Updates 2018-11-13

Hi, Folks!

It’s Patch Tuesday and it’s a big one. Every major vendor has released security updates and there’s many smaller vendor updates released today, as well.

But before we get to that I want to briefly talk about something else. You’ve surely heard the phrase “Internet of Things” or “IoT”. This describes the common and growing practice of everything touching the Internet all the time. Besides the computers you have in your office and living room, the phone in your pocket, and the tablets you have littered across random flat surfaces across your home, there are now cars, toasters, refrigerators, light bulbs, irrigation systems, air conditioners, instant pots, and a million other things that are now Internet-enabled for our convenience or simply for the novelty of it. Nearly all of these devices don’t talk to the Internet directly, but through a router or modem which connects each of the devices at a specific location to the Internet through your Internet Service Provider. While it’s possible to hijack your light bulbs, fridge, and coffee maker, the low-hanging fruit of most networks is and always will be the router. This oft-overlooked device is poorly maintained and directly accessible from the Internet making it easy prey for attackers. Currently there’s a botnet called BCMUPnP_Hunter that has hijacked over 100,000 routers and is using them (and your Internet connection) to send spam and phishing messages.

In each case it could have been avoided.

All hardware is supported and maintained by the vendor for a limited time ranging from a mere 6 months to a decade. However, having it be “supported” is one thing – actually installing the firmware and software updates that would have prevented this and similar infections or proactively replacing end-of-life (EOL) hardware is critical. This neglect is like starving to death at a buffet. The updates and EOL information is out there, but you need to know your network (or hire someone to) and maintain or replace each device that touches it.

Know your network!

Now back to our regularly scheduled program.

The typical computer should see roughly 4gb in updates today. Let’s get started.

The first major update to macOS Mojave was released this week, as well as the first major update to iOS 12. Windows 10 v1809 has been released again. This version was pulled for the last two months because of a show-stopper bug that resulted in deleting user files of people with a specific configuration. That issue is now resolved, but it highlights the importance of letting other people be the guinea pig for major updates like this. Updates are important. Don’t get me wrong. Stability is more important, though, and there’s no reason to put a stable, secure, and supported operating system at risk with what amounts to a beta release. Microsoft maintains several versions of Windows 10 and there’s no reason to rush to the latest build. Install their standard security updates, but wait on new releases.

Windows 10 v1809 is about 3gb when downloaded by the Windows Upgrader/Windows Update, so expect it to randomly install for any Windows 10 Home user over the next month, consuming 3gb of bandwidth to get it done. If you have a slow connection, it could end up trying to download 3gb per day per device, so you would be better off downloading the installer yourself and installing it to ensure that the upgrade completes. That said, you should, of course, postpone upgrading to 1809 for the next couple months and let the rest of the world be the beta testers.

In any case, sometimes we all need that reminder: run your backups *now*.

Microsoft released Windows 10 v1809 and updates to Windows, Flash, Edge, Internet Explorer, and MSRT (~3gb). This includes security updates. A reboot is required.

Apple released macOS Mojave 10.14.1, macOS Mojave 10.14.1 Supplemental for MacBook Air, Security Update 2018-002 for High Sierra, Security Update 2018-005 for Sierra, iOS 12.1, tvOS 12.1, watchOS 5.1.1, Safari 12.0.1, iCloud for Windows 7.8, and iTunes 12.9.1. This includes security update. Use Apple Software Update to install these updates. A reboot is required.

Adobe Flash Player 31.0.0.148 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 70.0.3538.76 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 29-1.2 is a new major version offering modularity, GNOME 3.30, Vagrant images, and more. This is not a security update.
https://getfedora.org/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The now-current release of the Windows 10 (1809) will cause your computer to feel unusually slow until it is installed. This is a side-effect of the Windows 10 upgrade cycle, which pushes out 3-6gb through Windows update to get you to the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, it will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.0.3 improves removal and removes paexec to minimize false positives from AV software. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 70.0.3538.102 is a security update. Use Menu, Help, About to install the most current version.

Firefox 63.0.1 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 60.3.0 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 2.1.1337.47 improves quick commands, resolves several bugs, and updates chromium source to v70. This is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.5.2 improves compatibility, stability, performance, and updates libraries. This is a security update.
https://getmailspring.com/

Thunderbird 60.3.0 is a security update. Use Menu, Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

Skype 8.33.0.50 improves group moderation and adds send with enter key. This is not a security update.
https://12pd.com/click?skype

Evernote 6.16.4.8094 resolves several bugs and improves stability. This is not a security update.
https://www.evernote.com/

FileZilla 3.38.1 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 10.6 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

MaxMind GeoIP Data 201811 is a data refresh.
https://dev.maxmind.com/geoip/geolite

Media Updates

These are unlikely to be of interest to most people.

