Hi, Folks!
Today is Patch Tuesday for August 2019 and it’s huge. It was a pretty big month for security news, too.
This month demonstrates several points I’ve been making for years:
1) Often the addition of yet another antivirus actually weakens your security. With Windows Defender scoring a perfect 100 there’s no good reason to install one of the “free” or even paid alternatives. Remember that there are only three parties to an exchange: the vendor, the customer, and the product. If you’re not selling or paying for a service, you’re the product.
2) Everything will be hacked eventually. Capital One and Binance demonstrate that even those tasked with the highest levels of security can be bribed or make mistakes, and since all encryption is weighted only by time and resources that are becoming ever-cheaper, assume anything you share will inevitably be compromised, even if you didn’t put it online yourself.
3) It isn’t just computers and phones that can be hacked. Everything from cameras, to airplanes, to Navy destroyers, and much more are also vulnerable.
4) The gatekeepers of “reasonable” vulnerability disclosure are as responsible as anyone else for zero-day exploits being exposed.
That’s enough horror stories for now. Let’s get back to our regularly scheduled program. The typical computer should see roughly 3 GB in updates today. Let’s get started.
Microsoft released updates for Windows, .NET, Edge, Internet Explorer, Flash, and MSRT (~2 GB). This includes security updates. TWO reboots are required.
Apple released updates for iOS 12.4, macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, Safari 12.1.2, watchOS 5.3, tvOS 12.4, iCloud for Windows 7.13, iCloud for Windows 10.6, and iTunes for Windows 12.9.6. These are security updates. Use Apple Software Update to install the most current versions.
iOS 12.4 is a security update. Use Settings, General, Software Update to install the most current update.
watchOS 5.3 is a security update. Use the Watch app on your iPhone to install the most current version.
tvOS 12.4 is a security update. Use System, Software Update to install the most current version.
Google Chrome OS 76.0.3809.102 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.
Adobe Flash Player 32.0.0.238 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.
Important Notes
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
The now-current release of the Windows 10 (1903) will cause your computer to feel unusually slow until it is installed. This is a side-effect of the Windows 10 upgrade cycle, which pushes out 3-6 GB through Windows update to get you to the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, it will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com
Driver Updates
If you’re using this hardware – these updates are for you.
Display Driver Uninstaller 18.0.1.7 resolves bugs. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu
nVidia 431.60 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us
BullZip PDF Printer 11.10.0.2761 adds print redirection and improves compatibility. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download
Crucial Storage Executive 5.02 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/usa/en/support-storage-executive
Intel Driver and Support Assistant 19.7.30 resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect
Browser Updates
One or more of these are likely to be of interest to everyone.
Google Chrome 76.0.3809.100 is a security update. Use Menu, Help, About to install the most current version.
Firefox 68.0.1 is a security update. Use Menu, Help, About to install the most current version.
Vivaldi 2.6.1566.49 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/
Email Updates
One or more of these are likely to be of interest to everyone.
OutlookAttachView 3.25 adds search-in-attachments option. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html
Thunderbird 60.8.0 is a security update. Use Menu, Help, About to install the most current version.
Internet Updates
One or more of these are likely to be of interest to everyone.
Trillian 6.2.0.11 resolves several bugs. This is not a security update.
https://www.trillian.im/
Trillian Mac 6.2.0.18 resolves several bugs. This is not a security update.
https://www.trillian.im/
BrowsingHistoryView 2.21 adds option to use local time for time range. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html
FileZilla Client 3.44.1 resolves several bugs, adds search to Site Manager, and adds warnings to insecure connections. This is not a security update.
https://filezilla-project.org/
FreeFileSync 10.14 enforces TLS for all endpoints and resolves several bugs. This should be considered a security update.
https://www.freefilesync.org/download.php
MaxMind GeoIP 201908 is a data refresh.
https://dev.maxmind.com/geoip/
Nmap 7.80 includes an updated Npcap, adds NSE scripts and resolves several bugs. This is a security update.
https://nmap.org/
Npcap 0.9982 is a security update.
https://nmap.org/npcap/
PuTTY installer 0.72 resolves several bugs. This is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
WinSCP 5.15.3 resolves several bugs. This is a security update.
https://winscp.net/eng/index.php
Media Updates
These are unlikely to be of interest to most people.
iTunes 12.9.6 is a security update.
https://www.apple.com/itunes/download/
Game Updates
These are unlikely to be of interest to most people.
Lego Digital Designer 4.3.12 doesn’t provide a changelog so should be treated as a security update.
https://www.lego.com/en-us/ldd
Steam 2019.08.06 resolves several bugs. This is a security update. Use Steam to update Steam.
