Updates 2023-10-10

Welcome back, Folks!

Today is Patch Tuesday for October, 2023.

This month brings a new version of macOS, version 14.0/Sonoma, an impending new Windows 11 build, and several very high profile vulnerabilities in shared code that affect thousands of applications. Vendors for some will not even discover that they’re vulnerable until their applications are used in mass hacks. The next few months are going to be ugly as this plays out.

There were 153 major hacks, and over 200 application updates this month. It’s an insane month, with about 6 GB of updates for most users.

This Month in Technology

23andMe, Accusoft ImageGear, Activision, Actors Fund Home, Air Canada, Airbus, Allegheny County, Pennsylvania, Amazon, Amerita, Android, ApexSMS, Apple iOS/iPadOS (several times), Aretis Health LLC, Arkansas Total Care, Inc., Arm chips, Arm Mali GPU drivers, Asian National Power Grid, Atlassian Confluence Data Center and Server, Atrium Health, Auckland Transport, Bermuda, Bienville Orthopaedic Specialists LLC, Bluegrass Care Navigators, BORN Ontario, Bureau van Dijk, Caesars Entertainment, Cascade Family Dental, Catawba Valley Medical Center, Charlotte Radiology, ChildFund New Zealand, Cisco Catalyst SD-WAN Manager, Cisco Emergency Responder, Cisco IOS, Citrix NetScaler, City of Dallas, Texas, Clover Health LLC, CoinEx, Colombian Government, Community First Medical Center, Cyberport, D-Link DAP-X1860 WiFi 6 range extenders, dBforums, Delta Dental of California, District of Columbia Board of Elections, DLP Central Carolina Medical Center, Donald Trump Jr.’s X account, Dr. Patty DiBlasio, PC, Duke University Health System, ECU Health, Erlanger Health, Inc., Exim, FirstHealth, Flagstar Bank, Florida’s First Judicial Circuit Court, Founder Project Rx, Inc., GitLab, glibc ld.so – standard in all modern Linux flavors, GNOME, Google Chrome (again!), all modern GPUs, Health First, Inc., Horse Isle, hotels, booking sites, and travel agencies, hundreds of known apps using Electron due to the webp vulnerability, HWL Ebsworth, indeed.com, India’s National Logistics Portal-Marine, Indiana University Health, International Criminal Court (ICC), JetBrains’ TeamCity, Johnson Controls, Jordan Valley Community Health Center, Juniper SRX firewalls and EX switches, Just Kids Dental, LabCorp, Lakeland Community College,
Lakeview Clinic, libwebp, Linux GNU C library (Looney Tunables), Lone Star Alliance, Inc, Lyca Mobile, MalindoAir, McLaren Health Care, MGM Resorts, Microsoft AI-powered Bing Chat, Microsoft AI, Microsoft Edge, Microsoft Outlook, Microsoft SharePoint Server, Microsoft Skype, Microsoft SQL Servers, Microsoft Teams, Microsoft XboxMission Health System, Mixin Network, MNGI Digestive Health, Mosaic Mental Health, Motel One Group, MOVEit (again), Mt. Graham Regional Medical Center, Nansen, National Student Clearinghouse, Navvis & Company, LLC, New Hanover Regional Medical Center, NorthStar Anesthesia, Northwestern Polytechnical University, Novant Health, NTT Docomo, Nuance Communications, Oak Valley Hospital District, Omnicell Specialty Pharmacy Services (OSPS), Openfire messaging servers, ORBCOMM, OrthoAlaska, LLC, Parkers Chapel School District, PaySystem.tech, Peach State Health Plan, Pharm-Pacc Corporation, Physical Therapy, PLLC, Physicians Insurance Company, Physio Logic Chiropractic, Piilopuoti, Pizza Hut Australia, Prospect Medical Holdings, Inc., Qualcomm GPU and Compute DSP drivers, Retool, Rock County Health Department, Rollbar, Roseman University of Health Sciences, Ryders Health Management LLC, See Tickets, Skype for Desktop, Sony Interactive Entertainment, South Florida Behavioral Health Network, Sutter North Surgery Center, T-Mobile, multiple telecommunication service providers in the Middle East, Western Europe, and South Asia, Temple University Health System, Inc., Texas Medical Insurance Company, Texas Medical Liability Trust, The Hospital for Sick Children (SickKids), TissuPath, TorchServe AI, TransUnion, Trend Micro Apex One, UNC Health, United Healthcare Services, Inc. Single Affiliated Covered Entity, United Kingdom’s Greater Manchester Police, VA Dept. of Medical Assistance Services, Vitalik Buterin’s X account, Wake Radiology Diagnostic Imaging, WakeMed Health & Hospitals, Walmart, Inc. Associates Health and Welfare Plan, WebP, Wellstar Health System, Windows 11 Theme system, 17,000 WordPress sites, and WS_FTP Servers have reportedly been hacked or compromised this month.

Auckland Transport, Bing Chat AI, Caesars, Canadian airports, Discord, Lyca Mobile, MGM, Microsoft Teams, and the Royal Family website have suffered from outages this month.

Google, Amazon, and CloudFlare have been seeing record-breaking numbers of attacks using a weakness in the HTTP/2 protocol.

Last months updates broke BitLocker, Excel, faith in Windows (forcing an incompatible application), Outlook (twice), and USB printing.

The Magecart skimming malware is now abusing online store error pages.

The UK passed the “Online Safety Bill” which, among other things, grants government (and those with an ax to grind – like LOVEINT) mandated access to all private internet conversations.

Microsoft is pushing Edge and Bing in violation of their own policies. If they treated themselves with the same rules they treat others, then microsoft.com would be blocked for distributing the BGAUpsell crapware.

PayPal is finally making news for their complicity in the latest rash of invoice scams. Netcraft is playing it off as PayPal being the victim, but they can hardly be held blameless. They’ve been supporting these scams for years.

Google will be retiring the Basic HTML view in January. Half of the ISPs in Tuolumne County will suffer as a result. Google is also now pushing Passkeys as their default authentication platform, meaning that instead of knowledge of your password, all it will take for new logins to your Google account is possession of one of your devices.

Apple iPhone 12 violates French health laws for exceeding allowable EF radiation. Apple is planning to release an update to reduce the emissions in order to comply.

Even staff in military and defense organizations can’t be trusted to use good passwords.

CISA has been slapped yet again for their government-sponsored censorship. Maybe this time it will take?

Now for the good news:

Google is now (finally!) treating unauthenticated Microsoft 365 email as spam (it is).

Google announced they’ll be supporting all Chromebooks for 10 years — twice as long as was promised before. This should massively reduce e-waste.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 6 GB in updates today. Let’s get started.

Microsoft released updates to address 105 vulnerabilities in Active Directory Domain Services, Azure, Azure DevOps, Azure Real Time Operating System, Azure SDK, Client Server Run-time Subsystem (CSRSS), HTTP/2, Microsoft Common Data Model SDK, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft QUIC, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows Media Foundation, Microsoft Windows Search Component, Microsoft WordPad, Skype for Business, SQL Server, Windows Active Template Library, Windows AllJoyn API, Windows Client/Server Runtime Subsystem, Windows Common Log File System Driver, Windows Container Manager Service, Windows Deployment Services, Windows DHCP Server, Windows Error Reporting, Windows HTML Platform, Windows IIS, Windows IKE Extension, Windows Kernel, Windows Layer 2 Tunneling Protocol, Windows Mark of the Web (MOTW), Windows Message Queuing, Windows Microsoft DirectMusic, Windows Mixed Reality Developer Tools, Windows Named Pipe File System, Windows NT OS Kernel, Windows Power Management Service, Windows RDP, Windows Remote Procedure Call, Windows Resilient File System (ReFS), Windows Runtime C++ Template Library, Windows Setup Files Cleanup, Windows TCP/IP, Windows TPM, Windows Virtual Trusted Platform Module, Windows Win32K, and MSRT (~ 1.5 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Sonoma 14.0, macOS Ventura 13.6, macOS Monterey 12.7, iOS 16.7.1, iOS 17.0.3, iPadOS 16.7.1, iPadOS 17.0.3, Safari 16.6.1, Safari 17.0, tvOS 17.0, watchOS 10.0.2, watchOS 9.6.3, Xcode 15.0, Apple Service Utility, and Pro Video Formats 2.2.7. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 16.7.1 and 17.0.3 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 16.7.1 and 17.0.3 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 9.6.3 and 10.0.2 are security updates. Use the Watch app on your iPhone to install the most current version.

tvOS 17.0 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 117.0.5938.157 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Sonoma (14.x) means that macOS Big Sur (11.x) and older are no longer supported. If you can not install at least macOS Monterey (12) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current — and final — release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. All non-LTS versions of Windows 10 other than v22H2 are now out of support, upgrade to v22H2 now. If you aren’t sure whether you are using LTS, you aren’t. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is now stable and can be upgraded to if your hardware supports it, but I recommend you continue to use Windows 10 until early 2025 before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 23.9.3 improves game support and resolves several bugs. This is not a security update.
https://www.amd.com/en/support

Display Driver Uninstaller 18.0.6.8 resolves several bugs. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DS4Windows 3.2.17 resolves several bugs. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Garmin Express 7.18.3 doesn’t provide a changelog so should be treated as a security update.
https://www.garmin.com/en-US/software/express/

GnuCash 5.4 resolves dozens of bugs. This is not a security update.
https://www.gnucash.org/

TP-Link Archer AX73 v2.0 230829 is a security update.
https://www.tp-link.com/us/support/download/archer-ax73/v2.0/#Firmware

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.58.137 is a security update.
https://brave.com/

Firefox 118.0.2 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 115.3.1 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Google Chrome 109.0.5414.168 is a security update.
https://www.google.com/chrome/

Google Chrome 117.0.5938.149 is a security update.
https://www.google.com/chrome/

Microsoft Edge 117.0.2045.60 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Microsoft Edge WebView2 117.0.2045.60 is a security update.
https://developer.microsoft.com/en-us/microsoft-edge/webview2/

SeaMonkey 2.53.17.1 is a security update.
https://www.seamonkey-project.org/

Vivaldi 6.2.3105.58 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Spark 3.9.0.57590 adds group invitations and resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.9.0.57684 adds group invitations and resolves several bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 115.3.1 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 8.0.3 resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

AnyDesk (macOS) 7.2.2 resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

curl 8.3.0 resolves dozens of bugs. This is a security update.
https://curl.haxx.se/windows/

