Updates 2020-09-08

Welcome back, Folks!

Today is Patch Tuesday for September 2020.

This Month in Technology

I enjoy the soapbox I’ve taken here in my newsletters over the years, but unfortunately we were struck by a PG&E “Public Safety Power Shutoff” event so lost more than a day this week for Patch Tuesday and haven’t had the time (or Internet access!) to be able to collect this information for this newsletter. 🙁

Now for the good news:

Adobe Flash will be dead in only 113 days.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Internet Explorer, Office, Servicing Stack, and MSRT (~1.5 GB). This includes security updates. A reboot is required.

Apple released an update for Pro Video Formats 2.1.2. Use Apple Software Update to install these updates. A reboot is required.

Adobe Flash Player 32.0.0.414 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 85.0.4183.84 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.9 improves removal process, and adds support for new hardware. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

nVidia 452.06 adds support for newer hardware and improves performances in some games. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.13.82 adds several new privacy controls and display options. This is a security update.
https://brave.com/

Google Chrome 85.0.4183.102 is a security update.

Microsoft Edge 85.0.564.44 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 80.0.1 resolves several bugs. This is not a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 68.12.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 3.3.2022.39 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.2.0 resolves several bugs and improves OpenPGP integration. This should be treated as a security update.
https://www.thunderbird.net/en-US/

OutlookAttachView 3.42 adds cell context copy option. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Internet Updates

One or more of these are likely to be of interest to everyone.

curl 7.72.0 resolves one hundred bugs, adds zstd decoding, improves failure handling and adds effective method. This is a security update.
https://curl.haxx.se/windows/

Dropbox 104.4.175 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.50.0 updates Storj integration. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.1 resolves several bugs and improves compatibility. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 0.9997 is a security update.
https://nmap.org/npcap/

Prosody 0.11.6 resolves several bugs, and improves reliability and security.
https://prosody.im/download/start

Technitium DNS Server 5.2 resolves several bugs and adds certbot support. This is not a security update.
https://technitium.com/dns/

Zoom 5.2.45120.0906 disables webinar attendance by telephone. They plan to re-enable this feature “in the coming weeks.” This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Picard 2.4.4 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

3tene 2.0.3 resolves several bugs and adds z-axis tracking to Pro. This is not a security update.
https://en.3tene.com/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.09.03 resolves several bugs. This is not a security update.

PlayStation PS4 7.55 doesn’t provide a detailed changelog, so should be treated as a security update.
https://www.playstation.com/en-us/support/system-updates/ps4/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.012.20043 resolves compatibility issues with some programs. This is a security update.

Adobe DNG Converter 12.4 adds support for new hardware.
Win: https://supportdownloads.adobe.com/detail.jsp?ftpID=6975
Mac: https://supportdownloads.adobe.com/detail.jsp?ftpID=6973

Adobe Experience Manager 6.5.6.0 and 6.4.8.2 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html

Adobe Framemaker 2019.0.7 is a security update.
https://helpx.adobe.com/security/products/framemaker/apsb20-54.html

Adobe InDesign 15.1.2 is a security update.
https://helpx.adobe.com/security/products/indesign/apsb20-52.html

Atom 1.51.0 improves performance resolves several bugs. This is not a security update.
https://atom.io/

Blender 2.90 adds many new features and controls. This is a major update.
https://www.blender.org/download/

LibreOffice 6.4.6 resolves 70 bugs. This is a security update.
https://www.libreoffice.org/

LibreOffice Fresh 7.0.1 resolves over 70 bugs. This is a security update. Remember that this is a beta version of LibreOffice, so should be avoided by most users.
https://www.libreoffice.org/

Nextcloud Desktop 3.0.1 resolves several bugs and adds several new features. This is not a security update.
https://nextcloud.com/

Security Software Updates

One or more of these is likely to be of interest to most people.

Gpg4win 3.1.13 resolves several bugs and improves compatibility. This is a security update.
https://www.gpg4win.org/download.html

RogueKiller 14.7.2 adds several new features and updates libraries. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.29.2 resolves a couple bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.27 adds several new features and resolves more than a dozen bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.1.0.5 resolves a couple bugs and adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

Education updates

One or more of these are likely to be of interest to most people.

e-Sword 12.2 improves search and display. This is not a security update.
https://www.e-sword.net/

Utility Updates

These are unlikely to be of interest to most people.

Agent Ransack 2019.2947 adds installer flags for language, ui, and registration, resolves a performance bug with exporting searches that don’t parse content. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

DesktopOK 7.81 adds 64-bit improvements. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.71 adds option to copy contents of the clicked cell. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

DriverView 1.50 resolves a 64-bit compatibility problem. This is not a security update.
https://www.nirsoft.net/utils/driverview.html

Etcher 1.5.107 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

FileLocator Pro 8.5.2947 adds installer flags for language, UI, and registration, resolves a performance bug with exporting searches that don’t parse content. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Fing 2.0.1 adds support for new device detection, Wi-Fi heatmap, security details and resolves a bug in Bonjour discovery. This is not a security update.
https://www.fing.com/products/fing-desktop-download-windows

GoodSync 11.3.3 resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

Homedale 1.89 improves columns in GUI, and now uses UTF8 for logs. This is not a security update.
https://www.the-sz.com/products/homedale/

HWMonitor 1.42 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

IsMyHdOK 2.32 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.0.0.7640 improves component controls and settings, and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

Aomei Partition Assistant 8.9 improves GUI, and resolves several bugs. This is not a security update.
https://www.diskpart.com/

PointerStick 4.66 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.21.1 improves stability, adds several features, and resolves bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 8.9.2 resolves several bugs, including a reliability bug in manual saves. This is not a security update.
https://12pd.com/click?rf

TeamViewer 15.9.4 resolves several bugs. This is not a security update.
https://www.teamviewer.com/en/download/windows/

TraceRouteOK 2.22 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

Ultimate Boot CD 5.3.9 updates libraries. This is not a security update.
http://www.ultimatebootcd.com/download.html

WinGet 0.1.42241 adds autocomplete. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

WinScan2PDF 6.01 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.35 improves logging and export capabilities, and adds max last-modified date for newest file in the folder tree. This should be treated as a security update.
https://wiztreefree.com/

Developer Updates

These are unlikely to be of interest to most people.