PlayStation PS4 6.72 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/system-updates/ps4/
RetroPie 4.5.1 improves compatibility with RPI4 and reverts the kernel to improve stability. This is not a security update.
https://retropie.org.uk/
SteamOS Installer 2019-07-17 is a security update.
https://store.steampowered.com/steamos/download/?ver=custom
Office Updates
One or more of these are likely to be of interest to most people.
Atom 1.40.0 resolves several bugs. This is not a security update.
https://atom.io/
Artweaver 7.0 improves brush handling, simplified presets, Windows Ink Pen support, improved update, and resolves several bugs. This is not a security update.
https://www.artweaver.de/
Krita 4.2.5 resolves several bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/
LibreOffice Still 6.2.5 is a major update to LibreOffice Still, and adds several features and improved stability. This is not a security update.
https://www.libreoffice.org/
LibreOffice Fresh 6.3.0 is a major new release with improved integration, performance improvements, and many new features. This is not a security update.
https://www.libreoffice.org/
Paint.net 4.2.1 adds HEIC and JPEG XR support, resolves several bugs. This is not a security update.
https://www.getpaint.net/
Adobe Creative Cloud Desktop 4.9 is a security update.
https://www.adobe.com/creativecloud/catalog/desktop.html
Adobe Photoshop CC 19.1.9 is a security update. Use Creative Cloud Desktop to install the most current version (after patching the security issues in Creative Cloud Desktop).
Adobe Photoshop CC 20.0.6 is a security update. Use Creative Cloud Desktop to install the most current version (after patching the security issues in Creative Cloud Desktop).
Adobe Experience Manager hotfix 30379 is a security update for AEM 6.4 and 6.5.
6.4: https://www.adobeaemcloud.com/content/companies/public/adobe/packages/cq640/hotfix/cq-6.4.0-hotfix-30379
6.5: https://www.adobeaemcloud.com/content/companies/public/adobe/packages/cq650/hotfix/cq-6.5.0-hotfix-30379
Adobe Acrobat DC 2019.012.20036 is a security update. Use Help, Check for Updates to get the most current version.
Adobe Acrobat Reader DC 2019.012.20036 is a security update. Use Help, Check for Updates to get the most current version.
Acrobat 2017 2017.011.30144 is a security update. Use Help, Check for Updates to get the most current version.
Acrobat Reader DC 2017 2017.011.30144 is a security update. Use Help, Check for Updates to get the most current version.
Acrobat DC 2015.006.30499 is a security update. Use Help, Check for Updates to get the most current version.
Acrobat Reader DC 2015.006.30499 is a security update. Use Help, Check for Updates to get the most current version.
Adobe Prelude CC 8.1.1 is a security update. Use Creative Cloud Desktop to install the most current version (after patching the security issues in Creative Cloud Desktop).
Adobe Premiere Pro CC 13.1.3 is a security update. Use Creative Cloud Desktop to install the most current version (after patching the security issues in Creative Cloud Desktop).
Adobe Character Animator CC 2.1.1 is a security update. Use Creative Cloud Desktop to install the most current version (after patching the security issues in Creative Cloud Desktop).
Adobe After Effects CC 16.1.2 is a security update. Use Creative Cloud Desktop to install the most current version (after patching the security issues in Creative Cloud Desktop).
Security Software Updates
One or more of these is likely to be of interest to most people.
QubesOS 4.0.2 updates kernel and TemplateVM components. This is not a security update.
https://www.qubes-os.org/downloads/
Java 8u221 is a security update. If you’re not 110% sure you need Java, remove it instead.
https://www.java.com/en/download/manual.jsp
Gpg4win 3.1.10 resolves a security bug.
https://www.gpg4win.org/download.html
RogueKiller 13.4.2 resolves several bugs. This is not a security update.
https://www.adlice.com/softwares/roguekiller/
RouterPassView 1.86 adds support for additional hardware. This is not a security update.
https://www.nirsoft.net/utils/router_password_recovery.html
TinyWall 2.1.11 improves compatibility and resolves several bugs. This is not a security update.
https://tinywall.pados.hu/
Capture Updates
These are unlikely to be of interest to most people.
SnagIt 2019.1.3 is a security update.
https://download.techsmith.com/snagit/enu/snagit.exe
Converter Updates
These are unlikely to be of interest to most people.
Stop using CDex. CDex now includes malware as part of the installation, so should be treated as untrustworthy. Even if the accessory malware is removed, any developer willing to include malware should be assumed to be malicious and the core software likely has many other security issues and should be avoided completely. Again, remove CDex.