Dropbox 184.4.6543 is a security update.
https://www.dropbox.com/

Facebook Messenger 196.0.0.4.210 is a security update.
https://www.messenger.com/download

Google Drive 82.0 increases nags and resolves several bugs. This is not a security update.
https://drive.google.com/start

Microsoft Teams 1.6.00.27573 improves app controls. This is not a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 27.1.2 is a security update.
https://nextcloud.com/

Npcap 1.77 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Omada Software Controller 5.12.7 adds IDS/IPS, support for newer hardware, and resolves dozens of bugs. This is a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Signal 6.33.0 adds the ability to edit messages. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 6.35.3 improves performance. This is not a security update.
https://signal.org/android/apk/

Skype 8.104.0.207 improves performance. This is not a security update.
https://www.skype.com/

Syncthing 1.25.0 resolves several bugs. This is not a security update.
https://syncthing.net/

Telegram 4.10.3 improves stability. This is not a security update.
https://telegram.org/

Telegram (Android) 10.1.0 doesn’t provide a changelog so should be treated as a security update.
https://telegram.org/apps

Trillian 6.5.0.33 is a security update.
https://www.trillian.im/

WinSCP 6.1.2 is a security update.
https://winscp.net/eng/index.php

Zoom 5.16.2.22807 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Bitwig Studio 5.0.9 improves DAWproject mapping, export, and import, and resolves a couple bugs. This is not a security update.
https://www.bitwig.com/download/

iTunes 12.12.10.1 is a security update.
https://www.apple.com/itunes/download/

Plex Desktop 1.79.1.3984 is a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.48.1.3982 resolves a stability bug. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.32.6.7557 resolves a dozen bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2023.8.2.106 resolves several bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.2.175 adds collaboration for Cloud projects, simplified variable syntax. This is not a security update.
https://gdevelop.io/download

Minecraft Server (Bedrock) 1.20.32.03 doesn’t provide a changelog so should be treated as a security update.
https://www.minecraft.net/en-us/download/server/bedrock

Minecraft Server (Java) 1.20.2 doesn’t provide a changelog so should be treated as a security update.
https://www.minecraft.net/en-us/download/server

PlayStation PS4 11.00 resolves several bugs. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps4/system-software/

PlayStation PS5 2023.101 adds Dolby Atmos support, increased M.2 SSD size support, and resolves several bugs. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

SteamOS SteamDeck Update 2023-10-06 resolves several bugs. This is not a security update.
https://store.steampowered.com/news/app/1675200/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Bridge 13.0.4 and 14.0.0 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb23-49.html

Adobe Commerce and Magento Open Source 2.4.7-beta2, 2.4.6-p3, 2.4.5-p5, 2.4.4-p6, 2.4.3-ext-5, 2.4.2-ext-5, 2.4.1-ext-5, 2.4.0-ext-5, and 2.3.7-p4-ext-5 are security updates.
https://helpx.adobe.com/security/products/magento/apsb23-50.html

Adobe Photoshop 24.7.1 and 25.0 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb23-51.html

Blender 3.6.4 is a security update.
https://www.blender.org/download/

Calibre 6.28.1 resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Ghostscript 10.02.0 is a security update.
https://www.ghostscript.com/releases/gsdnld.html

IcoFX 3.9 resolves several bugs, adds support for PNG, and adds several export options. This is a security update.
https://icofx.ro/

ImageMagick 7.1.1-20 is a security update.
https://imagemagick.org/

Kdenlive 23.08.1 resolves several bugs. This is not a security update.
https://kdenlive.org/

Kindle for PC 2.0.70350 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

LibreOffice 7.5.7 is a security update.
https://www.libreoffice.org/

LibreOffice Fresh 7.6.2 is a security update. The Fresh line is beta software so most people should avoid it in favor of the Still line.
https://www.libreoffice.org/

Nextcloud Desktop 3.10.0 resolves dozens of bugs. This is a security update.
https://nextcloud.com/

Paint.net 5.0.10 is a security update.
https://www.getpaint.net/

PDF-XChange Editor 10.1.1.381 is a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

Security Software Updates

One or more of these is likely to be of interest to most people.

Chainsaw 2.8.0 adds support for parsing ESE and SRUM databases, new rules and support for aggregated reports. This is not a security update.
https://github.com/countercept/chainsaw

JShelter 0.16 resolves several bugs. This is not a security update.
https://jshelter.org/install/

LibreJS 7.21.1 is a security update.
https://www.gnu.org/software/librejs/

MalwareBytes Anti-Malware 4.6.4 resolves several bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

MalwareBytes Anti-Malware Mac 4.21 adds support for macOS Sonoma. This is not a security update.
https://www.malwarebytes.com/mac/

OpenSSL 3.1.3 is a security update.
https://www.openssl.org/source/

ProtonVPN (macOS) 3.3.3 resolves a couple bugs and improves user interface. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.12.1 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Stinger 12.2.0.659 adds support for new detections. This is not a security update.
https://www.mcafee.com/us/downloads/free-tools/stinger.aspx

uBlock Origin 1.52.2 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

elementary OS 7.1 improves privacy, color blindness, and keyboard controls, personalization, sideloading, and adds new hardware support. This is not a security update.
https://elementary.io/

Tails 5.18 is a security update.
https://tails.boum.org/install/dvd/index.en.html

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.39 resolves several bugs and improves compatibility. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 24.0.0 is a major update adding ability to combine videos, click animations, capture pinning, and updated stamps. This is not a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.17.5 improves reliability and resolves a couple bugs. This is not a security update.
https://www.makemkv.com/download/

StreamFab 6.1.4.4 improves compatibility. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero (macOS) 6.0.27 adds macOS Sonoma compatibility and resolves a couple bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password 8.10.16 resolves dozens of bugs. This is not a security update.
https://1password.com/downloads/

Bitwarden 2023.9.1 is a security update.
https://bitwarden.com/

CCleaner 6.16.10662 changes Health Check interface. This is not a security update.
https://www.ccleaner.com/

CPU-Z Installer 2.08 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 11.12 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 4.0.115.0 adds support for Filters, including *.ignore files, and resolves several bugs. This is a security update.
https://dngrep.github.io/

Fing 3.4.1 is a security update.
https://www.fing.com/products/fing-desktop-download-windows
https://www.fing.com/products/fing-desktop-download-mac

FullEventLogView 1.80 adds dark background and resolves a bug with export data. This is not a security update.
https://www.nirsoft.net/utils/full_event_log_view.html

Go 1.21.3 is a security update.
https://go.dev/

GoodSync 12.4.1 resolves several bugs. This is not a security update.
https://www.goodsync.com/

GUIPropView 1.26 adds a WindowsCount action and the ability to run as administrator. This is not a security update.
https://www.nirsoft.net/utils/gui_prop_view.html

Homedale 2.08 adds stream count column and per-monitor DPI support. This is not a security update.
https://www.the-sz.com/products/homedale/

IsMyHdOK 3.93 improves performance. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

Mac Migration Assistant 2.4.4.0 adds support for macOS Sonoma. This is not a security update.
https://support.apple.com/en-us/HT204087

MobileFileSearch 1.47 resolves a couple bugs. This is not a security update.
https://www.nirsoft.net/utils/mobile_device_file_search.html

NConvert 7.161 doesn’t provide a changelog so should be treated as a security update.
https://www.xnview.com/en/nconvert/

NTLite 2023.9.9419 adds new controls. This is not a security update.
https://www.ntlite.com/download/

OSFMount 3.1.1002 resolves network access issues. This is not a security update.
https://www.osforensics.com/tools/mount-disk-images.html

OSForensics 10.0.1016 resolves several bugs. This is a security update.
https://www.osforensics.com/download.html

AOMEI Partition Assistant 10.2.0 adds duplicate file finder and resolves several bugs. This is not a security update.
https://www.diskpart.com/

PointerStick 6.33 adds keyboard shortcuts. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.74.1 resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

ProcDump 2.2 for Linux resolves memory leaks and adds support for Azure Linux. This is not a security update.
https://sysinternals.com/

ProcessMonitor 3.96 is a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

ScreenConnect 23.7.8.8676 is a security update.
https://www.connectwise.com/software/control/download

SDelete 2.05 improves command line reliability and output. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete

Sysmon 1.3.1 for Linux resolves a hash bug. This is not a security update.
https://github.com/Sysinternals/SysmonForLinux/releases/

TaskSchedulerView 1.74 adds dark background support and resolves a data export bug. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

Unity 2023.1.16 adds several new features and resolves dozens of bugs. Unity also announced that they’re changing their licensing model to charge developers for each installation, even pirated installations, so this is going to end up causing a major upset in the industry, then reversed course after the outcry. This is not a security update.
https://unity3d.com/get-unity/download/archive

USBDeview 3.07 adds toolbar sorting and resolves a data export bug. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

Ventoy 1.0.96 resolves several bugs. This is not a security update.
https://www.ventoy.net/en/index.html

WinGet 1.6.2771 resolves a couple bugs. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

WinRAR 6.24 is a security update.
https://www.rarlab.com/

WinScan2PDF 8.67 resolves a couple bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

.NET Runtime 7.0.12 is a security update.
https://dotnet.microsoft.com/en-us/download/dotnet

AutoHotkey 2.0.10 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

Android Studio 2022.3.1.2 resolves several bugs. This is not a security update.
https://developer.android.com/studio

GitHub Desktop 3.3.3 is a security update.
https://desktop.github.com/

Godot 4.1.2 resolves over a hundred bugs. This is not a security update.
https://godotengine.org/

Node.js 18.18.1 is a security update.
https://nodejs.org/en/

Node.js 20.8.0 is a security update.
https://nodejs.org/en/

Python 3.12.0 is a security update.
https://www.python.org/downloads/windows/

SQLite 3.43.2 resolves a couple bugs. This is not a security update.
https://www.sqlite.org/download.html

TortoiseGit 2.15.0 updates libraries and resolves several bugs. This is a security update.
https://tortoisegit.org/

Visual Studio Code 1.83 adds several new features. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.16.5 resolves a crash bug. This is not a security update.
https://www.ppsspp.org/download/

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 9.5.11 is a security update.
https://drupal.org/download

HumHub 1.14.4 resolves a dozen bugs. This is not a security update.
https://www.humhub.com/en

OpenCart 4.0.2.3 updates libraries and resolves dozens of bugs. This is not a security update.
https://www.opencart.com/

ownCloud Server 10.13.2 resolves several bugs. This is not a security update.
https://owncloud.com/download-server/

phpList 3.6.14 is a security update.
https://www.phplist.org/

Akismet 5.3 improves compatibility and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/akismet/

Antispam Bee 2.11.5 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/antispam-bee/

Contact Form 7 5.8.1 improves validation, email templates, and adds action hooks. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.6 fixes a couple bugs. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

W3 Total Cache 2.5.0 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 8.1.1 resolves a couple bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WPBakery 7.1 resolves several bugs. This is not a security update.
https://wpbakery.com/

WP Cerber Security 9.5.8 resolves a couple bugs and adds support for auditing password resets. This is not a security update.
https://wpcerber.com/

WPtouch 4.3.54 resolves several bugs and improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Happy Anniversary, my Love. I will miss you more than you’ll ever know.

