Updates 2024-01-09

Happy New Year, Folks!

Today is Patch Tuesday for January, 2024.

There were over 200 major hacks, but only about 130 application updates this month. It’s a very light month, with about 1.3 GB of updates for most users.

This Month in Technology

360 Physical Therapy, LLC, 3CX, 70% of Iran’s gas stations, Academy Mortgage Corporation, AccessDx Laboratory, LLC, AccessOne Medcard, Inc., AI Engine plugin for WordPress, Air Albania, Albanian Parliament, Albanian telecom, Americold, Amerigroup Iowa, Inc, Amwins Group, Inc., Apache OFBiz, Apache RocketMQ, Apache Struts, Asper Biogene, Ateam, Austal USA, Barracuda ESG, Battelle Energy Alliance, LLC, Beirut Airport, BELLIN HEALTH, Bezeq, BlueCross BlueShield of Tennessee, Inc., Booking.com, Box.com, Brown & Streza LLP, Buckley King LPA, Bunker Hill Community College, California Northstate University, Capital Health, Cardiothoracic and Vascular Surgeons, P.A., CareTree, Inc., Cellcom, CertiK on X, Chilean Government, City of Hope, Clay County Social Services, Co-Founder of Nest Wallet, Coin Cloud, Comcast Cable Communications LLC, Comcast/Xfinity, ConsensioHealth, LLC, Cooper Aerobics Enterprises, Inc., Corewell Health, County of Los Angeles Department of Mental Health, Court Services Victoria, Australia, D.C. Board of Elections, defense contractors, Delta Dental of California, Downfall, Drug Emporium, Eagers Automotive, EasyPark, EMSI, Enstar (US) Inc, Erie Family Health Centers, ESO Solutions, ESSEMTEC, Estes Express Lines, Eye Physicians of Central Florida, PLLC, Eyefinity, Inc., Fallon Ambulance Services, Federal Tax Service of Russia, Fidelity National Financial, Fincantieri Marine Group, LLC, First American Financial Corporation, First Choice Dental, Flagstar Bank, N.A., Florida Water Products, Fred Hutchinson Cancer Center, French company, Fresno Regional Workforce Development Board, Fresno Surgical Hospital, Gallery Systems, German H-Hotels, Glendale Community College, Greater Cincinnati Behavioral Health Services, GTKWave, Healix Infusion Therapy, LLC, Health Diagnostic Management, LLC, Health Net Community Solutions, HealthEC LLP, Heart of Texas Behavioral Health Network, Housing Authority of the County of San Bernardino, HTC Global Service, Humana Inc, Hyundai on X, Idaho National Labs, Independent Vision Group, LTD, Insomniac Games, Insurance ACE/Humana Inc., Integris Health, Italian military gear shop, Ivanti Avalanche, Ivanti Endpoint Management, Jell-O, JetBrains TeamCity, Judiciary of Córdoba in Argentina, Katholische Hospitalvereinigung Ostwestfalen, Keenan & Associates, Kimco Staffing Services Inc., Knox Ricksen LLP, Kraft Heinz, Kyivstar, Ledger dApp, LegendasTV, LoanCare, loanDepotLone Peak Physical Therapy, Inc., Los Altos Food Products, LLC, Los Angeles County Department of Mental Health, ManageEngine OpManager, Mandiant, Maxco Supply, Inc., Maytronics, Mellow Massage Hollywood, Memorial University of Newfoundland, Merced City School District, Meridian Behavioral Healthcare, Inc., Merrick Bank, Mexican banks, Microsoft Xamarin, Mint Mobile, Molina Healthcare of Ohio, Inc., MongoDB, Mountain Dermatology Specialists, PC, Movistar, Mr. Cooper, Musick, Peeler & Garrett LLP, National Amusements, National Student Clearinghouse, Nationstar Mortgage LLC, Navvis & Company, LLC, Netgear on X, Network180, North Face, North Kansas City Hospital, Norton Healthcare, NYC Health + Hospitals, Ohio Lottery, Orange Spain, Orbit Chain, Orcutt Union School District, Orrick, Herrington & Sutcliffe, Oscar Mayer, Panasonic Avionics Corporation, Pandol Brothers, Inc., Perforce Helix Core Server, pfSense, Philippine credit services provider, Primary Health & Wellness Center, LLC, ProSmile Holdings, LLC, QNAP VioStor NVR, Recology Inc., Regional Family Medicine, Retina Group of Washington, PLLC, Riverside County Office Of Education, Riverside Unified School District, Rockstar Games (GTA5 + GTA6), Rush System for Health, Russian sushi restaurant, Senior Scripts, Shufersal, Sony, Southeastern Orthopaedic Specialists, PA, Supreme, Swedish fintech company, Talus Pay, TaxPlus, The Foleck Center, LTD, The Jacmar Companies, LLC, The Middlefield Banking Company, Thunder Terminal, Tigo Business, Timberland, Tipalti, Toronto Zoo, Toyota Financial Services, Transformative Healthcare, TRISTAR Insurance Group, TTM Technologies, Ubiquiti, Ubisoft, Ukrainian security cameras, University of Buenos Aires, Vans, Velveeta, VF Corp, Vi Living, Vietnamese fashion store, Viking Therapeutics, Wabtec Corporation, Wealth Network, Welltok, Inc. (and many more), WICR Waterproofing and Construction Inc., WordPress Backup Migration plugin, Xerox Business Solutions, Yakult Australia, Yorkshire Wellness Group, Corp., and ZOLL Medical Corporation have reported hacking or compromised this month.

Box.com, Kyivstar, loanDepot, and First American have suffered from outages this month.

Last months updates broke Avira Antivirus, NPS (Radius) servers, various Tesla functions, Windows Explorer & task bar, and Windows Wi-Fi.

Microsoft can’t convince Microsoft to use Microsoft services.

Central authentication services like OAuth and SSO still cause all sorts of problems. And ads are still very very bad for you.

23andMe is blaming their users for exposing the data of almost 7 million users.

LastPass now requires slightly less horrible passwords. (They’re still not good.)

You should assume that software setting-based security will always fail you. Hardware switches are the only reliable method.

Now for the good news:

The FTC has ordered X-Mode to stop selling and preserving cell phone location data, a surprising win for privacy. If this is obeyed, only government agencies, hardware vendors, and operating system vendors will be able to trade in your location information.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is pretty small this month. The typical computer should see roughly 1.3 GB in updates today. Let’s get started.

Microsoft released updates to address 62 vulnerabilities in .NET, .NET Core, .NET Framework, Azure Storage Mover, Microsoft Bluetooth Driver, Microsoft Devices, Microsoft Edge, Microsoft Identity Services, Microsoft Office SharePoint, Microsoft Office, Microsoft Virtual Hard Drive, Remote Desktop Client, Servicing Stack Updates, SQL Server, SQLite, Unified Extensible Firmware Interface (UEFI), Visual Studio, Windows Active Directory, Windows AllJoyn API, Windows Authentication Methods, Windows BitLocker, Windows Cloud Files Mini Filter Driver, Windows Collaborative Translation Framework, Windows Common Log File System Driver, Windows Cryptographic Services, Windows Group Policy, Windows Hyper-V, Windows Kernel, Windows Kernel-Mode Drivers, Windows Libarchive, Windows Local Security Authority Subsystem Service (LSASS), Windows Message Queuing, Windows Nearby Sharing, Windows ODBC Driver, Windows Online Certificate Status Protocol (OCSP) SnapIn, Windows Scripting, Windows Server Key Distribution Service, Windows Subsystem for Linux, Windows TCP/IP, Windows Themes, Windows Win32 Kernel Subsystem, Windows Win32K, and MSRT (~1 GB). This includes security updates. A reboot is required.

Apple released updates for iOS 16.7.4, iOS 17.2.1, iPadOS 16.7.4, Safari 17.2.1, and macOS Sonoma 14.2.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 16.7.4 and 17.2.1 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 16.7.4 is a security update. Use Settings, General, Software Update to install the most current update.

Google Chrome OS 119.0.6045.214 and 120.0.6099.203 are security updates. Use Menu, Help, About to install the most current version. A reboot is required.

Zorin OS 17.0 is a major update, with added hardware and software compatibility, improved design and reduced hardware requirements.
https://zorin.com/os/mirrors/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Sonoma (14.x) means that macOS Big Sur (11.x) and older are no longer supported. If you can not install at least macOS Monterey (12) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current — and final — release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. All non-LTS versions of Windows 10 other than v22H2 are now out of support, upgrade to v22H2 now. If you aren’t sure whether you are using LTS, you aren’t. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v23H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is now stable and can be upgraded to if your hardware supports it, but I recommend you continue to use Windows 10 until early 2025 before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

DS4Windows 3.3.3 resolves several bugs. This is the final version so you should consider removing it instead of updating.
https://github.com/Ryochan7/DS4Windows/releases/latest

Epson ET-5880 3.04.00 doesn’t provide a changelog so should be treated as a security update.
https://epson.com/Support/Printers/All-In-Ones/ET-Series/Epson-ET-5880/s/SPT_C11CJ28201

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.61.114 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Firefox 121.0.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 115.6.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

Google Chrome 120.0.6099.200 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 120.0.2210.121 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Vivaldi 6.5.3206.50 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.13.3 resolves a couple bugs and adds a new security filter for HTML rendering. This is a security update.
https://getmailspring.com/

OutlookAttachView 3.51 improves warnings. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Spark 3.12.0.63910 adds Shared Drafts and Email Labels. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.12.0.63909 adds Shared Drafts and Email Labels. This is not a security update.
https://sparkmailapp.com/

Thunderbird 115.6.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Dropbox 189.4.8427 doesn’t provide a detailed change log so should be treated as a security update.
https://www.dropbox.com/

Facebook Messenger 202.0.0.15.225 is a security update.
https://www.messenger.com/download

FileZilla Client 3.66.4 is a security update.
https://filezilla-project.org/

FreeFileSync 13.3 resolves several compatibility issues. This is not a security update.
https://www.freefilesync.org/download.php

jq 1.7.1 is a security update.
https://jqlang.github.io/jq/

Nextcloud Server 28.0.1 is a security update.
https://nextcloud.com/

Pocketnet-GUI 0.8.76 adds support for new video servers and a Christmas theme. This is not a security update.
https://pocketnet.app/

PuTTY 0.80 is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Rclone 1.65.1 is a security update.
https://rclone.org/

Signal 6.43.2 resolves several bugs. This is not a security update.
https://signal.org/download/

Signal (Android) 6.42.3 updates buttons. This is not a security update.
https://signal.org/android/apk/

Syncthing 1.27.2 is a security update.
https://syncthing.net/

Telegram (Android) 10.5.0 doesn’t provide a change log so should be treated as a security update.
https://telegram.org/apps

Telegram 4.14.4 resolves several bugs. This is not a security update.
https://telegram.org/

Trillian 6.5.0.34 resolves several bugs. This is not a security update.
https://www.trillian.im/

Zoom 5.17.2 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 4.0.0 adds several new tracking features. This is not a security update.
https://en.3tene.com/

darktable 4.6.0 improves performance and resolves dozens of bugs. This is not a security update.
https://www.darktable.org/

Grayjay 227 improves stability and resolves dozens of bugs. This is not a security update.
https://grayjay.app/index.html

iTunes 12.13.1.3 is a security update.
https://www.apple.com/itunes/download/

Plex Desktop 1.84.1.4069 doesn’t provide a change log so should be treated as a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.53.0.4063 doesn’t provide a change log so should be treated as a security update.
https://www.plex.tv/media-server-downloads/#plex-app

TuneIn 1.28.0 doesn’t provide a change log so should be treated as a security update.
https://tunein.com/radio/home/

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2023.11.1.129 resolves several bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.3.186 improves performance and resolves several bugs. This is not a security update.
https://gdevelop.io/download

Minecraft Server (Bedrock) 1.20.51.01 doesn’t provide a change log so should be treated as a security update.
https://www.minecraft.net/en-us/download/server/bedrock

PS5 2024.104 is a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2023-12-11 resolves several bugs. This is not a security update.
https://store.steampowered.com/news/app/593110

SteamOS SteamDeck Update 2024-01-03 resolves several bugs. This is not a security update.
https://store.steampowered.com/news/app/1675200/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Experience Manager Forms 6.5.13.0+ and 6.5.19.1 are security updates.
https://helpx.adobe.com/security/products/aem-forms/apsb23-77.html

Adobe Reader DC Patch 23.008.20458 is a security update.
https://get.adobe.com/reader

Adobe Substance 3D Stager 2.1.4 is a security update.
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html

Calibre 7.3.0 adds a tag browser, OpenType improvements, and resolves several bugs. This is not a security update.
https://calibre-ebook.com/

GnuCash 5.5 resolves over two dozen bugs. This is not a security update.
https://www.gnucash.org/

ImageMagick 7.1.1-26 resolves dozens of bugs. This is not a security update.
https://imagemagick.org/

Kindle for PC 2.3.70673 doesn’t provide a change log so should be treated as a security update.
https://www.amazon.com/kindleforpc

Manager 24.1.9.1264 adds the ability to use codes and reference numbers in batch operations. This is not a security update.
https://www.manager.io/

Notepad++ 8.6.1 updates libraries, adds a couple features, and resolves over a dozen bugs. This is a security update.
https://notepad-plus-plus.org/

OpenOffice 4.1.15 is a security update.
http://www.openoffice.org/download/

PDF-XChange Editor 10.2.0.384 improves control for compression, comments and margins, and adds support to search within comments and open email messages in the editor. This is not a security update.
https://www.pdf-xchange.com/product/pdf-xchange-editor

QuickBooks Pro 2022 20231120-R13_53 doesn’t provide a change log so should be treated as a security update.
https://downloads.quickbooks.com/app/qbdt/products

QuickBooks Pro 2023 20231107-R9_116 doesn’t provide a change log so should be treated as a security update.
https://downloads.quickbooks.com/app/qbdt/products

Security Software Updates

One or more of these is likely to be of interest to most people.