CDBurnerXP 4.5.8.7041 adds the ability to filter drives to only those that are writeable. This is not a security update.
https://cdburnerxp.se/

FastStone Viewer 6.7 improves performance, resolves several bugs, and expands options. This is not a security update.
http://www.faststone.org/FSViewerDetail.htm

Flickr Downloadr 2.7.0.1 doesn’t provide a changelog so should be treated as a security update.
https://flickrdownloadr.com/downloads/

Game Updates

These are unlikely to be of interest to most people.

EA Origin 10.5.30.15625 resolves several bugs. This is not a security update.

Steam 2018.11.08 resolves several bugs and improves stability. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 19.008.20081 is a security update. Use Help, Check for Updates to get the most current version.

Paint.net 4.1.4 improves performance and resolves several bugs. This is not a security update.
https://www.getpaint.net/

LibreOffice Still 6.0.7 resolves dozens of bugs. This is not a security update.
https://www.libreoffice.org/

LibreOffice Fresh 6.1.3 resolves dozens of bugs. This is not a security update.
https://www.libreoffice.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

Gpg4win 3.1.5 resolves many bugs. This is not a security update.
https://www.gpg4win.org/download.html

SuperAntiSpyware 8.0.1024 is a major update adding DND mode, repair and reset modes, and startup monitoring. This is not a security update.
https://www.superantispyware.com/download.html

RogueKiller 13.0.9 updates detection engine and signatures. This is a security update.
https://www.adlice.com/softwares/roguekiller/

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2019.0.1 resolves several bugs and improves stability. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.0.3 adds support for new encodings and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

MakeMKV 1.14.1 improves stability, adds support for new encodings, and new options. This is not a security update.
https://12pd.com/click?makemkv

Utility Updates

These are unlikely to be of interest to most people.

Beyond Compare 4.2.8.23479 resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitcoin 0.17.0.1 resolves several bugs. This is not a security update.
https://bitcoin.org/en/download

Cygwin 2.11.2 is a security update.
https://cygwin.com/

DesktopOK 5.76 resolves a startup bug. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

GoodSync 10.9.16 resolves several bugs, improves user experience, and change default security options. This should be treated as a security update.
https://12pd.com/click?goodsync

ImageUSB 1.4.100 resolves several bugs, adds a new option to fill remaining space with an extended partition. This is not a security update.
https://www.osforensics.com/tools/write-usb-images.html

FileLocator Pro 8.5.2868 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

BulkFileChanger 1.52 adds an option to fill current time to file time command attributes. This is not a security update.
https://www.nirsoft.net/utils/bulk_file_changer.html

DevManView 1.55 adds delay controls. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

USBDeview 2.77 adds delay controls. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

OSForensics 6.1.1004 resolves several bugs. This is not a security update.
https://www.osforensics.com/download.html

WinScan2PDF 4.56 resolves a driver bug. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

CPU-Z 1.87 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

Developer Updates

These are unlikely to be of interest to most people.

Node.js 11.1.0 resolves dozens of bugs. This is a security update.
https://nodejs.org/en/

SQLite 3.25.3 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.7.1 doesn’t provide a detailed changelog, so should be treated as a security update.
https://ppsspp.org/downloads.html

VirtualBox 5.2.22-126460 resolves several bugs and improves compatibility. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Joomla 3.9.0 provides over 250 fixes and improves privacy controls.
https://www.joomla.org/

ModSecurity 3.0.3 resolves several bugs, adds new rules and controls. This is not a security update.
https://github.com/SpiderLabs/ModSecurity/releases

phpList 3.3.6 resolves several bugs and adds new features. This is not a security update.
https://www.phplist.com/download

TinyMCE 4.8.5 resolves several bugs. This is not a security update.
https://www.tinymce.com/download/

Drupal 8.6.2 is a security update.
https://drupal.org/download

Akismet 4.1 adds several new features. This is not a security update.

Contact Form 7 5.0.5 resolves several bugs. This is not a security update.

myStickymenu 2.0.6 resolves the 404 configuration bug. This is not a security update.

NextScripts Social Networks Auto-Poster 4.2.8 is a security update.

Redirection 3.6.2 improves compatibility. This is not a security update.

WooCommerce 3.5.1 resolves several bugs. This is not a security update.

WPtouch 4.3.33 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2018-08-14

Hi, Folks!

The next build of macOS, Mojave (10.14), is on the horizon. It will be released next month, and this means that devices running El Capitan (10.11) or older will no longer be supported. Your options are to either upgrade to at least Sierra (10.12) or replace your device. Mojave will not run on all Macs, just as High Sierra and even Sierra made some devices unusable. If in doubt whether your device will be able to support an operating system upgrade, be sure to perform a full disk backup prior to upgrade.

This last month has also brought an enormous increase in phishing attempts worldwide. More about phishing and what you can do to protect yourself in an article due soon.

Now back to our regularly scheduled program. Today is Patch Tuesday and it’s a big one.