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2023-03-14

Welcome back, Folks!

Today is Patch Tuesday for March, 2023.

This month brings a (mere) 104 major hacks and over 169 application updates. It’s the lightest month we’ve seen in a while with about 2 GB of updates for most users.

This Month in Technology

AASP, Acer, Activision, Albanian Government, Algodex, Aloha Nursing Rehab Centre, Andrade Gutierrez, AT&T, Atlassian, Bahrain International Airport, Booking.com, Boost Mobile, Burton Snowboards, California Northstate University, Cardiovascular Associates, CentraState, Cerebral Inc, Chick-fil-A, Codman Square Health Center, Coinbase, Community Health Systems, Convex, Danish Hospital websites, Dental Health Management Solutions, Denver Public Schools, Dish Network, Dole, Edgepark Medical Supplies, eMDs, Inc, Essendant, Euler Finance, Eye4Fraud, Fasecolda, the FBI, Flutterwave, Fonasa, Fortinet FortiOS, GDS Holdings, GoDaddy, GSC Game World, GunAuction.com, Hatch Bank, Hawai’i Department of Health, HDB Financial Services, HDFC Bank, Health Link, Henrico Doctors Hospital, Hope Finance, Hospital Clinic de Barcelona, Housing Authority of the City of Los Angeles, Hutchinson Clinic, Hyundai and Kia, iD Tech, Integrative Dentistry, Jump Crypto, LastPass, Lawrence General Hospital, LBB, Lehigh Valley Health Network, LimeVPN, Long Son Petrochemicals, Los Angeles Unified School District, Minneapolis Public Schools, News Corporation, Northeast Surgical Group, PC, Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crimes, Oakland, CA, PayPal, PetroVietnam, Pierce Transit, Platypus, POSCO Engineering & Construction, RealDudesInc, Reventics, LLC, Ring, Rosarito, San Juan Regional Medical Center, Scandinavian Airlines, Sentara Healthcare, Sharp Healthcare, Shopper+, Southeastern Louisiana University, SpaceX, ST Telemedia Global Data Centers, Stanford University, Technion, TELUS, Tender.fi, Tennessee State University, The Good Guys, Tusla, U.S. Marshals Service, Uranium Finance, Veeam, VGTRK, over 2,800 VMware hosts, Weee, West Cecil Health Center, WH Smith, White Bird Clinic, Wichita Urology Group, PA, Zoll Medical Corp, ZOLL Medical, and Zurcal have reportedly been hacked or compromised this month.

Twitter (twice), Russian state media, Microsoft Exchange Online, and Gmail IMAP have had major outages this month.

Two of the three largest bank failures in US history happened this week. Silicon Valley Bank was (briefly) shut down by regulators after mishandling billions of dollars.
Only days after Silvergate Capital Corp‘s collapse, and Signature Bank followed days later. Roku, for example, was set to lose over 99.9% of their deposits at SVB, almost 26% of their total cash. AcuityAds Holding, BlockFi, Rocket Lab, Roblox, and others were also at risk of major losses. Unfortunately, the federal government is going to bail them out, allowing bad business decisions to avoid any negative repercussions and giving way to cheap investments by larger banks to effectively stack the dominoes higher.

Last months updates broke IIS for Alliance.

Now for the good news:

 

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is small this month. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates to address 98 vulnerabilities in Azure, Client Server Run-time Subsystem (CSRSS), Internet Control Message Protocol (ICMP), Microsoft Bluetooth Driver, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office Excel, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft OneDrive, Microsoft PostScript Printer Driver, Microsoft Printer Drivers, Microsoft Windows Codecs Library, Office for Android, Remote Access Service Point-to-Point Tunneling Protocol, Role: DNS Server, Role: Windows Hyper-V, Service Fabric, Visual Studio, Windows Accounts Control, Windows Bluetooth Service, Windows Central Resource Manager, Windows Cryptographic Services, Windows Defender, Windows HTTP Protocol Stack, Windows HTTP.sys, Windows Internet Key Exchange (IKE) Protocol, Windows Kernel, Windows Partition Management Driver, Windows Point-to-Point Protocol over Ethernet (PPPoE), Windows Remote Procedure Call, Windows Remote Procedure Call Runtime, Windows Resilient File System (ReFS), Windows Secure Channel, Windows SmartScreen, Windows TPM, Windows Win32K and MSRT (~ 1 GB). This includes security updates. A reboot is required.

Apple released updates for GarageBand for macOS 10.4.8, tvOS 16.3.3, and macOS Big Sur 11.7.4. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

tvOS 16.3.3 is a security update. Use System, Software Update to install the most current version.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Ventura (13.x) means that macOS Catalina (10.15) and older are no longer supported. If you can not install at least macOS Big Sur (11) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 23.3.1 improves performance and reliability and resolves several bugs. This is not a security update.
https://www.amd.com/en/support

BullZip PDF Printer 14.2.0.2955 resolves the PrintToPrinter bug. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Crucial Storage Executive 9.01 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.6.1 introduces a new installer, improves Intel cleanup and improves user interface. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DS4Windows 3.2.9 adds DualSense Edge support and resolves over a dozen bugs. This is not a security udpate.
https://github.com/Ryochan7/DS4Windows/releases/latest

Garmin Express 7.16.3 doesn’t provide a changelog so should be treated as a security update.
https://www.garmin.com/en-US/software/express/

Samsung DeX 2.4.1.11 doesn’t provide a changelog so should be treated as a security update.
https://www.samsung.com/us/apps/dex/

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.49.120 is a security update.
https://brave.com/

Firefox 111.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Google Chrome 111.0.5563.64 is a security update.
https://www.google.com/chrome/

Google Chrome 109.0.5414.129 is a security update. Chrome v109 is being maintained until October 2023 to support Windows Server 2012 and Windows Server 2012 R2.
https://www.google.com/chrome/

Microsoft Edge 110.0.1587.69 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Vivaldi 5.7.2921.63 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

ProtonMail (Android) 3.0.12 improves stability. This is not a security update.
https://proton.me/mail/download

Spark 3.3.4.44396 resolves several bugs and adds zoom and message dragging. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.3.4.44394 resolves several bugs and adds zoom and message dragging. This is not a security update.
https://sparkmailapp.com/

Thunderbird 102.8.0 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

curl 7.88.1 resolves dozens of bugs. This is not a security update.
https://curl.haxx.se/windows/

Dropbox 169.4.5684 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 182.0.0.9.73 is a security update.
https://www.messenger.com/download

FileZilla Client 3.63.2.1 updates libraries and resolves several bugs. This is a security update.
https://filezilla-project.org/

FileZilla Server 1.6.7 updates libraries and resolves several bugs. This is a security update.
https://filezilla-project.org/

FreeFileSync 12.1 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Microsoft Teams 1.6.00.4472 improves caption and rich call support. This is not a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 25.0.4 updates libraries and resolves dozens of bugs. This is a security update.
https://nextcloud.com/

Omada Software Controller 5.9.9 resolves a couple bugs and adds several new features. This is not a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Pocketnet-GUI 0.8.41 adds audio upload and resolves several bugs. This is not a security update.
https://pocketnet.app/

Prosody 0.12.3 resolves several bugs. This is not a security update.
https://prosody.im/download/start

Rclone 1.62.0 adds several new features and fixes dozens of bugs. This is not a security update.
https://rclone.org/

Signal 6.9.0 resolves several bugs. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 6.13.7 doesn’t provide a detailed changelog so should be treated as a security update.
https://signal.org/android/apk/

Skype 8.94.0.428 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.skype.com/

Syncthing 1.23.2 updates libraries and resolves a relay bug. This is not a security update.
https://syncthing.net/

Technitium DNS Server 11.0.3 is a security update. This version is no longer compatible with operating systems older than Windows 10.
https://technitium.com/dns/

Telegram 4.6.5 resolves several bugs. This is not a security update.
https://telegram.org/

Zoom 5.13.11.13434 resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Bitwig Studio 4.4.8 improves stability. This is not a security update.
https://www.bitwig.com/download/

darktable 4.2.1 resolves over a dozen bugs. This is not a security update.
https://www.darktable.org/

Kodi 20.1 resolves dozens of bugs. This is not a security update.
https://kodi.tv/

Plex Desktop 1.65.1.3596 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.35.1.3614 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.31.2.6810 resolves several bugs including crash bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2023.2.0.71 resolves dozeens of bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.1.158 resolves dozens of bugs. This is not a security update.
https://gdevelop.io/download

Lego Studio 2.23.2.1 now displays the color of bricks in the tooltip. This is not a security update.
https://www.lego.com/en-us/ldd

Nintendo Switch 16.0.0 improves stability. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

PlayStation PS3 4.90 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps3/system-software/

PlayStation PS4 10.50 provides several cosmetic updates. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps4/system-software/

PlayStation PS5 23.01-07.01.00 improves stability and adds several cosmetic and voice features. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 23.001.20064 is a security update.
https://get.adobe.com/reader

Adobe Commerce 2.4.6, 2.4.5-p2, and 2.4.4-p3 are security updates.
https://helpx.adobe.com/security/products/magento/apsb23-17.html

Adobe Experience Manager 2023.1 and 6.5.16.0 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb23-18.html

Adobe Illustrator 27.3.1 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb23-19.html

Adobe Dimension 3.4.8 is a security update.
https://helpx.adobe.com/security/products/dimension/apsb23-20.html

Adobe Creative Cloud 5.10 is a security update.
https://helpx.adobe.com/security/products/creative-cloud/apsb23-21.html

Adobe Substance 3D Stager 2.0.1 is a security update.
https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html

Adobe Photoshop 23.5.4 and 24.2.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb23-23.html

Adobe ColdFusion 2018.16 and 2021.6 are security updates.
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html

Audacity 3.2.5 resolves a reliability bug with third-party auth. This is not a security update.
https://www.audacityteam.org/download/

Calibre 6.14.0 improves metadata controls and resolves several bugs. This is not a security update.
https://calibre-ebook.com/

GIMP 2.10.34 resolves several bugs. This is not a security update.
https://www.gimp.org/

ImageMagick 7.1.1-3 adds support for HEIC and resolves several bugs. This is not a security update.
https://imagemagick.org/

Kindle for PC 1.40.65535 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

LibreOffice 7.4.6 resolves over 70 bugs. This is a security update.
https://www.libreoffice.org/

LibreOffice Fresh 7.5.1 resolves 90 bugs. This is a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.7.4 resolves several bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.5 updates libraries and resolves dozens of bugs. This is not a security update.
https://notepad-plus-plus.org/

OpenOffice 4.1.14 resolves several bugs. This is not a security update.
https://www.openoffice.org/download/

Paint.net 5.0.2 adds ability to invert Alpha channel, performance improvements, and resolves several bugs. This is not a security update.
https://www.getpaint.net/

PDF-XChange Editor 9.5.367.0 is a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

Security Software Updates

One or more of these is likely to be of interest to most people.

