Updates 2024-05-14

Welcome back, Folks!

Today is Patch Tuesday for May, 2024.

There were 580+ major hacks, and over 460 application updates this month. It’s an insanely big month, with about 5 GB of updates for most users.

This Month in Technology

First, let me apologize for this list. It’s 3x longer than it was only a couple months ago and that’s not really my fault. I really want to keep sharing the hacked lists but at the rate it’s going 3/4 of the newletter will just be the list by the end of Summer. I’m going to need to rework this next month when I have more time.

1+1 Media, 4LEAF, Inc, A123 Systems, Access Intelligence, Accor, ACFIN SA, Active PCB Solutions, Acurrate Lock & Hardware, ADCOM911, Advanced Business Networks, Advarra, Inc., Aero Tec Laboratories Inc, Aetna ACE, Affordable Payroll & Bookkeeping Services, Agate Construction, Agency for the Sustainable Development of the Saint Nazaire Region, France, AirAsia Group, Airsoft, Allianz Global Risks U.S. Insurance Company, Alltruck Bodies, Alrajhi Bank, Altipal S.A.S, Amazon, Amberstone Security, AMD Radeon DirectX 11 Driver, American Builders Outlet, American Renal Associates, American Renal Management, Andovers Federal Credit Union, APS – Automotive Parts Solutions, Arbitrum, Argentina’s national registry, Army Welfare Trust, Array Networks, Asantee Games, Asbury Automotive Group, Ascension healthcare, Ashley Home Stores, Aspire Health Alliance, Astra Daihatsu Motor (ID), AT&T, Atlantic States Marine Fisheries Commission (ASMFC), Aussizz Group, Autodesk Drive, Axip Energy Services, Ayesa, B&G Foods, Badger Tag & Label, Banco Santander, Banten Regional Development Bank Tbk, Barclays Bank, Base Network, Bay Oral Surgery & Implant Center, Bağcılar Training and Research Hospital, Bega Valley Council, Belarusian KGB, Belvedere Vodka UK, BenefitsCal, Berry, Dunn, McNeil & Parker, Best Reward Federal Credit Union, BetterHelp, Bharat Sanchar Nigam Limited (BSNL), BHF Couriers, Biggs Cardosa Associates, Inc., Bira 91, Bitfinex, Blackstone Valley Community Health Care, Blooms Today, Bluebonnet Trails, Bluegrass Care Navigators, BMW BANK, Bodyartforms LLC, Boeing, Bradford-Scott, Brandywine Realty Trust, BreachForums, Bridgeway Center, Inc., British Columbia, Canada, Brocade SANnav SAN Management Software, Brovedani Group, Bundeswehr, Byron council, Café Soluble, California library system, Calumet Civil Contractors, Inc, Camino Nuevo Charter Academy, Canatal Industries, Canberra club, Cannes hospital, Cariboo library system, Carpetright, Catholic Diocese of Cleveland, Catholic Medical Center (CMC), CCM Health, Central Bank Argentina, Central Carolina Insurance Agency Inc, Central Florida Equipment, Central Power Systems & Services, Central Virginia Federal Credit Union, Change Healthcare, Channel Logistics LLC, Chemring Group, Cherry Health, Chicony Electronics, Chirp Systems, Christie’s Auction House, Cisco Duo, Cisco Integrated Management Controller (IMC), City of Buckeye, AZ, City of Donges, France, City of El Cerrito, California, City of London, UK, City of Pensacola, Florida, City of Wichita, Kansas, Cleveland Catholic Diocese, Community First Credit Union, Confins Transport, Consensus Medical Group, Consol Energy, Continuum Health, Coppel, Coradix-Magnescan, CorporateStack, Costa Edutainment SPA, Council for Relationships, County of Coffee, Georgia, County of Hernando, FLCounty of Jackson, MOCounty of Los Angeles, CA, Department of Health Services, County of Robeson, NC, County of San Bernardino, CA, CrushFTP, Cushman Contracting Corporation, CyberPower UPS, D-Link Devices, Daoust, Dawson Creek, Deeside Timberframe, Delinea Secret Server, Dell, Dental Group of Amarillo, Dental Health Services, DES Architects and Engineers,