The typical computer should see roughly 3gb in updates today. Let’s get started.

Microsoft released updates to Windows, .NET, Internet Explorer, Edge, Flash, and MSRT (~3gb). This includes security updates. A reboot is required.

Apple released macOS High Sierra 10.13.6 Supplemental Update for MacBook Pro. This is a security update. Use Apple Software Update to install these updates. A reboot is required.

Google Chrome OS 68.0.3440.87 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Adobe Flash Player 30.0.0.154 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The now-current release of the Windows 10 (1803) will cause your computer to feel unusually slow until it is installed. This is a side-effect of the Windows 10 upgrade cycle, which pushes out 6gb through Windows update to get you to the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, it will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients at The Farmory, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 17.0.9.1 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Intel Driver Update 3.5 improves reliability, adds support for newer hardware and NUCs, and resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Logitech Gaming Software 9.00.42 adds support for newer games, adds support for newer hardware, and resovles bugs. This is not a security update.
https://support.logitech.com/en_us/software/lgs

Logitech Options 6.90.138 resolves bugs. This is not a security update.
https://support.logitech.com/en_us/software/options

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 68.0.3440.106 resolves several bugs. This is not a security update. Use Menu, Help, About to install the most current version.

Firefox 61.0.2 resolves several bugs. This is not a security update. Use Menu, Help, About to install the most current version. This build introduces automatic restore of browser tabs, which means that you will no longer be able to simply force-close Firefox to escape the trend of Fake Security Warning sites. I recommend changing this option to False (unfortunately, it defaults to False or True currently based on the whim of Mozilla). Instructions to make this change can be found here.

SeaMonkey 2.49.4 is a security update. Use Menu, Help, About to install the most current version.

Email Updates

One or more of these are likely to be of interest to everyone.

NK2Edit 3.37 resolves a bug with GOOG records. This is not a security update.
https://www.nirsoft.net/utils/outlook_nk2_edit.html

Thunderbird 60.0 is a major new update with many new features and bug fixes. This is a security update. Use Menu, Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

DynDNS Updater 5.4.6 updates the installation signature and improves compatibility. This is not a security update.
https://www.dyndns.com/

FileZilla 3.35.2 improves compatibility and resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 10.3 improves logging, adds new macros and resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

MaxMind GeoIP Data 201808 is a data refresh.
https://dev.maxmind.com/geoip/geolite

BrowsingHistoryView 2.17 adds support for using environment variables in settings. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

Java 8u181 is a security update. If you actually use Java, install the update immediately. If you are unsure if you use Java (or think that Java and JavaScript are the same thing), then remove Java.
https://www.java.com/en/download/manual.jsp

Media Updates

These are unlikely to be of interest to most people.

MusicBrainz Picard 2.0.3 updates libraries, resolves several bugs, and improves stability. This should be treated as a security update.
https://picard.musicbrainz.org/

Game Updates

These are unlikely to be of interest to most people.

EA Origin 10.5.24.5022 resolves many bugs. This is not a security update.
https://www.origin.com/en-us/download

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Experience Manager (all versions) has security updates available.
https://helpx.adobe.com/security/products/experience-manager/apsb18-26.html

Adobe Creative Cloud Desktop Application 4.5.5.342 is a security update.
https://creative.adobe.com/products/download/creative-cloud

Adobe Reader DC 18.011.20058 is a security update. Use Help, About to install the most current version.

IcoFX 3.2 adds support for High-DPI, resolves several bugs, adds support for new formats and improves features. This is not a security update.
https://icofx.ro/

LibreOffice Still 6.0.6 resolves several bugs. This is not a security update.
https://www.libreoffice.org/

Notepad++ 7.5.8 resolves several bugs and improves stability. This is not a security update.
https://12pd.com/click?npp

Security Software Updates

One or more of these is likely to be of interest to most people.

Avast! Home Edition 18.5.2342 resolves several bugs and improves notifications and user interface. This is not a security update.
https://www.avast.com/free-antivirus-download

Wireshark 2.6.2 is a security update.
https://www.wireshark.org/

DNSQuerySniffer 1.71 now displays the active network adapter on the window title. This is not a security update.
https://www.nirsoft.net/utils/dns_query_sniffer.html

SmartSniff 2.28 now displays the active network adapter on the window title. This is not a security update.
https://www.nirsoft.net/utils/smsniff.html

RogueKiller 12.12.31 adds detections. This is not a security update.
https://www.adlice.com/softwares/roguekiller/

Intel-SA-00086 Detection Tool 1.2.007.0 improves detection of SA-00086 vulnerability. This is a security update.
https://downloadcenter.intel.com/download/27150

SuperAntiSpyware 6.0.1260 improves stability, and resolves bugs. This is not a security update.
https://www.superantispyware.com/download.html

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 12.4.1 is a security update.