Chainsaw 2.5.0 resolves several bugs. This is not a security update.
https://github.com/countercept/chainsaw

MalwareBytes Anti-Malware 4.5.23 is a security update.
https://www.malwarebytes.org/antimalware/

OpenSSL 3.1.0 is a security update.
https://slproweb.com/products/Win32OpenSSL.html

ProtonVPN 3.0.14 improves user interface. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.8.1 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

SanDisk PrivateAccess 6.3.12 doesn’t provide a changelog so should be treated as a security update.
https://support-en.wd.com/app/answers/detailweb/a_id/48025

Tails 5.10 is a security update.
https://tails.boum.org/install/dvd/index.en.html

TinyWall 3.3.1 resolves a couple bugs and releases it open source. This is not a security update.
https://tinywall.pados.hu/

uBlock Origin 1.47.4 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.13.0 adds a couple new features. This is not a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

Camtasia 22.5.1 resolves a dozen bugs. This is not a security update.
https://www.techsmith.com/video-editor.html

SnagIt 23.1.0 resolves dozens of bugs. This is a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.1.0.1 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

StreamFab 6.1.1.2 improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 1.0.1.5 adds conversion sampling and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.23 resolves several bugs and improves compatibility. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.10.1 resolves several bugs. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.10.1 resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/

Agent Ransack 2022.3367 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

AOMEI Partition Assistant 9.15.0 adds ability to reset Windows password and recover data. This is not a security update.
https://www.diskpart.com/

Beyond Compare 4.4.6.27483 improves compatibility. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 2023.2.0 adds several new security and feature controls, adds new encryption options and adds desktop validation for new devices. This is not a security update.
https://bitwarden.com/

CPU-Z Installer 2.05 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

CurrPorts 2.70 adds dark mode and several new sort options. This is not a security update.
https://www.nirsoft.net/utils/cports.html

DesktopOK 10.71 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 3.2.279.0 resolves several bugs. This is not a security update.
https://dngrep.github.io/

Etcher 1.18.5 updates libraries. This is not a security update.
https://www.balena.io/etcher/

Everything Toolbar 1.0.3 resolves several bugs. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

Fido 1.44 now prevents operation on non-Windows platforms. This is not a security update.
https://github.com/pbatard/Fido/releases

FileLocator Pro 2022.3367 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Git SCM 2.40.0 is a security update.
https://git-scm.com/

Go 1.20.2 is a security update.
https://go.dev/

GoodSync 12.1.9 resolves several bugs. This is a security update.
https://www.goodsync.com/

HWMonitor 1.50 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

NetworkInterfacesView 1.27 adds a new column for Metric. This is not a security update.
https://www.nirsoft.net/utils/network_interfaces.html

NTLite 2023.3.9160 adds support for new features and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSForensics 10.0.1009 resolves several bugs. This is a security update.
https://www.osforensics.com/download.html

osquery 5.8.1 is a security update.
https://osquery.io/downloads

PowerToys 0.68.1 adds Paste as Plain Text, Mouse Jump, new GPO policies, and resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

ProcessMonitor 3.93 resolves several user interface and log file bugs. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

RoboForm 9.4.4 is a security update.
https://www.roboform.com/

Seagate DiscWizard 25.0.1.39868 doesn’t provide a changelog so should be treated as a security update.
https://www.seagate.com/support/downloads/item/discwizard-master-dl/

SimpleWMIView 1.53 adds Sort By option to the toolbar. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

TcpLogView 1.37 adds several sorting options and resolves a bug. This is not a security update.
https://www.nirsoft.net/utils/tcp_log_view.html

TeamViewer 15.39.6 resolves several bugs. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

Unity 2022.2.10 resolves dozens of bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

Ventoy 1.0.89 resolves several bugs. This is not a security update.
https://www.ventoy.net/en/index.html

WifiInfoView 2.78 adds new sorting options and updates the internal MAC address database. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinRAR 6.21 resolves several bugs. This is not a security update.
https://www.rarlab.com/

WizFile 3.09 adds support for RegExp search, DrivePool, Storage Spaces, virtual drives, and resolves several bugs. This is not a security update.
https://antibody-software.com/wizfile/

ZoomText 2023 2023.2302.8.400 improves stability and resolves several bugs. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

ADB 34.0.1 resolves a couple bugs. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Android Studio 2022.1.1.21 resolves several bugs. This is not a security update.
https://developer.android.com/studio

GitHub Desktop 3.2.0 resolves several bugs. This is not a security update.
https://desktop.github.com/

Inno Setup 6.2.2 is a security update.
https://www.jrsoftware.org/isdl.php

Node.js 19.7.0 updates dependencies and resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/

Node.js 14.21.3 is a security update.
https://nodejs.org/en/

Node.js 16.19.1 is a security update.
https://nodejs.org/en/

Node.js 18.15.0 is a security update.
https://nodejs.org/en/

SQLite 3.41.1 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.76.1 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.22 resolves several bugs. This is not a security update.
https://coppermine-gallery.net/

Drupal 9.5.4 resolves several bugs. This is not a security update.
https://drupal.org/download

Joomla 4.2.9 is a security update.
https://www.joomla.org/

jQuery 3.6.4 adds selector forgiveness. This is not a security update.
https://code.jquery.com/

MailEnable Enterprise 10.45 is a security update.
https://www.mailenable.com/

MailEnable Enterprise 9.87 is a security update.
https://www.mailenable.com/

OpenPetra 2023.02 resolves several bugs. This is not a security update.
https://www.openpetra.org/

ownCloud Client 3.2.1.10355 resolves several bugs. This is not a security update.
https://owncloud.com/desktop-app/

Piwigo 13.6.0 is a security update.
https://piwigo.org/

YOURLS 1.9.2 improves compatibility and resolves several bugs. This is not a security update.
https://yourls.org/

BuddyPress 11.1.0 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/buddypress/

Contact Form 7 5.7.4 improves compatibility and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Social Post Feed 4.1.8 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

Sucuri Security 1.8.37 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

WooCommerce 7.5.0 is a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Cerber Security 9.5 resolves several bugs. This is not a security update.
https://wpcerber.com/

WPtouch 4.3.51 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2022-07-12

Welcome back, Folks!

Today is Patch Tuesday for July, 2022. You know how you say something like “biggest update series in well over a year” and the next month just blows that out of the water? We’re there now.

This Month in Technology

Advocates, Inc., Aerojet Rocketdyne, Alabama Eye & Cataract, P.C., Alameda Health System, Aloha Laser Vision, Amagasaki, Japan, Amazon Photos, AMD, Anker Eufy, Aon, Aruba Networks Switches, ATC Healthcare, Bangladeshi government, Bank of the West, Baptist Medical Center and Resolute Health Hospital, Bayhealth Medical Center, Inc., BeanVPN, Benefit Plan Administrators, Inc., Bookchor, Bourse des Vols, Capital Economics, Carnival Corporation, Carolina Behavioral Health Alliance, Carolina Eyecare Physicians, LLC, Catholic Health System, Center for Sight, Inc., Central Florida Inpatient Medicine, Charlotte Radiology, Cherry Creek Eye Physicians and Surgeons, P.C., CHRISTUS Spohn Health System Corporation, Cisco Secure Email, Cisco VPN routers, Citrix Application Delivery Management, CoDeSys Automation Software, Community of Hope D.C., Crema Finance, Customer.io, Disneyland’s Facebook and Instagram accounts, DivX SubTitles, Django, DTEK Group, ExpressLRS, Fast Shop, Flagstar Bank, Florida Birth-Related Neurological Injury Compensation Association, Foxhall Ob Gyn Associates, Geographic Solutions, Gol Tours LTD, Grab, Harmony, Hillrom Medical, Honda cars, Hudson Regional Hospital, IBM, Ignitis Group, Indian Flood Monitors, Indian government, thousands of industrial devices, Israeli Defense, Kaiser Foundation Health Plan of Washington, Kaiser Permanente, Kernersville Eye Surgeons, P.C., Khouzestan Steel Company, almost a million Kubernetes clusters, La Poste Mobile, Latvian government, Lithuanian government, Long Vision Center, Macmillan Publishing, Mangatoon, Marriott International, Massachusetts Child and Family Services, Inc., Mattax Neu Prater Eye Center, Inc., MCG Health and Eye Care Leaders, Medical University of Innsbruck, MEGA, Michigan Avenue Immediate Care, Microsoft Azure FabricScape, Microsoft Exchange, Microsoft Windows Domain Servers, Mitel VoIP, New Jersey Health Information Management, Nichirin-Flex U.S.A., North American Spine Society, Norway govt sites, OpenSea, OrthoNebraska, Phelps Care Regional Medical Center, Preferred Hospital Leasing Coleman Inc., Professional Finance Company, Renton School District, Resolute Health Hospital, Rodeo Pharmacy Inc, Shanghai National Police, Sharper Vision P.A., SHI International, Shoprite, Sight Partners Physicians, P.C., Sophos Firewall, Southwest Health Center, St Joseph Heritage Health, Stanford University, Stokes Regional Eye Centers, TB Kawashima, The People Concern, The Vicksburg Clinic, LLC, Tosoh America, Inc., UK Army’s Twitter & YouTube, UNC Lenoir Health Care, University of Pisa, University Pediatric Dentistry, US Bank, Walmart, WellDyneRx, LLC, Wiltshire Farm Foods, Yodel, Yuma Regional Medical Center, and Zimbra reportedly been hacked or compromised this month.