Designed Receivable Solutions, Deutsche Telekom, Digi Yatra Foundation, Dijk, Discord, District of Columbia’s Department of Insurance, Securities and Banking (DISB), DocGo, Dominican Republic vaccination data, Donco Air, Doyon Drilling, Drive Sally LLC, DRM Arby’s, Dropbox Sign, Duvel Moortgat, D’amico & Pettinicchi, LLC, E-ZPass, East Central University, OK, Eden Project, Edlong and Holstein Association USA, Educational Computer Systems, EduMarket, Efrat Airlines, Egypt Ministry of Supply and Internal Trade, El Salvador, El Salvador’s Chivo Wallet, Electric Mirror, Empath Health, Engineered Automation of Maine, Enstar, Epilepsy Foundation of Metro NY, EqualizeRCM and 1st Credentialing, Ernest Health, Eucatex, European Parliament, Europol, EvoBanco, F5 Central Manager, Feldstein & Stewart, Fic Expertise, Financial Business and Consumer Solutions (FBCS), Firstmac, FiXBET, Floirac, Footdistrict, Fort Worth, Texas, Foxit Reader, French Ministry of Agriculture, Frontier Communications, FrotCom, GBI Genios, Gerber Life Insurance Company, Giant Tiger, GitHub Search, GitLab, Glendale Unified School District, Glints, Global Tel Link, Google Chrome, Google, Graphic Solutions Group Inc, Grassroot DICOM, Great Firewall of China, Green Diamond Resource Company, Greylock McKinnon, Grindr, Grodno Azot, Group Health Cooperative of South-Central Wisconsin (GHC-SCW), Guadeloupe, Canada, Guardant Health, Inc., Guardian Analytics, Hapy Bear Surgery Center, Hardeman County Community Health Center, Hedgey Finance, Helapet Ltd, Helsinki Education Division, Heritage Cooperative, High Performance Services, Hillsong Church, Hirsh Industries, Hit Promotional Products, Home Depot, Hong Kong Arts Development Council, Hong Kong College of Technology, Hong Kong Fire Department, Hong Kong Union Hospital, Hooker Furniture, Hosocongty, Hospital Simone Veil, 100 hotels in Japan, Houser LLP, Hoya Optics, HP, HPE ArubaOS Devices, HSBC Bank, HTW, Hub International Limited, Human Events, IBM’s Enterprise Terminal, iCabbi, ICICI Bank, IDS Michigan, Illinois State Credit Union, Illinois Tollway, In The Know, India’s Central Board of Secondary Education (CBSE), India’s HRYLabour, India’s ICICI Bank, Ingo Money Inc, Inland Physicians Billing Services, Intel CPUs (Spectre v2), Intel Hardware Firmware, Interim Healthcare of Lubbock, International Baccalaureate Exam, Inventum Øst, Iranian Pipeline Company, Iress Ltd, Israel Electric Corporation (IEC), Israeli Real Estate Companies, ISTA International GmbH, It4 Solutions Robras Corp, Italian Red Cross Network, Ivanti Avalanche, J.P. Morgan Chase, JE Owens, Kaiser Foundation Health Plan, Inc., Kaiser Permanente, Kameymall, Kansas City Scout System, Keenan & Associates, Kintetsu World Express, Kisco Senior Living, KISTI SMART K2C, Kowloon Shangri-La, La Chapelle-des-marais, France, Ladakh Social Welfare Department, Lamont Hanley & Associates, Latvian TV Channels, LDLC, Le Slip Français, Leicester City Council, Lenovo Hardware Firmware, Lewis & Clark College, LG TVs, Lieberman LLP, Lilly Drogerie, Lincoln Project, LiteSpeed Cache, LivaNova, LiveHelpNow, LocalPlace JP, London Drugs, London Stock Exchange Group, Lopesan Hotels, Lotz Trucking, Lpdb Kumkm, LRB Info Tech, Lukfook Jewellery, Lumina Americas, Luxor, LYON TERMINAL, M2E Consulting Engineers, Macedonian Joint Stock Company, Madata, Magnet+, Malone & Co, Manchester’s Catholic Medical Center, Marpai Health, Mauritzon, McKinley Packing, Medequip Assistive Technology, Medical Home Network, MediExcel, Medios de Prevención Externos Sur SL, MedStar Health, Meduza, Mellitah Company, Mercedes, Merchants Benefit Administration, Metropolitan Life Insurance Company, Microsoft, Microsoft Azure Entra ID, Microsoft Outlook, Missouri Electric Cooperatives, Moffitt Cancer Center and Research Institute, Moldova Government, MoldTech, Molen & Associates, Monash Health, Monday.com, MongoDB, Monocon, Montoir-de-Bretagne, France, Moscow Moskollector, MovieBoxPro, MRA – The Management Association, Mt Hira College, Myers Automotive Group, National Energy Research Scientific Computing Center (NERSC), Nespresso, Nestle, New Boston Dental Care, New Hudson Facades, New Mexico Administrative Office of the District Attorneys, New Mexico Highlands University, New York’s state legislature, Nexperia, NHS Dumfries and Galloway, NK Parts Industries, NorthBay Health, Nota by M&T Bank and TTEC Databases, Nothing, Nova Scotia Health, NRS Healthcare, Numotion, NVIDIA, OakBend Medical, Octopharma Plasma, OE Federal Credit Union, Ogero, Ohio Lottery, Okta, Olson Steel, Olympus Group, OracleCMS, OraSure, Original Herkimer Cheese, OrthoConnecticut, Outabox, Pacific Guardian, Pak Suzuki, Palo Alto Networks PAN-OS, Panda Restaurant Group, Pandemonium Rocks, Panoramic Health, Parent Teacher Association (PTA), Paris Saint-Germain (PSG), Parklane Group, Patricia AI, Paychex, Inc., Paytm, Pennsylvania Convention Center, Pennsylvania Insurance Department, Peplink Smart Reader, Persyn, Philadelphia Inquirer, Philips Respironics, Phoenix Business