Updates 2011-06-14

Patch Tuesday has arrived, and it’s a big one, folks.

Microsoft has released between 14 and 23 updates (depending on your configuration) for Windows, .NET, Internet Explorer, MS Office, Excel, PowerPoint, SQL Server, MSDE, SSMSE, InfoPath, Visual Studio, MSRT, Windows Update, Microsoft Update, WSUS, and Windows Mail. This includes security updates. A reboot is required.
Also note that IE9 is now rated “important” and will be pushed to many users automatically when you install updates. You can unselect it as an option through the custom configuration, but it does add newer security features so should be installed by anyone on Vista and Windows 7. There are a few changes you can make to the new default options to make it more consistent with previous versions.

Apple released updates to OSX, AirPort, iTunes, Logic Express, Logic Pro, and ProKit. This includes security updates. A reboot is not required. Use the Apple Updater to get the most recent updates.

Acrobat and Adobe Reader 10.1 is a major update that provides security fixes, feature updates, and major enhancements such as Protected View for Acrobat. A reboot is not required. Use Help, Check for updates to obtain this update. If you have both Acrobat AND Reader, make sure you update BOTH!

Java 6u26 is a security update. If you’re running a 64-bit operating system, be sure to get BOTH the 32-bit and 64-bit Java Runtimes. For 32-bit OS, get only the 32-bit build:

Flash Player, Adobe AIR and Shockwave have all had critical security updates over the last few days. Download each of the following, close all browsers, then install each of the files.

Driver Updates

If you’re using this hardware – these updates are for you.

nVidia 275.33 adds newer hardware support, performance and stability improvements, particularly within the 3D interface. This is not a security update.

Browser Updates

One or more of these are likely to be of interest to everyone.

SeaMonkey 2.1 integrates a settings Sync option, better file management, and a number of other improvements. This is not a security update. Use Help, Check For Updates to get the most recent version.

Internet Updates

One or more of these are likely to be of interest to everyone.

FileZilla 3.5.0 is primarily a bugfix release. This version corrects several OS-dependent behaviors, but also migrates the queue to a more stable (and faster!) back-end, and a couple crash bugs. This is not a security update.

WinSCP 4.3.3 adds IPv6 support, library updates, daylight savings time and timezone improvements, and a number of minor bug fixes. This is not a security update.

Skype 5.1 for Mac and resolves a crash issue related to a network error on the 26th. This is not a security update.

Codec Updates

One or more of these are likely to be of interest to everyone.

Win7 Codec Package 2.8.9 corrects a bug in avi, mpeg and h264 file parsing. To install the update, you must uninstall and reinstall the application.

Media Updates

These are unlikely to be of interest to most people.

iTunes 10.3.1 adds new “iTunes in the Cloud” features: Automatic Downloads – the ability to purchase on one device and have it download/install thru any connection available to other devices registered to your account. This feature works with previous purchases, as long as it is still available within the iTunes store. This version also fixes other bugs. This is a security update. Use the Adobe Updater to install this update. A reboot may be required.

VLC Media Player 1.1.10 is a security update. You should be prompted to update when opening VLC, or use Help, Check for Updates to install this version.

CDBurnerXP reverts an included library to a known stable version. This is not a security update, but is a significant stability improvement.

Office Updates

One or more of these are likely to be of interest to most people.

Notepad++ 5.9.2 corrects a crash bug, a couple other issues, and adds clipboard history and character insertion option. This is not a security update.

Security Software Updates

One or more of these is likely to be of interest to most people.

MalwareBytes’ Anti-Malware 1.51 improves performance, update speed, and corrects several bugs. This is not a security update.

Wireshark 1.6.0 corrects several bugs, improves support for large files, SSL session key export, custom columns, SMB export, as well as a number of added protocols. This is not a security update.

Capture Updates

These are unlikely to be of interest to most people.

Fraps 3.4.5 reduces the memory footprint, increases performance capturing Vista/Win7, and corrects several bugs relating to OpenGL and color scrambling. This is not a security update.

VideoCacheView 1.93 adds an alternate row highlighting scheme. This is not a security update.

Converter Updates

These are unlikely to be of interest to most people.

DVDFab adds additional hardware decoding support, improved profile management, FINALLY adds the ability to disable the folder view that opens automatically in 8+, and corrects a few crash bugs. This is not a security update.

Game Updates

These are unlikely to be of interest to most people.

Minecraft and Minecraft Server 1.6.5 and 1.6.6 correct a number of bugs with physics, blocking, performance, and continuity. Adds mapping, hatches, tall grass, multi-player “nether”, and significantly improved network compression. This is not a security update, but the performance issues were severe, so this should be treated as important.