ProtonVPN (macOS) 4.1.1 improves stability. This is not a security update.
https://protonvpn.com/download

QubesOS 4.2.0 updates libraries, updates default behaviors, and resolves several bugs. This is a security update.
https://www.qubes-os.org/downloads/

Stinger 12.2.0.709 updates detections. This is not a security update.
https://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Tails 5.21 updates libraries and resolves several bugs. This is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.55.0 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Velociraptor 0.7.1 updates notebooks, improves plugins, and resolves several bugs. This is not a security update.
https://github.com/Velocidex/velociraptor/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.40.1 resolves a couple minor bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 24.0.4 resolves a couple crash bugs. This is not a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 13.0.0.9 resolves several bugs and improves compatibility. This is not a security update.
https://www.dvdfab.cn/download.htm

HandBrake 1.7.2 resolves several bugs. This is not a security update.
https://handbrake.fr/

PDF Creator 5.2.0 adds Outlook Web Access support and resolves several bugs. This is a security update.
https://www.pdfforge.org/pdfcreator

StreamFab 6.1.5.8 resolves dozens of bugs and improves reliability. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 2.0.0.7 improves performance and stability. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Utility Updates

These are unlikely to be of interest to most people.

1Password 8.10.23 resolves a bug. This is not a security update.
https://1password.com/downloads/

AOMEI Partition Assistant 10.2.2 resolves a couple bugs. This is not a security update.
https://www.diskpart.com/

Bitwarden 2023.12.1 improves auto-fill. This is not a security update.
https://bitwarden.com/

CCleaner 6.19.10858 resolves several stability bugs. This is not a security update.
https://www.ccleaner.com/

CurrPorts 2.77 improves IPv6 compatibility. This is not a security update.
https://www.nirsoft.net/utils/cports.html

DesktopOK 11.15 resolves a couple bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 4.0.189.0 resolves several bugs. This is not a security update.
https://dngrep.github.io/

email-oauth2-proxy 2023-12-19 is a security update.
https://github.com/simonrob/email-oauth2-proxy

ExplorerPatcher 22621.2861.62.2 resolves several bugs. This is not a security update.
https://github.com/valinet/ExplorerPatcher/

Fido 1.54 adds support for Windows 11 23H2v2. This is not a security update.
https://github.com/pbatard/Fido/releases

Fing 3.6.0 resolves several bugs. This is not a security update.
https://www.fing.com/products/fing-desktop-download-windows

GoodSync and GoodSync2Go 12.5.3 improves compatibility, stability and security. This is not a security update.
https://www.goodsync.com/

Homedale 2.09 adds MAC grouping and improves oui.txt support. This is not a security update.
https://www.the-sz.com/products/homedale/

HWiNFO 7.68 doesn’t provide a detailed change log so should be treated as a security update.
https://www.hwinfo.com/download/

Kingston SSD Manager 1.5.3.4 doesn’t provide a detailed change log so should be treated as a security update.
https://www.kingston.com/us/support/technical/ssdmanager

Memtest86+ 7.00 adds support for new hardware, improves debugging and resolves several bugs. This is not a security update.
https://www.memtest.org/

NTLite 2023.12.9552 improves controls and resolves a couple bugs. This is not a security update.
https://www.ntlite.com/download/

PowerToys 0.77.0 resolves dozens of bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

ripgrep 14.1.0 resolves several bugs. This is not a security update.
https://github.com/BurntSushi/ripgrep/releases/latest

TcpLogView 1.41 adds support for setting CaptureInterval in cfg file. This is not a security update.
https://www.nirsoft.net/utils/tcp_log_view.html

WifiInfoView 2.92 adds an option to start as hidden. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinGet 1.6.3482 resolves a couple bugs. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

Developer Updates

These are unlikely to be of interest to most people.

.NET Runtime 8.0.1 is a security update. Expect well-maintained applications that package .NET Runtime with them to release new versions in the near future.
https://dotnet.microsoft.com/en-us/download/dotnet

Android Studio 2023.1.1.27 resolves a couple bugs. This is not a security update.
https://developer.android.com/studio

AutoHotkey 2.0.11 resovles several bugs. This is not a security update.
https://www.autohotkey.com/download/

Node.js 21.5.0 updates libraries and resolves several bugs. This is not a security update.
https://nodejs.org/en/

TortoiseSVN 1.14.6 resolves several bugs. This is not a security update.
https://tortoisesvn.net/downloads.html

Visual Studio Code 1.85.1 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

HumHub 1.15.2 resolves over a dozen bugs. This is not a security update.
https://www.humhub.com/en

Joomla 5.0.2 and 4.4.2 resolve several bugs. This is not a security update.
https://www.joomla.org/

Piwigo 14.1.0 improves compatibility and resolves several bugs. This is not a security update.
https://piwigo.org/

Contact Form 7 5.8.5 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

My Sticky Bar 2.6.7 resolves a couple bugs. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/

Redirection 5.4.1 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/redirection/

Social Post Feed 4.2.1 improves reliability. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

Sucuri Security 1.8.40 improves cleanup. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

WooCommerce 8.4.0 resolves dozens of bugs and provides almost 100 improvements. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Cerber Security 9.6.1 fixes a 2FA bug and a crash bug. This is not a security update.
https://wpcerber.com/

WP Mail SMTP 3.11.0 improves compatibility and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2023-12-12

Merry Christmas, Folks!

Today is Patch Tuesday for December, 2023.

There were 200+ major hacks, and over 215 application updates this month. Even with all that, it’s actually a pretty small month, with only about 2.5 GB of updates for most users.

This Month in Technology

1st Source Bank, 23andMe, 4 Over LLC, Aadhaar, Acuity, Advantis Global, Inc., Alps Alpine North America, Inc., AMD & Intel CPUs, AMD CPUs, American University of Antigua College of Medicine, Americold Logistics LLC, Apache Struts 2, Ardent Health Services, Austal USA, AutoZone, Avito, Beaverton School District, Big Brothers Big Sisters of America, Bleach Anime Forum, Bloomberg Crypto, Blue Shield of California, Blue Shield of California Promise Health Plan, Bluetooth 4.2 to 5.4 hardware (BLUFFS), British Library, Brodart Co, Brookfield Global Relocation Services, Butte School District, Cadence Bank, California Physicians Service, Cambridge NHS, Capital Health, CareTree, Inc., CBIZ KA, Citrix NetScaler Application Delivery Controller, Citrix NetScaler Gateway, CKF Addiction Treatment, Inc., Clark County School District, Clear Spring Life and Annuity Insurance Company, Coin Cloud, Community Health Network, Inc., Community Healthcare Network, Inc., Counter-Strike 2, CrushFTP, CTS, CVC Holding Corp, CyberLink, Deanco Healthcare LLC, Deer Oaks Behavioral Health, Delaware Life Insurance Company, DePauw University, Detroit Chassis, LLC, Dollar Tree, Dragon Touch, East River Medical Imaging, EMS Management and Consultants Inc., Endocrine and Psychiatry Center, Enstar (US) Inc., Equality Health, LLC, Erris water, Estante Virtual, Ethyrial, Experian, Fenway Community Health Center, Inc., Fidelity National Financial, Financial Risk Mitigation, Inc., FortiSIEM, Foursquare Healthcare, Ltd., Foxit Reader, Fred Hutchinson Cancer Center, Gemplex, General Electric, Gerber Life Insurance Company, Go Ninja, Google Calendar, Gunster, Yoakley & Steward, PA, Hackensack Meridian Health, Hal Turner Radio Show, Hampton-Newport News CSB, Hendersonville, Henry Schein, Holding Slovenske Elektrarne, HSKS Greenhalgh Chartered Accountants and Business Advisors, HTC Global Services, Idaho National Laboratory, IDF, Indian Hotels Company, IndiHome, Industrial and Commercial Bank of China, InflateVids, Inline Plastics Corp., Intel CPUs, International Paper Company, International Paper Company Group Health and Welfare Plan, Jam Tangan, Japan’s Space Agency JAXA, JoyGames, Kaneva, Kansas state court system, KitchenPal, Koeller Nebeker Calrson & Haluk LLP, KyberSwap, Kyivstar, Leggett & Platt Incorporated Employee Benefit Fund, Livermore Amador Valley Transit Authority, Long Beach, California, McLaren Health Care, Medical College of Wisconsin, Medical Eye Services, Inc., MeridianLink, MGM Resorts International, Microsoft DHCP servers, Microsoft Exchange, Midwest Gaming & Entertainment, LLC, Molina Healthcare of Iowa, Inc., Montrose Behavioral Health Hospital, Inc., Morrison Community Hospital District, Movie Forums, Municipal Water Authority of Aliquippa, NASCO, NEWAG trains, Nissan Australia & New Zealand, Nissan Financial Services, Nonstop Administration and Insurance Services, Inc., Norsk Hydro, Northwest Eye Care Professionals, Norton Healthcare, NSC Technologies, NXP, Oak Street Health, Okta, OMGPOP, ownCloud, Pahl & McCay, Pan-American Life Insurance Group, Inc., password managers on Android, Perry Johnson & Associates, pfSense servers, Philippine Government, Poloniex, Postmeds/Truepill, Proliance Surgeons, PruittHealth Network, Psychiatry Associates of Kansas City, Qlik Sense, RailYatri, Redcliffe Labs, Rock Valley Physical Therapy, Rosaviatsia, Rusnak, Saisystems International, Inc., Samsung Electronics, Sellafield, Serbian Civil Society, Shadowfax, Shoval, Sierra County, Sierra OT/IoT routers, SIRVA Worldwide Relocation & Moving Services, SoarGames, Sophos Firewalls, South Korean defense companies, Southwest Behavioral Health Center, Stanley Steemer International, Inc., Staples, State of Maine, Stevedore DP World, Systems East, Inc., Taylor University, TGI Direct, Inc., The Charles Lea Center, Tipalti, Toronto Public Library, Toyota Financial Services, TransUnion, Tri Counties Bank, Troutman Pepper Hamilton Sanders LLP, U.S. Drug Mart, Inc., UEFI on just about every platform, Unitronics PLCs, University of Manchester, US Department of Health and Human Services, US government agencies, Valrhona Inc., Vanderbilt University Medical Center, VMware Cloud Director, Warren General Hospital, Welltok, West Central District Health Department, Weston Embedded uC-HTTP Server, Westside Community Services, Wichita Urology Group, Windows Hello fingerprint authentication, WordPress Backup Migration plugin, WordPress, WP Fastest Cache, Wyoming County Community Health System, Yakima Valley Radiology PC, Yamaha Motor’s Philippines, Yanfeng Automotive Interiors, Zeroed-In Technologies, and Zyxel NAS have reported hacking or compromises this month.

ALPHV, Blender, British Library, Fidelity National Financial, Industrial and Commercial Bank of China, Kyivstar, Optus, Rumble, and Staples have suffered from outages this month.

Last months updates broke Google Drive, USB C compatibility, Microsoft 365 Outlook, trust in the Windows Store, Microsoft 365 authentication, and they’re installing HP Smart on millions of computers without any HP hardware.

Apple introduced a new feature (NameDrop) that allows it to easily share your contact information with someone nearby. While the feature is designed to share information only when the popup is selected, Apple has a history of weak or defective controls on new features. Apple’s AirTags can be silenced to make stalking easier.