Consulting, PHP, Pifer’s Auction & Realty, Pilot, Pinnacle Engineering, Pinnacle Orthopaedics, Pioneer Oil Company, Inc, Piping Rock, Police Service of Northern Ireland (PSNI), Porniche, France, Pratham, Precision Fluid Controls, Premier Dermatology, Prisma Finance, Pro Metals LLC, Process Solutions, Procuraduría General de la República, Profile Products, Progress Flowmon, Promarka Peru, Pub And Club, Public service of Wallonia, PWS – The Laundry Company, Qantas, QNAP, Quebec CEGEPs, RAF El Salvador, Randolph Health, RaySharp, RB Woodcraft, Reading Electric, Rebound Orthopedics & Neurosurgery, Recology, Redwood Coast Regional Center, Rehabilitation Hospital of Southern New Mexico, Reliable Networks, Rocky Mountain Sales, Roku, Romeo Pitaro Injury and Litigation Lawyers, Rushd Bookstore, Rutgers University, Räddningstjänsten Vä stra Blekinge, Sachkhere, Sahara Bank, Saint-Nazaire, France, Sanok Rubber Company, Saudi Water Facilities, Scanda Group, Scigames, Scottish health board, Seaman’s Mechanical, SEK Studio, Seneca Nation Health System, Sentry Data Management, Servicio Móvil, Shadow, Siemens Manufacturing, Sigmund Espeland, Signature Healthcare Services LLC, SigningHub, Simmons Perrine Moyer Bergman PLC, Singapore’s Ministry of Education, Singapore’s Mobile Guardian, SinglePoint Outsourcing, Inc., SIS Automatisering, Sisense, Skanlog, Sleep Data Holdings, LLC, Sleep Management Institute, Smoke Alarm Solutions, SOA Architecture, Softura, Somerset Dental Las Vegas, Somerville, Sonadev, France, South Africa’s International Trade Administration Commission (ITAC), South Korean courts, South Korean cable & satellite, South Korean Defense Companies, South Texas Oncology and Hematology, Space X, Space-Eyes, Speedy France, Sri Lanka’s visa system, SSCL, SSS Australia, St-Jerome Company, St. Helena Public Library, Stainless Foundry & Engineering, StarWallets, States of Guernsey, Sterling Holidays, Sterling Plumbing Inc., Studio LAMBDA, Swisspro, SynLab Italia, Sysmex America, Inc, T2 Tea Australia, Tamil Nadu Police, Tappware, Targus, Tatarstan, Russia, Taxi Software, Ted Brown Music, Telecom Argentina, Telit Cinterion modems, Texas Retina Associates, The Epilepsy Institute, The Georgia Institute for Plastic Surgery, The Heritage Foundation, The Kennedy Collective, The Lagunitas Brewing Company, The Line Up, Inc, The May Institute, Inc., The Philadelphia Inquirer, PBC, The Post and Courier, The Post Millennial, The Prudential Insurance Company of America, The Roman Catholic Diocese of Phoenix, The State of Kansas Office of Judicial Administration, The Tech Interactive, Theatrixx Technologies, Therapeutic Health Services, 50,000 Tinyproxy servers, Tipton Municipal Utilities, IN, Toolmarts, Toronto Transit Commission, Transamerica Life Insurance Company, Trib Total Media, True Homes, LLC, TRUE Solicitors, Trylon Srl, Tyler Technologies, UAE Government, UK Government’s System Database, UK Ministry of Defence, UK Royal Mail, 20 Ukrainian Energy and Water Sites, Ukrainian TV, United Nations Development Programme, University of Alabama, University of Alberta, University System of Georgia (USG), US Air Force Academy (USAFA), US Atlantic Fisheries, US Coast Guard Reserve, US Consumer Database, US Health and Human Services (HHS), US Internal Revenue Service (IRS), US Medicare, US Patent and Trademark Office, US Space Forces (USSF) Military Bases, USA Health Providence Hospital, Utica Mack, Valley Mountain Regional Center, Valley Veterinary Clinic, LLC, Van Gogh Museum, Varo Bank, N.A., Veeam, Velvet Capital, Verizon, Victorian Ambulance Union, Virginia Union University, VirtualBox, Visionary Integration Professionals, VMware Cloud Foundation, VMware ESXi, VMware Fusion Pro/Fusion, VMware Workstation Pro/Player, Void Interactive, Volkswagen, VPN traffic (TunnelVision), VTRP, W.I.S. Sicherheit-Service GmbH & Co. KG, Washington State’s Swinomish Casino and Lodge, WebTPA Employer Services, LLC, WEL Partners, Wells Fargo, Welsh Government, Wescom Central Credit Union, West Idaho Orthopedics and Sports Medicine, Westboro Baptist Church, WhatsApp, Windows, Windows Apps, Windows Print Spooler, WOM, World Architects, World-Check, WP Forminator plugin, WP-Automatic Plugin, Xiaomi, Yale Mortgage, YRW Limited – Chartered Accountants, ZA Government Employees Pension Fund’s (GEPF), ZircoDATA, and Zscaler Inc have reported hacking or compromises this month.