Utility Updates

These are unlikely to be of interest to most people.

RoboForm and RoboForm2Go 7.3.2 improves Opera/Chrome handling, adds Firefox 5 support and corrects a handful of bugs. This is not a security update.

LogMeIn 4.1.1848 corrects several minor bugs. This is not a security update. Right-click on the LogMeIn icon in your tray and select “Open LogMeIn”, click “About”, then “Check for Updates”. After a few minutes of downloading, the updater will start. You’ll be prompted to click “Update”, approve installation and finally “close” the installer when done.

CCleaner 3.07.1457 improves existing application support, and adds Safari Icon history, Flash Player SOL, Windows Elevated Diagnostics, a number of media players, and improves Chrome, RDP, Recent Documents, Windows Servises and exclusion options. This is not a security update.

Ketarin significantly improves performance, adds header assignment thru a new httpx protocol, infinite custom columns, adds the ability to view more than one search side-by-side, a “wait” option, setup instructions extended significantly, variable-ization of a lot more fields, better handling of {f:*} variables, new urldecode function, and significantly impreoved template management. This is not a security update.

Goodsync and Goodsync2Go adds Mac support, SkyDrive protocol, Amazon Cloud Drive, Amazon S3 striping, and various other improvements. This is not a security update.

Hamachi improves tunneling, especially on poor connections, improves UPnP support, and corrects several bugs. This is not a security update. Use About, Check for Updates to install this update.

NirCmd 2.55 improves savescreenshot support to add dimensions, clipboard and full capabilities. This is not a security update.

Speccy 1.11.256 adds stability and performance updates, and corrects a number of bugs. This is not a security update.

WhatIsHang 1.07 adds WaitForSingleObject processing. This is not a security update.

Developer Updates

These are unlikely to be of interest to most people.

MySQL 5.5.13 corrects a couple dozen bugs, including several memory leaks. This is not a security update.

TortoiseSVN 1.6.16 corrects a memory leak in the shell extension. This is not a security update.

Web Package Updates

These are likely to be of interest only to web developers.

WordPress 3.1.3 provides more than a dozen changes, including 7 security fixes. This update is especially important if you allow user content on your site, as previous versions did not properly sanitize input. This is a security update.

BuddyStream 2.0.5 is a core update. This is not a security update.

phpMyAdmin 3.4.2 improves stability and corects a number of minor bugs — including a version leak. This should be treated as a security update.

That’s all for now folks. Keep it clean out there. 😉


Shawn K. Hall

Updates 2010-01-21

Hey folks!

Microsoft has released an out-of-cycle update for a vulnerable library from Internet Explorer that is used within many other applications (Outlook, Outlook Express, Windows Live Mail, Trillian, Visual Basic, Access, Word, Excel, and many many others) as well as an update to Silverlight. These are both security updates. You should visit Microsoft Update immediately to install them. Depending on what you have open at the time of installation, a reboot may be required.

Apple released security updates for all current versions of OSX as well as updates to Main Stage, Logic Pro, Unitor, Boot Camp, Graphic and Firmware updates, as well as a Firmware restoration CD. This includes security updates. All of them except the restoration CD can be obtained from Apple Update. Download the cd here:
Use the “Apple Updater” to get the most recent versions of all the other affected software.

Java Runtime 6u18 now natively supports Windows 7 and adds several dozen bugfixes. This is a security update. All users should update ASAP:
If you’re using a 64bit machine and use both 32bit and 64bit browsers, you should also install the 64bit version, available here:

Adobe Shockwave Player was released earlier this week. This is a security update.
As with all Adobe products, be sure to uncheck any toolbars, add-ons and other “offers” both during download and during installation.

Adobe Reader 9.3 includes multiple security fixes. This version replaces all previous versions of Adobe Reader. This is a security update. If you have not installed 9.3 yet, you should do so IMMEDIATELY as these vulnerabilities are being exploited by a piece of “broken” malware that has so far brought half a dozen clients computers down completely, and it has been a *major* chore to get them up and running again. If you’re using Adobe Reader 9.x, use “Help, Check for updates” to upgrade to the most current version. If you’re using a version of Adobe Reader prior to 9.x, get Adobe Reader 9.3 here:
As with all Adobe products, be sure to uncheck any toolbars, add-ons and other “offers” both during download and during installation.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates, excepting only the Windows/Apple items. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed. Wherever possible, I try to start each item with the product name followed by the new version number and the severity of the update, in order to facilitate a quick scan through the list to identify applications that apply to you.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Internet Updates
One or more of these are likely to be of interest to everyone.