XSplit Broadcaster 3.4.1806.2229 resolves several bugs. This is not a security update.
https://www.xsplit.com/get/

XSplit Gamecaster 3.3.1805.0406 resolves several bugs. This is not a security update.
https://www.xsplit.com/get/

Converter Updates

These are unlikely to be of interest to most people.

CDex 2.07 improves compatibility and resolves several bugs. This is not a security update.
https://cdex.mu/?q=download

DVDFab 10.2.0.7 resolves several bugs, improves reliability and performance, adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

MakeMKV 1.12.3 improves support for mastering defects, adds support for new encodings, resolves several bugs. This is not a security update.
https://12pd.com/click?makemkv

Utility Updates

These are unlikely to be of interest to most people.

NTLite 1.6.3.6400 improves compatibility, and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

GoodSync 10.9.6 improves stability and performance, resolves several bugs, and improves licensing. This is not a security update.
https://12pd.com/click?goodsync

Beyond Compare 4.2.6.23150 improves cloud service reliability and stability. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitcoin 0.16.2 resolves several bugs. This is not a security update.
https://bitcoin.org/en/download

CPU-Z Installer 1.86 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 5.55 resolves several bugs and adds compatibility with the current beta of Windows 10. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

CrucialScanner 20180810 improves compatibility. This is not a security update.
https://www.crucial.com/systemscanner/index.aspx

DiskMaker X 7.0.1 resolves many bugs, and improves user experience. This is not a security update.
https://diskmakerx.com/

DMDE 3.4.4.740 adds GUI versions for macOS and Linux, resolves several bugs, and improves reliability for EOF scanning. This is not a security update.
https://dmde.com/

IsMyHdOK 1.44 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NetworkTrafficView 2.15 now displays the active network adapter on the window title. This is not a security update.
https://www.nirsoft.net/utils/network_traffic_view.html

SearchMyFiles 2.85 adds compare mode for duplicate name search. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

OSForensics 6.0.1004 improves reliability. This is not a security update.
https://www.osforensics.com/download.html

PointerStick 3.21 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

Autoruns 13.91 improves stability. This should be treated as a security update.
http://sysinternals.com/

TaskSchedulerView 1.42 now restores to the previous position and size. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TeamViewer 13.2.5287 resolves several bugs. This is a security update.
https://www.teamviewer.com/en/download/windows/

WinScan2PDF 4.33 improves duplex capability detection for HP and Epson scanners. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

MySQL 8.0.12 is a security update.
https://www.mysql.com/downloads/installer/

Web Package Updates

These are likely to be of interest only to web developers.

TinyMCE 4.8.2 resolves several bugs. This is not a security update.
https://www.tinymce.com/download/

Drupal 8.5.6 is a security update.
https://drupal.org/download

MailEnable 10.18 resolves several bugs and updates third-party libraries. This is not a security update.
https://www.mailenable.com/

ScreenConnect 6.7.19388.6796 resolves several bugs and improves performance. This is not a security update.
https://www.screenconnect.com/Download

Joomla 3.8.11 resolves many bugs. This is not a security update.
https://www.joomla.org/

WordPress 4.9.8 improves privacy controls. This is not a security update.
https://wordpress.org/

Contact Form 7 5.0.3 improves cosmetic behaviors and adds several new features. This is not a security update.

Custom Facebook Feed 2.7.2 improves reliability but requires rekeying authentication for unowned Facebook pages. This is not a security update.

Postie 1.9.24 improves logging. This is not a security update.

Redirection 3.4 improves redirect detection and adds compatibility warnings. This is not a security update.

Theme My Login 7.0.10 resolves several bugs including fatal PHP compatibility. This is not a security update.

WooCommerce 3.4.4 fixes many bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2017-09-12

Hi, Folks!

It’s Patch Tuesday.

Be aware that Adobe Reader 11 will be end-of-life in only a month, so it’s time to either remove Adobe Reader completely, or replace it with Acrobat DC. Likewise, Windows 10 v1511 will be end-of-life in October as well — all prior versions are already end-of-life and should have been replaced. If you haven’t upgraded to v1703 (aka “Creators Update”) yet, do so now here.

The typical computer should see roughly 1.5gb in updates today. Let’s get started.

Microsoft released updates to Windows, Edge, Internet Explorer, Flash, .NET, and MSRT (~1.3gb). This includes security updates. A reboot is required.

ChromeOS 60.0.3112.112 is a security update. Use Menu, Help, About to install the most current version.