Central Power Systems & Services, Final Fantasy, Frontier Communications, Kansas City’s official website, Ogero, Reddit, and Telegram have suffered from outages this month.

Last months updates broke Outlook, Windows (thanks ManageEngine), and VPN connections.

An update to ManageEngine has caused thousands of Windows machines to fail to boot. I guess that’s one way to make sure that they can’t be hacked through ManageEngine vulnerabilities?

Windows has officially added advertisements to the Windows 11 Start Menu.

The PuTTY Pageant key generation weakness will require millions upon millions of certificates to be rekeyed.

The Windows Boot Manager update released in January still has no automated fix from Microsoft. Third parties have created several methods of installing the update, and the closest-to-perfect automation yet requires seven (7!) restarts.

Microsoft has announced plans to implement fully locked down DNS via a pairing of DNS and the firewall, branded Zero Trust DNS – ZTDNS.

A recent technical paper described the process of using LLM (GPT-4) to automate the process of building exploits for newly discovered vulnerabilities. Reviews of the paper tend to acknowledge that it can be used in this fashion but focus instead on the use of the word “autonomously” which they treat as sentience. No guys, the paper isn’t saying that Skynet is here, just that LLMs are getting to the point where they can build functional exploit code based on brief descriptions of vulnerabilities.

I first saw the description of “Kobold Letters” a couple months ago. While a very creative use of CSS and an interesting idea, what are the chances that this kind of thing would actually be used in real life? 100%. I’ve now seen this behavior on three different client mail accounts in Microsoft Online and Gmail.

The founder of Telegram has publicly reported that the FBI pressured an employee to build a backdoor into the system. They refused.

Thunderbird has added Microsoft Exchange support. This means you won’t be forced to use the “New Outlook” crapp to access your Microsoft Exchange accounts. 🙂

Now for the good news:

We won. Sony caved on the Helldivers 2 privacy-violating “account linking” change. 🙂

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is insane this month. The typical computer should see roughly 5 GB in updates today. Let’s get started.

Microsoft released updates to address 67 vulnerabilities in .NET and Visual Studio, Azure Migrate, Microsoft Bing, Microsoft Brokering File System, Microsoft Dynamics 365 Customer Insights, Microsoft Edge (Chromium-based), Microsoft Intune, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows SCSI Class System File, Microsoft Windows Search Component, Power BI, Visual Studio, Windows Cloud Files Mini Filter Driver, Windows CNG Key Isolation Service, Windows Common Log File System Driver, Windows Cryptographic Services, Windows Deployment Services, Windows DHCP Server, Windows DWM Core Library, Windows Hyper-V, Windows Kernel, Windows Mark of the Web (MOTW), Windows Mobile Broadband, Windows MSHTML Platform, Windows NTFS, Windows Remote Access Connection Manager, Windows Routing and Remote Access Service (RRAS), Windows Task Scheduler, Windows Win32K – GRFX, Windows Win32K – ICOMP, and MSRT. This includes security updates. A reboot is required.

Oracle released 441 security updates this quarter to address vulnerabilities in 119 applications.
https://www.oracle.com/security-alerts/cpuapr2024.html

Apple released updates for iOS 16.7.8, iOS 17.5, iPadOS 16.7.8, iPadOS 17.5, iTunes 12.13.2 for Windows, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, Safari 17.5, tvOS 17.5, and watchOS 10.5. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 16.7.8 and 17.5 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 6.7.8 and 17.5 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 10.5 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 17.5 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 124.0.6367.154 and 120.0.6099.310 are security updates. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 40-1.14 is a major update, replacing BerkeleyDB with alternatives, updating libraries, and including adding new features and defaults. This should be treated as a security update.
https://getfedora.org/en/workstation/download/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Sonoma (14.x) means that macOS Big Sur (11.x) and older are no longer supported. If you can not install at least macOS Monterey (12) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current — and final — release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. All non-LTS versions of Windows 10 other than v22H2 are now out of support, upgrade to v22H2 now. If you aren’t sure whether you are using LTS, you aren’t. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v23H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is now stable and can be upgraded to if your hardware supports it, but I recommend you continue to use Windows 10 until early 2025 before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 24.4.1 adds support for new software, performance improvements, and resolves several bugs. This is not a security update.
https://www.amd.com/en/support

Daemon Tools Lite 12.1.0 improves tooltips, and resolves a couple bugs. This is not a security update.
https://www.daemon-tools.cc/products/dtLite

Dymo Connect for Desktop 1.3.2.18 doesn’t provide a detailed change log so should be treated as a security update.
https://www.dymo.com/label-makers-printers/labelwriter-label-printers/dymo-labelwriter-450-duo-thermal-label-printer/SAP_1752267.html

TP-Link Archer AX55 v1 240325 adds almost a dozen new features, improves stability and resolves several bugs. This is a security update.
https://www.tp-link.com/us/support/download/archer-ax55/v1/#Firmware

TP-Link Archer AX73 v2.0 240323 resolves several bugs. This is a security update.
https://www.tp-link.com/us/support/download/archer-ax73/v2.0/#Firmware

UniFi Network Server 8.1.127 enhances firewall rules visibility, adds tunnel IP addresses, OSPF dynamic routing support, and resolves a dozen bugs. This is not a security update.
https://www.ui.com/download/releases/network-server