Some vendors, like CafePress, simply don’t care about security – and do their best to conceal when they’re hacked. I contacted them to report when they were hacked back in 2014 and they ignored me. Sigh.

Microsoft 365, Cloudflare, Microsoft Teams, Rogers (it was a big one), and Microsoft Office / OneDrive had widespread outages.

Facebook is collecting the patient data of millions, and is also blocking the link to the Facebook settlement class action website. You think they would have learned.

Attackers are using Google Chrome Extension fingerprinting to uniquely identify you. This method works in any Chromium browser.

Spam is still the #1 method of exploiting users. Whether it is a fake renewal notice, fake copyright complaints, or fake invoice, most spams will include a fake login form or a fake support number. In both cases they depend on the user to actually enter the login details or call the scammer to fall prey to their attacks. Online development environments are even being used for these attacks.

Counterfeit hardware can be far more dangerous than the real thing. Even though some vendors only support their hardware a few years before you have to replace it,  counterfeits are never supported and often have malicious implants.

Microsoft has rolled back (temporarily) their decision to block macros by default.

MITRE staff didn’t understand that publishing vulnerable sites, not just vulnerability information was bad, while a HackerOne employee was selling exploits before they were published, and an Amazon employee installed cryptominers on Capital One servers. Adobe is using malware traits to block antivirus software from scanning PDF files. How quickly these organizations can shatter their trust.

Here’s a great example of how a single vulnerability will be used to get far deeper into your network and hardware.

Storing your password directly in the browser is dangerous. Use a password manager.

Now for the good news:

 

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates to address 74 vulnerabilities in Azure Site Recovery, Azure Storage Library, DNS Server, Microsoft Defender for Endpoint, Microsoft Edge, Microsoft Graphics Component, Microsoft Lync, Microsoft Office, Open Source Software, Skype for Business, Windows Active Directory, Windows Advanced Local Procedure Call, Windows BitLocker, Windows Boot Manager, Windows Client/Server Runtime Subsystem, Windows Connected Devices Platform Service, Windows Credential Guard, Windows Fast FAT Driver, Windows Fax and Scan Service, Windows Fax Service, Windows Group Policy, Windows Hyper-V, Windows IIS, Windows Kernel, Windows Media, Windows Network File System, Windows Performance Counters, Windows Point-to-Point Tunneling Protocol, Windows Portable Device Enumerator Service, Windows Print Spooler Components, Windows Remote Procedure Call Runtime, Windows Security Account Manager, Windows Server Service, Windows Shell, Windows Storage, XBox, and MSRT (~3 GB). This includes security updates. A reboot is required.

Google Chrome OS 103.0.5060.114 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 22.6.1 adds support for newer hardware. This is not a security update.
https://www.amd.com/en/support

Crucial Storage Executive 7.12 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.5.2 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Intel Driver and Support Assistant 22.4.26 improves user interface. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Samsung DeX 2.4.0.29 doesn’t provide a changelog so should be treated as a security update.
https://www.samsung.com/us/apps/dex/

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.41.96 is a security update.
https://brave.com/

SeaMonkey 2.53.13 is a security update.
https://www.seamonkey-project.org/

Google Chrome 103.0.5060.114 is a security update.
https://www.google.com/chrome/

Microsoft Edge 103.0.1264.51 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 102.0.1 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 91.11.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 5.3.2679.68 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

OutlookAttachView 3.45 adds a command-line option to control columns in exports. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Thunderbird 102.0.2 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

curl 7.84.0 resolves over a hundred bugs. This is a security update.
https://curl.haxx.se/windows/

Dropbox 152.4.4880 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 153.0.0.19.110 is a security update.
https://www.messenger.com/download

FreeFileSync 11.22 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 60.0 resolves several bugs. This is not a security update.
https://drive.google.com/start

Nextcloud Server 24.0.2 updates libraries, and resolves over 50 bugs. This is a security update.
https://nextcloud.com/

Npcap 1.70 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Rclone 1.59.0 adds support for new backends, metadata framework, resolves several bugs, and updates libraries. This is not a security update.
https://rclone.org/

Signal 5.49.0 doesn’t provide a detailed changelog so should be treated as a security update.
https://signal.org/download/windows/

Skype 8.85.0.409 improves their propaganda tools and resolves several bugs. This is not a security update.
https://www.skype.com/

Syncthing 1.20.3 resolves several bugs. This is not a security update.
https://syncthing.net/

Technitium DNS Server 8.1.4 resolves several bugs. This is not a security update.
https://technitium.com/dns/

Telegram 4.0.2 resolves several bugs. This is not a security update.
https://telegram.org/

WinSCP 5.21.2 is a security update.
https://winscp.net/eng/index.php

Zoom 5.11.1.6602 resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 3.0.2 updates libraries and resolves several bugs. This is not a security update.
https://en.3tene.com/

darktable 4.0.0 is a major update. This version improves color space, exposure, contrast controls and hundreds of other features, as well as resolving over 100 issues. This should be treated as a security update.
https://www.darktable.org/

Picard 2.8.2 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

Plex Desktop 1.48.2.3124 adds option to disable some Discover features, resolves several bugs with Search and Watchlist. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.20.2.3110 resolves a stability bug. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.27.2.5929 improves logging, adds support for Musicbrainz tags, and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

Epic Games 14.1.2 resolves several bugs. This is not a security update.
https://www.epicgames.com/

GameMaker Studio 2022.6.0.23 adds Feather support, room editor filters, additional extension features, and resolves dozens of bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker

Lego Studio 2.22.6.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

PlayStation PS5 22.01-05.50.00 resolves several bugs and improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

PlayStation PS4 9.60 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps4/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe RoboHelp RH2020.0.8 is a security update.
https://www.adobe.com/support/robohelp/downloads.html

Adobe Acrobat and Reader 22.001.20169, 20.005.30362, and 17.012.30249 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb22-32.html

Adobe Character Animator 22.5 is a security update.
https://www.adobe.com/creativecloud/catalog/desktop.html

Adobe Photoshop 22.5.8 and 23.4.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb22-35.html

Artweaver 7.0.13 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Calibre 6.0 is a major update. This version adds full text search, new hardware support and performance improvements, a new URL scheme, and read-aloud support. It also removed 32-bit support. This is not a security update.
https://calibre-ebook.com/

Gimp 2.10.32 adds HiDPI, high bit-depth and multi-threading support, dark theme, improved color control, masking, and warp. This is not a security update.
https://www.gimp.org/

Kindle for PC 1.37.65274 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

Nextcloud Desktop 3.5.2 resolves over a dozen bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.4.3 adds option to limit search results to one line per file, adds EOL customization, adds new document shortcuts, and resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

Intel CSMEVDT 7.0.2.0 resolves a documentation error. This is not a security update.
https://www.intel.com/content/www/us/en/download/19392/28632/intel-converged-security-and-management-engine-version-detection-tool-intel-csmevdt.html

FSS 2022.6.14 doesn’t provide a changelog so should be treated as a security update.
https://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

Gpg4win 4.0.3 is a security update.
https://www.gpg4win.org/download.html

HTTP Toolkit 1.9.0 improves issue tracking and feedback. This is not a security update.
https://httptoolkit.tech/

MalwareBytes Anti-Malware 4.5.10.200 is a security update.
https://www.malwarebytes.org/antimalware/

OpenSSL (SLP) 3.0.5 is a security update.
https://slproweb.com/products/Win32OpenSSL.html

OpenSSL 1.1.1q is a security update.
https://www.openssl.org/source/

ProtonVPN 2.0.3 resolves several bugs. This is not a security update.
https://protonvpn.com/download

ProtonVPN (macOS) 3.0.1 resolves several bugs. This is not a security update.
https://protonvpn.com/download

SanDisk PrivateAccess 6.3.10 does not provide a changelog so should be considered a security update.
https://kb.sandisk.com/app/answersweb/detailweb/a_id/21996

Tails 5.2 is a security update.
https://tails.boum.org/install/dvd/index.en.html

YARA 4.2.2 is a security update.
https://github.com/VirusTotal/yara/

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 22.1.0 adds several new features, improves performance, and resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/releases/snagit.msi

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.7.8 adds support for new encodings and resolves several stability bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

iMazing HEIC Converter 2.0.0 doesn’t provide a changelog so should be considered a security update.
https://imazing.com/heic

IsoBuster 5.0 is a major update that adds a 64-bit version, high-DPI scaling, themes, improved media support and resolves several bugs. This is not a security update.
https://www.isobuster.com/download.php

MakeMKV 1.17.0 improves reliability, adds support for new encodings, and resolves several bugs. This is not a security update.
https://www.makemkv.com/download/

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.9 adds PDF rotation and resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 8.7.3 is a major update adding several new cosmetic and integration improvements, and search and filter options. This is a security update.
https://1password.com/downloads/windows/

1Password for Mac 8.7.3 is a major update adding several new cosmetic and integration improvements, and search and filter options. This is a security update.
https://1password.com/downloads/mac/

7-Zip 22.00 adds support for APFS, pax, adds zone.id, and resolves several bugs. This is not a security update.
https://www.7-zip.org/

8GadgetPack 35.0 improves compatibility, adds keyboard shortcuts, and resolves several bugs. This is not a security update.
https://8gadgetpack.net/

Agent Ransack 2022.3335 adds new columns, improves view state restoration, and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

CCleaner 6.01.9825 adds support for new apps and resolves several bugs. This is not a security update.
https://www.ccleaner.com/

Dell OS Recovery Tool 2.3.7012.0 doesn’t provide a changelog so should be treated as a security update.
https://www.dell.com/support/home/uk/en/ukbsdt1/drivers/osiso/recoverytool

DesktopOK 9.97 expands toolset. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 3.0.84.0 adds personalization, search statistics, Excel row numbers, and resolves several bugs. This is not a security update.
https://dngrep.github.io/

dupeGuru 4.3.1 resolves a false duplication detection bug. This should be treated as a security update if you use dupeGuru to remove duplicate files.
https://dupeguru.voltaicideas.net/

FileLocator Pro 2022.3335 adds new columns, improves view state restoration, and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Git SCM 2.37.0 resolves several bugs and improves CLI support. This is a security update.
https://git-scm.com/

GoodSync 11.11.5 resolves dozens of bugs. This is a security update.
https://www.goodsync.com/