Adobe Flash Player 27.0.0.130 is a security update. Flash is being actively replaced with HTML5 on most sites and services, however, so unless you’re 110% positive you need it for critical functions, you should remove it instead. And, within those browsers that have it embedded (Chrome, Edge, Internet Explorer 11+) your best option is to disable it. It’s just not worth the risk.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

AIR 27.0.0.124 is a security update. If you don’t have AIR already, don’t install it now.
Win: https://12pd.com/click?air
Mac: https://12pd.com/click?airmac

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

BullZip PDF Printer 11.4.0.2674 improves reliability and cosmetics on high-DPI displays and resolves several other bugs. This is not a security update.
http://www.bullzip.com/products/pdf/info.php#download

Display Driver Uninstaller 17.0.7.4 now requires Safe Mode to operate. This is not a security update.
http://www.wagnardsoft.com/display-driver-uninstaller-ddu

Intel Driver Update 2.9 improves reliability. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Browser Updates

One or more of these are likely to be of interest to everyone.

Chrome 61.0.3163.81 is a security update. Use Menu, Help, About to install the most current version.

Firefox 55.0.3 resolves several bugs. This is not a security update.

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 52.3.0 is a security update. Use Menu, Help, About to get the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

DiscordApp 8.15.2017 adds video support to many users and resolves several bugs. This is not a security update.
https://discordapp.com/download

Skype 7.40.0.103 resolves several bugs. This is not a security update.
http://12pd.com/click?skype

Line 7.10.0 now allows embedding YouTube videos directly within Line. This is not a security update.
http://line.me/update

WinSCP 5.11.1 follows shortly on the tails of 5.11 to resolve several bugs, including IPv6 tunneling. This is not a security update.
http://winscp.net/eng/index.php

FileZilla 3.27.1 is a security update.
http://filezilla-project.org/

FreeFileSync 9.3 improves performance and resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

MaxMind GeoIP Data 201709 is a data refresh. This is not a security update.
http://dev.maxmind.com/geoip/geolite

IPNetInfo 1.77 removes the 256 IP address limit for address resolution. This is not a security update.
http://www.nirsoft.net/utils/ipnetinfo.html

Npcap 0.94 allows checksum offloading and Large Send Offloading on adapters that support them. This is not a security update.
https://github.com/nmap/npcap/releases

Evernote 6.7.4.5741 resolves several bugs. This is not a security update.
http://www.evernote.com/

Game Updates

These are unlikely to be of interest to most people.

EA Origin 10.5.2.49155 resolves several bugs, improves notifications, and revamps the My Home page. This is not a security update.
https://www.origin.com/en-us/download

Steam 2017.09.07 resolves a video playback bug and improves third-party integration. This is not a security update.
https://12pd.com/click?steam

Office Updates

One or more of these are likely to be of interest to most people.

Artweaver 6.0.5 increases maximum zoom to 3200%, improves stability, and resolves several bugs. This is not a security update.
http://www.artweaver.de/

Interactive Calendar 2.1 improves spell check, text editing, Unicode support and new color schemes. This is not a security update.
http://www.csoftlab.com/calendar

LibreOffice 5.4.1 resolves nearly 100 bugs. This should be treated as a security update.
http://www.libreoffice.org/

Notepad++ 7.5.1 adds 19 new programming languages, resolves several bugs and removes the Plugin Manager plugin (a replacement will be offered soon). This is not a security update.
https://12pd.com/click?npp

Adobe Reader 11.0.22 is a security update. This is not a security update. However, Adobe Reader and Acrobat 11 (XI) will be discontinued in only one month, so you’re better off switching to Acrobat DC instead of upgrading. Be sure to uncheck all the “optional features” aka crapware that the installer offers.
http://get.adobe.com/reader

Adobe Reader DC Patch 17.012.20098 is a security update. Use Help, Check for Updates to get install the most current version.

Adobe RoboHelp 2017.0.2 is a security update.
https://helpx.adobe.com/security/products/robohelp/apsb17-25.html

ColdFusion 2016.5 and 11.13 are security updates.
https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html

IcoFX 3.1 improves high-DPI support, resolves several bugs. This is not a security update.
http://icofx.ro/

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 3.1 is a security update.
https://tails.boum.org/install/index.en.html

Norton Power Eraser 20170823 adds new detections and removals. This is a security update.

Avast! Home Edition 17.6.2310 improves anti-phishing, cleanup, notifications, and threat information. This is a security update.
http://www.avast.com/free-antivirus-download

Wireshark 2.4.1 is a security update.
http://www.wireshark.org/

MSRT 5.51 is a security update.
http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx

Wireless Network Watcher 2.13 adds option to reset dates for selected items. This is not a security update.
http://www.nirsoft.net/utils/wireless_network_watcher.html

RogueKiller 12.11.14 adds detections. This is a security update.
http://www.adlice.com/softwares/roguekiller/

Capture Updates

These are unlikely to be of interest to most people.