VIISAN OfficeCam 7.1.19.0 doesn’t provide a change log so should be treated as a security update.
https://www.viisan.com/en/download/type1.html

Wacom Driver 6.4.6-1 adds support for newer hardware, resolves several bugs and improves stability.
https://www.wacom.com/en-us/support/product-support/drivers

Xerox Smart Start 2.0.34.0 doesn’t provide a change log so should be treated as a security update.
https://www.support.xerox.com/en-us/content/143617

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.65.133 is a security update.
https://brave.com/

Firefox 126 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 115.11.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Google Chrome 124.0.6367.207 is a security update.
https://www.google.com/chrome/

Microsoft Edge 124.0.2478.97 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Vivaldi 6.7.3329.29 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Spark 3.15.5.72973 resolves several AI-related bugs. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.15.5.72972 resolves several AI-related bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 115.10.2 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 8.0.10 is a security update.
https://anydesk.com/en/downloads

AnyDesk (macOS) 8.0.1 resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

Dropbox 199.4.6287 removes a cosmetic defect. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 211.0.0.18.236 is a security update.
https://www.messenger.com/download

FileZilla Client 3.67.0 is a security update.
https://filezilla-project.org/

FileZilla Server 1.8.2 is a security update.
https://filezilla-project.org/

FreeFileSync 13.6 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 90.0 resolves several bugs. This is the last version to support macOS 10.15 – if your hardware can not support macOS 11 you should have already removed it from the Internet, but if not, please take this as one more signal that it’s time to replace it.
https://drive.google.com/start

Microsoft Teams 1.7.00.10152 resolves several bugs. This is not a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 29.0.0 is a major update, resolving dozens of bugs, updating libraries, and improving workflow and design. This should be treated as a security update.
https://nextcloud.com/

Nmap 7.95 adds over 6,500 more fingerprints, new scripts and resolves several bugs. This is a security update.
https://nmap.org/

PuTTY 0.81 is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Signal 7.8.0 adds emoji call responses and resolves several bugs. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 7.6.2 adds emoji call responses, adds sent message editing, and resolves several bugs. This is not a security update.
https://signal.org/android/apk/

Skype 8.116.0.213 improves stability. This is not a security update.
https://www.skype.com/

Syncthing 1.27.7 resolves a potential security bug.
https://syncthing.net/

Telegram 5.0.1 resolves several bugs. This is not a security update.
https://telegram.org/

USB Drive Log 1.13 adds black background support. This is not a security update.
https://www.nirsoft.net/utils/usb_drive_log.html

Z-Library 1.02 doesn’t provide a change log so should be treated as a security update.
https://z-library.se/z-access#desktop_app_tab

Zoom 6.0.4.38135 resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 4.0.4 resolves several bugs. This is not a security update.
https://en.3tene.com/

Bitwig Studio 5.1.9 resolves several bugs. This is a security update.
https://www.bitwig.com/download/

Grayjay 240 adds several new features, sources, improvements, and resolves a dozen bugs. This is not a security update.
https://grayjay.app/index.html

iTunes 12.13.2.3 is a security update.
https://www.apple.com/itunes/download/

Plex Desktop 1.92.1.140 doesn’t provide a detailed change log so should be treated as a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.60.1.134 updates libraries. This should be treated as a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.40.2.8395 resolves several bugs, including an installation path issue. If you used a custom path you will need to uninstall and reinstall in order for future automatic updates to work correctly. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2024.4.0.137 changes homepage. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.3.201 resolves several bugs and improves interface. This is not a security update.
https://gdevelop.io/download

Minecraft Server (Bedrock) 1.20.81.01 does not provide a change log so should be treated as a security update.
https://www.minecraft.net/en-us/download/server/bedrock

Minecraft Server (Java) 1.20.6 does not provide a change log so should be treated as a security update.
https://www.minecraft.net/en-us/download/server

Nintendo Switch 18.0.1 resolves several bugs. This is a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

PS5 2024.430 resolves several bugs and improves hardware support. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2024-05-13 resolves several bugs. This is not a security update.
https://store.steampowered.com/news/app/593110
By the way, we won. Sony caved on the Helldivers 2 privacy-violating “account linking” change. 🙂

SteamOS SteamDeck Update 2024-05-03 is a security update.
https://store.steampowered.com/news/app/1675200/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Acrobat and Reader 24.002.20759 and 20.005.30636 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb24-29.html

Adobe Aero 0.24.4 is a security update.
https://helpx.adobe.com/security/products/aero/apsb24-33.html

Adobe Animate 23.0.6 and 24.0.3 are security updates.
https://helpx.adobe.com/security/products/animate/apsb24-36.html

Adobe Dreamweaver 21.4 is a security update.
https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html

Adobe FrameMaker 2020.6 and 2022.4 are security updates.
https://helpx.adobe.com/security/products/framemaker/apsb24-37.html

Adobe Illustrator 28.5 and 27.9.4 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb24-30.html

Adobe Substance 3D Designer 13.1.2 is a security update.
https://helpx.adobe.com/security/products/substance3d_designer/apsb24-35.html