Node.js 14.10.0 resolves dozens of bugs, updates libraries, and improves stability. This is not a security update.
https://nodejs.org/en/

SQLite 3.33.0 resolves several bugs, adds support for arbitrary-precision decimal arithmetic, UPDATE FROM, increases maximum database size, and improves integrity checks.
https://www.sqlite.org/download.html

StrawberryPerl 5.32.0.1 is a major update adding new features, bug fixes, libraries and compatibility. This is not a security update.
http://strawberryperl.com/

Visual Studio Code 1.48.2 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.8 resolves several bugs, improves stability and reliability. This is not a security update.
https://winmerge.org/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.14-140239 resolves several bugs and adds support for Linux kernel 5.8. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.09 resolves several bugs. This is not a security update.
https://coppermine-gallery.net/

Dada Mail 11.11.2 is a security update.
https://dadamailproject.com/

Drupal 9.0.5 resolves a cosmetic bug and changes component registry to avoid flagging for non-existent security vulnerability. This is not a security update.
https://drupal.org/download

HumHub 1.6.3 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 3.9.21 is a security update.
https://www.joomla.org/

Nextcloud Server 19.0.2 resolves dozens of bugs and updates libraries. This is not a security update.
https://nextcloud.com/

phpList 3.5.6 adds reply-to support, forwarding improvements, and resolves several bugs. This is not a security update.
https://www.phplist.org/

ScreenConnect 20.10.957.7556 resolves several bugs and adds new user controls. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.5.1 resolves dozens of bugs. This is not a security update.

Autoptimize 2.7.7 is a security update.

Contact Form 7 5.2.2 resolves several bugs. This is not a security update.

Social Post Feed 2.16.1 resolves several bugs. This is not a security update.

Interactive World Map 3.1.8 improves compatibility and resolves several bugs. This is not a security update.

myStickymenu 2.4.4 resolves several bugs. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.18 resolves several bugs and improves compatibility. This is a security update.

W3 Total Cache 0.14.4 resolves several bugs and improves compatibility. This is not a security update.

WooCommerce 4.5.1 resolves several bugs and improves compatibility. This is not a security update.

WP Mail SMTP 2.3.1 improves compatibility and resolves several bugs. This is not a security update.

Show IDs 1.1.5 improves compatibility. This is not a security update.

WPtouch 4.3.38 resolves several bugs. This is not a security update.

WordPress Zero Spam 4.10.1 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-07-14

Welcome back, Folks!

Today is Patch Tuesday for July 2020.

This Month in Technology

Apple has formally announced that they’ll be switching to ARM processors on their new hardware. While Apple asserts that “most apps will just work,” the truth is that if it’s not a 64-bit app or it hasn’t been updated in more than a year, chances are not only won’t work on ARM but will never work on ARM. If you were here when they switched from PowerPC to Intel you remember the issues were long and wide. You’ll likely need a VM to make many of your apps work.

Piracy doesn’t pay, except for those creating the pirated apps.

Macs are still getting infected through fake “Flash update” malware, even on Catalina. From the comments, “Which is worse, a real Flash installer or a fake one? It’s a toss-up.”

Microsoft was caught breaching user trust, again, by hijacking your data from other browsers and importing into their forced update to their new Edge browser without your permission.

Mozilla switched to a 4-week cadence for major updates in March. This has resulted in even less time for beta testing and the expected release+1 security updates.

Google Chrome is planning to hide everything in a URL other than the domain name. Google, the most popular purveyor of information and also the self-appointed gatekeeper to what is true and false, believes that having the complete URL is bad for you.

Google resolved a major email spoofing vulnerability through customer services, shortly before allowing a core domain name for their Blogger service to expire.

Slack vulnerability allowed hackers to distribute malware to victims devices.

What is it going to take before you stop copying passwords on your phone?

Everyone knows Facebook is always listening. Now the courts have finally considered their web widgets “Wiretaps.” Others are, too. They’re also designing systems to be able to trigger recording of all background noise from external queues. In states like California, Facebook is already violating the all-party consent requirements by recording audio 24/7. Maybe they’ll eventually acknowledge that it’s bad and stop? Ouch. Sorry, I hurt myself laughing there. Oh, and the Facebook Messenger app allowed you to be infected with persistent malware. If you have a website with Facebook integration, you need to take action now to comply with the CCPA.

Airlines are perfectly happy to violate the Americans with Disabilities Act – and treat you like a terrorist – if you have medical conditions.

Bitdefender Antivirus allowed any website you visited to run code on your device. Apache’s Guacamole remote support client allows attackers to take over the entire enterprise. Backdoors in operating systems, why not backdoors in encryption software?

Surprise: phishing still works. Even by text. …and launching a service that relays content to third-parties will ensure it is abused. Honeypots (systems designed to be opened for abuse to see how attacks take place) demonstrate four previously unknown zero-day vulnerabilities.

Nintendo, Plex, Honda, Samsung, Oxford University, University Of Pittsburgh Medical Center, UCSF, anyone banking with various Chinese banks, Night Lion Security, 79 different Netgear router models, hundreds of online retailers, and it won’t be long before IoT vulnerabilities can be used to provide big game hunting for rare species.

June Patch Tuesday updates from Microsoft broke Outlook and other apps for some users.

Selective enforcement means you’re a publisher, says AG Barr of Section 230 of the CDA. There’s no better way to prevent the abuse of Section 230 to censor voices you disagree with.

Now for the good news:

Starlink is coming. LEO internet access could provide up to 1 Gbps Internet access from space. Testing will begin in the next weeks and will gradually move south as satellites take place.

For now, you can cut your internet bill by taking advantage of the free Xfinity Wi-Fi hotspots through the end of the year.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 1.5 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Internet Explorer, DNS Server, Office, Servicing Stack, and MSRT (~900 MB). This includes security updates. A reboot is required.

Adobe Flash Player 32.0.0.403 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 83.0.4103.119 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Crucial Storage Executive 6.04 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Daemon Tools Lite 10.13.0 improves activation and creation and use of bootable disk images. This is not a security update.
https://www.daemon-tools.cc/products/dtLite

Intel Driver and Support Assistant 20.7.26 adds support for new hardware and improves application detection. This is not a security update.
https://www.intel.com/p/en_US/support/detect

nVidia 451.67 resolves several bugs and improves compatibility. This is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.10.97 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 84.0.4147.89 is a security update. Use Menu, Help, About to install the most current version.

Microsoft Edge 83.0.478.64 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 78.0.2 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 68.10.0 is a security update. Use Menu, Help, About to install the most current version.