Intel CPU Diagnostic 4.1.7.39 adds tests for newer hardware, resolves several bugs, and updates components. This is not a security update.
https://www.intel.com/content/www/us/en/download/15951/intel-processor-diagnostic-tool.html

IsMyHdOK 3.66 improves compatibility and SSD/SSHD detection. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.3.6.8804 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

PointerStick 5.88 improves support for virtual desktops and multiple screens. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.60.0 resolves several bugs and improves compatibility. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 9.3.3 adds (and resolves bugs within) OTP feature, improves search, and resolves several bugs. This is not a security update.
https://www.roboform.com/

Rufus 3.19 adds an option for setup customization, updates drivers, and resolves several bugs. This is not a security update.
https://rufus.ie/en_US/

SearchMyFiles 3.20 adds filename length filter. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

Synergy 1.14.5 resolves several bugs. This is not a security update.
https://symless.com/synergy/

TeamViewer 15.31.5 improves video experience and adds remote terminal to the Computers & Contacts list. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

Unity 2022.1.8 updates libraries and resolves dozens of bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

WhyNotWin11 2.5.0.1 resovles several bugs. This is not a security update.
https://github.com/rcmaehl/WhyNotWin11

WifiInfoView 2.77 improves high-DPI support. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

ZoomText 2022.2206.7.400 adds languages and resolves several bugs. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

GitHub Desktop 3.0.3 resolves several bugs. This is not a security update.
https://desktop.github.com/

Node.js 18.5.0 is a security update.
https://nodejs.org/en/

Node.js 16.16.0 is a security update.
https://nodejs.org/en/

Node.js 14.20.0 is a security update.
https://nodejs.org/en/

Rustup 1.25.0 adds support for arm64, improved integration and resolves several bugs. This is not a security update.
https://www.rust-lang.org/

Redemption 6.2.0.6122 resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/

SQLite 3.39.0 adds support for right and full outer join, distinct from, and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.69.1 adds 3-way merge, improved command center UI for search, DND mode, and resolves several bugs. This is a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 9.3.18 is a security update.
https://drupal.org/download

Drupal 9.4.0 is a security update.
https://drupal.org/download

HumHub 1.11.4 is a security update.
https://www.humhub.com/en/download

Joomla 4.1.5 resolves several bugs. This is the last of the 4.1 series. This is not a security update.
https://www.joomla.org/

jQuery 3.6.0
https://code.jquery.com/

MailEnable 10.40 updates libraries and resolves over a dozen bugs. This is a security update.
https://www.mailenable.com/

Piwigo 12.3.0 resolves several bugs. This is not a security update.
https://piwigo.org/

WordPress 6.0.1 resolves over two dozen bugs. This is not a security update.
https://wordpress.org/

Akismet 4.2.5 resolves a bug. This is not a security update.
https://wordpress.org/extend/plugins/akismet/

Antispam Bee 2.11.1 cleans up code. This is not a security update.
https://wordpress.org/extend/plugins/antispam-bee/

Contact Form 7 5.6 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.4.7 improves compatibility. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

Interactive World Map 3.2.0 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/interactive-world-map/

Postie 1.9.61 resolves a MIME warning. This is not a security update.
https://wordpress.org/extend/plugins/postie/

NextScripts Social Networks Auto-Poster 4.3.26 is a security update.
https://wordpress.org/extend/plugins/social-networks-auto-poster-facebook-twitter-g/

Slider Revolution 6.5.25 resolves a dozen bugs. This is not a security update.
https://revolution.themepunch.com/

Sucuri Security 1.8.32 is a critical security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

W3 Total Cache 2.2.3 is a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 6.6.1 resolves dozens of bugs. This is a security update.
https://wordpress.org/extend/plugins/woocommerce/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

 

Updates 2021-05-11

Welcome back, Folks!

Today is Patch Tuesday for May, 2021. There have been a couple dozen major hacking incidents and critical security issues, and every browser has now continued their weekly security update cadence through the third month.

This Month in Technology

Apple (Quanta Computer), Apple’s AirDrop, Apple’s iOS 14.5, Apple’s macOS Big Sur 11.3, Cellebrite, Celsius Network, Colonial Pipeline, Dell dbutil, Dominion election hardware, various DNS implementations, mostly on IoT devices, various medical devices, Elliman Property Management, Facebook, Geico, enterprise password app Passwordstate, various Police Departments, Pulse Connect Secure, Tesla’s Model X, and Trend Micro’s Apex One were hacked this month.

Linux banned University of Minnesota from submitting code because they intentionally submitted patches that would have intentionally made Linux devices insecure.

The FBI is violating the Computer Fraud and Abuse Act.

It’s illogical to justify or mandate an experimental treatment that increases your risk for a disease and creates side-effects on its own that are equivalent to the disease. When you can’t win your arguments using actual science you have to ignore the inserts, the numbers, falsify the data, falsify the tests, censor, attack their education, ridicule and intimidate, hide the dead children, secretly destroy the unused ventilators, ignore the tens of thousands of barrels of DDT dumped in the ocean by the same  companies making the experimental vaccines today, make sure nobody knows you have no idea what you’re doing, or just straight-up kill people. A Jedi mind trick or two goes a long way, too. By the way, the COVID-19 mortality rate for vaccinated test subjects dwarfs the rate for the “control group.” France is at least capable of putting two and two together. It’s sad that American doctors can’t.

In a surprise move, Apple & Google have actually stood by their privacy policies forbidding the UK from collecting additional location details through the NHS COVID-19 tracking app. That said, no matter how much they try to limit data exposure, if it’s collected, it can be compromised.

Piracy is bad and FLoC is worse10DLC is a step in the right direction, but will likely only result in increased text messaging forgery.

USPS is violating the first amendment but that pales in comparison to what state and federal governments are doing, and what the Speaker has done to keep her seat. Christianity isn’t illegal, yet. Violence is, but it has proven to be effective anyway, so will continue unabated.

There are still some wins coming in, so I guess we haven’t quite devolved into communism, but it doesn’t look good when censorship is so pervasive and ambiguous, and officials openly engage in fraud during an audit, and blame the victims for being assaulted.

The Epic vs Apple suit is currently underway and has proven to be what you’d expect from a conflict between a monopoly and a video game company. Meanwhile, Apple is now being sued for terminating accounts for customers that have “bought” apps and services through them, and the EU has declared Apple’s App Store a monopoly. Seeing the writing on the wall, Microsoft has lowered it’s Windows Store cut.

Google, which dropped Fortnite last year for violating the terms of a contract, just sidestepped Roku’s removal of the YouTube TV app by inserting the functionality of  YouTube TV app into the YouTube app. Demonstrating the flaws in their app compatibility argument Google broke YouTube TV on their own Chromecast platform during this circus.

Now for the good news:

Dogecoin for the win. Just make sure you are the only one with the keys to your wallet!

Oh, and Samsung is planning to provide a way so you can still make use of some of your archaic hardware.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge – with well over a hundred common applications and operating systems releasing fixes. The typical computer should see roughly 3.2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, Internet Explorer, and MSRT (~1.5 GB). This includes security updates. A reboot is required.

Apple released updates for iCloud for Windows 12.3, iTunes 12.11.3 for Windows, Safari 14.1, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, Xcode 12.5, iOS 14.5.1 and iPadOS 14.5.1, iOS 12.5.3, macOS Big Sur 11.3.1, tvOS 14.5, and watchOS 7.4.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.5.1 and 12.5.3 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 14.5.1 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.4.1 is a security update. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 90.0.4430.100 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 34-1.2 has a lot of changes under the hood, such as UEFI improvements, driver and updated libraries. This is a security update.
https://getfedora.org/en/workstation/download/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.x) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.3.9 improves diagnostics and removal. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Logitech Options 8.54.106 resolves several bugs. This version does not provide a detailed changelog so should be treated as a security update.
https://www.logitech.com/en-us/product/options

Nvidia 466.27 improves compatibility. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Engine 3.20.0 resolves several bugs. This is not a security update.
https://steelseries.com/engine

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.24.84 is a security update.
https://brave.com/

Google Chrome 90.0.4430.212 is a security update.
https://www.google.com/chrome/

Microsoft Edge 90.0.818.56 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 88.0.1 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.10.1 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

SeaMonkey 2.53.7.1 is a security update.
https://www.seamonkey-project.org/

Vivaldi 3.8.2259.42 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.9.1 is a security update.
https://getmailspring.com/

Thunderbird 78.10.1 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.48 adds a QR code toolbar button and resolves a bug in the SaveDirect command-line switch. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 7.76.1 resolves several bugs. This is a security update.
https://curl.haxx.se/windows/

Dropbox 121.4.4267 doesn’t provide a changelog, so should be treated as a security update.
https://www.dropbox.com/

FreeFileSync 11.10 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Java 8u291 is a security update.
https://www.java.com/en/download/manual.jsp

Npcap 1.31 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Omada Software Controller 4.3.5 resolves several bugs and improves compatibility. This is not a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

PuTTY 0.75 is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Technitium DNS Server 6.2.3 resolves several bugs. This is not a security update.
https://technitium.com/dns/

Telegram 2.7.4 resolves several bugs. This is not a security update.
https://telegram.org/

Zoom 5.6.5.823 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.11.3 is a security update.
https://www.apple.com/itunes/download/

Picard 2.6.2 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

Plex Media Server 1.22.3.4392 resolves several bugs with collections. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

VLC Media Player 3.0.14 is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

PlayStation PS4 8.03 improves notification controls and resolves several bugs. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps4/system-software/

PlayStation PS5 21.01-03.10.00 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Artweaver 7.0.9 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Atom 1.57.0 updates libraries, and resolves several bugs. This is not a security update.
https://atom.io/

LibreOffice Fresh 7.1.3 resolves over a hundred bugs. This is a security update. Be aware that LibreOffice Fresh is a beta version and should be avoided in favor of the Still (stable) version.
https://www.libreoffice.org/

Lightworks NLE 2021.2 resolves dozens of bugs and improves reliability. This is not a security update.
https://www.lwks.com/

Nextcloud Desktop 3.2.1 resolves several bugs. This is not a security update.
https://nextcloud.com/

OpenOffice 4.1.10 is a security update.
https://www.openoffice.org/download/

Paint.net 4.2.16 resolves several bugs. This is not a security update.
https://www.getpaint.net/

Adobe Creative Cloud Desktop Application 5.4.3 is a security update.
https://helpx.adobe.com/security/products/creative-cloud/apsb21-31.html

Adobe Genuine Service 7.3 is a security update.
https://helpx.adobe.com/security/products/integrity_service/apsb21-27.html

Adobe Acrobat and Reader 2021.001.20155, 2020.001.30025, and 2017.011.30196 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb21-29.html

Adobe After Effects 18.2 is a security update.
https://helpx.adobe.com/security/products/after_effects/apsb21-33.html

Adobe Animate 21.0.6 is a security update.
https://helpx.adobe.com/security/products/animate/apsb21-35.html

Adobe Experience Manager 6.5.8.0 and 6.4.8.4 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb21-15.html

Adobe InDesign 16.2.1 is a security update.
https://helpx.adobe.com/security/products/indesign/apsb21-22.html

Adobe Illustrator 25.2.3 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb21-24.html

Adobe InCopy 16.2.1 is a security update.
https://helpx.adobe.com/security/products/incopy/apsb21-25.html

Magento 2.4.2-p1 and 2.3.7 are security updates.
https://helpx.adobe.com/security/products/magento/apsb21-30.html

Adobe Media Encoder 15.2 is a security update.
https://helpx.adobe.com/security/products/media-encoder/apsb21-32.html

Adobe Medium 2.4.5.332 is a security update.
https://helpx.adobe.com/security/products/medium/apsb21-34.html

Security Software Updates

One or more of these is likely to be of interest to most people.