Trillian for Windows 4.1 adds over a hundred new features, including better Facebook, Twitter and Windows 7 support, clearer notifications and a reintroduction of news feeds. This is not a security update.

Thunderbird 3.0.1 corrects several security and reliability bugs, and also improves the user interface for attachment handling. This is a security update.

Security Software Updates
One or more of these is likely to be of interest to most people.

AVG Free Edition 9.0.730 improves polymorphic detection methods. This is a security update. Download using the link below for NEW 9.x installations, otherwise use the AVG Updater to get the upgrade to the latest version.

Avast! Free Antivirus 5.0.377 improves the antivirus and antispyware engines, adds a code emulator to better detect runtime virus compilation used by many newer malware packages, an heuristics engine, multithreading improvements, behavior shield and new “silent” mode (intended for uninterrupted processing during media and gaming). This is a major update to Avast!. This is a security update. If you already use Avast! you’ll need to download this package to update your installation to the next major version as support for 4.x will be discontinued in the near future.

a-squared Free corrects an issue with the cookie quarantine feature. This is not a security update.

Media Updates
These are unlikely to be of interest to most people.

WinAmp 5.572 adds a dozen fixes primarily aimed at Windows 7 compatibility, though also includes security updates to several incorporated third party libraries. This is a security update.

CDBurnerXP fixes a handful of non-security bugs, and adds return codes to the command-line processor, making automation of the program far more complete. This is not a security update.

Vista Codec Package 5.5.3 updates various codecs. This is not a security update.

Google SketchUp 7.1.6860 adds a variety of compatibility and usability features, including photo textures and better support for large models. This is not a security update.

Utility Updates
These are unlikely to be of interest to most people.

TeraCopy 2.12 adds multimonitor support, event processing and corrects an autostart bug. This is not a security update.

SysInternals tools Desktops, ProcDump, Sigcheck and Diskview, were updated earlier this week. The most significant update corrects reliability issues within the Desktops application for Windows 7 x64 support.

Web Package Updates
These are likely to be of interest only to web developers.

WordPress MU 2.9.1 and were released this week, updating the features to match those of WordPress 2.9.1 and fixing at least two major security vulnerabilities. If you use WordPress MU, install these updates ASAP!

That’s all for now folks. Keep it clean out there. 😉


Shawn K. Hall

Updates 2009-10-13

Hey folks!

Patch Tuesday has come again, including anywhere from three to thirteen updates for Windows and Office. If you haven’t installed these updates already, do so now. These are security updates.
Please be sure to install all the necessary “optional” updates, which can only be included if you select “Custom” or “view available updates” when the page initially loads.

Yet another critical security vulnerability has been discovered in multiple Adobe products. Exploits are actively being published by malicious websites and are, unfortunately, being promoted through ads and into pages within the “top ten results” on most search engines. If you have ANY Adobe products installed (Adobe Acrobat, Reader, Flash, Shockwave, AIR, or others), you are hereby warned to be *very careful* online and scan your machine often. If it starts to misbehave, or if you are unable to use the updating functionality within any of the programs, you are advised to shut your computer off immediately and seek technical assistance. At least one of these vulnerabilities can be avoided by disabling the Javascript parsing within Adobe Reader (which should be done ANYWAY!), but that will not prevent infection from the other vectors.

Adobe says they “may” release updates to correct this issue today and that they “may” not be able to release patches until next month. In either case, check for updates early and often. Checking on a daily basis until these patches are released does not make you Chicken Little. 🙂

Apple has released quite a few updates this month, including “security, stability and bug fix” updates for:
  Mac OSX 10.6.1
  Patch 2009-005 for all other OSX versions
  iTunes 9.0.1
  QuickTIme 7.6.4
  Various Mac hardware drivers & firmware updates
  iWork 9.0.3
  Logic Express & Pro 9.0.1, and 9.0.2
  Main Stage 2.0.1
  Apple Remote Desktop 3.3
As usual, you can access these updates through the Apple Updater for those applications you have installed, and can access the website below to install additional features and applications:

Trillian released patches for the Yahoo plugin, as well as opening a new beta for the Astra series (4.1). This is a security update. If you are using Trillian you should use the Help, Check for Updates feature to install either the 4.0.118 or 3.1.14 version. Or get it here:

Skype corrects a security issue within the extras manager, and fixes a freezing bug within the video shortly after video starts to play. If you have Skype installed, install this update before you launch Skype again.