DVDFab 11.0.4.2 adds support or new encodings, improves compatibility, greatly improves subtitle parsing. This is not a security update.
http://www.dvdfab.cn/download.htm
FFmpeg 4.2 is a new major build, adding many filters and decoders and improving performance. This is not a security update.
https://ffmpeg.org/download.html
Education updates
One or more of these are likely to be of interest to most people.
e-Sword 12.0 adds themes and low-light display support, and makes hundreds of other refinements and bug fixes. This is not a security update.
https://www.e-sword.net/
Utility Updates
These are unlikely to be of interest to most people.
RoboForm 8.6.0 resolves several bugs. This is not a security update.
https://12pd.com/click?rf
1Password for Mac 7.3.2 improves stability. This is not a security update.
https://1password.com/downloads/mac/
Bitcoin 0.18.1 adds new features, resolves bugs, and improves performance. This is not a security update.
https://bitcoin.org/en/download
BulkFileChanger 1.65 adds support for changing timestamps within mp4 and mov files. This is not a security update.
https://www.nirsoft.net/utils/bulk_file_changer.html
DesktopOK 6.45 adds uninstall and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK
GoodSync 10.10.5 resolves several bugs and changes licensing behavior (again).
https://12pd.com/click?goodsync
IsMyHdOK 1.81 improves support for newer hardware. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK
NirCmd 2.86 resolves a bug with the elevate command. This is not a security update.
https://www.nirsoft.net/utils/nircmd.html
NTLite 1.8.0.7080 updates components and improves compatibility. This is not a security update.
https://www.ntlite.com/download/
OSFMount 3.0.1005 adds physical/logical emulation options and resolves a bug. This is not a security update.
https://www.osforensics.com/tools/mount-disk-images.html
OSForensics 7.0.1001 adds many new features and resolves bugs. This is not a security update.
https://www.osforensics.com/download.html
PointerStick 3.66 resolves a bug. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick
Rufus 3.6 adds support for persistent partitions, improves compatibility, and resolves several bugs. This is not a security update.
https://rufus.ie/en_IE.html
SearchMyFiles 3.01 adds option to prevent saving search options and support for searching within Office and PDF files. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html
SimpleWMIView 1.38 improves refresh behavior. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html
TaskSchedulerView 1.51 adds a new column to indicate whether device will be awakened to run task. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html
TraceRouteOK 1.44 resolves a bug. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK
WinScan2PDF 4.93 improves WIA and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF
WSUS Offline 11.8 updates static URLs, servicing stacks and improves compatibility. This is not a security update.
http://download.wsusoffline.net/
Developer Updates
These are unlikely to be of interest to most people.
Android Studio 3.4.2.0 resolves several bugs. This is not a security update.
https://developer.android.com/studio/index.html
MySQL 8.0.17 resolves several bugs and adds several new features. This is not a security update.
https://www.mysql.com/downloads/installer/
Node.js 12.8.0 resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/
Redemption 5.21.0.5378 adds RDOFolders and appointment exception removal/undo support as well as resolving several bugs. This is not a security update.
http://www.dimastr.com/redemption/
SQLite 3.29.0 adds several new features. This is not a security update.
https://www.sqlite.org/download.html
TortoiseSVN 1.12.2 resolves several bugs. This is not a security update.
https://tortoisesvn.net/downloads.html
Visual Studio Code 1.37 adds several new features and improvements. This is not a security update.
https://code.visualstudio.com/
WinMerge 2.16.4 resolves several bugs. This is not a security update.
https://winmerge.org/
Virtual Machine Updates
These are unlikely to be of interest to most people.
VirtualBox 6.0.10-132072 resolves several bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads
Web Package Updates
These are likely to be of interest only to web developers.
ScreenConnect 19.2.24707.7131 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download
phpList 3.4.5 resolves several bugs. This is not a security update.
https://www.phplist.com/download
Drupal 8.7.6 resolves several bugs. This version follows quickly on the heels on 8.7.5, which is a security release.
https://drupal.org/download
Joomla 3.9.11 is a security update.
https://www.joomla.org/
MailEnable 10.26 resolves several bugs. This is not a security update.
https://www.mailenable.com/
Adminer 4.7.2 resolves several bugs. This is not a security update.
https://www.adminer.org/en/
BuddyPress 4.4.0 is a security update.
Contact Form 7 5.1.4 resolves several bugs. This is not a security update.
myStickymenu 2.2.1 improves compatibility. This is not a security update.
Postie 1.9.38 resolves an attachment filtering bug. This is not a security update.
Redirection 4.3.3 resolves bugs and improves compatibility. This is not a security update.
WooCommerce 3.7.0 resolves dozens of bugs, and provides feature, compatibility, and performance improvements. This is not a security update.
WP Add Custom CSS 1.1.5 replaces code editor. This is not a security update.
WP Mail SMTP 1.5.2 resolves a Gmail compatibility bug. This is not a security update.
That’s all for now folks. Keep it clean out there. 😉
Regards,
Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/