SeaMonkey 2.53.3 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.1.1929.45 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

OutlookAttachView 3.41 adds an option to copy the preview content and resolves a bug in the cfg switch. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Thunderbird 68.10.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Trillian 6.3.0.6 resolves dozens of bugs, including 2FA and stability issues. This is a security update.
https://www.trillian.im/

Trillian Mac 6.3.0.6 resolves several stability bugs. This is not a security update.
https://www.trillian.im/

curl 7.71.1 resolves several sanitation issues. This should be treated as a security update.
https://curl.haxx.se/windows/

Dropbox 101.4.434 doesn’t provide a useful changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.49.0 resolves a several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 10.25 adds support for Google Drive Shared Drives and Shortcuts, resolves several bugs, and improves user interface. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 0.9995 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

PuTTY 0.74 is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Technitium DNS Server 5.0.1 is a major update that refactors how blocklists are stored and resolves several bugs. This is not a security update.
https://technitium.com/dns/

Zoom 5.1.28656.0709 is a security update.
https://zoom.us/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.07.09 resolves several bugs and improves compatibility. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Camera Raw and DNG Converter 12.3 adds support for new hardware. This is not a security update.
Mac: https://supportdownloads.adobe.com/detail.jsp?ftpID=6955
Win: https://supportdownloads.adobe.com/detail.jsp?ftpID=6957

Adobe Download Manager 2.0.0.529 is a security update.
https://helpx.adobe.com/security/products/adm/apsb20-49.html

Adobe ColdFusion 2016.16 and 2018.10 are security updates.
https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html

Adobe FrameMaker 2019.0.6 doesn’t provide a changelog so should be treated as a security update.
Win32: https://supportdownloads.adobe.com/detail.jsp?ftpID=6963
Win64: https://supportdownloads.adobe.com/detail.jsp?ftpID=6965

Adobe Genuine Service 7.1 is a security update. (Point this one out the next time someone says pirating Adobe software can reduce the security of your computer.)
https://helpx.adobe.com/security/products/integrity_service/apsb20-42.html

Adobe Media Encoder 14.3 is a security update.
https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html

Adobe Creative Cloud Desktop Application 5.2 is a security update.
https://helpx.adobe.com/security/products/creative-cloud/apsb20-33.html

Magento SUPEE-11346 (for Magento v1) is a security update.
https://www.magentocommerce.com/products/downloads/magento/

Adobe Audition 13.0.7 is a security update.
https://helpx.adobe.com/security/products/audition/apsb20-40.html

Adobe Premiere Rush 1.5.16 is a security update.
https://helpx.adobe.com/security/products/premiere_rush/apsb20-39.html

Adobe Premiere Pro 14.3 is a security update.
https://helpx.adobe.com/security/products/premiere_pro/apsb20-38.html

Adobe Illustrator 2020 24.2 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb20-37.html

Adobe After Effects 17.1.1 is a security update.
https://helpx.adobe.com/security/products/after_effects/apsb20-35.html

Adobe Campaign Classic 20.2 is a security update.
https://helpx.adobe.com/security/products/campaign/apsb20-34.html

Artweaver 7.0.6 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Atom 1.49.0 resolves several bugs. This is not a security update.
https://atom.io/

Blender 2.83.2 resolves over 1250 bugs, adds improves performance and stability across several features and adds viewport denoiser. This is not a security update.
https://www.blender.org/download/

Krita 4.3.0 adds several new watercolor effects with brush presets and gradient map and palettizer filters. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 6.4.5 resolves over 100 bugs. This is beta software so should be avoided in favor of the “Still” version (LibreOffice stable). This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 2.6.5 resolves several bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 7.8.8 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Adobe Reader DC 20.009.20074 resolves several bugs. This is not a security update.
https://get.adobe.com/reader

Security Software Updates

One or more of these is likely to be of interest to most people.

Bitmessage 0.6.3.2 is a security update.
https://github.com/Bitmessage/PyBitmessage/releases/latest

DrWeb CureIt! 14.07.2020 should be treated as a security update.
https://www.freedrweb.com/download+cureit+free/?lng=en

Hashcat 6.0.0 adds 51 new algorithms, CUDA support, GPU emulation, improved auto-tuning and more. This should be treated as a security update.
http://hashcat.net/hashcat/#downloadlatest

RogueKiller 14.6.1 resolves several bugs. This is a security update.
https://www.adlice.com/download/roguekiller/

TinyWall 3.0.7 adds support for WSL, whitelisting from network shares, improves detection of short-lived processes, and resolves several bugs. This is not a security update.
https://tinywall.pados.hu/

uBlock Origin 1.28.2 improves syntax highlighting in My Filters and asset viewer, resolves several bugs, and replaces the default filterlists with a new composite list.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.8.0 doesn’t provide a changelog so should be treated as a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Wireless Network Watcher 2.22 updates the internal MAC database and improves the CFG switch. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.26.1 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 2020.1.3 adds support for direct publication through TechSmith Knowmia, adds transparency support for color replacement, and resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.9.7 adds support for new encodings, adds several new conversion tools, presets, and bug fixes. This is not a security update.
https://www.dvdfab.cn/download.htm

FFmpeg 4.3.1 updates libraries. This should be treated as a security update.
https://ffmpeg.org/ffmpeg.html

HandBrake 1.3.3 resolves several bugs. This is not a security update.
https://handbrake.fr/

IsoBuster 4.6 adds a bunch of new features and format supports. This is not a security update.
https://www.isobuster.com/download.php

PDF Creator 4.1 resolves several bugs and improves watermark support. This is not a security update.
https://www.pdfforge.org/pdfcreator

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.6 is a security update.
https://1password.com/downloads/mac/

1Password for Windows 7.6.778 resolves dozens of bugs and improves reliability, adds notifications of website compromise, and improves accessibility. This is a security update.
https://1password.com/downloads/windows/

8GadgetPack 33.0 resolves several bugs, improves high-DPI support, removes defunct widgets. This is not a security update.
https://8gadgetpack.net/

AS SSD Benchmark 2.0.7316.34247 resolves a device access bug. This is not a security update.
https://www.alex-is.de/PHP/fusion/downloads.php?cat_id=4

Autoruns 13.98 now shows the Windows Defender binary as a signed binary. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Beyond Compare 4.3.5.24893 improves integration and compatibility, and resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 1.19.0 improves password concealment, adds soft delete and vault timeouts. This is not a security update.
https://bitwarden.com/