Hackers claim they can use expired Google auth cookies to gain access to accounts. A new AI is designed to crack your password by listening to your typing.

Rumble has sued Check My Ads.

The EV death toll is rising and “green lie” is being exposed.

Now for the good news:

The FISA Reform and Reauthorization Act is due to be renewed (like, tomorrow), and information is out that exposes how it can be abused even further. There’s still time to contact your congress critters and ask them to reject it.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is pretty small this month. The typical computer should see roughly 2.5 GB in updates today. Let’s get started.

Microsoft released updates to address 42 vulnerabilities in Azure Connected Machine Agent, Azure Machine Learning, Microsoft Bluetooth Driver, Microsoft Dynamics, Microsoft Edge, Microsoft Office Outlook, Microsoft Office Word, Microsoft Power Platform Connector, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows DNS, Windows Cloud Files Mini Filter Driver, Windows Defender, Windows DHCP Server, Windows DPAPI (Data Protection Application Programming Interface), Windows Internet Connection Sharing (ICS), Windows Kernel, Windows Kernel-Mode Drivers, Windows Local Security Authority Subsystem Service (LSASS), Windows Media, Windows MSHTML Platform, Windows ODBC Driver, Windows Telephony Server, Windows USB Mass Storage Class Driver, Windows Win32K, XAML Diagnostics, AMD Chipsets, and MSRT. This includes security updates. A reboot is required.

Apple released updates for macOS Monterey 12.7.2, macOS Sonoma 14.1.2, macOS Sonoma 14.2, macOS Ventura 13.6.3, iOS 16.7.3, iOS 17.1.2, iOS 17.2, iPadOS 16.7.3, iPadOS 17.1.2, iPadOS 17.2, Safari 17.1.2, Safari 17.2, tvOS 17.2, watchOS 10.2, and Pro Video Formats 2.3. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 16.7.3, 17.1.2 and 17.2 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 16.7.3, 17.1.2 and 17.2 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 10.2 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 17.2 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 114.0.5735.343 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Sonoma (14.x) means that macOS Big Sur (11.x) and older are no longer supported. If you can not install at least macOS Monterey (12) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current — and final — release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. All non-LTS versions of Windows 10 other than v22H2 are now out of support, upgrade to v22H2 now. If you aren’t sure whether you are using LTS, you aren’t. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v23H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is now stable and can be upgraded to if your hardware supports it, but I recommend you continue to use Windows 10 until early 2025 before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 23.12.1 resolves several bugs and improves compatibility. This is not a security update.
https://www.amd.com/en/support

Crucial Storage Executive 9.09 doesn’t provide a change log so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.7.0 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Drivers by Seagull 2023.4 adds support for 200 new printers. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/

DS4Windows 3.2.21 resolves several bugs and updates libraries. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Epson ET-2800 3.01 doesn’t provide a detailed change log so should be treated as a security update.
https://epson.com/Support/Printers/All-In-Ones/ET-Series/Epson-ET-2800/s/SPT_C11CJ66202

Epson ET-3760 2.68.02 doesn’t provide a detailed change log so should be treated as a security update.
https://epson.com/Support/Printers/All-In-Ones/ET-Series/Epson-ET-3760/s/SPT_C11CG20203

Epson ET-4800 3.01 doesn’t provide a detailed change log so should be treated as a security update.
https://epson.com/Support/Printers/All-In-Ones/ET-Series/Epson-ET-4800/s/SPT_C11CJ65201

Epson ET-4850 3.02.00 doesn’t provide a detailed change log so should be treated as a security update.
https://epson.com/Support/Printers/All-In-Ones/ET-Series/Epson-ET-4850/s/SPT_C11CJ60202

Epson ET-5880 3.02 doesn’t provide a detailed change log so should be treated as a security update.
https://epson.com/Support/Printers/All-In-Ones/ET-Series/Epson-ET-5880/s/SPT_C11CJ28201

Epson WF-4820 3.04.00 doesn’t provide a detailed change log so should be treated as a security update.
https://epson.com/Support/Printers/All-In-Ones/WorkForce-Series/Epson-WorkForce-Pro-WF-4820/s/SPT_C11CJ06201

TP-Link Archer AX55 v1 231130 resolves several bugs. This is a security update.
https://www.tp-link.com/us/support/download/archer-ax55/v1/#Firmware

TP-Link Archer AX73 v2.0 231023 is a security update.
https://www.tp-link.com/us/support/download/archer-ax73/v2.0/#Firmware

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.61.101 is a security update.
https://brave.com/

Firefox 120.0.1 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 115.5.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Google Chrome 120.0.6099.71 is a security update.
https://www.google.com/chrome/

Microsoft Edge 120.0.2210.61 is a security update.
https://www.microsoft.com/en-us/edge/business/download

SeaMonkey 2.53.18 is a security update.
https://www.seamonkey-project.org/

Vivaldi 6.4.3160.47 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.13.2 resolves several bugs. This is a security update.
https://getmailspring.com/

Spark 3.10.6.61878 resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.10.6.61877 resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 115.5.2 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk (macOS) 7.3.0 resolves several bugs and improves address book. This is not a security update.
https://anydesk.com/en/downloads

aria2 1.37.0 resolves dozens of bugs and updates libraries. This is not a security update.
https://aria2.github.io/

curl 8.5.0 resolves more than 180 bugs. This is not a security update.
https://curl.haxx.se/windows/

Dropbox 188.4.6302 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 201.0.0.9.336 is a security update.
https://www.messenger.com/download

FileZilla Server 1.8.0 is a security update.
https://filezilla-project.org/

FreeFileSync 13.2 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Microsoft Teams 1.6.00.33567 is a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 28.0 resolves dozens of bugs and updates libraries. This should be treated as a security update.
https://nextcloud.com/

Omada Software Controller 5.13.22 resolves several bugs. This is not a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Pocketnet-Core 0.22.0 is a major update improving performance and optimizing storage. This is not a security update.
https://pocketnet.app/

Pocketnet-GUI 0.8.74 resolves several bugs. This is not a security update.
https://pocketnet.app/

Rclone 1.65.0 adds dozens of new features, resolves several bugs, and improves performance and reliability. This is not a security update.
https://rclone.org/

Signal 6.41.0 resolves several bugs. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 6.41.3 resolves several bugs. This is not a security update.
https://signal.org/android/apk/

Syncthing 1.27.1 resolves several bugs. This is not a security update.
https://syncthing.net/

Telegram 4.12.2 resolves several bugs and improves compatibility. This is not a security update.
https://telegram.org/

Telegram (Android) 10.3.2 doesn’t provide a detailed change log so should be treated as a security update.
https://telegram.org/apps

Wget2 2.1.0 resolves a couple dozen bugs. This is not a security update.
https://gitlab.com/gnuwget/wget2/-/releases

Zoom 5.16.10.26186 updates the icon and adds dozens of new features. This is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 3.0.14 resolves several bugs. This is not a security update.
https://en.3tene.com/

Bitwig Studio 5.1 adds several new characters and dozens of new controls and improvements. This is not a security update.
https://www.bitwig.com/download/

Plex Desktop 1.83.1.4061 improves stability. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.52.1.4035 updates libraries. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.32.8.7639 updates libraries and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2023.11.0.121 doesn’t provide a detailed change log so should be treated as a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.3.183 vastly improves startup performance and resolves several bugs. This is not a security update.
https://gdevelop.io/download

Minecraft Server (Bedrock) 1.20.50.03 doesn’t provide a change log so should be treated as a security update.
https://www.minecraft.net/en-us/download/server/bedrock

Minecraft Server (Java) 1.20.4 doesn’t provide a change log so should be treated as a security update.
https://www.minecraft.net/en-us/download/server

Nintendo Switch 17.0.1 improves stability. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

SteamOS SteamDeck Update 3.5.7 improves stability and USB connectivity. This is not a security update.
https://store.steampowered.com/news/app/1675200/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Dimension 3.4.11 is a security update.
https://helpx.adobe.com/security/products/dimension/apsb23-71.html

Adobe Experience Manager 2023.11 and 6.5.19.0 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html

Adobe Illustrator 28.1 and 27.9.1 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb23-68.html

Adobe InDesign 19.1 and 18.5.1 are security updates.
https://helpx.adobe.com/security/products/indesign/apsb23-70.html

Adobe Prelude 22.6.1 is a security update.
https://helpx.adobe.com/security/products/prelude/apsb23-67.html

Adobe Reader DC Patch 23.008.20421 resolves several bugs. This is not a security update. Use Help, Check for updates to install the most current version.
https://get.adobe.com/reader

Adobe Reader DC Patch for MacOS 23.008.20423 resolves several bugs. This is not a security update. Use Menu, Check for updates to install the most current version.
https://get.adobe.com/reader

Adobe Substance3D After Effects 24.1 and 23.6.2 are security updates.
https://helpx.adobe.com/security/products/after_effects/apsb23-75.html

Adobe Substance3D Designer 13.1.0 is a security update.
https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html

Adobe Substance3D Sampler 4.2.2 is a security update.
https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html

Adobe Substance3D Stager 2.1.3 is a security update.
https://helpx.adobe.com/security/products/substance3d_stager/apsb23-73.html

Audacity 3.4.2 resolves dozens of bugs. This is not a security update.
https://www.audacityteam.org/download/

Calibre 7.1.0 resolves several bugs. This is not a security update.
https://calibre-ebook.com/

ImageMagick 7.1.1-23 resolves dozens of bugs. This is a security update.
https://imagemagick.org/

Inkscape 1.3.2 resolves dozens of bugs. This should be treated as a security update.
https://inkscape.org/release/

Kdenlive 23.08.4 resolves a dozen stability and reliability bugs. This is not a security update.
https://kdenlive.org/

Kindle for PC 2.2.70623 doesn’t provide a change log so should be treated as a security update.
https://www.amazon.com/kindleforpc

Krita 5.2.2 fixes more than a dozen bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice 7.5.9 resolves a couple bugs. This is not a security update.
https://www.libreoffice.org/

LibreOffice Fresh 7.6.4 resolves more than 150 bugs. This should be treated as a security update. Remember that the Fresh line is beta software and the “Still” line should be used by most users.
https://www.libreoffice.org/

Manager 23.12.12.1221 resolves more than a dozen bugs and adds several new features, including global inventory transfer and custom depreciation and amortization fields. This is not a security update.
https://www.manager.io/

Nextcloud Desktop 3.11.0 resolves dozens of bugs and improves compatibility. This is not a security update.
https://nextcloud.com/

Notepad++ 8.6 improves multi-edit, inaccessible file access, and resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 5.0.12 resolves several bugs. This is not a security update.
https://www.getpaint.net/

PDF-XChange Editor 10.1.3.383 is a security update.
https://www.pdf-xchange.com/product/pdf-xchange-editor

QuickBooks Pro 2022 R13_33 resolves several bugs. This is not a security update.
https://downloads.quickbooks.com/app/qbdt/products

QuickBooks Pro 2023 R9_104 resolves several bugs. This is not a security update.
https://downloads.quickbooks.com/app/qbdt/products

QuickBooks Pro 2024 R4_15 doesn’t provide a change log so should be treated as a security update.
https://downloads.quickbooks.com/app/qbdt/products

Security Software Updates

One or more of these is likely to be of interest to most people.

Chainsaw 2.8.1 updates dependencies and resolves a couple bugs. This is not a security update.
https://github.com/countercept/chainsaw

HTTP Toolkit 1.14.8 doesn’t provide a change log so should be treated as a security update.
https://httptoolkit.tech/

MalwareBytes Anti-Malware 4.6.6 resolves a couple bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

OpenSSL 3.2.0 is a security update.
https://slproweb.com/products/Win32OpenSSL.html

ProtonVPN (macOS) 4.0.1 improves the user interface. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.13.1 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

SuperAntiSpyware 10.0.1260 resolves several bugs and adds a Chrome and Edge extension. This is not a security update.
https://www.superantispyware.com/download.html

Tails 5.20 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.54.0 adds differential updates for filter lists and resolves a dozen bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 1.0.0 is the first official release version. This is not a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

Open Broadcaster Software 30.0.2 resolves a dozen bugs. This is a security update.
https://obsproject.com/

ScreenToGif 2.40 improves theming, updates dependencies and resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 24.0.2 resolves a couple bugs. This is not a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 13.0.0.7 adds support for new encodings, improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

HandBrake 1.7.1 adds support for new output formats and resolves several bugs. This is not a security update.
https://handbrake.fr/

IsoBuster 5.3 adds support for new hardware, new encodings, new partition schemes, and several bug fixes. This is not a security update.
https://www.isobuster.com/download.php

StreamFab 6.1.5.3 improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 2.0.0.6 improves compatibility and performance. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Utility Updates

These are unlikely to be of interest to most people.