XSplit Broadcaster 3.0.1705.3124 resolves several bugs. This is not a security update.
http://www.xsplit.com/get/

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.10.7 adds support for new encodings, improves compatibility with macOS, and resolves several bugs. This is not a security update.
https://12pd.com/click?makemkv

CDex 1.91 improves compatibility and resolves several bugs. This is not a security update.
http://cdex.mu/?q=download

DVDFab 10.0.5.7 adds support for new encodings, and resolves several bugs. This is not a security update.
http://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

RoboForm 8.4.1 adds portable user options during sync, ability to import from several other password managers, duplicate detection, and resolves several bugs. This is not a security update.
https://12pd.com/click?rf

GoodSync 10.5.8 resolves several bugs including SSL reliability fixes. This should be treated as a security update.
https://12pd.com/click?goodsync

NTLite 1.4.0.5565 adds new compatibility features and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

1Password for Mac 6.8.1 improves cosmetics and resolves many bugs. This is a security update.
https://1password.com/downloads/

1Password for Windows 6.7.457 improves focus and alerts. This is not a security update.
https://1password.com/downloads/

CintaNotes 3.9.1 improves high-DPI support, removes unnecessary warnings, and resolves several bugs.
http://cintanotes.com/download

Cygwin 2.9.0 adds several new APIs, improves implementation of elf.h and adds %s support for strptime. This is not a security update.
http://cygwin.com/

DesktopOK 4.76 resolves several bugs. This is not a security update.
http://www.softwareok.com/?seite=Freeware/DesktopOK

DMDE 3.4.0.720 resolves a critical bug in RAID-6 support, adds support for Apple partitions and HFS+/HFSX, and improves FS detection. This is not a security update.
https://dmde.com/

FileLocator Pro 8.2.2739 resolves the thumbnail and icon bug and corrects the German Boolean expression bug. This is not a security update.
http://www.mythicsoft.com/filelocatorpro/download

BatteryInfoView 1.23 changes labels to be more accurate. This is not a security update.
http://www.nirsoft.net/utils/battery_information_view.html

BulkFileChanger 1.50 adds several new command line options and updates attribute display. This is not a security update.
http://www.nirsoft.net/utils/bulk_file_changer.html

CurrPorts 2.32 allows changing the font for the main window. This is not a security update.
http://www.nirsoft.net/utils/cports.html

Password Security Scanner 1.42 adds quick filter support. This is not a security update.
http://www.nirsoft.net/utils/password_security_scanner.html

WakeMeOnLan 1.81 improves targeting support. This is not a security update.
http://www.nirsoft.net/utils/wake_on_lan.html

OSForensics 5.1.1003 improves performance, reliability, logical limits, and adds several new features. This should be treated as a security update.
http://www.osforensics.com/download.html

CCleaner 5.34.6207 improves GUI and no longer removes favicons in Firefox.
https://12pd.com/click?ccleaner

SystemRescueCD 5.1.0 is a security update.
http://www.sysresccd.org/

TeamViewer 12.0.83369 doesn’t provide a current changelog, so should be treated as a security update.
https://www.teamviewer.com/en/download/windows/

WinScan2PDF 3.63 improves compatibility with HP and Brother scanners. This is not a security update.
http://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.10 adds a 64-bit version, treemaps, high-contrast support, new keyboard shortcuts, and improved performance. This is not a security update.

Classic Shell 4.3.1 adds support for the Win10 Creators Update and resolves several bugs. This is not a security update.
http://classicshell.net/

GSmartControl 1.1.0 adds a 64-bit version, new statistics and data, “brief” format, interactive drive database update, and other fixes and improvements. This is not a security update.
https://gsmartcontrol.sourceforge.io/home/index.php/About

Kingston SSD Manager 20170829T102642 does not provide a changelog, so should be treated as a security update.
http://www.kingston.com/us/support/technical/ssdmanager

Easy2Boot 1.95 resolves several bugs. This is not a security update.
http://www.easy2boot.com/download/

Rufus 2.17 adds support for several new formats, improve security checks, and resolves several bugs. This should be treated as a security update.
http://rufus.akeo.ie/

Sysmon 6.1 adds monitoring of WMI filters and consumers and fixes a bug in image load filtering. This should be treated as a security update.
https://live.sysinternals.com/

Process Monitor 3.4 now includes a /runtime switch for terminating monitoring after a specified amount of time and fixes a bug in automated boot log conversion. This is not a security update.
https://live.sysinternals.com/

Autoruns 13.8 adds additional autostart entry points, has asynchronous file saving, fixes a bug parsing 32-bit paths on 64-bit Windows, shows the display name for drivers and services, and fixes a bug in offline Virus Total scanning. This is a security update.
https://live.sysinternals.com/

AccessChk 6.11 adds a cache to improve queries that enumerate multiple objects, and has the -s switch start container enumeration at the specified container when -d is specified.
https://live.sysinternals.com/

Developer Updates

These are unlikely to be of interest to most people.