Cygwin 3.1.6 adds support for new socket options, resolves several bugs. This is a security update.
https://cygwin.com/

DesktopOK 7.48 adds SSL to automatic update capability. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Etcher 1.5.101 resolves several bugs, improves UI, and updates libraries. This should be treated as a security update.
https://www.balena.io/etcher/

GoodSync 11.2.5 resolves several bugs and changes licensing…again. This is not a security update.
https://www.goodsync.com/

MS ISO Downloader 8.38 adds support for new images. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

NTLite 1.9.0.7539 adds controls for Target release, Store pinning, Fast Startup, Fast User Switching, Hardware-accelerated GPU scheduling, Shutdown menu, Variable refresh rate, and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

PowerToys 0.19.1 resolves dozens of bugs and stability issues. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Rufus 3.11 improves compatibility and adds several keyboard shortcuts to toggle behaviors. This should be treated as a security update.
https://rufus.ie/en_IE.html

Sysmon 11.10 now captures ADS content into logs, introduces an is-any filter condition, and fixes several bugs. This is not a security update.
https://live.sysinternals.com/

Sigcheck 2.80 adds an option for specifying a trust GUID for signature verification and now shows certificate signing chains. This is not a security update.
https://live.sysinternals.com/

SimpleWMIView 1.41 adds cell-copying and case-sensitivity filtering. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

TeamViewer 15.7.7 resolves several bugs. This is not a security update.
https://www.teamviewer.com/en/download/windows/

WifiInfoView 2.61 updates the internal MAC addresses list. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinScan2PDF 5.81 resolves several bugs and improves rotation support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

ADB 30.0.3 resolves several bugs. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Android Studio 4.0.1.0 resolves over a dozen bugs. This is not a security update.
https://developer.android.com/studio

AutoHotkey 1.1.33.01 resolves several bugs and adds encoding, warnings, and version requirement options. This is not a security update.
https://www.autohotkey.com/download/

Godot 3.2.2 makes over 800 changes, adding C# support for iOS, 2D batching for GLES2, re-architecture of the Android plugin system, DRLS support and ENet integration, and better handling of Variants. This is not a security update.
https://godotengine.org/

Java 8u261 is a security update.
https://www.java.com/en/download/manual.jsp

Node.js 14.5.0 resolves dozens of bugs and updates libraries. This is not a security update.
https://nodejs.org/en/

Node.js v12 12.18.2 resolves several bugs and updates libraries. This is not a security update.
https://nodejs.org/en/

SQLite 3.32.3 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

DB Browser for SQLite 3.12.0 improves table editing, conditional formatting, and multi-threading, as well as dozens of other improvements and bug fixes. This is not a security update.
https://sqlitebrowser.org/

Visual Studio Code 1.47.1 is a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.12-139181 resolves over a dozen bugs and improves hardware compatibility. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

PPSSPP 1.10.3 resolves several bugs. This is not a security update.
https://ppsspp.org/downloads.html

Web Package Updates

These are likely to be of interest only to web developers.

Apache Tomcat 10.0.0-M7, 9.0.37, and 8.5.57 are security updates.
https://tomcat.apache.org/

Coppermine Gallery 1.6.08 improves installation and compatibility. This is not a security update.
https://coppermine-gallery.net/

Dada Mail 11.10.3 improves AWS signature v4 support. This is not a security update.
https://dadamailproject.com/

Drupal 8.8.8 and 8.9.2 are security updates.
https://drupal.org/download

Drupal 9.0.2 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

Joomla 3.9.20 is a security update.
https://www.joomla.org/

phpList 3.5.5 is a security update.
https://www.phplist.org/

ScreenConnect 20.7.29305.7496 resolves several bugs and improves compatibility. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.4.2 is a security update.
https://wordpress.org/

Autoptimize 2.7.3 resolves several bugs. This is not a security update.

BuddyPress 6.1.0 resolves several bugs. This is not a security update.

Contact Form 7 5.2 improves compatibility and resolves several bugs. This is not a security update.

Email Log 2.4.2 resolves several bugs. This is not a security update.

myStickymenu 2.4.3 resolves several bugs. This is not a security update.

Raw HTML 1.6.3 resolves a warning. This is not a security update.

Theme My Login 7.1.1 resolves several bugs. This is not a security update.

W3 Total Cache 0.14.2 resolves several bugs. This is not a security update.

WooCommerce 4.3.0 adds template caching, PHP warnings, improves accessibility, and resolves dozens of bugs. This is not a security update.

WP Mail SMTP 2.2.1 resolves several bugs and improves compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-06-03

Welcome back, Folks!

It’s not Patch Tuesday, but updates from Microsoft, Apple, Google, Mozilla, and many others have triggered an out-of-cycle update.

This Month in Technology

It took Apple over a month to resolve a security issue in their custom OAuth implementation, which would provide app-level access to any site that used Sign in with Apple given only an email address. Facebook and Google both suffered similar XSS issues recently, as did a very popular WordPress plugin.

Not accepting vulnerability reports doesn’t mean the vulnerabilities don’t exist, Apple. Even after vowing now to, Apple is still recording everything you say and do as long as you have Siri enabled.

It still surprises me that people that don’t read the documentation and license agreements still feel the need to sue over their failure to understand how software works. For anyone reading this years from now, browsers load web pages. “Incognito” mode (or any other privacy mode) simply prevents your data from being shared IN THE BROWSER between different sessions. It otherwise does not prevent any websites from operating exactly as they would if you were loading the web page in any other browser. As always, don’t do anything online that you don’t want to be tracked to you. Period.

Even so, eBay, Citibank, TD Bank, Ameriprise, Chick-fil-a, Equifax, and many more websites are performing port scans of visitors computers. If you’re concerned about your privacy, imagine the power companis like eBay and Equifax would have if they collected and consolidated details about every remote support platform installed and used by every visitor to their websites. We’re talking about hundreds of millions of people relying on companies that don’t have the best track record of keeping data safe in the first place.

Veracode reports that about 70% of all mobile and desktop applications contain open-source bugs. This reminds me of one of my favorite computer quotes: Every non-trivial program contains at least one bug. Every non-trivial program can be simplified by at least one line of code. The conclusion of the last two laws: Every non trivial program can be simplified to one line of code, and it will contain a bug.

A widely used EU Cookie Consent image is being used to distribute malware. Directly linking to third-party scripts and images has some serious long-term drawbacks.