1Password 8.10.22 adds reminders to imported passwords and resolves more than a dozen bugs. This is a security update.
https://1password.com/downloads/

Agent Ransack 2022.3418 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

AMD Ryzen Master 2.12.0.2806 adds support for new hardware and voltage reporting. This is not a security update.
https://www.amd.com/en/technologies/ryzen-master

Beyond Compare 4.4.7.28397 resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 2023.12.0 resolves several bugs and adds Elastic integration and CLI event logs. This is not a security update.
https://bitwarden.com/

CalyxOS Device Flasher 1.0.8 doesn’t provide a change log so should be treated as a security update.
https://calyxos.org/install/

CCleaner 6.18.10838 resolves several bugs. This is a security update.
https://www.ccleaner.com/

dnGrep 4.0.151.0 adds several new features and controls. This is not a security update.
https://dngrep.github.io/

email-oauth2-proxy 2023-11-18 resolves several bugs. This is not a security update.
https://github.com/simonrob/email-oauth2-proxy

ExplorerPatcher 22621.2506.60.1 improves compatibility and resolves several bugs. This is not a security update.
https://github.com/valinet/ExplorerPatcher/

Fido 1.53 adds new UEFI Shell and updates versions. This is not a security update.
https://github.com/pbatard/Fido/releases

FileLocator Pro 2022.3418 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Git SCM 2.43.0 resolves dozens of bugs. This is not a security update.
https://git-scm.com/

Go 1.21.5 is a security update.
https://go.dev/

GoodSync 12.4.8 improves compatibility. This is not a security update.
https://www.goodsync.com/

ImageUSB 1.5.1006 improves logging. This is not a security update.
https://www.osforensics.com/tools/write-usb-images.html

Mac Migration Assistant 2.4.5.0 doesn’t provide a change log so should be treated as a security update.
https://support.apple.com/en-us/HT204087

NTLite 2023.11.9515 improves compatibility and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

PowerToys 0.76.1 resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

ProcDump 3.0 for Linux adds memory leak reporting. This is not a security update.
https://live.sysinternals.com/

ripgrep 14.0.3 resolves several bugs. This is not a security update.
https://github.com/BurntSushi/ripgrep/releases/latest

RoboForm 9.5.6 resolves a couple bugs. This is not a security update.
https://www.roboform.com/

ScreenConnect 23.8.6.8735 is a security update.
https://www.connectwise.com/software/control/download

Sysmon 1.3.2 for Linux is a security update.
https://live.sysinternals.com/

WinGet 1.6.3421 updates the app installer and adds Configure command to improve consistency. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

WirelessKeyView 2.23 improves QR Code generation and improves compatibility. This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html

XnConvert 1.99 doesn’t provide a detailed change log so should be treated as a security update.
https://www.xnview.com/en/xnconvert/

ZoomText 2023 2023.2311.20.400 resolves several bugs.
https://support.freedomscientific.com/Downloads/ZoomText

ZoomText 2024 is a new major version adding several new mouse and cursor controls, performance improvements, and improved keyboard controls. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 2023.1.1.26 resolves several bugs and improves compatibility. This is not a security update.
https://developer.android.com/studio

GitHub Desktop 3.3.6 resolves several bugs. This is not a security update.
https://desktop.github.com/

Godot 4.2.1 resolves over 1,800 bugs. This is not a security update.
https://godotengine.org/

Node.js 18.19.0 updates libraries and resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/

Node.js 20.10.0 updates libraries and resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/

Node.js 21.4.0 updates libraries and resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/

Python 3.12.1 resolves dozens of bugs. This is a security update.
https://www.python.org/downloads/windows/

SQLite 3.44.2 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.85 adds dozens of new features. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.36 resolves several bugs. This is not a security update.
https://winmerge.org/

Web Package Updates

These are likely to be of interest only to web developers.

Joomla 5.0.1 is a security update.
https://www.joomla.org/

ownCloud Client 5.2.0.12726 resolves a couple bugs. This is not a security update.
https://owncloud.com/desktop-app/

Piwigo 14.0.0 improves search, index, media support, album editor and performance, and resolves several bugs. This is not a security update.
https://piwigo.org/

WordPress 6.4.2 is a security update.
https://wordpress.org/

BuddyPress 12.0.0 is a major update, replacing the rewrite API and resolving dozens of bugs. This is not a security update.
https://wordpress.org/extend/plugins/buddypress/

Contact Form 7 5.8.4 is a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.7.1 is a security update.
https://wordpress.org/plugins/duplicator/#developers

Postie 1.9.68 adds an option to suppress the postie div. This is not a security update.
https://wordpress.org/extend/plugins/postie/

NextScripts Social Networks Auto-Poster 4.4.3 is a security update.
https://wordpress.org/extend/plugins/social-networks-auto-poster-facebook-twitter-g/

W3 Total Cache 2.6.1 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 8.3.1 resolves dozens of bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WPBakery 7.3 resolves a couple bugs. This is not a security update.
https://wpbakery.com/

WP Cerber Security 9.6 adds 2FA support and improves compatibility. This is not a security update.
https://wpcerber.com/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2023-08-08

Welcome back, Folks!

Today is Patch Tuesday for August, 2023.

This month brings a whole bucket of ugly, and a reminder that fixing a bug is not the same thing as fixing the software. Every common browser released at least a security update each week for the last month, with Firefox maxing out sanity tests by releasing five (5) security updates in a mere ten (10) days. I warned about this years ago.

There were over 160 major hacks (some involving millions of users and thousands of organizations, one involving billions of users, Microsoft’s own security keys), and over 200 application updates this month. It’s a huge month, with about 4 GB of updates for most users.

This Month in Technology

Acupuncture and Integrative Solutions Incorporated, All-In-One Security, Allegheny County, AlphaPo, AMD Zen CPUs, AMD Zen2 CPUs, AMI MegaRAC Baseboard Management Controller (BMC), Argentina’s Comprehensive Medical Care Program, PathGroup Health Plan, Barracuda ESG, Batesville Tool & Die, Inc., Baylor College of Medicine, BAZAN Group, Beverly Hills Plastic Surgery, Bi-Bett Corporation, BookCrossing, Buckingham County Public Schools, Buffalo State, California Public Employee and Retirement System (CalPERS), Call of Duty, Canon printers, CardioComm Solutions Inc, Care N’ Care Insurance Company, Inc., Centers for Medicare and Medicaid (CMS), Charles George Department of Veterans Affairs Medical Center, Cisco SD-WAN vManage, Citrix Netscaler ADC and Gateway serversCloudzy, CoinsPaid, ColdFusion (several times),  Colorado Department of Higher Education (CDHE), Colorado State University (CSU), Comdirect, Commerzbank, Conic Finance, almost all CPUs, CraftRise, Curve Finance, Deutsche Bank AG, air-gapped systems in Eastern Europe, Egyptian Ministry of Health and Population, Era Lend, Estée Lauder (twice!), European diplomats, Evotec, Exchange Online, EY Law, Fairfax Oral and Maxillofacial Surgery, Family Vision of Anderson, P.A., Fortinet SSL VPNs, FortiOS and FortiProxy, Gary Motykie, M.D., Ghostscript, Google Accelerated Mobile Pages (AMP), Google Cloud Build, Harkins Pain & Sleep Management Group, Harris Health System, Hawai’i Community College, Helix, Henry Ford Health, Highland Health Systems, Hillsborough County, Hines Interests Limited Partnership, Hot Topic, Howard County General Hospital, Immigration Directorate General in Indonesia, ING, Italian government, Ivanti Endpoint Manager Mobile/Mobileiron — an unknown number of devices are effected, likely in the millions (and again, and again), IVF Michigan, P.C., Johns Hopkins Health System Corporation, JumpCloud, Kenya’s e-Citizen, LeetSwap, LetMeSpy, Life Management Center of Northwest Florida, Inc., Locally, MagicDuel, Majorel, Maximus Federal Services, Inc,  Microsoft, Microsoft Azure, Microsoft Exchange, MikroTik RouterOS routers, Military and Police “Secure” Radio systems, Minecraft servers, MobiMed ePR, Molina Healthcare, Mondee, at least 545 servers/organizations running MOVEit software, Multichain, National Student Clearinghouse (3,500 colleges and universities97% of postsecondary enrollment in the US), NATO (yes, that NATO), New England Life Care, Inc., 12 Norwegian Ministries, Norwegian Government Security and Service Organisation (DSS), NPO Mashinostroyeniya, OpenAI, Orrick, Herrington & Sutcliffe, Ortivus, Outlook.com, PaperCut NG/MF, Paramedic Billing Services, Park Royal Hospital, Pension Benefit Information, Performance Health Technology (PH Tech), Physicians Insurance, Poly Network, Postbank, Prospect Medical Holdings, Quinn Emanuel, Razer, Redis, Rite Aid Corporation, Roblox, Roblox Developer Conference, Rockstar Games Inc., Rockwell Automation ControlLogix, Rodeo Finance, Saint Francis Health System, Salesforce, Serco Inc., several hospitals, Shutterfly, 70,000 small office/home office (SOHO) routers, SonicWall, South Central Ambulance Service, South Western Ambulance Service, Southern Association of Independent Schools, Sutter Senior Care, Tampa General Hospital, Teachers Insurance and Annuity Association of America, Terrestrial Trunked Radio (TETRA), Tesla, The Chattanooga Heart Institute, The Health Plan of West Virginia, Inc., Tigo, TLScontact, Tomra, Uber Technologies Inc, Ubuntu OverlayFS, UEFI boot loader security, UK Electoral Commission, Ukrainian and Polish businesses, Unified Pain Management, US Ambassador to China, US Department of Commerce (and at least two dozen other US government agencies), UT Southwestern Medical Center, Vermillion, VirusTotal, VMware ESXi, VMware Tanzu Application Service, Wake Family Eye Care, WooCommerce Payments, WordPress Ninja Forms, Wuhan Earthquake Monitoring Center, Yamaha, Zimbra (twice), and Zyxel firewalls have reportedly been hacked or compromised this month.

In light of all that, Barracuda Networks asserts that fewer than 100 scammers are responsible for global email extortion campaigns, leading to record breaches. There is yet another means of exfiltrating user information and passwords – this time from the sound your keyboard makes as you type.

BAZAN Group, Microsoft Exchange Online, Microsoft Sharepoint, Reddit, Slack, Spotify, and WhatsApp have suffered from outages this month.

Last months updates broke display and audio hardware, Outlook for Desktop saving, Outlook hyperlinks, websites in Safari, Screen Time on iOS, video recording and playback, certain VPNs, and Windows Update. I am also seeing reports from dozens of my clients that the iOS and iPadOS updates released last week are triggering alerts about “new devices” connecting to users’ Apple accounts. In all cases it was triggered shortly after a restart of a device that had received the OTA update.

Google is *really* pushing Enhanced Safe Browsing, the feature that allows them to monitor all activity on your devices, including third-party apps and websites in other browsers, even when you tell them no. Google announced they will be making it easier to remove personal information and explicit images from Google Search. Google is pushing WEI, though, which will make it impossible to enforce security and privacy in your own browser. As an example, your local Taco Bell could refuse to show you their address on their own website – or even load at all – unless you enable their ability to access your precise location, microphone and camera. This isn’t just my paranoia, it’s a standard Google is pushing at this very moment.

IBM’s Red Hat has announced that they will change the way they “comply” with the GPLv2 open source requirements, limiting access to some of their source. Oracle (yes, that Oracle!) is actually pointing out the insanity of this move.

Amazon is raising prices on some IPv4 addresses.

Clop ransomware is now using bittorrent to bypass takedowns. Cloudflare, primarily known for their security and privacy features, is being abused to aid malware.

The SEC is now mandating that publicly traded companies disclose attacks in four business days after discovery. The Australian government isn’t sure if the Privacy Act applies to their own actions when they violate citizen’s trust or privacy.

Microsoft is going to be forcing users of the native Windows Mail and Calendar applications to the “new Outlook” starting this month. Don’t do it!

Now for the good news:

The FBI finally found out which evil organization purchased malicious spyware after the US banned it: the FBI itself!

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 4 GB in updates today. Let’s get started.