TortoiseSVN 1.9.7 resolves a bug with drag-and-drop. This is not a security update.
http://tortoisesvn.net/downloads.html

SQLite 3.20.1 should be treated as a security update.
https://www.sqlite.org/download.html

SQLite Database Browser 3.10.0 adds support for DBHub.io, improvements to virtual tables, CSV import, filters, table editing, and dozens of resolved bugs. This is a security update.
http://sqlitebrowser.org/

StrawberryPerl 5.26.0.2 resolves a bug. This is not a security update.
http://strawberryperl.com/

Web Package Updates

These are likely to be of interest only to web developers.

ownCloud Client 2.3.3 resolves several bugs and improves performance. This should be treated as a security update.
https://owncloud.org/install/

Plupload 2.3.3 resolves several bugs and updates libraries. This should be treated as a security update.
http://www.plupload.com/

TinyMCE 4.6.6 resolves dozens of bugs. This is not a security update.
http://www.tinymce.com/download/

Drupal 8.3.7 is a security update.
http://drupal.org/download

Joomla 3.7.5 resolves a bug that applied to new installations. This is not a security update.
http://www.joomla.org/

MailEnable Enterprise 9.76 resolves several bugs. This is not a security update.
http://www.mailenable.com/

phpMyAdmin 4.7.4 resolves several bugs. This is not a security update.
http://www.phpmyadmin.net/home_page/news.php

bbPress 2.5.14 improves PHP 7.1+ support, pagination and resolves a row-limit bug. This is not a security update.

BuddyPress 2.9.1 is a security update.

Contact Form 7 4.9 resolves several bugs. This is not a security update.

Multisite Enhancements 1.4.1 improves support for PHP 5.3.

NextScripts Social Networks Auto-Poster 3.8.7 improves reliability with Tumblr and resolves several bugs. This is not a security update.

Postie 1.9.4 resolves a minor bug. This is not a security update.

Really Simple CAPTCHA 2.0.1 improves reliability. This is not a security update.

Redirection 2.7.3 resolves several bugs. This is not a security update.

Sucuri Security 1.8.11 adds support for regular expressions, ability to ignore directories, post-types, and several other fixes. This is not a security update.

Super Post Cleaner 1.1 only changes develop information. This is not a security update.

Widgets on Pages 1.3.0 resolves several bugs. This is not a security update.

WooCommerce 3.1.2 improves importer, and resolves several bugs. This is not a security update.

WPtouch 4.3.19 is a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2017-05-16

Hi, Folks!

It’s not Patch Tuesday, but Apple, Microsoft, Adobe, Google, and more have released updates today.

If you haven’t heard of “WannaCry” then you’re living under a rock. WannaCry is the closest current equivalent to the Code Red worm in the last 15 years. This ransomware uses a known vulnerability for which a patch had been released (three months ago!), to infect computers, encrypt their contents and the contents of network locations, and sell access back to the victim – while also infecting other vulnerable network devices. If you’ve installed your updates within the last three months you’re not vulnerable to the specific network-level vulnerability in SMB that it uses to propagate, but that doesn’t mean you can safely open phishing messages, email attachments or random downloads. The UK NHS was hit hard by this malware primarily because they take almost 6 months to patch their PC hardware that they do support. Some single-purpose devices (MRI machines, for example) are simply never maintained, but are still granted network access. Sigh. Don’t do that.

The vulnerability exploited by WannaCry was first divulged by Shadow Brokers when they released a trove of hacking tools created and used by the NSA. In fact, one of the tools WannaCry utilizes is the same ETERNALBLUE exploit directly from the NSA toolset. This is not a coincidence. These tools were written specifically to be universally effective and able to be repurposed at will for additional access. It should come as no surprise that when a government agency is hacked, the tools they created are released and the public suffers as a result.

If a positive side to this event can exist, it’s that Microsoft actually released a security update for Windows XP to address the vulnerability. Since XP has been End-of-Life for years, this is really surprising.

The lesson everyone should take from this event, but particularly businesses and government agencies, is that the turnaround time for malware authors is much lower than they think. Delaying or even ignoring security updates because “it won’t happen to us” is foolhardy at best and welcomes disaster. You should have sufficient skilled IT staff to be able to fully test and roll out any security updates within days, not months. If that’s not possible, you should at least hire a good PR firm and have the releases prepared in advance so you can spin your incompetence in the news when you are inevitably hacked later.

Okay, back to our regularly scheduled program.

The typical computer should see approximately 300mb of updates. Let’s get started.

Microsoft released updates for Windows and .NET, including Windows XP!

Apple released macOS 10.12.5, Security Update 2017-002, iTunes 12.6.1, Safari 10.1.1, and iCloud for Windows 6.2.1. Use the Apple App Store or Apple Software Update to install the most current versions.

Apple iOS 10.3.2, watchOS 3.2.2 (and 3.2.1), and tvOS 10.2.1 are security updates. Use Settings, General, Updates to install the most current version.

Google Chrome OS 58.0.3029.112 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Internet Updates

One or more of these are likely to be of interest to everyone.