As was expected by anyone that can math or understand science, suicide (as a result of the government lockdown) has killed more in California than the plandemic COVID-19. This is, of course, after churches are being burned to the ground for daring to try to serve the same people that currently frequent Walmart, Target and Lowes.

The Spectra exploit demonstrates just how easy it’s going to be to abuse the GACT/Contact Tracing services on many devices.

Now for the good news:

Windows 10 v2004 has been released. Make sure you’ve installed v1909 recently so you won’t be forced into the new build before they work out the bugs. I don’t see a lot of differences between v2004 and v1909 that most people would benefit from, anyway, but these releases tend to take a couple months to work out most of the bugs. For example, many Windows policies are erased during the upgrade which can result in local accounts being forced into using inescapable Microsoft accounts for users that don’t understand that “not now” is an option.

Let’s Get Busy

Apple released updates for macOS Catalina 10.15.5, macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra, Windows Migration Assistant 2.2.0.0, iCloud for Windows 7.19, iCloud for Windows 11.2, Safari 13.1.1, Xcode 11.5, iOS 13.5.1, iPadOS 13.5.1, tvOS 13.4.6, watchOS 5.3.7, watchOS 6.2.6, and iTunes 12.10.7. These are security updates.

iOS 13.5.1 and 12.4.7 are security updates. Use Settings, General, Software Update to install the most current version. This version also adds the Orwellian contact tracing feature at the system level. While “disabled” by default, you may validate that it is disabled in Settings, Privacy, Health, COVID-19 Exposure Logging, and turn off Exposure Logging.

iPadOS 13.5.1 is a security update. Use Settings, General, Software Update to install the most current version.

tvOS 13.4.6 is a security update. Use Settings, General, Updates to install the most current version.

watchOS 5.3.7 and 6.2.6 are security updates. Use your updated iPhone to install the most current version through the Watch app.
https://support.apple.com/en-us/HT204641

Google has released security updates for Android 9 and 10 which will gradually be published by individual vendors and available to you in the coming weeks. This version also adds the Orwellian contact tracing feature. Disabling Location and Bluetooth will disable the current version of contact tracing.

Google Chrome OS 83.0.4103.77 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.5 resolves an AMD audio bug. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Intel Driver and Support Assistant 20.6.22 improves OEM device support, performance and resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Logitech Options 8.20.329 adds support for Edge and resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options

nVidia 446.14 improves VRSS in Onward and resolves several stability, performance, and battery life issues. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.9.76 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 83.0.4103.97 is a security update. Use Menu, Help, About to install the most current version.

Microsoft Edge 83.0.478.44 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 77.0 and 77.0.1 are security updates. Use Menu, Help, About to install the most current version.

Firefox ESR 68.9.0 is a security update. Use Menu, Help, About to install the most current version.

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.7.8 is a security update.
https://getmailspring.com/

OutlookAttachView 3.40 changes the Image Preview feature to Preview Pane which will show other attachment types than images. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Internet Updates

One or more of these are likely to be of interest to everyone.

Trillian 6.3.0.5 resolves @mentions. This is not a security update.
https://www.trillian.im/

Trillian Mac 6.3.0.3 resolves a tooltip bug and removes some unused entitlements. This is not a security update.
https://www.trillian.im/

FileZilla Client 3.48.1 is not a security update.
https://filezilla-project.org/

FreeFileSync 10.24 resolves several bugs, improves compatibility, adds new macros and improves error handling. This is not a security update.
https://www.freefilesync.org/download.php

Zoom 5.0.26213.0602 resolves several bugs, enables GIPHY, improves privacy controls and admin controls, improves unmute behavior, and adds waiting room ringtone. This is not a security update.
https://zoom.us/

WinSCP 5.17.6 resolves several bugs. The installation package is a security update.
https://winscp.net/eng/index.php

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.10.7 is a security update. Use Apple Software Update to install the most current version.

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.06.01 adds “Play Next”, direct IP connectivity for Remote Play, P2P improvements, and resolves several bugs. This is not a security update.

PlayStation PS4 7.51 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/system-updates/ps4/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.009.20067 resolves several stability and reliability issues. This is not a security update. Use Help, Check for updates to get the most current version.

Atom 1.47.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/

Audacity 2.4.1 resolves several bugs. This is not a security update.
https://www.fosshub.com/Audacity.html

LibreOffice Fresh 6.4.4 resolves nearly 100 bugs. This is not a security update. Be advised that “Fresh” is the beta version and should be avoided by most people.
https://www.libreoffice.org/

Lightworks NLE 2020.1 resolves hundreds of bugs and adds several new features. This is not a security update.
https://www.lwks.com/

Paint.net 4.2.12 resolves several bugs and improves metadata export between formats. This is not a security update.
https://www.getpaint.net/

MyPaint 2.0.1 resolves several bugs, including a repetitive load image quality loss bug. This is not a security update.
https://github.com/mypaint/mypaint/releases/latest

Security Software Updates

One or more of these is likely to be of interest to most people.

RogueKiller 14.5.0 updates the RKSvc, core engine, and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.27.10 resolves several bugs. This is not a security update.

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.24.2 resolves FFmpeg compatibility. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.8.9 adds support for new encodings and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

DesktopOK 7.27 adds delete confirmation. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Easy2Boot 2.03 resolves several bugs and updates libraries. This is not a security update.
https://www.fosshub.com/Easy2Boot.html

Etcher 1.5.96 updates libraries and resolves several bugs. This should be treated as a security update.
https://www.balena.io/etcher/

GoodSync 11.2.0 improves compatibility and stability. This is not a security update.
https://12pd.com/click?goodsync

MPI Tool Kit 0.099 doesn’t provide a changelog so should be treated as a security update.
https://www.fosshub.com/Easy2Boot.html

MS ISO Downloader 8.37 adds images for developer and insider releases of Win10 build 19628, Office 2016/2019 for Mac, and resolves accessibility issues. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

PointerStick 4.11 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.18.1 adds Run and Keyboard manager, and resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

TeamViewer 15.6.7 improves performance of multi-participant sessions, allows disabling the Outlook add-in during installation, and resolves several bugs. This is not a security update.
https://www.teamviewer.com/en/download/windows/

WakeMeOnLan 1.86 updates the internal MAC address database. This is not a security update.
https://www.nirsoft.net/utils/wake_on_lan.html