HTTP Toolkit 1.3.0 doesn’t provide a detailed changelog so should be treated as a security update.
https://httptoolkit.tech/

KeePass 2.48.1 improves compatibility and resolves several bugs. This is not a security update.
https://keepass.info/

uBlock Origin 1.35.2 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.9.6 doesn’t provide a changelog so should be treated as a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Tails 4.18 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.30 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 2021.3.1 resolves two minor bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Education updates

One or more of these are likely to be of interest to most people.

Zotero 5.0.96.2 optimizes online storage and resolves a hang in generating citations. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.8.2 resolves several bugs. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 7.6.801 is a security update.
https://1password.com/downloads/windows/

Autoruns 13.100 resolves a crash bug. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

CCleaner 5.79.8704 adds cleaning of Slack cache, adds ability to wipe free space, and improves debug logging. This is a security update.
https://www.ccleaner.com/

CPU-Z Installer 1.96 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

CurrPorts 2.65 resolves a kernel tracing bug and improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/cports.html

Etcher 1.5.120 is a documentation change. This is not a security update.
https://www.balena.io/etcher/

Fing 2.6.0 adds Deep Scan and updates libraries. This is not a security update.
https://www.fing.com/products/fing-desktop-download-windows

GoodSync 11.6.6 resolves several bugs. This is not a security update.
https://www.goodsync.com/

HWMonitor 1.44 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

NTLite 2.1.0.7862 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

Aomei Partition Assistant 9.2 adds ability to free up space on Windows partitions by moving apps to another partition. This is not a security update.
https://www.diskpart.com/

PowerToys 0.37.2 updates all components, settings app and configuration, and improves silent installation behavior. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Process Monitor 3.70 allows constraining the number of events and fixes several bugs. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

ProduKey 1.97 adds command-line configuration processing. This is not a security update.
https://www.nirsoft.net/utils/product_cd_key_viewer.html

RoboForm 9.1.3 resolves several bugs. This is not a security update.
https://www.roboform.com/

SearchMyFiles 3.11 adds high-DPI support and adds a sorting as a menu option. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

TCPView 4.01 is a cosmetic update. This is not a security update.
https://sysinternals.com/

WinRAR 6.01 resolves several bugs. This is not a security update.
https://www.rarlab.com/

WinScan2PDF 7.07 improves compatibility with Windows. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.41 resolves several bugs. This is not a security update.
https://wiztreefree.com/

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.33.09 resolved several bugs. This is not a security update.
https://www.autohotkey.com/download/

Godot 3.3 improves reliability and adds several new features. This is not a security update.
https://godotengine.org/

MySQL ConnectorNet 8.0.25 resolves several bugs. This is not a security update.
https://dev.mysql.com/downloads/connector/net/

Node.js 16.1.0 resolves dozens of bugs and compatibility issues with the new major v16 update to Node.js, which removes support for Python 2 and updates system requirements. This is not a security update.
https://nodejs.org/en/

Node.js 14.17.0 updates libraries, resolves dozens of bugs, improves diagnostic capabilities, and backports several features from stable. This is not a security update.
https://nodejs.org/en/

SQLite 3.35.5 is a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.56 improves hover feedback, terminal profile, debugger, and more. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.12 adds ARM64 support and resolves dozens of bugs. This is not a security update.
https://winmerge.org/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.22-144080 is a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.12 updates libraries. This is not a security update.
https://coppermine-gallery.net/

Dada Mail 11.13.0 resolves several bugs. This is not a security update.
https://dadamailproject.com/

Docker Desktop 3.3.3 updates libraries and resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.0.13 updates libraries and resolves several bugs. This should be treated as a security update.
https://drupal.org/download

HumHub 1.8.2 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

OpenPetra 2021.04 improves contact and import, and resolves several bugs. This is not a security update.
https://www.openpetra.org/

ScreenConnect 21.6.3280.7796 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.7.1 is a security update.
https://wordpress.org/

Autoptimize 2.8.4 is a security update.

BuddyPress 7.3.0 is a security update.

Contact Form 7 5.4.1 resolves several bugs and compatibility issues. This is not a security update.

WooCommerce 5.3.0 resolves dozens of bugs and introduces several new features. This is not a security update.

WP Mail SMTP 2.8.0 resolves several bugs. This is not a security update.

WPtouch 4.3.41 resolves a cosmetic bug. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2021-01-12

Welcome back, Folks!

Today is Patch Tuesday for January, 2021.

This Month in Technology

By now you’re probably very aware with the SolarWinds “hack” since it was 24/7 news only a month ago, though mostly conjecture. We now know they were hacked over a year before a third-party (FireEye) pointed it out to them, and the malware remained on their servers weeks after it was identified.

What we’ve learned of it over the last month is a rich reminder of do’s and don’ts:

  • Don’t trust multi-factor authentication – it’s not nearly as effective at preventing logins as you’ve been lead to believe.
  • Don’t take over devices you can’t exploit quickly – don’t expose yourself wideband for 0.2%.
  • Do use a strong, unique password for everything – never something as absurd as “solarwinds123“.
  • Do modify your firewall to eliminate automatic whitelists for government IP addresses.
  • Do regular checkups – you never know what you’re going to find.

Don’t worry, though, they’ve hired a political hack to CYA!

Austin City, the City of CorneliaCity of EllensburgIndependence City (Kansas), Chatham County (North Carolina), Huntsville City Schools (Alabama), Jefferson County (Kentucky), Subway, Intel’s Habana LabsMicrosoftFireEye, the United NationsMaryland’s GBMC HealthCare, the US Dept of JusticeNissanLivecoinSpotifyIndiGo, various Israeli companies, the US Judiciary case file system, and many gaming companies have all been hacked.

Security issues or backdoors were found in Zyxel firewalls, Typo3Android BluetoothGlassdoorNintendo 3DSMicrosoft 365Google Titan security keys, Signal App cryptography, Starbucks mobile, and terabytes of secrets and databases have been dumped online.

Point-of-sale hardware has a “service mode” with a default password, malware is fingerprinting and mapping networks using the MAC address, Smart Doorbells are still a bad idea, Gionee has been infecting their own budget smartphones for kickbacks, and Google is still the easiest way to hack Google.

Ticketmaster hacked their competition 7 years ago and is only now paying a fine for it, Twitter is being fined almost half a million Euros for its breach handling, and Sabre Corp has now settled with 27 states over data breach.

WhatsApp won’t let you use it if you don’t want it to have your data tied to the rest of Facebook. The bigger you are, the bigger the target is on your back.

The “secure communication” tool Telegram tells everyone your precise location if you enable location support. One of my favorite browser extensions, The Great Suspender, changed hands in 2020 and the new publisher has recently been caught using it to distribute malware under the guise of analytics. Shopify, BigCommerce and other large sales platforms are being targeted with a card skimmer.

Mozilla (creator of Firefox and Thunderbird) wants the entire Internet to be used to censor certain publishers (that’s a bad thing), which is sad since they recently dropped support for PWAs (that’s a good thing).

Speaking of censorship and cancel culture, a potential new federal banking rule could put an end to the social/financial terrorism employed by cancel culture devotees. However, Big Tech censorship is at an all-time high in the wake of “riots” that were tame for the last year.

Corellium is protected by Fair Use and Tim Cook is going to have to testify more than a mere 4 hours about how his elimination of competition and closed ecosystem aren’t “really” a monopoly.

Ledger WalletT-Mobile (yet again), Amazon partner JuspayUbiquitiNintendo21 ButtonsSangoma TechnologiesDental Care AllianceKoei Tecmo, and Apex Laboratory all suffered data leaks/breaches.

Zoom, however, willingly shared their US user data with China.

Facebook’s recent Instagram hack exposed a massive click farm.

Google has had several service outages in the last month, as has Apple and even #Slack.

WinZip is vulnerable to a MitM attack (dude, no SSL, really?!).

Google broke SMS on many Android devices, your RAM can be used to exfil data from your device, Apple iPhone assembly plant Wistron in India has been suspended after a riot causes $60 million in damages. That may be a good thing, though, since the Apple MagSafe chargers can deactivate pacemakers.

macOS Preview is damaging PDFs (again).

Apple has removed the ability to download combo updates for Big Sur. This is going to cause serious security problems for the vast majority of the world that doesn’t have Bay Area bandwidth available to them.

In a good move, Apple has upset Facebooks advertising ecosystem by preventing certain data collection and use on their latest platforms, even Google is trying to figure out how to get around the new privacy requirements.

Why don’t I trust government? It’s hard to pick just one reason, but this month has many examples. Government employees tasked with preserving election data call for its mass deletion, or “accidentally” delete the security log files, while ignoring hundreds of pages of evidence and “moving the goalposts.”

The FBI has been hiding Seth Rich’s laptop while claiming they didn’t have it, public schools are purchasing hacking tools to get the data off student’s phones, mass data collection never ends, agencies fine you for helping during a crisis or being in a car without permission, while they hack journalist’s phones and run pedophile rings out of large white government buildings in DC. Nevertheless, you should trust the math and not look behind the curtain. Or else.

By the way, streaming content that you don’t have rights to is now a felony thanks to a nearly 6,000 page bill passed without anyone reading itHypocrisy is their bread and butter. Which is why they have such religiously held beliefs that violate all common sense.

