perform manual scans with your anti-virus and anti-spyware applications immediately.

Now, onto the updates…

Microsoft released an out of cycle security patch for Windows today, a revision for the existing Autorun patch released several months ago. Microsoft has labeled this a critical update, but if nobody you do not trust has physical access to your computer it is not urgent. This patch minimizes the chances that a device (like a USB-stick, external drive or CD) could be used to execute arbitrary programs on your computer without your knowledge or consent.
http://update.microsoft.com/
For most users this update does not require a reboot, so if your computer was on all night long, it’s probalby already installed.

For Mac users, Apple has released reliability updates for Apple Remote Desktop client and server, an important firmware update for hard drives in MacBook Pro machines, a firmware update for Bluetooth for several Apple input devices, and a feature update for iPhoto. Most of these can be accessed through Apple Update, or through:
http://support.apple.com/downloads/

Sun Microsystems is currently testing a release for Java version 6u16. Among other things, this includes several security patches for the sandboxing feature intruduced earlier this year. While it is not currently being pushed, it will probably happen in the next few days, in your computer tray with the orange icon.
http://www.java.com/en/download/installed.jsp?detect=jre&try=1
Don’t forget to UNCHECK the crapware options during installation!

Mozilla released Thunderbird 2.0.0.23 this week, correcting a security issue that applied only to secure email. Oops. If you use Thunderbird, this is a very important update.
http://www.mozillamessaging.com/en-US/thunderbird/

Google released Chrome 2.0.172.43 today, which has several security updates, most importantly with the Javascript engine and SSL parser. The existing vulnerabilities could have been used to forge content as though it were coming from another domain through a secure connection or execute arbitrary javascript with the rights of the current logged in user, both of which are considered critical. If you are using Chrome already, it should update itself the next time you open it, or you can get the most current version here:
http://chrome.google.com/

CDBurnerXP 4.2.5.1490 was released last week, providing automatic-updates, overburning, and stability improvements. If you’re using CDBXP, get this update!
http://cdburnerxp.se/

I released Syncaid 1.0.0.48 over the weekend. This version has several new features, including clipboard parsing, extended logging, filetype assertion, and an option (overwrite=0) to check for an existing download of the target name and bypass downloading a new version if it’s found. This feature is especially useful if you use FileHippo, since it can now be used to create a cached directory of installation packages.
https://saferpc.info/syncaid/
Another new feature expected to be implemented before Patch Tuesday is FileHippo category parsing – which will be able to sync an entire category of packages from FileHippo (such as “browsers” or “developer tools”), and avoid duplicate downloads for existing versions, saving time and bandwidth. For a sample Synfig builder for this, check out:
https://saferpc.info/syncaid/filehippo.asp
Create the Synfig, copy it, then run Syncaid without an associated INI file – it’ll run the Synfig directly from the clipboard.

FileZilla FTP 3.2.7 and 3.2.7.1 have been released this week, providing stability improvements, and better TLS support. If you’re using FileZilla, you’ll want to get the update:
http://filezilla-project.org/

Defraggler 1.13 was released Monday, as a reliability update which claims to increase performance as well. If you’re using Defraggler, or are looking for a fast and effective defragmentation application, look no further than Defraggler:
http://www.defraggler.com/

For developers:

TortoiseSVN 1.6.5.16974, a bugfix release that greatly improves stability, was released yesterday. So far it’s resolved several of the huge performance issues I had been having when navigating a local SVN repository – so I would definitely consider this an important update. If you’re using SVN, this is a must:
http://tortoisesvn.tigris.org/

VMware released a security update to the VMware Player to version 2.5.3-185404, and also includes better support for Ubuntu as a guest and new support for Ubuntu as a host OS. Better stability on ATI graphics cards, better mouse event handling (preventing a security vulnerability related to drag & drop operations from host to guest). If you’re using the VMware Player, get the update:
http://www.vmware.com/download/player/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/