WinScan2PDF 5.41 improves detection of multi-function devices. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.33 resolves network drive access issues, improves export/import accuracy, and resolves several bugs. This is not a security update.
https://antibody-software.com/web/software/software/wiztree-finds-the-files-and-folders-using-the-most-disk-space-on-your-hard-drive/

ControlMyMonitor 1.26 now displays an error code if unable to parse settings from the display. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

Cygwin 3.1.5 adds support for WSL symlinks and resolves several bugs. This is not a security update.
https://cygwin.com/

DesktopOK 7.41 resolves installation and removal bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.67 adds an option to uninstall the selected device. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

FileLocator Pro 8.5.2946 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

NetworkInterfacesView 1.21 adds Interface LUID column. This is not a security update.
https://www.nirsoft.net/utils/network_interfaces.html

Bitcoin 0.20.0 improves reliability and stability, removes dependency on OpenSSL, and resolves several bugs. This is not a security update.
https://bitcoin.org/en/download

NTLite 1.9.0.7490 adds several new setting controls and resolves several bugs.
https://www.ntlite.com/download/

WinScan2PDF 5.51 improves translations. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Windows 10 Media Creation Tool v2004 is now available. This is not a security update.
https://www.microsoft.com/en-us/software-download/windows10

Developer Updates

These are unlikely to be of interest to most people.

ADB 30.0.0 adds support for wireless pairing, incremental APK installation, client-side support for compression of various commands with Android 11, and improves performance. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Inno Setup 6.0.5 is a security update.
https://www.jrsoftware.org/isdl.php

Node.js 14.4.0 resolves dozens of bugs. This is a security update.
https://nodejs.org/en/

Node.js 12.18.0 is a security update.
https://nodejs.org/en/

Android Studio 4.0.0.16 is a major update and adds several new features and improvements. This is not a security update.
https://developer.android.com/studio

SQLite 3.32.1 is a security update.
https://www.sqlite.org/download.html

TortoiseSVN 1.14.0 resolves several bugs. This is not a security update.
https://tortoisesvn.net/downloads.html

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.8-137981 resolves several bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 8.9.0 is the final minor build of the 8.x series and updates libraries and resolves several bugs. Drupal 8.8.6 and 8.7.14 are security updates.
https://drupal.org/download

HumHub 1.5.2 resolves over 25 bugs. This is not a security update.
https://www.humhub.com/en/download

Nextcloud Server 19.0.0 adds document collaboration to video chats, password-less login, performance improvements, guest groups and more. This should be treated as a security update.
https://nextcloud.com/

Joomla 3.9.19 is a security update.
https://www.joomla.org/

phpList 3.5.4 is a security update.
https://www.phplist.org/

ScreenConnect 20.5.28493.7445 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Autoptimize 2.7.2 resolves several bugs. This is a security update.

BuddyPress 6.0.0 is a major update adding several new features and resolving many bugs. This is a security update.

Contact Form 7 5.1.9 resolves several bugs. This is not a security update.

myStickymenu 2.4.1 is a cosmetic update. This is not a security update.

Postie 1.9.52 resolves a category parsing bug. This is not a security update.

WooCommerce 4.2.0 resolves dozens of bugs. This is not a security update.

bbPress 2.6.5 doesn’t provide a changelog so should be treated as a security update.

Redirection 4.8 resolves two minor bugs and adds importer. This is not a security update.

Social Post Feed 2.15.1 adds several new features. This is not a security update.

Theme My Login 7.1 adds a new dashboard action, improves performance and resolves several bugs. This is not a security update.

W3 Total Cache 0.14.1 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-04-30

We just had to get one last update cycle in for “the April that would never end.”

It’s not Patch Tuesday, but updates to OpenSSL have prompted security updates for almost every browser as well as application updates to many others have triggered an out-of-cycle update.

This Month/Week in Technology

If you can’t trust the CDC not to taint the tests, you can’t trust the SBA with your privacy in their loan process, you can’t trust Apple with your data, you can’t trust your “home automation” to not expose your entire home to hackers, you can’t trust the CIA not to abuse their authority in the mainstream media and academia, you can’t trust the FBI to follow their own rules when making requests of the secret FISA courts, you *really* can’t trust your antivirus software not to put you at even greater risk of exploitation, you can’t trust anyone not to reuse passwords, and you can’t trust advertising publishers to keep their ad platforms safe for their target audience, then why should you ever even consider giving Google and Apple 24/7, permanent, extensive monitoring of everywhere you go and everyone you ever have contact with? I don’t. Even if Apple and Google were above reproach (and they’re not), the inevitable abuse by any platform like this makes Orwell’s worst dreams look tame in comparison.

Now for the good news:

Intel has finally opened up their graphic drivers so you can use them on OEM hardware.

Let’s Get Busy

Apple released iOS 13.4.1 for iPhone SE (2nd generation) and watchOS 6.2.1 for Apple Watch Series 1 and 2. These are security updates. Use Settings, General, Software Update to install the most current version.

Fedora 32-1.6 provides several new features, now uses nftables by default, improves regular maintenance routines, and updates libraries. This is a security update.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.4 adds ability to remove only NVCP and resolves several bugs. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Intel Driver and Support Assistant 20.4.17 resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.8.86 is a security update. Use Menu, Help, About to install the most current version.

Google Chrome 81.0.4044.129 is a security update. Use Menu, Help, About to install the most current version.

Microsoft Edge 81.0.416.68 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 3.0.1874.33 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.7.6 resolves several bugs. This is not a security update.
https://getmailspring.com/

OutlookAttachView 3.35 adds option to control Enter Key Action. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Internet Updates

One or more of these are likely to be of interest to everyone.

FileZilla Client 3.48.0 is a security update.
https://filezilla-project.org/

FreeFileSync 10.23 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Earth 7.3.3 improves Street View, plus code support, and resolves several bugs. This is a security update.
https://earth.google.com/

WinSCP 5.17.5 is a security update.
https://winscp.net/eng/index.php

Zoom 5.0.23502.0430 improves encryption, abuse reporting, privacy controls, and resolves several bugs. This is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

VLC Media Player 3.0.10 is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.04.28 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

LibreOffice 6.3.6 resolves 80 bugs. This is not a security update.
https://www.libreoffice.org/

Notepad++ 7.8.6 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Illustrator 24.1.2 is a security update.
https://www.adobe.com/creativecloud/catalog/desktop.html

Adobe Bridge 10.0.4 is a security update.
https://www.adobe.com/products/bridge.html

Security Software Updates

One or more of these is likely to be of interest to most people.