Microsoft released updates to address 88 vulnerabilities in .NET Core, .NET Framework, ASP.NET, Azure Arc, Azure DevOps, Azure HDInsights, Dynamics Business Central Control, Memory Integrity System Readiness Scan Tool, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Office, Microsoft Office Excel, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft Teams, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows Codecs Library, Reliability Analysis Metrics Calculation Engine, SQL Server, Tablet Windows User Interface, Visual Studio, Windows Bluetooth A2DP driver, Windows Cloud Files Mini Filter Driver, Windows Common Log File System Driver, Windows Cryptographic Services, Windows Defender, Windows Fax and Scan Service, Windows Group Policy, Windows HTML Platform, Windows Hyper-V, Windows Kernel, Windows LDAP – Lightweight Directory Access Protocol, Windows Message Queuing, Windows Mobile Device Management, Windows Projected File System, Windows Reliability Analysis Metrics Calculation Engine, Windows Smart Card, Windows System Assessment Tool, Windows Wireless Wide Area Network Service, and MSRT (~ 2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Ventura 13.5, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, Safari 16.6, iOS 15.7.8, iOS 16.6, iPadOS 15.7.8, iPadOS 16.6, tvOS 16.6, watchOS 9.6, and Pro Video Formats 2.2.6. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 15.7.8 and 16.6 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 15.7.8 and 16.6 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 9.6 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 16.6 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 108.0.5359.239 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Ventura (13.x) means that macOS Catalina (10.15) and older are no longer supported. If you can not install at least macOS Big Sur (11) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current — and final — release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. All non-LTS versions of Windows 10 other than v22H2 are now out of support, upgrade to v22H2 now. If you aren’t sure whether you are using LTS, you aren’t. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is now stable and can be upgraded to if your hardware supports it, but I recommend you continue to use Windows 10 until early 2025 before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 23.7.2 resolves several bugs. This is not a security update.
https://www.amd.com/en/support

BullZip PDF Printer 14.3.0.2961 resolves several bugs and improves compatibility. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Display Driver Uninstaller 18.0.6.5 improves removal. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Drivers by Seagull 2023.3 adds support for 300 new models including several RFID tag printers. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/

DS4Windows 3.2.13 several new features and improves hardware compatibility. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Ghostscript 10.01.2 resolves several bugs. This is a security update.
https://www.bullzip.com/products/pdf/download.php

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.56.20 is a security update. Use Menu, Help, About to get the most current version.
https://brave.com/

Microsoft Edge 115.0.1901.200 is a security update. Use Menu, Help, About to get the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 116.0.2 is a security update…the fifth in the last ten days! Use Menu, Help, About to get the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 115.1.0 is a security update. Use Menu, Help, About to get the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

Google Chrome 115.0.5790.170 is a security update. Use Menu, Help, About to get the most current version.
https://www.google.com/chrome/

Microsoft Edge 115.0.1901.188 is a security update. Use Menu, Help, About to get the most current version.
https://www.microsoft.com/en-us/edge/business/download

Microsoft Edge WebView2 115.0.1901.200 is a security update. Use Menu, Help, About to get the most current version.
https://developer.microsoft.com/en-us/microsoft-edge/webview2/

SeaMonkey 2.53.17 is a security update. Use Menu, Help, About to get the most current version.
https://www.seamonkey-project.org/

Vivaldi 6.1.3035.257 is a security update. Use Menu, Help, About to get the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.11.0 improves cosmetics and resolves several bugs. This is a security update.
https://getmailspring.com/

Spark (macOS) 3.6.8 resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Spark 3.6.8 resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 115.1.0 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk (macOS) 7.2.1 resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

curl 8.2.1 resolves dozens of bugs. This is a security update.
https://curl.haxx.se/windows/

Dropbox 179.4.4985 doesn’t provide a change log so should be treated as a security update.
https://www.dropbox.com/

Facebook Messenger 192.0.0.8.125 is a security update.
https://www.messenger.com/download

FreeFileSync 12.5 resolves several bugs and improves stability and reliability. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 79.0 is a security update.
https://drive.google.com/start

Grocy Desktop 2.5.0 updates Grocy to 4.0.1 and resolves several bugs and improves performance. This is not a security update.
https://github.com/grocy/grocy-desktop

Microsoft Teams 1.6.00.20074 updates the channels experience and improves security. This is a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 27.0.1 resolves dozens of bugs. This is a security update.
https://nextcloud.com/

Npcap 1.76 resolves a couple bugs, improves performance, and updates the code signing key. This is not a security update.
https://nmap.org/npcap/

Qbox 4.0.5.48 doesn’t provide a change log so should be treated as a security update.
https://www.coraltreetech.com/qbox

Rclone 1.63.1 resolves several bugs, improves compatibility and resilience. This is not a security update.
https://rclone.org/

Signal (Android) 6.27.10 doesn’t provide a change log so should be treated as a security update.
https://signal.org/android/apk/

Signal 6.27.1 improves voice and video calling. This is not a security update.
https://signal.org/download/macos/
https://signal.org/download/windows/

Skype 8.99.0.403 resolves several bugs, integrates motr Bing AI, and adds self-chat. This is not a security update.
https://www.skype.com/

Telegram 4.8.10 resolves a couple bugs. This is not a security update.
https://telegram.org/

Zoom 5.15.6.19959 resolves dozens of bugs. This is a security update. Note that Zoom has also recently updated their Terms of Service to assert ownership of any audio, video, or other communication through their platform IN ANY WAY THEY SEE FIT with no way to opt out.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 3.0.11 resolves a dozen bugs. This is not a security update.
https://en.3tene.com/

Bitwig Studio 5.0.4 resolves a couple minor bugs. This is not a security update.
https://www.bitwig.com/download/

darktable 4.4.2 resolves several bugs. This is not a security update.
https://www.darktable.org/

Picard 2.9 resolves dozens of bugs. This is not a security update.
https://picard.musicbrainz.org/

Plex Desktop 1.75.0.3920 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.44.1.3926 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.32.5.7349 resolves several bugs and improves hardware compatibility. This is a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2023.6.0.92 improves macOS compatibility. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.2.169 resolves several bugs. This is not a security update.
https://gdevelop.io/download

Lego Studio 2.23.7.3 resolves a stability bug. This is not a security update.
https://www.lego.com/en-us/ldd

Minecraft Server (Bedrock) 1.20.14.01 is a security update.
https://www.minecraft.net/en-us/download/server/bedrock

PS5 23.01-07.60.00 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Acrobat and Reader 23.003.20269, 20.005.30516.10516, and 20.005.30514.10514 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb23-30.html

Adobe Commerce and Magento Open Source 2.4.6-p2, 2.4.5-p4, 2.4.4-p5, 2.4.3-ext-4, 2.4.2-ext-4, 2.4.1-ext-4, 2.4.0-ext-4, and 2.3.7-p4-ext-4 are security updates.
https://helpx.adobe.com/security/products/magento/apsb23-42.html

Adobe Dimension 3.4.10 is a security update.
https://helpx.adobe.com/security/products/dimension/apsb23-44.html

Adobe XMP Toolkit SDK 2023.07 is a security update.
https://helpx.adobe.com/security/products/xmpcore/apsb23-45.html

Blender 3.6.1 improves performance and resolves several bugs. This is not a security update.
https://www.blender.org/download/

Calibre 6.24.0 adds the ability to operate full text search across a subset of books, fixes calibre:// links, and resolves several bugs. This is not a security update.
https://calibre-ebook.com/

GnuCash 5.3 resolves a couple bugs and improves performance. This is not a security update.
https://www.gnucash.org/

ImageMagick 7.1.1-15 resolves several bugs. This is a security update.
https://imagemagick.org/

Inkscape 1.3 resolves dozens of bugs and improves several tools. This is not a security update.
https://inkscape.org/release/

Kdenlive 23.04.3 resolves over a dozen bugs. This is not a security update.
https://kdenlive.org/

LibreOffice Fresh 7.5.5 resolves 70 bugs. This is not a security update. Remember that the “Fresh” line is beta software and you should use the “Still” line instead.
https://www.libreoffice.org/

Nextcloud Desktop 3.9.1 resolves a dozen bugs. This is not a security update.
https://nextcloud.com/

Paint.net 5.0.8 resolves several bugs. This is not a security update.
https://www.getpaint.net/

Security Software Updates

One or more of these is likely to be of interest to most people.

Gpg4win 4.2.0 resolves a dozen bugs. This is a security update.
https://www.gpg4win.org/download.html

HTTP Toolkit 1.13.0 doesn’t provide a change log so should be treated as a security update.
https://httptoolkit.tech/

MalwareBytes Anti-Malware 4.5.34 resolves several bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

MalwareBytes Anti-Malware Mac 4.20.7 resolves several bugs. This is not a security update.
https://www.malwarebytes.com/mac/

OpenSSL 1.1.1v and 3.1.2 are security updates.
https://slproweb.com/products/Win32OpenSSL.html

ProtonVPN 2.4.3 improves stability. This is not a security update.
https://protonvpn.com/download

Radmin VPN 1.4.4642.1 doesn’t provide a change log so should be treated as a security update.
https://www.radmin-vpn.com/

Tails 5.16 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.51.0 resolves several bugs and adds support for several new filters and scriptlets. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.14.0 adds silent operation support, winget and go support, and resolves a couple bugs. This is not a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

Camtasia 23.1.2 updates libraries and resolves several bugs. This is a security update.
https://www.techsmith.com/video-editor.html

SnagIt 23.2.0 updates libraries and resolves over a dozen bugs. This is a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.1.1.2 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

StreamFab 6.1.3.4 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 1.0.2.8 improves conversion speed and resolves a couple bugs. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Utility Updates

These are unlikely to be of interest to most people.

.NET Runtime 7.0.10 is a security update.
https://dotnet.microsoft.com/en-us/download/dotnet

1Password 8.10.9 resolves dozens of bugs. This is not a security update.
https://1password.com/downloads/windows/
https://1password.com/downloads/mac/

8GadgetPack 37.0 updates My Weather and removes unsupported widgets. This is not a security update.
https://8gadgetpack.net/

Bitcoin 25.0 improves network communication, RPCs, and resolves several bugs. This is not a security update.
https://bitcoin.org/en/download

Bitwarden 2023.7.1 adds commands to the CLI Secrets Manager. This is not a security update.
https://bitwarden.com/

CCleaner 6.14.10584 is a security update.
https://www.ccleaner.com/

Dell Command Update 5.0.0 doesn’t provide a change log so should be treated as a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

DesktopOK 11.01 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 4.0.45.0 updates libraries and resolves several bugs to improve compatibility. This is a security update.
https://dngrep.github.io/

Etcher 1.18.12 resolves a couple bugs. This is not a security update.
https://www.balena.io/etcher/

Everything Toolbar 1.2.0 improves compatibility. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

Go 1.21.0 is a major update, adding several new tools and language constructs. This is a security update.
https://go.dev/

GoodSync 12.3.1 improves AutoUpdate sync, stability, and resolves several compatibility issues. This is not a security update.
https://www.goodsync.com/

HWiNFO 7.60 doesn’t provide a change log so should be treated as a security update.
https://www.hwinfo.com/download/

Java 8u381 is a security update.
https://www.java.com/en/download/manual.jsp

JShelter 0.13 improves stability. This is not a security update.
https://jshelter.org/install/

LiveTcpUdpWatch 1.51 adds dark background and full screen support. This is not a security update.
https://www.nirsoft.net/utils/live_tcp_udp_watch.html

NetworkOpenedFiles 1.61 adds dark background and full screen support. This is not a security update.
https://www.nirsoft.net/utils/network_opened_files.html

NTLite 2023.7.9371 resolves several bugs and improves features. This is not a security update.
https://www.ntlite.com/download/

OSForensics 10.0.1015 resolves several bugs. This is not a security update.
https://www.osforensics.com/download.html

osquery 5.9.1 adds ARM support and resolves several bugs. This is a security update.
https://osquery.io/downloads

PowerToys 0.72.0 resolves several bugs and improves compatibility. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Process Explorer 17.05 improves stability. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

Rufus 4.2 improves compatibility and stability, adds conversion options, and resolves several bugs. This is not a security update.
https://rufus.ie/en_US/

ScreenConnect 23.5.8.8598 improves logging. This is not a security update.
https://www.connectwise.com/software/control/download

SmartMonTools 7.4 adds several new switches, improved hardware support, and resolves a couple bugs. This is not a security update.
https://smartmontools.org/

TcpLogView 1.38 updates IP database. This is not a security update.
https://www.nirsoft.net/utils/tcp_log_view.html

Ventoy 1.0.94 resolves compatibility issues. This is not a security update.
https://www.ventoy.net/en/index.html

VMMap 3.33 improves compatibility. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/vmmap

WinRAR 6.23 is a security update.
https://www.rarlab.com/

WinScan2PDF 8.61 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

ZoomIt 7.1 adds audio capture support. This is not a security update.
https://learn.microsoft.com/en-us/sysinternals/downloads/zoomit

ZoomText 2023 2023.2307.29.400 improves keyboard shortcuts and resolves several bugs.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