Now for the good news:

It is now possible to integrate Everything into the Windows taskbar!

Starlink is approved for use in the UK, opening the door to true worldwide broadband.

Let’s Get Busy

Now back to our regularly scheduled program.

Adobe Flash Player is finally dead! There will be no more security updates released for Flash, and it’s probably the application single-most responsible for infections world-wide over the last 20 years, so it should be removed immediately. Use the utility below to remove it.
Win: https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html
Mac: https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html

Patch Tuesday this month is pretty big. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, and MSRT (~ 1.6 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, Safari 14.0.2, macOS Server 5.11, macOS X Combo Update 10.15.7, Brother Printer Drivers 4.1.1 and HP Printer Drivers 5.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.3 and iOS 12.5.1 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 14.3 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.2 and watchOS 6.3 are security updates. Use the Watch app on your iPhone to install the most current version.

tvOS 14.3 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 87.0.4280.142 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Crucial Storage Executive 6.09 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.3.5 improves removal of various artifacts. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

nVidia 461.09 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.18.78 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 87.0.4280.141 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 87.0.664.75 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 84.0.2 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/

Firefox ESR 78.6.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/

Iridium 2020.11 is a security update (but still not patched to the current Chromium security updates). Use Menu, Help, About to install the most current version.
https://iridiumbrowser.de/

Vivaldi 3.5.2115.87 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.6.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Facebook Messenger 20201207 is a security update, but is still a month behind the current chromium security level. You should remove Facebook Messenger if you have it installed.
https://www.messenger.com/download

Trillian 6.4.0.2 resolves several bugs. This is not a security update.
https://www.trillian.im/

curl 7.74.0 is a security update.
https://curl.haxx.se/windows/

Dropbox 112.4.321 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.52.0.5 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.5 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Minds 4.7.0 improves data use and channel header, restyles posts, and resolves several bugs. This is not a security update.
https://www.minds.com/mobile

Npcap 1.10 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Technitium DNS Server 5.6 adds dynamic configuration application, adds cleanup options, block list refresh intervals, forced refresh, and resolves many other bugs. This is not a security update.
https://technitium.com/dns/

Zoom 5.4.59931.0110 adds ability to block insecure participants, force authentication, silence notifications when sharing, and management improvements. This is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Adobe FrameMaker 2020.0.1 doesn’t provide a changelog so should be treated as a security update.
https://supportdownloads.adobe.com/detail.jsp?ftpID=7061

Adobe Bridge 11.0.1 is a security update.
https://helpx.adobe.com/security/products/bridge/apsb21-07.html

Adobe Captivate 2019 11.5.1.499 hotfix 1 is a security update.
https://helpx.adobe.com/security/products/captivate/apsb21-06.html

Adobe InCopy 16.0 is a security update.
https://helpx.adobe.com/security/products/incopy/apsb21-05.html

Adobe Campaign Classic Gold Standard 11, 20.3.3.9234, 20.2.4.9187, 20.1.4.9126, 19.2.4.9082, and 19.1.8.9039 are security updates.
https://helpx.adobe.com/security/products/campaign/apsb21-04.html

Adobe Animate 21.0.2 is a security update.
https://helpx.adobe.com/security/products/animate/apsb21-03.html

Adobe Illustrator 25.1 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb21-02.html

Adobe Photoshop 22.1.1 is a security update.
https://helpx.adobe.com/security/products/photoshop/apsb21-01.html

darktable 3.4.0 resolves over 100 issues and adds several new features. This is not a security update.
https://www.darktable.org/install/

Flickr Downloadr 3.3.3.2 resolves a couple bugs. This is not a security update.
https://flickrdownloadr.com/downloads/

Picard 2.5.6 resolves several bugs.
https://picard.musicbrainz.org/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.12.21 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

PlayStation PS3 4.87 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps3/system-software/

PlayStation PS4 8.03 adds option to disable Game Chat Audio. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps4/system-software/

PlayStation PS5 20.02-02.30.00 resolves PS4 transfer bugs, text input and Wi-Fi stability issues, and improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Interactive Calendar 2.2 adds color schemes, resolves search issues, improves stability & performance, and fixes several bugs. This is not a security update.
https://www.csoftlab.com/calendar

LibreOffice 7.0.4 resolves over a hundred bugs and is now the new general release. This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.1.1 resolves dozens of bugs and improves compatibility. This is not a security update.
https://nextcloud.com/

Notepad++ 7.9.2 resolves over three dozen issues including performance and stability. This is not a security update.
https://notepad-plus-plus.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.14 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

Gpg4win 3.1.15 improves AD support and resolves a random security key selection bug. This is a security update.
https://www.gpg4win.org/download.html

KeePass 2.47 resolves several bugs, improves search and options. This is not a security update.
https://keepass.info/

NSudo 8.0.1 updates libraries and adds translations. This is not a security update.
https://github.com/M2Team/NSudo/releases/latest

RogueKiller 14.8.3 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.32.4 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Wireless Network Watcher 2.23 updates internal MAC addresses database. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.1.0 improves transparency handling, scaling improvements, and resolves several bugs. This is not a security update.
https://12pd.com/click?snagit

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.1.5 adds new models and profiles, improved Enlarger AI handling. This is not a security update.
https://www.dvdfab.cn/download.htm

IsoBuster 4.7 adds an option to import and export templates, improved reliability, scanning, and read handling, and resolves several bugs. This is not a security update.
https://www.isobuster.com/download.php

MakeMKV 1.15.4 improves compatibility, implements seamless join of TrueHD streams, and resolves bugs. This is not a security update.
https://www.makemkv.com/download/

Utility Updates

These are unlikely to be of interest to most people.

BulkFileChanger 1.72 adds “Photo – Date Taken” option. This is not a security update.
https://www.nirsoft.net/utils/bulk_file_changer.html

CCleaner 5.75.8238 adds import for “Cookies to Keep” option, and resolves several bugs. This is not a security update.
https://www.ccleaner.com/

ControlMyMonitor 1.27 adds switches for turning on, off, and toggling on/off state. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

Dell Command Update 4.0 adds support for DCH drivers, adds a filter for Security updates, and improves user interface. This is not a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

DesktopOK 8.38 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dupeGuru 4.1.0 now uses tabs instead of windows, adds cosmetic fixes and options, and resolves several bugs. This is not a security update.
https://dupeguru.voltaicideas.net/

Etcher 1.5.113 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Everything 1.4.1.1003 resolves issues with the exit switch, improves shortcuts and autofocus. This is not a security update.
https://www.voidtools.com/

GoodSync 11.5.4 resolves several bugs. This is not a security update.
https://www.goodsync.com/

IsMyHdOK 2.71 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

LessMSI 1.8.0 improves usability. This is not a security update.
https://lessmsi.activescott.com/

MS ISO Downloader 8.46 adds new builds for Office 2019 for Mac, more Dell models and ISO Tools hash improvements. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

NTLite 2.0.0.7756 resolves several bugs and improves controls. This is not a security update.
https://www.ntlite.com/download/

Aomei Partition Assistant 9.1 resolves several bugs. This is not a security update.
https://www.diskpart.com/

PointerStick 5.01 improves rendering. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

Process Monitor 3.61 adds monitoring for various registry APIs and resolves a query output bug. This is not a security update.
https://live.sysinternals.com/

PsExec 2.21 is a security update.
https://live.sysinternals.com/

Sysmon 13.00 adds image tampering events and resolves several bugs. This is not a security update.
https://live.sysinternals.com/

TaskSchedulerView 1.65 adds columns for Task File Created/Modified. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TeamViewer 15.13.6 is released – but their changelog is on their community site (forum) which is currently down and redirecting to a third-party site. The new build may be a security update, but I recommend disabling TeamViewer completely for the near future just to be safe.
https://www.teamviewer.com/en/download/windows/

TraceRouteOK 2.31 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

WakeMeOnLan 1.87 updates the internal MAC addresses database. This is not a security update.
https://www.nirsoft.net/utils/wake_on_lan.html

WifiChannelMonitor 1.66 adds option to copy clicked cell and updates MAC addresses file. This is not a security update.
https://www.nirsoft.net/utils/wifi_channel_monitor.html

WifiInfoView 2.67 adds window resizing and pagination to the properties window, and adds wildcard filter support. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinScan2PDF 6.41 improves duplex support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WirelessKeyView 2.21 improves display and adds QR Code view (F2). This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html

Developer Updates

These are unlikely to be of interest to most people.

Node.js 12.20.1 is a security update.
https://nodejs.org/en/

Node.js 14.15.4 is a security update.
https://nodejs.org/en/

Node.js 15.5.1 is a security update.
https://nodejs.org/en/

Redemption 5.26.0.5872 adds ability to remember SMTP passwords, and resolves several bugs. This is not a security update.
http://www.dimastr.com/redemption/

Visual Studio Code 1.52.1 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Docker Desktop 3.0.4 resolves a stability bug. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.1.2 updates libraries and resolves several bugs. This is not a security update.
https://drupal.org/download

Joomla 3.9.24 is a security update.
https://www.joomla.org/

Nextcloud Server 20.0.4 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

OpenPetra 2020.12 removes support for SQLite, improves Find, Type Ahead, and resolves several bugs. This is not a security update.
https://www.openpetra.org/

phpList 3.6.0 adds blacklisting hook, and counter limits. This is not a security update.
https://www.phplist.org/

phpMyAdmin 5.0.4 resolves several bugs. This is not a security update.
https://www.phpmyadmin.net/

ConnectWise Control 21.1.2009.7678 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.6 improves layout flexibility, adds new block patterns, captions, new default theme, and improved auto-update capabilities. This is not a security update.
https://wordpress.org/

Akismet 4.1.8 resolves a couple bugs. This is not a security update.

Autoptimize 2.8.1 resolves several bugs. This is not a security update.

BuddyPress 7.1.0 resolves two bugs. This is not a security update.

Contact Form 7 5.3.2 is a security update.

Social Post Feed 2.18.1 resolves several bugs. This is not a security update.

Interactive World Map 3.1.9 improves compatibility. This is not a security update.

myStickymenu 2.4.9 resolves a couple bugs. This is not a security update.

W3 Total Cache 2.0.1 resolves several bugs. This is not a security update.

Widgets on Pages 1.5.0 is a security update.

WooCommerce 4.9.0 resolves dozens of bugs. This is not a security update.

Show IDs 1.1.6 improves compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/