Adobe Substance 3D Painter 10.0.0 is a security update.
https://helpx.adobe.com/security/products/substance3d_painter/apsb24-31.html

Aronium 1.43.0.2 adds dual currency and night theme, improves refund behavior, and resolves several bugs. This is not a security update.
https://aronium.com/

Audacity 3.5.1 adds a bunch of new features and resolves dozens of bugs. This is not a security update.
https://www.audacityteam.org/download/

Calibre 7.10.0 adds export support, spell check, color inversion and resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Columns++ 1.0.6 improves wrapped line caompatibility. This is not a security update.
https://github.com/Coises/ColumnsPlusPlus

Formatta Filler 8.19.0.4 doesn’t provide a change log so should be treated as a security update.
https://formatta.com/formatta-products/complete-submit/

GIMP 2.10.38 doesn’t provide a detailed change log so should be treated as a security update.
https://www.gimp.org/

Java 8u411 is a security update.
https://www.java.com/en/download/manual.jsp

JShelter 0.18 improves compatibility. This is not a security update.
https://jshelter.org/install/

Kdenlive 24.02.2 improves compatibility and resolves several bugs. This is not a security update.
https://kdenlive.org/

Kindle for PC 2.3.70840 doesn’t provide a change log so should be treated as a security update.
https://www.amazon.com/kindleforpc

LibreOffice 7.6.7 resolves over 40 bugs. This is a security update.
https://www.libreoffice.org/

LibreOffice Fresh 24.2.3 resolves over 75 bugs. This is a security update.
https://www.libreoffice.org/

Manager 24.5.13.1531 adds several new features and improves email integration and display. This is not a security update.
https://www.manager.io/

Nextcloud Desktop 3.13.0 resolves dozens of bugs and updates libraries. This is a security update.
https://nextcloud.com/

Notepad++ 8.6.7 improves multiedit and language support, and resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

PDF-XChange Editor 10.3.0.386 adds page extraction, label modification, improves sort and group behavior and resolves dozens of bugs. This is not a security update.
https://www.pdf-xchange.com/product/pdf-xchange-editor

QuickBooks Pro 2022 20240509-R15_25 updates to backend processes. This is not a security update.
https://downloads.quickbooks.com/app/qbdt/products

QuickBooks Pro 2023 20240509-R12_15 updates to backend processes. This is not a security update.
https://downloads.quickbooks.com/app/qbdt/products

Security Software Updates

One or more of these is likely to be of interest to most people.

Chainsaw 2.9.0 adds native rules, timezone improvements, and adds ability to change default conditional when searching. This is not a security update.
https://github.com/countercept/chainsaw

Microsoft Edge Policy 2024.05.07 updates policies. This is not a security update.
https://github.com/MicrosoftDocs/Edge-Enterprise/blob/public/edgeenterprise/microsoft-edge-policies.md

OpenSSL 3.3.0 is a security update.
https://slproweb.com/products/Win32OpenSSL.html

ProtonVPN (macOS) 4.2.2 improves performance. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.16.1 updates engine and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Stinger 13.0.0.118 adds support for more detections. This is not a security update.
https://www.mcafee.com/us/downloads/free-tools/stinger.aspx

SuperAntiSpyware 10.0.1266 resolves several bugs. This is not a security update.
https://www.superantispyware.com/download.html

Tails 6.2 is a security update.
https://tails.net/install/download/index.en.html

Velociraptor 0.72 adds EWF support and resolves several bugs. This is not a security update.
https://github.com/Velocidex/velociraptor/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 24.1.3 improves OCR, performances, updates libraries and resovles several bugs. This is a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 13.0.1.7 resolves several couple bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

StreamFab 6.1.7.7 improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 2.0.2.0 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Utility Updates

These are unlikely to be of interest to most people.

1Password 8.10.32 improves compatibility, adds support to import from more third-party platforms, and resolves several bugs. This is a security update.
https://1password.com/downloads/

Agent Ransack 2022.3434 adds support for OneNote and resovles several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

AOMEI Partition Assistant 10.4.0 improves the user interface. This is not a security update.
https://www.diskpart.com/

Bitwarden 2024.4.2 improves passkeys support and secrets manager, and adds a new Authenticator app. This is not a security update.
https://bitwarden.com/

BulkFileChanger 1.73 resolves a timezone-related bug. This is not a security update.
https://www.nirsoft.net/utils/bulk_file_changer.html

CCleaner 6.23.11010 resolves several bugs. This is a security update.
https://www.ccleaner.com/

DesktopOK 11.21 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 4.1.92.0 resolves a .git/.gitignore bug, updates .NET library and translations. This is a security update.
https://dngrep.github.io/

ExplorerPatcher 22621.3527.65.2 resolves several bugs. This is not a security update.
https://github.com/valinet/ExplorerPatcher/

FileLocator Pro 2022.3434 adds support for OneNote and resovles several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

FoneTool 2.6.1 adds iOS Data Recovery and resolves a crash bug. This is not a security update.
https://www.fonetool.com/download.html

Git SCM 2.45.0 adds dozens of new features and behaviors, and resolves over 50 bugs. This is not a security update.
https://git-scm.com/