ADB 34.0.4 resolves several bugs. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Android Studio 2022.3.1.18 improves compatibility. This is not a security update.
https://developer.android.com/studio

AutoHotkey 2.0.4 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

AutoHotkey 1.1.37.01 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

GitHub Desktop 3.2.7 resolves several bugs. This is not a security update.
https://desktop.github.com/

Godot (macOS) 4.1.1 improves stability. This is not a security update.
https://godotengine.org/

MySQL ConnectorNet 8.1.0 resolves several bugs. This is not a security update.
https://dev.mysql.com/downloads/connector/net/

MySQL Server 8.0.34 resolves dozens of bugs. This is a security update.
https://dev.mysql.com/downloads/installer/

Node.js 18.17.0 updates libraries, improves performance, and resolves several bugs. This is not a security update.
https://nodejs.org/en/

Node.js 20.5.0 updates libraries, improves performance, and resolves several bugs. This is not a security update.
https://nodejs.org/en/

Visual Studio Code 1.81 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 7.0.10 resolves dozens of bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

HumHub 1.14.3 resolves several bugs. This is not a security update.
https://www.humhub.com/en

ISPConfig 3.2.11 adds support for Debian 12 and resolves several bugs. This is not a security update.
https://www.ispconfig.org/ispconfig/download/

Invision Community 4.7.12 updates libraries and resolves dozens of bugs. This should be treated as a security update.
https://invisioncommunity.com/

Grocy 4.0.1 is a major update adding new API features, compatibility, and performance improvements. This build also resolves several bugs.
https://github.com/grocy/grocy

MailEnable 10.47 resolves several bugs. This should be treated as a security update.
https://www.mailenable.com/

ownCloud Client 4.2.0.11670 resolves several bugs. This should be treated as a security update.
https://owncloud.com/desktop-app/

Contact Form 7 5.8 adds several hooks and resolves a couple bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.5.1 improves messaging and subsite mapping structure. This is not a security update.
https://wordpress.org/plugins/duplicator/

Social Post Feed 4.1.9 adds promotional link, updates the block and improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

Theme My Login 7.1.6 resolves a couple bugs and adds a new hook. This is not a security update.
https://wordpress.org/extend/plugins/theme-my-login/

W3 Total Cache 2.4.0 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 7.9.0 resolves over a hundred bugs, updates blocks and options. This is a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Mail SMTP 3.8.2 resolved several bugs. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/

WPBakery 7.0 adds a couple elements, improves notifications and compatibility. This is not a security update.
https://wpbakery.com/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2023-01-10

Happy New Year, Folks!

Today is Patch Tuesday for January, 2023.

This month brings over 200 application updates and over 100 major hacks. It’s the lightest month we’ve seen in a while, with only about 3 GB of updates for most users.

This Month in Technology

3Commas, Aetna ACE, Antwerp, Belgium, Argonne (ANL), Astro, Avem Health Partners, Azienda Ospedaliera di Alessandria hospital, Bay City Health & Rehabilitation Center, Benchmark, BetMGM, BitKeep crypto wallet users, BMW, Bosselman Energy, Inc. Employee Health Benefits Plan, Brookhaven (BNL), BTC.com, CA Department of Finance, Captify Health, Careportal, Chick-fil-A, CircleCI, Citrix ADC and Gateway, CoinTracker, Comcast Xfinity, Consulate Health Care, Copper Mountain Mining Corporation, Cott Systems, Deezer, Degroof Petercam, Digipolis, DoorDash, Empresas Públicas de Medellín, FBI’s InfraGard, Fitzgibbon Hospital, Five Guys, Flying Blue, Foundcare, Inc., FuboTV, Gemini crypto exchange, Ghost CMS, GitHub auth, Google Home smart speaker, Grupo Estrategas EMM, H-Hotels, Hawaiian Eye Center, Hospital for Sick Children (SickKids), Indian Railway Catering and Tourism Corp, Intrado, John F. Kennedy International Airport taxi dispatch system, JsonWebToken, Kubernetes clusters, L. Knife & Son, Inc. Employee Benefits Plan, Lake Charles Memorial Health System, LastPass (“most” data was encrypted), Lawrence Livermore National Laboratories (LLNL), Legacy Hospice, LEGO BrickLink, Live Oak Surgery Center, Louis A. Johnson Veterans’ Administration Medical Center, Mango Markets, Maternal & Family Health Services, Maybank, Medicare, MedStar Mobile Healthcare, Mercedes, 60,000+ Microsoft Exchange servers, Midwest Orthopaedic Consultants, S.C., Monarch, Netgear WiFi routers, New Vision Dental, Okta, Port of Lisbon Administration, Prairie Lakes Healthcare System, PyTorch, Quality Behavioral Health, Queensland University of Technology, Rackspace, SAIF Corp, Sargent & Lundy, SevenRooms, Shibuya Ward office in Tokyo, Slack, SlideTeam, Social Blade, Synology, Telas Palo Grande, The Elizabeth Hospice, The Guardian, The Malaysian Election Commission, Three Rivers Provider Network, Toyota, TPG Telecom Ltd, Twitter, Uber, UK Schools, UK’s Department for Environment, Food & Rural Affairs, Ukrainian Government (because they pirated Windows), Ukrainian Ministry of Defense, Universidad De La Salle, University of Havana, University of Miami, Verisma Systems, Inc., VSCode Marketplace, Wabtec Corporation, Windows Problem Reporting, YITH WooCommerce Gift Cards Premium, and Zoho ManageEngine have reportedly been hacked or compromised this month.

ChatGPT, the latest AI designed to make humanity obsolete, is already being used to develop malwareAdobe is using your content to train their AI. 

Microsoft still hasn’t gone all-in on Windows 11. Google Chrome (and all other Chromium-based browsers – Edge, Brave, Vivaldi and so on) will no longer support Windows 7, 8, 8.1, or Server 2012/2012 R2 in only a month. The latest build of iTunes is not compatible with the end-to-end encryption feature on iOS/iPadOS.

The only government caught bombing people not party to the Russo-Ukrainian war says cyberattacks should be considered war crimes. The FTC is planning to kill the US economy, while the FCC has decided to regulate space.

Now for the good news:

Almost every ‘conspiracy theory‘ that people had about twitter turned out to be true. The FBI has seized domains involved in DDoS attacks.

John Deere will finally allow farmers to repair their own equipment. This is a major movement in conjunction with the Right to Repair, and could save farmers millions on production expenses.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 3
GB in updates today. Let’s get started.

Windows 11 22H2 still isn’t ready for prime time, so hold off for at least another month.

Microsoft released updates to address 90 vulnerabilities in .NET Core, 3D Builder, Azure Service Fabric Container, Microsoft Bluetooth Driver, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Local Security Authority Server (lsasrv), Microsoft Message Queuing, Microsoft Office, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft WDAC OLE DB provider for SQL, Visual Studio Code, Windows ALPC, Windows Ancillary Function Driver for WinSock, Windows Authentication Methods, Windows Backup Engine, Windows Bind Filter Driver, Windows BitLocker, Windows Boot Manager, Windows Credential Manager, Windows Cryptographic Services, Windows DWM Core Library, Windows Error Reporting, Windows Event Tracing, Windows IKE Extension, Windows Installer, Windows Internet Key Exchange (IKE) Protocol, Windows iSCSI, Windows Kernel, Windows Layer 2 Tunneling Protocol, Windows LDAP – Lightweight Directory Access Protocol, Windows Local Security Authority (LSA), Windows Local Session Manager (LSM), Windows Malicious Software Removal Tool, Windows Management Instrumentation, Windows MSCryptDImportKey, Windows NTLM, Windows ODBC Driver, Windows Overlay Filter, Windows Point-to-Point Tunneling Protocol, Windows Print Spooler Components, Windows Remote Access Service L2TP Driver, Windows RPC API, Windows Secure Socket Tunneling Protocol (SSTP), Windows Smart Card, Windows Task Scheduler, Windows Virtual Registry Provider, Windows Workstation Service and MSRT (~1.5 GB). This includes security updates. A reboot is required.

Google Chrome OS 108.0.5359.172 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Ventura (13.x) means that macOS Catalina (10.15) and older are no longer supported. If you can not install at least macOS Big Sur (11) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

DS4Windows 3.2.3 resolves a bug with the Shift Modifier trigger. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Nvidia Driver 474.11 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Xerox Smart Start 1.7.71.0 doesn’t provide a changelog so should be treated as a security update.
https://www.support.xerox.com/en-us/content/143617

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.46.153 is a security update.
https://brave.com/

Google Chrome 108.0.5359.124 is a security update.
https://www.google.com/chrome/

Microsoft Edge 108.0.1462.76 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 108.0.2 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Vivaldi 5.6.2867.50 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.10.8 resolves a couple bugs. This is not a security update.
https://getmailspring.com/

Spark 3.2.2.40861 improves stability and resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.2.2.40859 improves stability and resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 102.6.1 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.1.7 improves command-line controls and resolves dozens of bugs. This is not a security update.
https://anydesk.com/en/downloads

curl 7.87.0 resolves dozens of bugs. This is not a security update.
https://curl.haxx.se/windows/

Dropbox 164.4.7914 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 172.0.0.28.215 is a security update.
https://www.messenger.com/download

FreeFileSync 11.29 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 69.0 is a security update.
https://drive.google.com/start

Npcap 1.72 resolves a couple bugs. This is not a security update.
https://nmap.org/npcap/

Prosody 0.12.2 is a security update.
https://prosody.im/download/start

Rclone 1.61.1 adds several new features and resolves many bugs. This is not a security update.
https://rclone.org/

Signal (Android) 6.6.3 doesn’t provide a public changelog so should be treated as a security update.
https://signal.org/android/apk/

Signal 6.1.0 resolves several bugs. This is not a security update.
https://signal.org/download/windows/

Skype 8.91.0.404 adds automatic audio translation. Really. This is not a security update.
https://www.skype.com/

Syncthing 1.23.0 resolves several bugs. This is not a security update.
https://syncthing.net/

Telegram 4.5.3 resolves a bug. This is not a security update.
https://telegram.org/

Zoom 5.13.4.11835 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Bitwig Studio 4.4.6 resolves a couple bugs. This is not a security update.
https://www.bitwig.com/download/

darktable 4.2.0 resolves dozens of bugs. This is not a security update.
https://www.darktable.org/

iTunes 12.12.7.1 resolves several bugs and improves compatibility. This is not a security update.
https://www.apple.com/itunes/download/

Kodi 19.5 doesn’t provide a changelog so should be treated as a security update.
https://kodi.tv/

Plex Desktop 1.60.1.3413 improves album art and Discover behavior, and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.31.1.3412 improves album art and adds an option to dismiss Discover What to Watch. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Unreal Media Server 15.0 improves streaming capabilities. This is a security update.
http://www.umediaserver.net/umediaserver/download.html

Winamp 5.9.1.10029 updates libraries and resolves several bugs. This is a security update.
https://www.winamp.com/player/

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2022.11.1.56 resolves several bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.1.155 integrates direct access to the Asset Store and resolves several bugs. This is not a security update.
https://gdevelop.io/download

Steam 2023.12.01 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 22.003.20310 is a security update.
https://get.adobe.com/reader

Adobe Acrobat 22.003.20310 and 20.005.30436 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb23-01.html

Adobe InDesign 18.1 and 17.4.1 are security updates.
https://helpx.adobe.com/security/products/indesign/apsb23-07.html

Adobe InCopy 18.0 and 17.4 are security updates.
https://helpx.adobe.com/security/products/incopy/apsb23-08.html

Adobe Dimension 3.4.7 is a security update.
https://helpx.adobe.com/security/products/dimension/apsb23-10.html

Audacity 3.2.3 adds support for audio.com and resolves several bugs. This is not a security update.
https://www.audacityteam.org/download/

Calibre 6.11.0 adds automatic editing of CSS and resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Krita 5.1.5 resolves several bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

Notepad++ 8.4.8 updates libraries and resolves over a dozen bugs. This is not a security update.
https://notepad-plus-plus.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

DNSQuerySniffer 1.90 adds Show High Resolution Duration option. This is not a security update.
https://www.nirsoft.net/utils/dns_query_sniffer.html

Gpg4win 4.1.0 improves certificate handling and resolve several bugs. This is not a security update.
https://www.gpg4win.org/download.html

HTTP Toolkit 1.12.2 doesn’t provide a changelog so should be treated as a security update.
https://httptoolkit.tech/

KeePass 2.53 adds keyboard controls and history and filter improvements. This is not a security update.
https://keepass.info/

MalwareBytes Anti-Malware 4.5.19 resolves several bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

ProtonVPN 2.3.2 adds new languages. This is not a security update.
https://protonvpn.com/download