Skype 7.36.0.101 improves quality and resolves several bugs. This version also imposes a requirement for a newer MSVCRT, which may trigger problems on any OS prior to the Windows 10 Creators Update (1703). If you receive an MSVCRT error upon running Skype after updating, download the current version of the MSVCRT.
https://12pd.com/click?skype

BrowsingHistoryView 2.05 adds ability to load history from remote device when full admin rights exist to remote device.
http://www.nirsoft.net/utils/browsing_history_view.html

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.6.1 is a security update. Use Apple Software Update to install the most current version.

Office Updates

One or more of these are likely to be of interest to most people.

Notepad++ 7.4 adds document peeking, bug fixes, and reliability improvements.
https://12pd.com/click?npp

Security Software Updates

One or more of these is likely to be of interest to most people.

Wireless Network Watcher 2.12 improves reliability on devices with multiple wireless network adapters. This is not a security update.
http://www.nirsoft.net/utils/wireless_network_watcher.html

RogueKiller 12.10.9 adds detections. This is not a security update.
http://www.adlice.com/softwares/roguekiller/

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 10.0.3.9 adds support for newer protections, incorporates BDInfo. This is not a security update.
http://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

GSmartControl 0.9.0 resolves several bugs, improves reliability and stability, adds newer hardware support, and improves drive type detection. This is not a security update.
http://gsmartcontrol.sourceforge.net/home/index.php/

Everything 1.4.1.873b resolves several bugs, and adds pause/resume capability. This is not a security update.
http://www.voidtools.com/

CCleaner 5.30.6063 improves cleaning, SSD detection, and resolves several bugs. This is not a security update.
https://12pd.com/click?ccleaner

Rufus 2.15 improves compatibility with Windows 10 v1703, updates libraries, resolves several bugs. This should be treated as a security update.
http://rufus.akeo.ie/

WinScan2PDF 3.46 improves hardware support. This is not a security update.
http://www.softwareok.com/?seite=Microsoft/WinScan2PDF

ProcDump 9.0 adds multiple dump sizes, and Kernel Dump process association. This is not a security update.
http://sysinternals.com/

Autoruns 13.71 adds Microsoft HTML Application Host (mshta.exe) as hosting image so it displays the hosted image details, and now doesn’t apply filters to hosting images. This is not a security update.
http://sysinternals.com/

BgInfo 4.22 honors applocker policy for VB scripts specified as the source of field data. This is not a security update.
http://sysinternals.com/

LiveKd 5.62 is now signed with a certificate trusted by Win7. This is not a security update.
http://sysinternals.com/

Process Monitor 3.33 resolves several bugs, and is now signed with certificate trusted by Win7. This is not a security update.
http://sysinternals.com/

Process Explorer 16.21 resolves a bug with VT support, and is now signed with a certificate trusted by Win7. This should be treated as a security update.
http://sysinternals.com/

Web Package Updates

These are likely to be of interest only to web developers.

SMF 2.0.14 is a security update. This version also changes PHP requirements, so if the upgrade will not complete try upgrading PHP first then upgrade SMF.
http://download.simplemachines.org/

TinyMCE 4.6.1 resolves several bugs. This is not a security update.
http://www.tinymce.com/download/

WordPress 4.7.5 is a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Another Reason Why You Need a Password Manager

This Wordfence article is a great demonstration of why using a password manager is so important.

The message the author is pushing is “these browsers suffer because it’s easy to phish them” when the reality is that the specific “vulnerability” is actually the way the Internet is designed. The weakest link for all phishing is always PEBCAK – aka, “Problem Exists Between Chair and Keyboard”. Phishing is not your typical security problem, because it’s not the computer the attacker needs to convince, it’s the person.

Don’t get me wrong, I’m not saying that there should not be some visual and functional indication for IDN domains, but the user is still going to be the weakest link. Any indicator would go unnoticed or misunderstood by most people anyway.

A better solution is to use a password manager such as RoboForm. RoboForm bypasses this issue by preventing you from authentication to the forged domains. RoboForm (and most other password managers) authenticate only to trusted domains, so even though the IDN domain may visually appear to be the same, it will not be treated as the real domain within the password manager.

See how RoboForm addresses this problem. In the first image you can see the emboldened stored credentials which will only appear if the domain is a match for the stored login.

Demonstration of RoboForm Domain Match

RoboForm Domain Match

Here we have the punycode IDN variation, which, since it is actually a different domain, has no match in RoboForm.

Demonstration of RoboForm Domain Mismatch

RoboForm Domain Mismatch

While the specific issue at hand is phishing for ways to trick the user into authenticating to a domain that appears to be the real thing using a specific cosmetic effect, there are many other ways that domains can be made to look like the real thing, and each of them still works well after this particular issue is addressed.

Using a password manager is the best and easiest way to ensure that you’re visiting the real site. It also provides strong authentication and far better passwords than you can create on your own.

Okay, now go get RoboForm.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/