Go 1.22.3 is a security update.
https://go.dev/

GoodSync 12.6.5 improves compatibility and resolves several bugs. This is not a security update.
https://www.goodsync.com/

HWiNFO 8.02 doesn’t provide a change log so should be treated as a security update.
https://www.hwinfo.com/download/

InstalledAppView 1.08 resolves a CLI bug. This is not a security update.
https://www.nirsoft.net/utils/installed_app_view.html

IsMyHdOK 3.96 improves performance and testing accuracy. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

LessMSI 2.0.1 updates dependencies and build environment, and resolves a stability bug. This is not a security update.
https://lessmsi.activescott.com/

NirCmd 2.87 adds and resolves ~$ variables. This is not a security update.
https://www.nirsoft.net/utils/nircmd.html

NTLite 2024.5.9931 resolves dozens of bugs. This is not a security update.
https://www.ntlite.com/download/

osquery 5.12.1 is a security update.
https://osquery.io/downloads

PingInfoView 3.05 adds option to map source IPv4 Address. This is not a security update.
https://www.nirsoft.net/utils/multiple_ping_tool.html

PowerToys 0.80.1 improves stability. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

PSAppDeploy 3.10.1 adds a dozen features and parameters, improves stability and reliability, and resolves several bugs. This is not a security update.
https://psappdeploytoolkit.com/

RoboForm 9.5.8 improves GUI. This is not a security update.
https://www.roboform.com/

ScreenConnect 24.1.7.8892 resolves dozens of bugs and improves compatibility. This should be treated as a security update.
https://screenconnect.connectwise.com/download

Starwind V2V Converter 9.444 adds support for new conversions. This is not a security update.
https://www.starwindsoftware.com/starwind-v2v-converter

WinGet 1.7.11261 fixes elevation issues, updates dependencies and libraries. This is a security update.
https://github.com/microsoft/winget-cli/releases/latest

WinScan2PDF 8.81 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WUMT 04.22.2022 improves Windows 11 compatibility. This is not a security update.
https://www.oldergeeks.com/downloads/file.php?id=1366

Developer Updates

These are unlikely to be of interest to most people.

.NET Runtime 8.0.5 is a security update.
https://dotnet.microsoft.com/en-us/download/dotnet

Android Studio 2023.3.1 adds device streaming for testing, integrates crashlytics, improves App Quality Insights, and adds audio redirection. This is not a security update.
https://developer.android.com/studio

AutoHotkey 2.0.14 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

cx_Freeze 7.0 updates dependencies and libraries and resolves hundreds of bugs. This should be treated as a security update.
https://cx-freeze.readthedocs.io/en/latest/index.html

GitHub Desktop 3.3.17 removes support for older macOS versions, resolves a dozen bugs and improves user interface. This is not a security update.
https://desktop.github.com/

Godot 4.2.2 improves CLI support, resolves the audio bug, and more than 200 other issues. This is a security update.
https://godotengine.org/

MySQL ConnectorNet 8.4.0 updates libraries and resolves several bugs. This is a security update.
https://dev.mysql.com/downloads/connector/net/

MySQL Server 8.0.37 resolves dozens of bugs. This is a security update.
https://dev.mysql.com/downloads/installer/

NASM 2.16.03 improves the build process. This is not a security update.
https://www.nasm.us/index.php

Node.js 18.20.2 is a security update.
https://nodejs.org/en/

Node.js 20.13.1 resolves several bugs and updates libraries. This is a security update.
https://nodejs.org/en/

Node.js 21.7.3 is a security update.
https://nodejs.org/en/

Node.js 22.1.0 is a major update. This is a security update.
https://nodejs.org/en/

Redemption 6.5.0.6294 improves integration and resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/

Rustup 1.27.1 resolves several bugs. This is not a security update.
https://www.rust-lang.org/

SQLite 3.45.3 adds new JSON handling behaviors and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

TortoiseGit 2.16.0 resolves a dozen bugs and updates libraries. This is a security update.
https://tortoisegit.org/

TortoiseSVN 1.14.7 resolves several bugs. This is a security update.
https://tortoisesvn.net/downloads.html

Visual Studio Code 1.89.1 adds support to exclude content from Copilot and resolves several bugs. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.40 resolves several bugs. This is not a security update.
https://winmerge.org/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 7.0.18 resolves over a dozen bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

HumHub 1.15.5 resolves several bugs. This is not a security update.
https://www.humhub.com/en

Joomla 5.1.0 adds more than a dozen features and code and performance improvements. This is not a security update.
https://www.joomla.org/

MAMP 5.0.6 updates dependencies. This should be treated as a security update.
https://www.mamp.info/en/mamp/windows/

phpList 3.6.15 is a security update.
https://www.phplist.org/

Piwigo 14.4.0 resolves several bugs. This is not a security update.
https://piwigo.org/

WordPress 6.5.3 is a security update.
https://wordpress.org/

BuddyPress 12.4.1 is a security update.
https://wordpress.org/extend/plugins/buddypress/

Contact Form 7 5.9.4 resolves a couple bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.9 improves compatibility and resolves a bug. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

My Sticky Bar 2.7 resolves a cosmetic bug. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/

Postie 1.9.69 should be treated as a security update.
https://wordpress.org/extend/plugins/postie/

Slider Revolution 6.7 resolves several bugs. This is a security update.
https://revolution.themepunch.com/

Social Post Feed 4.2.4 improves integration. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

Sucuri Security 1.8.44 improves API key controls. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

W3 Total Cache 2.7.2 resolves several bugs and improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 8.9.0 improves compatibility and resolves dozens of bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WPBakery 7.6 resolves several bugs. This is a security update.
https://wpbakery.com/

WPtouch 4.3.59 adds support for Reddit, improves compatibility, and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2024-01-09

Happy New Year, Folks!