ProtonVPN (macOS) 3.0.11 adds new languages. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.6.5 resolves several bugs and improves reliability. This is not a security update.
https://www.adlice.com/download/roguekiller/

Tails 5.8 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.46.0 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

Open Broadcaster Software 29.0.0 adds several new encoders and decoders, and resolves several bugs. This is not a security update.
https://obsproject.com/

SnagIt 23.0.2 improves Grab Text feature and resolves several bugs. This is not a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.9.6 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

HandBrake 1.6.0 adds several transcoding options, updates libraries, and resolves several bugs. This is not a security update.
https://handbrake.fr/

StreamFab 6.1.0.2 improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.19 adds automatic relinking of Mendeley citations, and resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.9.12 improves reliability and resolves several bugs. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.9.12 improves reliability and resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/

AOMEI Partition Assistant 9.13.1 resolves several bugs. This is not a security update.
https://www.diskpart.com/

Bitwarden 2022.12.0 resolves several bugs. This is not a security update.
https://bitwarden.com/

CCleaner 6.07.10191 improves startup speed and resolves several bugs. This is not a security update.
https://www.ccleaner.com/

Cygwin 3.4.3 resolves a couple bugs. This is not a security update.
https://cygwin.com/

Dell Command Update 4.7.1 doesn’t provide release notes for this build, so it should be treated as a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

DesktopOK 10.61 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 3.2.242.0 adds a portable version, improves extension support, syntax highlighting, selection keys, and updates libraries. This is not a security update.
https://dngrep.github.io/

DMDE 4.0.2.804 resolves several bugs. This is not a security update.
https://dmde.com/

Etcher 1.13.2 resolves several bugs and updates dependencies. This is not a security update.
https://www.balena.io/etcher/

Fido 1.40 improves error handling. This is not a security update.
https://github.com/pbatard/Fido/releases

Go 1.19.5 resolves several bugs. This is not a security update.
https://go.dev/

GoodSync 12.1.4 resolves several bugs. This is not a security update.
https://www.goodsync.com/

grepWin 2.0.12 resolves several bugs. This is not a security update.
https://github.com/stefankueng/grepWin/releases/latest

Homedale 2.05 improves logging and SSID reporting. This is not a security update.
https://www.the-sz.com/products/homedale/

Memtest86+ 6.01 resolves a couple bugs. This is not a security update.
https://www.memtest.org/

NetworkInterfacesView 1.26 add Interface Index column. This is not a security update.
https://www.nirsoft.net/utils/network_interfaces.html

NTLite 2.3.9.9020 updates languages and components. This is not a security update.
https://www.ntlite.com/download/

osquery 5.7.0 provides several table updates, introduces security_profile_info, and resolves several bugs. This is not a security update.
https://osquery.io/downloads

PowerToys 0.66.0 improves installer and resolves dozens of bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 9.4.1 imposes new licensing restrictions for free accounts. This is not a security update.
https://www.roboform.com/

ScreenConnect 22.10.10924.8404 adds several new security features and controls, and resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Superpaper 2.2.1 resolves several bugs. This is not a security update.
https://github.com/hhannine/superpaper/

TeamViewer 15.37.3 resolves a couple bugs. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

Unity 2022.2.1 resolves several bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

Ventoy 1.0.87 resolves several bugs. This is not a security update.
https://www.ventoy.net/en/index.html

WinScan2PDF 8.41 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

ZoomText 2023 2023.2212.21.400 adds Freeze View and Early Adopter support. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

GitHub Desktop 3.1.3 resolves several bugs. This is not a security update.
https://desktop.github.com/

NASM 2.16.01 resolves several bugs. This is not a security update.
https://www.nasm.us/index.php

Node.js 19.4.0 resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/

Node.js 18.13.0 resolves several bugs. This is not a security update.
https://nodejs.org/en/

SQLite 3.40.1 resolves a couple bugs. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.74.2 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.14.4 resolves dozens of bugs. This is not a security update.
https://ppsspp.org/downloads.html

VMware Workstation Player 17.0.0 improves TPM, adds support for newer operating systems, adds encryption, and updates OpenGL 4.3 and WDDM 1.2. This is a security update.
https://customerconnect.vmware.com/downloads/#all_products

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.21 corrects a couple bugs. This is not a security update.
https://coppermine-gallery.net/

Drupal 9.5.1 resolves several bugs. This is not a security update.
https://drupal.org/download

HumHub 1.13.0 improves module integration, Spaces, adds Open Graph, diagnostics and several other features. This is not a security update.
https://www.humhub.com/en/download

ISPConfig 3.2.9 adds 2FA and support for latest Ubuntu, and resolves several bugs. This is not a security update.
https://www.ispconfig.org/ispconfig/download/

jQuery 3.6.3 resolves the CSS.supports selector bug. This is not a security update.
https://code.jquery.com/

Piwigo 13.4.0 resolves several bugs. This is not a security update.
https://piwigo.org/

SpamAssassin 4.0.0 is a major update adding full Unicode support, parsing for many more URL forms and TLDs, and resolves several bugs. This is not a security update.
https://spamassassin.apache.org/downloads.cgi

BuddyPress 11.0.0 improves performance, adds webp support, and resolves dozens of bugs. This is a security update.
https://wordpress.org/extend/plugins/buddypress/

Contact Form 7 5.7.2 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Social Post Feed 4.1.6 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

Postie 1.9.63 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/postie/

Raw HTML 1.6.4 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/raw-html/

Register IP – Multisite 1.9.1 resolves a couple bugs. This is not a security update.
https://wordpress.org/extend/plugins/register-ip-multisite/

WooCommerce 7.2.2 resolves dozens of bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Mail SMTP 3.7.0 improves cleanup and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/

WP Update Server 2.0.1 improves compatibility. This is not a security update.
https://github.com/YahnisElsts/wp-update-server

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2022-12-13

Merry Christmas, Folks!

Today is Patch Tuesday for December, 2022.

This month brings a new version of Windows 10 (v22H2), critical security updates for all supported Apple products, and (literally) new security updates every single week since the last update cycle on November 8th. That’s on top of the 150+ major hacks, and over 165 application updates this month. Prepare yourself, there will be about 4 GB of updates for most devices this month.

This Month in Technology

Over 15,000 websites, Abandonia2022, ABB Totalflow, Accuro, Acer UEFI Secure Boot, dozens of apps using the Algolia API, Amazon ECR, Amnesty International Canada, Android, Android OEM certificates, André-Mignot Hospital, Ankr, Antwerp, Belgium, Argentina de Soluciones Satelitales, Arkansas Department of Human Services, Atlassian Bitbucket Server, Bahrain, Bank of Russia, Boa web server, California’s Department of Finance, Canadian Teachers Union, Canon hardware, CareFirst Administrators, CCA Health Plans of California, Inc d/b/a CCA Health CA, Central Depository Services Ltd, Chiropractic Board of New Zealand, Cincinnati State Technical and Community College, Cisco IP phones, Citrix ADC and Gateway, CloudSEK, Codesys, CoinTracker, CommonSpirit Health, Community Health Network, Inc. as an Affiliated Covered Entity, Connexin Software, Consumer Directed Services In Texas, Inc., CorrectCare Integrated Health Inc, County of Tehama, California, Dallam Hartley Counties Hospital District, Deribit, Dermatology & Skin Cancer Ctr, PC, Dialpad, Inc., Dietitians Board of New Zealand, Docs Medical Inc, Doctors’ Center Hospital, Dr. Douglas C. Shoenberger,PC, Durham District School Board, Dutch LNG Terminal, Easton Cardiovascular, Ellen M. Field, M.D., Epic Management LLC, European Parliament, F5 BIG-IP and BIG-IQ, Fars News Agency, Festo, FortiOS SSL-VPN, FTX, GATE Petroleum Company Employee Benefits Plan, Gateway Rehabilitation Center, General Council of the Judiciary, GGCorp, Google Pixel 5 and 6, Google’s Looker Studio, GoTo, Guatemala’s Ministry of Foreign Affairs, Health Care Management Solutions, LLC, Health New Zealand, Hope Health Systems Inc., Hospital Center of Versailles, HP hardware, Hyundai and Genesis cars, Indian Central Board of Higher Education, Indian Community Health Network, Indian Council of Medical Research, Indian electrical grid operators, Innovative Service Technology Management Services, Inc., Kaiser Foundation Health Plan of the Mid-Atlantic States, Inc., Keralty Group, Lake Charles Memorial Health System, LastPass (again), Lehigh Valley Women’s Specialties, Lenovo UEFI Secure Boot, Lexmark hardware, Magento 2, Manassas Surgery Center Anesthesia Services, MaryAnne Freeman Brndjar, DO, PC, Medibank, Mena Regional Health System, Mercury IT, Microsoft Exchange, Mikrotik hardware, NETGEAR hardware, New York-Presbyterian Hospital, New Zealand Ministry of Justice, New Zealand Psychologists Board, New York-Presbyterian Hospital, a NY salon, NU House Calls, PC, Nuance Communications, Inc., OakBend Medical Center, One Brooklyn Health System, Optometrists and Dispensing Opticians Board of New Zealand, Oracle Fusion, Orange Telecom, Orlando Health, Pendurthi Surgical Associates, Peter J. Isaac, D.O., Physiotherapy Board of New Zealand, Plascar Participacoes Industriais, Podiatrists Board of New Zealand, Polsinelli PC, Quarkus Java Framework, Rackspace, Radio Free Asia, Receivables Performance Management, Restaurants in Cincinnati, Roman Catholic Church, Rosenfeld VanWirt, PC, Royal Mail, Samsung Galaxy S22, Sequoia One, Seville Urban Transport Company, Silverstone Circuit, Sobeys, Sonder, Sonos hardware, South Staffordshire Water, South Walton Fire District, Southampton County, Virginia, Sree Saran Medical Centre, Stanley Street Treatment and Resources, Inc., Synology hardware, Tata Power, Telstra, The Smith Family, TP-Link hardware, Tuloso-Midway Independent School District, Twitter, Uber, Ubiquiti hardware, University Medical Center of Southern Nevada, UOB KayHian, Uruguay’s Ministry of Transport and Public Works, the US government, VMware ESXi, VTB Bank, Western Digital hardware, Whoosh, Work Health Solutions, Wright & Filippis LLC, Xavier College, Yakima Neighborhood Health Services, Yale University, and the Zwijndrecht police have reportedly been hacked or compromised this month.

There’s another novel method for exfiltrating information from air-gapped devices: the power supply. Most US DoD contractors fail to implement basic security controls.

Windows updates last month broke DirectAccess, gaming performance, ODBC database connections, Remote Desktop, Task Manager, Windows Kerberos, caused Windows freezes and domain controller freezes.

Meta (Facebook and Instagram) has acknowledged they’ve been used by the US Military for propaganda

Now for the good news:

Apple is finally adding end-to-end encryption for some iCloud backups.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 4 GB in updates today. Let’s get started.

Microsoft released updates to address 57 vulnerabilities in .NET Framework, Azure, Client Server Run-time Subsystem (CSRSS), Microsoft Bluetooth Driver, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office, Microsoft Office OneNote, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft Windows Codecs Library, Windows Hyper-V, SysInternals, Windows Certificates, Windows Contacts, Windows DirectX, Windows Error Reporting, Windows Fax Compose Form, Windows HTTP Print Provider, Windows Kernel, Windows PowerShell, Windows Print Spooler Components, Windows Projected File System, Windows Secure Socket Tunneling Protocol (SSTP), Windows SmartScreen, Windows Subsystem for Linux, Windows Terminal and MSRT (~ 2.5 GB). This includes security updates. A reboot is required.

Apple released updates for iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2, iOS 16.2 and iPadOS 16.2, macOS Big Sur 11.7.2, macOS Monterey 12.6.2, macOS Ventura 13.1, Safari 16.2, tvOS 16.1.1, tvOS 16.2, and watchOS 9.2. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 15.7.2, 16.1.2, and 16.2 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 15.7.2, 16.1.2, and 16.2 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 9.2 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 16.1.1 and 16.2 are security updates. Use System, Software Update to install the most current version.