OpenSSL 1.1.1g is a security update.

RogueKiller 14.4.1 is a security update.
https://www.adlice.com/download/roguekiller/

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.23.2 resolves a couple minor bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.8.6 adds support for new encodings, improves upscaling and enlarger. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

Dell Command Update 3.1.2 is a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

RoboForm 8.7.0 resolves several bugs. This is not a security update.
https://12pd.com/click?rf

1Password for Windows 7.4.767 resolves several bugs. This is a security update.
https://1password.com/downloads/windows/

DesktopOK 7.01 adds command-line support, mapping support for alt-drag, and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Easy2Boot 2.02 updates libraries, dependencies, and resolves a bug in Make USB. This is not a security update.
https://www.fosshub.com/Easy2Boot.html

Etcher 1.5.83 adds workflows to Flash from URL and improves the cosmetics. This is not a security update.
https://www.balena.io/etcher/

GoodSync 11.1.6 adds RDC tunneling support, explorer actions, account management improvements, and resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

MS ISO Downloader 8.35 adds support for new Windows, Office, and Dell images. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

PSAppDeploy 3.8.1 adds Repair as action type, execute-process-as-user, several new features, compatibility improvements and bug fixes. This is not a security update.
https://psappdeploytoolkit.com/

Rufus 3.10 improves compatibility, device detection, updates drivers, and resolves several bugs. This is not a security update.
https://rufus.ie/en_IE.html

TeamViewer 15.5.3 adds message search, conditional access servers for fallback options, and resolves several bugs. This is not a security update.
https://www.teamviewer.com/en/download/windows/

WinScan2PDF 5.31 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

CPU-Z 1.92 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

NTLite 1.9.0.7455 adds new controls and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

Coreinfo 3.5 doesn’t provide a changelog so should be treated as a security update.
https://live.sysinternals.com/

LiveKD 5.63 doesn’t provide a changelog so should be treated as a security update.
https://live.sysinternals.com/

Process Explorer 16.32 doesn’t provide a changelog so should be treated as a security update.
https://live.sysinternals.com/

Sysmon 11.0 adds file delete and archive monitoring, additional options to control behavior, improved log support and reliability improvements. This is not a security update.
https://live.sysinternals.com/

Developer Updates

These are unlikely to be of interest to most people.

Node.js 14.1.0 is a new major version adding several new features, libraries and bug fixes. Unfortunately, the previous build (14.0.0) broke stream support for many packages. This version resolves that bug. This is a security update.
https://nodejs.org/en/

Node.js 13.14.0 resolves several bugs. This is a security update.
https://nodejs.org/en/

Node.js 12.16.3 updates libraries. This is a security update.
https://nodejs.org/en/

Redemption 5.23.0.5664 adds support for in-memory objects, several new objects, collection-level assignments, and resolves several bugs. This is not a security update.
http://www.dimastr.com/redemption/

MySQL ConnectorNet 8.0.20 resolves several bugs. This is not a security update.
https://dev.mysql.com/downloads/connector/net/

Web Package Updates

These are likely to be of interest only to web developers.

WordPress 5.4.1 is a security update.
https://wordpress.org/

ScreenConnect 20.3.28091.7419 improves relay action scheduling, resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Magento 2.3.4-p2, 2.3.5-p1, 1.14.4.5, 1.9.4.5 are security updates.
https://helpx.adobe.com/security/products/magento/apsb20-22.html#solution

Joomla 3.9.18 is a security update.
https://www.joomla.org/

HumHub 1.5.1 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

MailEnable 10.30 resolves several bugs. This is not a security update.
https://www.mailenable.com/

Nextcloud Server 18.0.4 resolves dozens of bugs and updates libraries. This should be treated as a security update.
https://nextcloud.com/

phpList 3.5.3 is a security update.
https://www.phplist.org/

YOURLS 1.7.9 improves compatibility, API signature algorithm, accessibility, and resolves several bugs. This is not a security update.
https://yourls.org/

Akismet 4.1.5 disables the notice and updates WP requirements. This is not a security update.

Antispam Bee 2.9.2 improves compatibility, and resolves several bugs. This is not a security update.

BuddyPress 5.2.0 is a security update.

Custom Facebook Feed 2.14 resolves several bugs. This is not a security update.

myStickymenu 2.4 resolves several bugs and adds font color control. This is not a security update.

Postie 1.9.50 improves diagnostics. This is not a security update.

W3 Total Cache 0.13.3 resolves a minification bug. This is not a security update.

WP Mail SMTP 2.0.0 changes PHP requirements (7+) and resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-03-24

Hi, Folks!

It’s not Patch Tuesday, but security updates from Apple, Adobe, Google, and many others have triggered an out-of-cycle update.

This Month/Week in Technology

NPM is joining Github. Cool.

Apple was fined $1.2 billion by French antitrust authorities. And you thought the next iPhone was going to be expensive yesterday? They’ll be rolling the expense of the antitrust settlement into your next iDevice.

Security is all about trust. The thing to remember is that just because something claims to be a security application or service doesn’t mean it is. Antivirus and VPNs are no exception. By the way, if you’re still using Avast, you may as well just send your passwords out to random email addresses along with all your other personal data.

Content Delivery Networks (CDNs) are critical for scalable web distribution. Unfortunately, this makes them prime targets for malware distribution as well.

Salesforce customers will soon no longer be able to use Data Backup Recovery. Consider this a reminder that while the cloud might store everything, it’s not always easy to get it back when you’ve lost it.

The US Department of Defense is glacially slow (8+ years) at fixing security issues. Don’t say you weren’t warned. In their wisdom, the FBI says you shouldn’t save your passwords in your browser. Duh.

Even if you don’t, however, your data is stored by most other entities you interact with. For example, every 10 years the US performs the Census and collects a wide variety of information about every household in the country. When the US Census Bureau data is hacked you can find that data online, too. But that’s not even the worst of what’s wrong with the Census this year. Their website uses a script that performs a unique fingerprint of every single device that connects to their site and attempts to load various sensor features to further profile and access features of the device. Coupled with the “unique” login you use when filling out the Census your online activity can be permanently tied to your devices. And yes, this is the same organization that had a major data leak earlier in this paragraph.

The Internet of Things (IoT) is much less secure than you may have thought, no matter how bad you thought it was. 98% of their traffic is sent unencrypted, more than half of devices suffer from critical vulnerabilities that will likely never be patched, IoT devices are often used as a foothold to gain access to your internal networks, and hospitals are some of the worst offenders for employing insecure and unmaintained IoT devices.

Is it any wonder that the Russian FSB was developing an IoT botnet? Another FSB contractor was hacked and their tools were released in much the same way as the CIA Vault7 hack.

Now for the good news:

Comcast has made their public Wi-Fi hotspots available free to everyone and has removed data caps for the next 60 days as a result of the current pandemic. Just make sure you’re using a VPN. 🙂

Let’s Get Busy

Apple released updates for macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, Xcode 11.4, Safari 13.1, watchOS 6.2, watchOS 5.3.6, tvOS 13.4, iOS 13.4, iPadOS 13.4, iOS 12.4.6, and iTunes 12.10.5 for Windows. These are security updates. Use the Apple App Store or Apple Software Update to install the most current versions.

iOS 13.4 and 12.4.6 are security updates. Use Settings, General, Software Update to install the most current version.

watchOS 6.2 and 5.3.6 are security updates. Use your updated iPhone to install the most current version through the Watch app.
https://support.apple.com/en-us/HT204641

tvOS 13.4 is a security update. Use Settings, General, Updates to install the most current version.

Adobe Flash Player 32.0.0.344 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

nVidia 442.75 resolves several compatibility issues and adds app/game profiles. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.5.113 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 80.0.3987.149 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 2.11.1811.49 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 68.6.0 is a security update. Use Menu, Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.40 adds a new date/time filter. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

FileZilla Client 3.47.2.1 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 10.22 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 0.9989 resolves several bugs. This should be treated as a security update.
https://nmap.org/npcap/

Prosody 0.11.5 adds foreground/background flags to replace daemon functionality. This is not a security update.
https://prosody.im/download/start

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.10.5 is a security update. Use Apple Software Update to install the most current version.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.006.20042 is a security update. Use Help, Check for Updates to install the most current version.

Adobe Creative Cloud Desktop?5.1 is a security update.
https://www.adobe.com/creativecloud/catalog/desktop.html

Adobe Bridge 10.0.3 is a security update.
https://www.adobe.com/products/bridge.html

Adobe ColdFusion 2016.14 and 2018.8 are security updates.
https://helpx.adobe.com/coldfusion/kb/coldfusion-2016-update-14.html
https://helpx.adobe.com/coldfusion/kb/coldfusion-2018-update-8.html

Adobe Experience Manager 6.3.3.8, 6.4.8.0, and 6.5.4.0 are security updates.
https://helpx.adobe.com/experience-manager/aem-releases-updates.html

Adobe Photoshop 20.0.9 and 21.1.1 are security updates. Use Adobe Creative Cloud Desktop to install the most current versions (after you patch it).

Adobe Acrobat 2020.006.20042, 2017.011.30166, and 2015.006.30518 are security updates. Use Adobe Creative Cloud Desktop to install the most current versions (after you patch it).

Adobe Genuine Integrity Service 6.6 is a security update. AdobeGCClient does not have a separate installer or updater, and will update as you patch other programs.

Atom 1.45.0 resolves several bugs and updates libraries. This should be treated as a security update.
https://atom.io/

LibreOffice Fresh 6.4.2 resolves over 90 bugs. This is a security update. LibreOffice Fresh is a beta version, and should be avoided for most users.
https://www.libreoffice.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

RogueKiller 14.3.0 updates libraries, improves reliability and scanning behaviors. This is a security update.
https://www.adlice.com/download/roguekiller/

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.22.1 resolves a couple bugs and updates translations. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.8.1 adds support for new encodings, improves compatibility, and resolves a couple bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.4.759 resolves several bugs and improves compatibility. This is not a security update.
https://1password.com/downloads/windows/

CurrPorts 2.61 resolves a state-monitoring bug. This is not a security update.
https://www.nirsoft.net/utils/cports.html

Etcher 1.5.80 resolves several bugs and updates electron. This should be treated as a security update.
https://www.balena.io/etcher/

Everything 1.4.1.969 improves stability. This is not a security update.
https://www.voidtools.com/

Fing 9.0.0 adds several new feature shortcuts and an Account tab. This is not a security update.
https://community.fing.com/

GoodSync 10.11.2 resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

IsMyHdOK 2.11 updates language packs and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

TeamViewer 15.4.4445 resolves several bugs and adds the tvopt file format for setting portability. This is not a security update.
https://www.teamviewer.com/en/download/windows/

WSUS Offline 12.0 removes support for Windows 7, Windows Server 2008 R2, Win10 v1703, splits Win10 updates to versioned folders for future updates, and updates supercedence values. This is not a security update.
https://download.wsusoffline.net/

Developer Updates

These are unlikely to be of interest to most people.

Inno Setup 6.0.4 improves compatibility, Restart Manager, and RTF, adds Dark Theme, several fixes and HTTPS on the website. This is not a security update.
https://www.jrsoftware.org/isdl.php

Node.js 13.11.0 updates libraries, improves compatibility, and resolves several bugs. This is not a security update.
https://nodejs.org/en/

StrawberryPerl 5.30.2.1 updates libraries, improves compatibility, and resolves several bugs. This is a security update. You probably shouldn’t be using StrawberryPerl though, since they still aren’t using HTTPS even though they can get it free through LetsEncrypt. Sad.
http://strawberryperl.com/

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 8.8.4 is a security update.
https://drupal.org/download

HumHub 1.4.4 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

phpMyAdmin 4.9.5 is a security update.
https://www.phpmyadmin.net/

Nextcloud Server 18.0.3 is a security update.
https://nextcloud.com/

phpList 3.5.1 updates libraries and resolves several bugs. This is a security update.
https://www.phplist.org/

Connectwise Control 20.2.27450.7387 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Akismet 4.1.4 improves compatibility and activation process. This is not a security update.

Custom Facebook Feed 2.12.4 improves compatibility and resolves several bugs. This is not a security update.

myStickymenu 2.3.8 improves compatibility, reduces announcement nag frequency, and allows custom HTML within notification bar. This is not a security update.

Postie 1.9.44 refactors code for separation of purpose and adds an action for registering shortcodes.

Redirection 4.7.1 resolves several bugs. This is not a security update.

WooCommerce 4.0.1 improves Action Scheduler and resolves several bugs. This is not a security update.

WP Mail SMTP 1.9.0 adds several troubleshooting features, improves documentation, About, and warns when settings are not saved. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/