FileZilla 3.2.8 & FileZilla both came out over the weekend, resolving a couple crash bugs, cosmetic issues and introducing a new method of resuming uploads for certain types of servers. If FileZilla is your FTP client of choice, you can use the internal “Help, Check for Updates” feature, or download the installer here:

Notepad++ 5.5.1 fixes some memory leaks, and adds “.txt” to new text documents, among other minor changes. As “simple” text editors go, I’m more and more impressed with Notepad++ each time I explore the features. If you need use Notepad even remotely as often as I do, consider playing with this. It’s a perfectly capable HTML (and many other script) editor, with hundreds of additional features you’ll need – uh – someday. 🙂

Google’s browser, Chrome, had another milestone as it released yet another patch for a non-interactive vulnerability. Version, update now if you have Chrome installed, corrects this, while the 4.x branch remains in beta.

NVidia released the next minor build of their driver platform, Forceware 191.07, with WHQL certification. It’s a large update, but if you’re using any video-intensive games or applications, this could increase performance on your machine, if, of course, you have an NVidia video card.

Media updates:
Most people only require one or two of the following applications.

Picasa 3.5 was released last week, introducing better image tagging and tag management, as well as what Google describes as “better sync support.” While I wouldn’t rely on most software-based image synchronization tools, Picasa has proven itself within my own toolset, so I do intend to give it a chance. If you’re just now getting into digital photography, this would probably be the best way to go.

CDBurnerXP was released earlier this month, adding support for additional audio formats and CD-Text. This is not a security update.

Vista Codecs 5.4.6 was released, correcting issues with certain AVI subtypes, MKV and patching the Gabests and ffdshow filters. Since it includes the ffdshow patch, it should be considered a security update – but should ONLY be installed if you’re using a previous version of this codec package, or none at all.

ImgBurn is a free, powerful and quite extensive media burner. While CDBurnerXP supports many of the same features, some things are just simpler in ImgBurn:

DVDFab was released a couple weeks ago, primarily performance updates. This is not a security update.

If you don’t trust Apple anymore than I do, you’re probably using QuickTime Alternative – and they’ve released version 3.0.0 this last week. This is an update to the core processing, so it could correct issues you are having with newer quicktime-based files. However, it is not a security update, and since it’s the first release of the 3.x branch, I would be wary of installing it until the first patch is released.

Utility updates:
These are unlikely to be of interest to most people.

Filehippo has released UpdateChecker 1.035, again, touting “internal performance improvements.” Had I not seen and used this myself months ago – and experienced problems with the UpdateChecker program as a result, I’d have a little more faith. The bytes are different, so it could be that they simply mis-labeled something at some point. It seems to be stable enough, now:

Sun has released VirtualBox, correcting more than thirty issues, though most are things few people would experience. It does include security updates. If you’re using VirtualBox, you should install the update – especially if you’re one of the few that had it stop working on them completely when installing 3.0.6. Oops. 🙂

I released Syncaid two weeeks ago, introducing several new features and correcting a bug that affected the use of both the “child” and “extract” options simultaneously. New features include “last”, “limit”, “type” as an alias for “extensions”, “assume” is now treated as an array (as are several others). Read more here:

The SysInternals team has released several updates to their tools package including an important update to Autoruns, and a new feature “Disk2vhd” which enables you to create a virtual machine from the *running* operating system on your computer! This is something that will save me hours of porting machines through various P2V and VM applications. If you have been keeping an older machine around because the new one just doesn’t support one of the applications you “need” to run on it – consider using this tool as an alternative. It’ll save you electricity, space, and frustration.

MyDefrag 4.2.2, yet another defragmentation tool, was released last week. While I normally don’t pay any attention to defragmentation tools anymore (they’re rarely really necessary on newer computers – and can take quite a while to run if you’re using even a significant portion of your newer hard drive), this one really got my attention when I read that it can run as a screen saver. Quite an ingenious use of processing time, while making sure it’s as hands-off as you want it to be.

MemTest86+ released their first major version, 4.0, in years. This version reduces the time for the first pass, which is often all that is necessary if you suspect bad memory on a machine. It can reduce the detection time from an hour to only a few minutes if RAM is bad, and still provides the “let it run forever” mode to give you the peace of mind that can only be obtained from running memory diagnostics iteratively for several hours and numerous passes.

Web Package Updates
These are likely to be of interest only to web developers.

phpMyAdmin and were released yesterday. These are security releases for an attack that is active and in the wild. If you have phpMyAdmin installed, update NOW:

eCommerceTemplates 5.8.3 was released for both ASP and PHP, including over 20 updates, several of them directly related to correct processing of payments. You should update immediately to correct validation and potentially failed transaction issues…however, be aware that some users are complaining that this patch is preventing some of their customers from accessing their own profiles. That might be enough to make me wait for 5.8.4. 🙂

Whew. Isn’t that enough for now? Keep it clean out there. 😉


Shawn K. Hall