Google Chrome OS 108.0.5359.75 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 37-1.7 is a major update, adding support for Raspberry Pi 4, new editions, and updates libraries. This is not a security update.
https://getfedora.org/en/workstation/download/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Big Sur (11) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 22.11.2 resolves several bugs. This is not a security update.
https://www.amd.com/en/support

Display Driver Uninstaller 18.0.5.9 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DS4Windows 3.1.11 resolves several bugs. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Garmin Express 7.15.2 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.garmin.com/en-US/software/express/

NVcleanstall 1.14.0 resolves several bugs. This is not a security update.
https://www.techpowerup.com/download/techpowerup-nvcleanstall/

Nvidia Driver 474.06 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Drivers by Seagull 2022.3 adds support for over 200 new devices. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/

Wacom Driver 6.4.0-11 resolves several bugs. This is not a security update.
https://www.wacom.com/en-us/support/product-support/drivers

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.46.134 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 108.0.5359.98 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 108.0.1462.46 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 108.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Vivaldi 5.6.2867.40 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.10.7 resolves a couple bugs and improves cosmetic options. This is not a security update.
https://getmailspring.com/

OutlookAttachView 3.47 adds option to cancel scan with Esc key. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Spark 3.2.1.40643 resolves many bugs. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.2.1.40641 resolves many bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 102.6 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk (macOS) 7.0.0 resolves several bugs and improves interface and Settings. This is not a security update.
https://anydesk.com/en/downloads

BrowsingHistoryView 2.53 adds multiple profile support to several browsers and adds the ability to cancel scan with the Esc key. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

DNSDataView 1.70 adds support for collecting A records of all PTR record. This is not a security update.
https://www.nirsoft.net/utils/dns_records_viewer.html

Dropbox 162.4.5419 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 172.0.0.23.215 is a security update.
https://www.messenger.com/download

FileZilla Client 3.62.2 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FileZilla Server 1.6.1 resolves an installation bug and improves certificate controls. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.28 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 68.0 resolves several bugs. This is not a security update.
https://drive.google.com/start

Microsoft Teams 1.5.00.33362 adds HOSI support for compatible hardware. This is not a security update.
https://teams.microsoft.com/downloads

Minds (Android) 4.30.1 resolves several bugs. This is not a security update.
https://www.minds.com/

Nextcloud Server 25.0.2 resolves dozens of bugs. This is a security update.
https://nextcloud.com/

Omada Software Controller 5.7.4 improves the user interface, adds several new options, and resolves several bugs. This is a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Pocketnet-Core 0.20.29 resolves several bugs. This is not a security update.
https://pocketnet.app/

Pocketnet-GUI 0.8.34 resolves several bugs. This is not a security update.
https://pocketnet.app/

Qbox 4.0.5.35 doesn’t provide a changelog so should be treated as a security update.
https://www.coraltreetech.com/qbox

Rclone 1.60.1 resolves several bugs and improves compatibility. This is not a security update.
https://rclone.org/

Signal 6.0.1 adds Stories support. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 6.3.6 adds donation support. This is not a security update.
https://signal.org/android/apk/

Skype 8.91.0.404 adds universal translation and resolves several bugs. This is not a security update.
https://www.skype.com/

Syncthing 1.22.2 resolves several bugs and updates libraries. This is not a security update.
https://syncthing.net/

Technitium DNS Server 10.0.1 adds several features and resolves bugs. This is a security update.
https://technitium.com/dns/

Telegram 4.4.1 resolves several bugs. This is not a security update.
https://telegram.org/

Telegram (Android) 9.2.1 doesn’t provide a detailed changelog so should be treated as a security update.
https://telegram.org/apps

TP-Link Archer AX21 v1.3.6 is a security update.
https://www.tp-link.com/us/support/download/archer-ax21/v1.20/#Firmware

WinSCP 5.21.6 is a security update.
https://winscp.net/eng/index.php

Zoom 5.12.9.10650 improves policy controls, CC and translation, and resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Bitwig Studio 4.4.3 fixes a couple stability bugs. This is not a security update.
https://www.bitwig.com/download/

Picard 2.8.5 resolves several bugs. This is a security update.
https://picard.musicbrainz.org/

Plex Desktop 1.59.1.3398 adds support for AV1 and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.30.1.3391 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.30.0.6486 adds pattern matching, improves scheduled tasks, and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

VLC Media Player 3.0.18 is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2022.11.0.54 resolves dozens of bugs and improves usability. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.1.152 adds new features, including monetization through assets, and resolves several bugs. This is not a security update.
https://gdevelop.io/download

Lego Studio 2.22.12.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

Steam 2022.12.01 resolves 20 bugs. This is not a security update.
https://steamcommunity.com/news/client

SteamOS SteamDeck Update 2022-11-21 resolves many bugs including hardware compatibility, performance and stability issues. This is not a security update.
https://store.steampowered.com/news/app/1675200/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Campaign Classic 7.3.2 and 8.4.2 are security updates.
https://helpx.adobe.com/security/products/campaign/apsb22-58.html

Adobe Experience Manager 2022.10.0 and 6.5.15.0 resolve almost three dozen security vulnerabilities.
https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html

Illustrator 2023 27.0.1 and 2022 26.5.2 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb22-60.html

Artweaver 7.0.14 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Atom 1.63.1 is the final release of Atom before it is to be EOL in a couple days. Please switch to another editor.
https://atom.io/

Audacity 3.2.2 adds VST2 realtime effect support and resolves several bugs. This is not a security update.
https://www.audacityteam.org/download/

Calibre 6.9.0 adds signing to all binaries and resolves several bugs. This should be treated as a security update.
https://calibre-ebook.com/

Inkscape 1.2.2 resolves dozens of bugs. This is not a security update.
https://inkscape.org/release/

Kindle for PC 1.39.65383 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

LibreOffice Fresh 7.4.3 resolves 100 bugs. This is a security update. Remember that the Fresh line is beta software. Most users should use the Still line.
https://www.libreoffice.org/

Nextcloud Desktop 3.6.4 improves stability. This is not a security update.
https://nextcloud.com/

PDF-XChange Editor 9.5.366.0 resolves several bugs. This is not a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

Security Software Updates

One or more of these is likely to be of interest to most people.

Chainsaw 2.3.0 improves culprit tracking. This should be treated as a security update.
https://github.com/countercept/chainsaw

HTTP Toolkit 1.12.1 doesn’t provide a changelog so should be treated as a security update.
https://httptoolkit.tech/

MalwareBytes Anti-Malware Mac 4.17.8 adds support for macOS Ventura/13. This is not a security update.
https://www.malwarebytes.com/mac/

ProtonVPN 2.3.1 improves user interface. This is not a security update.
https://protonvpn.com/download

ProtonVPN (macOS) 3.0.10 improves the user interface. This is not a security update.
https://protonvpn.com/download

Radmin VPN 1.3.4568.3 adds ability to add exceptions from within the software. This is not a security update.
https://www.radmin-vpn.com/

RogueKiller 15.6.3 updates engine and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Tails 5.7 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.45.2 resolves a couple bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Velociraptor 0.6.7 adds PGP automation and resolves several bugs. This is not a security update.
https://github.com/Velocidex/velociraptor/releases/latest

WebBrowserPassView 2.12 adds High-DPI support and improves portable browser support. This is not a security update.
https://www.nirsoft.net/utils/web_browser_password.html

Capture Updates

These are unlikely to be of interest to most people.

Camtasia 22.4.1 resolves several bugs. This is not a security update.
https://www.techsmith.com/video-editor.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.9.4 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

iMazing HEIC Converter 2.0.3 doesn’t provide a changelog so should be treated as a security update.
https://imazing.com/heic

IsoBuster 5.1 adds support for reading the FAT directly, improves performance and stability, and resolves dozens of bugs. This is not a security update.
https://www.isobuster.com/download.php

PDF Creator 5.0.3 resolves several bugs. This is not a security update.
https://www.pdfforge.org/pdfcreator

StreamFab 6.0.0.7 adds support for new encodings and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.18 resolves a merge bug. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.9.10 improves 2FA support and compatibility, and resolves dozens of bugs. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.9.10 improves 2FA support and compatibility, and resolves dozens of bugs. This is not a security update.
https://1password.com/downloads/windows/

Agent Ransack 2022.3349 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

Bitwarden 2022.11.0 implements 2-step authentication and resolves several bugs. This is not a security update.
https://bitwarden.com/

CCleaner 6.06.10144 adds and improves cleanup for over a dozen applications. This is not a security update.
https://www.ccleaner.com/

Cygwin 3.4.1 resolves several bugs. This is not a security update.
https://cygwin.com/

DesktopOK 10.51 improves compatibility with Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 3.1.197.0 adds recycle bin support, resolves several bugs, and improves bookmark behavior. This is not a security update.
https://dngrep.github.io/

Etcher 1.10.6 updates dependencies. This is not a security update.
https://www.balena.io/etcher/

FileLocator Pro 2022.3349 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Git SCM 2.39.0 resolves several bugs. This is not a security update.
https://git-scm.com/

Go 1.19.4 is a security update.
https://go.dev/

GoodSync 12.1.2 resolves dozens of bugs. This is not a security update.
https://www.goodsync.com/

Homedale 2.04 removes log headers and updates languages. This is not a security update.
https://www.the-sz.com/products/homedale/

HWMonitor 1.48 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

NetConnectChoose 1.10 adds Metric column and resolves a network selection bug. This is not a security update.
https://www.nirsoft.net/utils/net_connect_choose.html

NTLite 2.3.9.9018 improves compatibility and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSForensics 10.0.1006 resolves several bugs. This is not a security update.
https://www.osforensics.com/download.html

osquery 5.6.0 resolves several bugs, adds new columns and controls. This is not a security update.
https://osquery.io/downloads

AOMEI Partition Assistant 9.13.0 resolves several bugs. This is not a security update.
https://www.diskpart.com/

PointerStick 6.11 improves compatibility with Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.65.0 upgrades dependencies and resolves a couple bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Process Explorer 17.02 resolves stability bugs. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

RoboForm 9.3.8 resolves several bugs. This is not a security update.
https://www.roboform.com/

Rufus 3.21 updates dependencies, libraries, and resolves several bugs. This is not a security update.
https://rufus.ie/en_US/

ScreenConnect 22.9.10589.8370 resolves dozens of bugs including stability and reliability. This is a security update.
https://www.connectwise.com/software/control/download

Sysmon 14.13 resolves a stability bug. This is a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TeamViewer 15.36.9 improves terminal and scripting support. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

TraceRouteOK 3.22 improves compatibility with Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

Unity 2022.2.0 resolves over a hundred bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

WinScan2PDF 8.31 improves compatibility with Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 4.12 resolves a couple bugs. This is not a security update.
https://www.diskanalyzer.com/

ZoomText 2022 2022.2211.5.400 improves integration and stability, and resolves several bugs. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

ZoomText 2023 2023.2210.28.400 is a new major version adding tethered view and improves compatibility. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.36.02 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

Docker Desktop 4.14.1 improves stability and performance, adds WebAssembly support, user interface improvements, upgrades libraries and resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Node.js 14.21.2 updates certificates and timezone information. This should be treated as a security update.
https://nodejs.org/en/

Node.js 16.19.0 updates certificates and timezone information. This should be treated as a security update.
https://nodejs.org/en/

Node.js 19.2.0 updates libraries and resolves over a dozen bugs. This is not a security update.
https://nodejs.org/en/

SQLite 3.40.0 improves support for data recovery, performance, and reliability. This is a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.74 adds several new features. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 7.0.4 resolves over a dozen bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 9.4.9 resolves several bugs. This is not a security update.
https://drupal.org/download

HumHub 1.12.3 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 4.2.6 improves compatibility and resolves several bugs. This is not a security update.
https://www.joomla.org/

jQuery 3.6.2 improves compatibility and resolves several bugs. This is not a security update.
https://code.jquery.com/

MailEnable 9.86 is a security update.
https://www.mailenable.com/

MailEnable 10.43 is a security update.
https://www.mailenable.com/

ownCloud Client 3.0.0.9215 resolves dozens of bugs. This is not a security update.
https://owncloud.com/desktop-app/

Piwigo 13.3.0 resolves several bugs. This is not a security update.
https://piwigo.org/

SMF 2.1.3 resolves dozens of bugs. This should be treated as a security update.
https://www.simplemachines.org/

WordPress 6.1.1 resolves dozens of bugs. This is not a security update.
https://wordpress.org/

Akismet 5.0.2 is a security update.
https://wordpress.org/extend/plugins/akismet/

Autoptimize 3.1.4 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

Contact Form 7 5.7 resolves dozens of bugs and improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.1 adds support for the latest build of WordPress and resolves several bugs. This is a security update.
https://wordpress.org/plugins/duplicator/#developers

Redirection 5.3.6 improves translations. This is not a security update.
https://wordpress.org/extend/plugins/redirection/

Register IP – Multisite 1.8.3 is a security update.
https://wordpress.org/extend/plugins/register-ip-multisite/

Simple Lightbox 2.9.3 resolves several bugs and improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/simple-lightbox/

Sucuri Security 1.8.36 is a cosmetic update. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

W3 Total Cache 2.2.9 improves translation support. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 7.1.1 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WPtouch 4.3.46 is a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/