Today is Patch Tuesday for January, 2024.

There were over 200 major hacks, but only about 130 application updates this month. It’s a very light month, with about 1.3 GB of updates for most users.

This Month in Technology

360 Physical Therapy, LLC, 3CX, 70% of Iran’s gas stations, Academy Mortgage Corporation, AccessDx Laboratory, LLC, AccessOne Medcard, Inc., AI Engine plugin for WordPress, Air Albania, Albanian Parliament, Albanian telecom, Americold, Amerigroup Iowa, Inc, Amwins Group, Inc., Apache OFBiz, Apache RocketMQ, Apache Struts, Asper Biogene, Ateam, Austal USA, Barracuda ESG, Battelle Energy Alliance, LLC, Beirut Airport, BELLIN HEALTH, Bezeq, BlueCross BlueShield of Tennessee, Inc., Booking.com, Box.com, Brown & Streza LLP, Buckley King LPA, Bunker Hill Community College, California Northstate University, Capital Health, Cardiothoracic and Vascular Surgeons, P.A., CareTree, Inc., Cellcom, CertiK on X, Chilean Government, City of Hope, Clay County Social Services, Co-Founder of Nest Wallet, Coin Cloud, Comcast Cable Communications LLC, Comcast/Xfinity, ConsensioHealth, LLC, Cooper Aerobics Enterprises, Inc., Corewell Health, County of Los Angeles Department of Mental Health, Court Services Victoria, Australia, D.C. Board of Elections, defense contractors, Delta Dental of California, Downfall, Drug Emporium, Eagers Automotive, EasyPark, EMSI, Enstar (US) Inc, Erie Family Health Centers, ESO Solutions, ESSEMTEC, Estes Express Lines, Eye Physicians of Central Florida, PLLC, Eyefinity, Inc., Fallon Ambulance Services, Federal Tax Service of Russia, Fidelity National Financial, Fincantieri Marine Group, LLC, First American Financial Corporation, First Choice Dental, Flagstar Bank, N.A., Florida Water Products, Fred Hutchinson Cancer Center, French company, Fresno Regional Workforce Development Board, Fresno Surgical Hospital, Gallery Systems, German H-Hotels, Glendale Community College, Greater Cincinnati Behavioral Health Services, GTKWave, Healix Infusion Therapy, LLC, Health Diagnostic Management, LLC, Health Net Community Solutions, HealthEC LLP, Heart of Texas Behavioral Health Network, Housing Authority of the County of San Bernardino, HTC Global Service, Humana Inc, Hyundai on X, Idaho National Labs, Independent Vision Group, LTD, Insomniac Games, Insurance ACE/Humana Inc., Integris Health, Italian military gear shop, Ivanti Avalanche, Ivanti Endpoint Management, Jell-O, JetBrains TeamCity, Judiciary of Córdoba in Argentina, Katholische Hospitalvereinigung Ostwestfalen, Keenan & Associates, Kimco Staffing Services Inc., Knox Ricksen LLP, Kraft Heinz, Kyivstar, Ledger dApp, LegendasTV, LoanCare, loanDepotLone Peak Physical Therapy, Inc., Los Altos Food Products, LLC, Los Angeles County Department of Mental Health, ManageEngine OpManager, Mandiant, Maxco Supply, Inc., Maytronics, Mellow Massage Hollywood, Memorial University of Newfoundland, Merced City School District, Meridian Behavioral Healthcare, Inc., Merrick Bank, Mexican banks, Microsoft Xamarin, Mint Mobile, Molina Healthcare of Ohio, Inc., MongoDB, Mountain Dermatology Specialists, PC, Movistar, Mr. Cooper, Musick, Peeler & Garrett LLP, National Amusements, National Student Clearinghouse, Nationstar Mortgage LLC, Navvis & Company, LLC, Netgear on X, Network180, North Face, North Kansas City Hospital, Norton Healthcare, NYC Health + Hospitals, Ohio Lottery, Orange Spain, Orbit Chain, Orcutt Union School District, Orrick, Herrington & Sutcliffe, Oscar Mayer, Panasonic Avionics Corporation, Pandol Brothers, Inc., Perforce Helix Core Server, pfSense, Philippine credit services provider, Primary Health & Wellness Center, LLC, ProSmile Holdings, LLC, QNAP VioStor NVR, Recology Inc., Regional Family Medicine, Retina Group of Washington, PLLC, Riverside County Office Of Education, Riverside Unified School District, