Welcome back, Folks!
Today is Patch Tuesday for April, 2022.
It’s another big one. Sprinkle a little disaster and angst on a world war, give script kiddies a megaphone and encourage them to hack strangers and you end up with the perfect storm of malice.
This Month in Technology
2FA/MFA implementations, Advanced Medical Practice Management, Alacrity Solutions Group, LLC, Alberta vaccine passport system, American Express, ASUS routers, Atlassian, Ballad Health, a large banking platform, Bank of Ireland, Bernards Township School District, Bet9ja, Black River Falls School District, Bradley Airport, Bridgestone Americas, CafePress, Caisse nationale d’assurance maladie, Cancer and Hematology Centers of Western Michigan, Capital Region Medical Center, Cash App, CDEK, Central Indiana Orthopedics, Central Minnesota Mental Health Center, Central Vermont Eye Care, Charleston Area Medical Center, Inc., Chelan Douglas Health District, Christie Clinic, Clinic of North Texas, LLP, Colorado Physician Partners, PLLC, Creative Services Inc, Cytometry Specialists, Denso, Dialyze Direct, LLC, Doctors Me, Duncan Regional Hospital, East Tennessee Children’s Hospital, East Windsor Township, Electoral Services Department of Wandsworth Council, EMC National Life Insurance, Emma Sleep Company, Englewood Health, Ermenegildo Zegna, Finland Department of Defense, Fox, Gainwell Technologies, LLC, GitLab, Globant, hundreds of GoDaddy’s Managed WordPress sites, Google Chrome (over 40 security vulnerabilities fixed in the last month), Grand Coloane Resort, H.P. Hood Dairy, Harris County Jail, Hellenic Post, Highmark Inc, Honda and Acura cars, Horizon Actuarial Services LLC, hundreds of HP printer models, HubSpot, Iberdrola, Isle of Wight EV chargers, Israeli government, Jefferson Dental and Orthodontics, l’Assurance, Labette Health, Law Enforcement Health Benefits, Inc., Local 295 IBT Employer Group Welfare Fund, Lutheran Social Services of Illinois, MailChimp, Major League Baseball Players Benefit Plan, Mansfield company, Medical Surgical Eye Care, Mercado Libre, Microsoft, MikroTik routers, Miratorg Agribusiness Holding, MN District 518, Morgan Stanley Wealth Management, National Rifle Association, New Jersey Brain and Spine, New York City public schools, Nordex, Northern Ireland TrustFord, Norwood Clinic, Okta (though they initially claimed otherwise, then backtracked), Palo Alto Networks, Palo Alto Networks hardware, Parker Hannifin Corp, Partnership HealthPlan of California, PhySynergy, LLC, PressReader, QNAP, Ronin, Rosaviatsia, Roskomnadzor, Rostec, Royal Enfield, Russia’s Federal Security Service (FSB), Russian Lipetsk Mechanical Plant, Russian Orthodox Church, Samsung Electronics, Scottish Association for Mental Health, Scottish Power, Sea Mar Community Health Center, Shutterfly, Snap-On, Sophos Security, South Denver Cardiology Associates, Spokane Regional Health District, Spring Framework for Java, SummaCare, SuperCare, Taylor Regional Hospital, Tennessee Pediatric Hospital, Texas Department of Insurance, The Works, Thomas Allen, Inc., Toei, Toyota, Transneft, TransUnion, Travelio, Trend Micro Apex Central, Trezor, Trinity Home Care, Inc., Ubisoft, Ukrainian IT Army, Ukrtelecom, Valley View Hospital Association, Veeam products, Viasat modems, Virginia Mason Medical Center, Vodafone, WatchGuard, Western Digital My Cloud, Wheeling Health Right Inc, Wynn Palace, Wyze Cam, ZAP-Hosting, and Zyxel hardware were hacked or compromised this month.
Now for the good news:
Internet Explorer is finally going to be going away in only two months. While this will eliminate a program that nobody should be using, it will have some side-effects for businesses that rely on Active-X objects. Still, net win.
Let’s Get Busy
Now back to our regularly scheduled program.
Patch Tuesday this month is smaller than it has been in months. The typical computer should see roughly 2.7 GB in updates today. Let’s get started.
Microsoft released updates for .NET Framework, Active Directory Domain Services, Azure SDK, Azure Site Recovery, LDAP, Microsoft Bluetooth Driver, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft Local Security Authority Server, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Windows ALPC, Microsoft Windows Codecs Library, Microsoft Windows Media Foundation, Power BI, Role: DNS Server, Role: Windows Hyper-V, Skype for Business, Visual Studio, Visual Studio Code, Windows Ancillary Function Driver for WinSock, Windows App Store, Windows AppX Package Manager, Windows Cluster Client Failover, Windows Cluster Shared Volume, Windows Common Log File System Driver, Windows Defender, Windows DWM Core Library, Windows Endpoint Configuration Manager, Windows Fax Compose Form, Windows Feedback Hub, Windows File Explorer, Windows File Server, Windows Installer, Windows iSCSI Target Service, Windows Kerberos, Windows Kernel, Windows Local Security Authority Subsystem Service, Windows Media, Windows Network File System, Windows PowerShell, Windows Print Spooler Components, Windows RDP, Windows Remote Procedure Call Runtime, Windows schannel, Windows SMB, Windows Telephony Server, Windows Upgrade Assistant, Windows User Profile Service, Windows Win32K, Windows Work Folder Service, YARP reverse proxy and MSRT (~2 GB). This includes security updates. A reboot is required.
Apple released updates for iOS 15.4.1, iPadOS 15.4.1, macOS Big Sur 11.6.5, macOS Monterey 12.3.1, Security Update 2022-003 Catalina, GarageBand 10.4.6, iTunes 12.12.3 for Windows, Logic Pro X 10.7.3, tvOS 15.4, watchOS 8.5.1, Xcode 13.3. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.
iOS 15.4.1 is a security update. Use Settings, General, Software Update to install the most current update.
iPadOS 15.4.1 is a security update. Use Settings, General, Software Update to install the most current update.
tvOS 15.4 is a security update. Use System, Software Update to install the most current version.
watchOS 8.5.1 are security updates. Use the Watch app on your iPhone to install the most current version.
Google Chrome OS 100.0.4896.82 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.
Important Notes
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.
The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every year and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 6 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com
Driver Updates
If you’re using this hardware – these updates are for you.
Hundreds of HP printer models have new firmware security updates or advise disabling the LLMNR protocol. While you’re there consider disabling IPv6, WSD, DHCPv6, as well as SLP unless you’re in a corporate environment, and Bonjour unless you need to print from Apple mobile devices.
https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780
Drivers by Seagull 2022.1 adds support for over 190 new printer models, improves GUI for Driver Wizard and resolves a bug with the GS1 Datamatrix AI 11. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/
Browser Updates
One or more of these are likely to be of interest to everyone.
Brave 1.37.113 is a security update.
https://brave.com/
Google Chrome 100.0.4896.88 is a security update.
https://www.google.com/chrome/
Microsoft Edge 100.0.1185.39 is a security update.
https://www.microsoft.com/en-us/edge/business/download
Firefox 99.0.1 is a security update.
https://www.mozilla.org/en-US/firefox/new/
Firefox ESR 91.8.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/
SeaMonkey 2.53.11.1 is a security update.
https://www.seamonkey-project.org/
Vivaldi 5.2.2623.33 is a security update.
https://vivaldi.com/
Email Updates
One or more of these are likely to be of interest to everyone.
Mailspring 1.10.2 is a security update.
https://getmailspring.com/
Thunderbird 91.8.0 is a security update.
https://www.thunderbird.net/en-US/
NK2Edit 3.43 adds an option to copy the contents of the selected cell. This is not a security update.
https://www.nirsoft.net/utils/outlook_nk2_edit.html
Internet Updates
One or more of these are likely to be of interest to everyone.
AnyDesk 7.0.7 resolves several bugs, and improves reliability. This is not a security update.
https://anydesk.com/en/downloads
AnyDesk for macOS 6.5.0 adds permission profiles and resolves a layout bug. This is the last version to support EOL macOS versions. This is not a security update.
https://anydesk.com/en/downloads
Dropbox 145.4.4921 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/
FileZilla Client 3.59.0 updates libraries. This is a security update.
https://filezilla-project.org/
Google Drive 56.0 resolves several bugs. This is not a security update.
https://drive.google.com/start
Nextcloud Server 23.0.3 updates libraries and resolves dozens of bugs. This should be treated as a security update.
https://nextcloud.com/
ownCloud Client 2.10.1.7187 resolves many bugs. This is not a security update.
https://owncloud.com/desktop-app/
Prosody 0.12.0 resolves several bugs and improves security defaults. This should be treated as a security update.
https://prosody.im/download/start
Rclone 1.58.0 adds several new backends and resolves dozens of bugs. This is a security update.
https://rclone.org/
Skype 8.82.0.403 resolves several bugs and makes cosmetic improvements. This is not a security update.
https://www.skype.com/
Syncthing 1.19.2 updates error messaging. This is not a security update.
https://syncthing.net/
Technitium DNS Server 8.0.2 is a major update adding several new features, updates libraries and apps, and resolves several bugs. This is not a security update.
https://technitium.com/dns/
Telegram 3.6.1 resolves several bugs. This is not a security update.
https://telegram.org/
Trillian Mac 6.5.0.11 adds native support for M1, new emoji and history features, and resolves many bugs. This is not a security update.
https://www.trillian.im/
WGet 1.21.3 updates libraries. This is a security update.
https://eternallybored.org/misc/wget/
Zoom 5.10.1.4420 is a security update.
https://zoom.us/
Media Updates
These are unlikely to be of interest to most people.
FastStone Viewer 7.6 adds several new display controls and improves performance. This is not a security update.
https://www.faststone.org/FSViewerDetail.htm
Plex Desktop 1.43.3.2951 improves stability. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app
Plex Home Theater 1.14.0.2935 adds a couple new features and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app
Plex Media Server 1.25.9.5721 updates scanning behavior, adds support for plexmatch files, and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server
Game Updates
These are unlikely to be of interest to most people.
Epic Games 14.0.3 resolves several bugs. This is not a security update.
https://www.epicgames.com/
GameMaker Studio 2022.3.0.625 makes cosmetic and localization changes, adds several new features, and resolves dozens of bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker
Nintendo Switch 14.1.0 adds PPN. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989
PS5 22.01-05.00.00 provides many changes to the user interface and nomenclature. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/
RetroPie 4.8 updates libraries and apps. This is not a security update.
https://retropie.org.uk/
Steam 2022.03.16 resolves cosmetic issues. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0
Office Updates
One or more of these are likely to be of interest to most people.
Adobe Commerce 2.3.7-p3, 2.4.3-p2, and 2.4.4 are security updates.
https://helpx.adobe.com/security/products/magento/apsb22-13.html
Adobe Acrobat and Reader 22.001.20117, 22.001.20112, 20.005.30334, 20.005.30331, 17.012.30229, and 17.012.30227 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb22-16.html
Adobe After Effects 22.3 and 18.4.6 are security updates.
https://helpx.adobe.com/security/products/after_effects/apsb22-19.html
Adobe Photoshop 22.5.7 and 23.3 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb22-20.html
Blender 3.1 vastly improves performance and adds several new features and controls. This is not a security update.
https://www.blender.org/download/
Calibre 5.40.0 adds new features, news sources, and resolves several bugs. This is not a security update.
https://calibre-ebook.com/
IcoFX 3.7.1 resolves several bugs. This is not a security update.
https://icofx.ro/
Kindle for PC 1.35.64251 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc
LibreOffice Still 7.2.6 resolves over 50 bugs. This is not a security update.
https://www.libreoffice.org/
LibreOffice Fresh 7.3.2 resolves over 70 bugs, including stability and crash bugs. This should be treated as a security update. The “Fresh” line is beta software so should be avoided by most users.
https://www.libreoffice.org/
Nextcloud Desktop 3.4.4 resolves several bugs. This should be treated as a security update.
https://nextcloud.com/
Notepad++ 8.3.3 resolves a crash bug. This is not a security update.
https://notepad-plus-plus.org/
Paint.net 4.3.10 resolves a resize bug. This is not a security update.
https://www.getpaint.net/
PDF-XChange Editor 9.3.360.0 resolves several bugs. This is not a security update.
https://www.tracker-software.com/product/pdf-xchange-editor
Security Software Updates
One or more of these is likely to be of interest to most people.
Chainsaw 1.1.7 resolves several bugs. This is not a security update.
https://github.com/countercept/chainsaw
MalwareBytes Anti-Malware 4.5.7 is a security update.
https://www.malwarebytes.org/antimalware/
OpenSSL 3.0.2 is a security update.
https://curl.se/windows/
OSFClone 1.3.1001 updates operating system. This is not a security update.
https://www.osforensics.com/tools/create-disk-images.html
Tails 4.29 is a security update.
https://tails.boum.org/install/dvd/index.en.html
uBlock Origin 1.42.4 improves reliability. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest
VT-CLI 0.10.1 improves organization. This is not a security update.
https://github.com/VirusTotal/vt-cli/releases/latest
YARA 4.2.0 updates syntax and resolves several bugs. This is a security update.
https://github.com/countercept/chainsaw
Zorin OS 16.1 updates libraries, apps, improves hardware support, and performance. This is not a security update.
https://zorin.com/os/mirrors/
Capture Updates
These are unlikely to be of interest to most people.
Elgato Game Capture HD (macOS) 2.11.14 improves Twitch API support. This is not a security update.
https://help.elgato.com/hc/en-us/articles/360027963512
Open Broadcaster Software 27.2.4 resolves several bugs. This is not a security update.
https://obsproject.com/
Converter Updates
These are unlikely to be of interest to most people.
DVDFab 12.0.6.9 adds support for new encodings.
https://www.dvdfab.cn/download.htm
PDF Creator 4.4.2 resolves several bugs. This is not a security update.
https://www.pdfforge.org/pdfcreator
Education updates
One or more of these are likely to be of interest to most people.
Zotero 6.0.4 is a major update that adds several new features and resolves two dozen bugs. This is not a security update.
https://www.zotero.org/
Utility Updates
These are unlikely to be of interest to most people.
1Password for Mac 7.9.4 resolves several bugs and improves performance. This is a security update.
https://1password.com/downloads/mac/
Agent Ransack 2022.3314 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/
Beyond Compare 4.4.2.26348 improves command line support. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4
Bitwarden 1.32.1 updates Safari extension and resolves several bugs. This is not a security update.
https://bitwarden.com/
Dell Command Update 4.5 improves startup and SRP performance and adds deferral, session management, and WER handling. This is not a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en
DesktopOK 9.81 improves dark theme. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK
DevManView 1.76 adds new quick filter option. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html
dnGrep 3.0.42.0 improves regular expressions and boolean testing and resolves several bugs. This is not a security update.
https://dngrep.github.io/
dupeGuru 4.2.1 resolves several bugs and updates libraries. This should be treated as a security update.
https://dupeguru.voltaicideas.net/
Etcher 1.7.8 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/
FileLocator Pro 2022.3314 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download
GoodSync 11.10.8 resolves dozens of bugs. This is a security update.
https://www.goodsync.com/
NTLite 2.3.4.8658 adds YubiKey compatibility, upgrades components and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/
PowerToys 0.57.2 resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest
Recuva 1.53.2078 improves licensing controls. This is not a security update.
https://www.ccleaner.com/recuva
RoboForm 9.2.5 is a security update.
https://www.roboform.com/
Rufus 3.18 is a security update.
https://rufus.ie/en_US/
ScreenConnect 22.3.7487.8130 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download
SearchMyFiles 3.17 adds folder background context option. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html
SimpleWMIView 1.51 updates the /columns command line switch behavior. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html
Ookla Speedtest CLI 1.1.1 doesn’t provide a changelog so should be treated as a security update.
https://www.speedtest.net/apps/cli
TeamViewer 15.28.9 resolves a reliability bug. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/
Unity 2021.3.0 resolves many bugs and updates libraries. This is not a security update.
https://unity3d.com/get-unity/download/archive
USBDeview 3.03 improves compatibility. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html
Wazuh Agent 4.2.6 updates Kibana plugin and Splunk app and resolves a bug. This is a security update.
https://wazuh.com/start/
WifiInfoView 2.76 resolves a marking bug. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html
Developer Updates
These are unlikely to be of interest to most people.
ADB 33.0.1 resolves several bugs. This is not a security update.
https://developer.android.com/studio/releases/platform-tools
Docker Desktop 4.7.0 is a security update.
https://www.docker.com/products/docker-desktop
GitHub Desktop 2.9.12 adds support for Brackets Editor, JetBrains RubyMine, JetBrains GoLand, and Android Studio, and resolves several bugs. This is not a security update.
https://desktop.github.com/
Godot 3.4.4 resolves several bugs. This is not a security update.
https://godotengine.org/
Node.js 12.22.12 is a security update. This is the final release of the 12.x line.
https://nodejs.org/en/
Node.js 14.19.1 is a security update.
https://nodejs.org/en/
Node.js 16.14.2 is a security update.
https://nodejs.org/en/
Node.js 17.9.0 is a security update.
https://nodejs.org/en/
SQLite 3.38.2 resolves several bugs, improves compatibility and CLI support. This is not a security update.
https://www.sqlite.org/download.html
TortoiseSVN 1.14.3 resolves several bugs. This is not a security update.
https://tortoisesvn.net/downloads.html
Visual Studio Code 1.66.1 updates libraries and resolves several bugs. This is not a security update.
https://code.visualstudio.com/
Web Package Updates
These are likely to be of interest only to web developers.
Coppermine Gallery 1.6.18 improves compatibility. This is not a security update.
https://coppermine-gallery.net/
Drupal 9.3.9 is a security update.
https://drupal.org/download
Joomla 4.1.2 is a security update.
https://www.joomla.org/
MailEnable 10.39 resolves several bugs and improves security defaults. This is a security update.
https://www.mailenable.com/
WordPress 5.9.3 resolves several bugs. This is not a security update.
https://wordpress.org/
Autoptimize 3.0.2 improves stability. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/
BuddyPress 10.2.0 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/buddypress/
Slider Revolution 6.5.19 resolves a couple bugs. This is not a security update.
https://revolution.themepunch.com/
WooCommerce 6.3.1 is a security update.
https://wordpress.org/extend/plugins/woocommerce/
WPBakery 6.9.0 improves compatibility and resolves several bugs. This is not a security update.
https://wpbakery.com/
That’s all for now folks. Keep it clean out there. 😉
Regards,
Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/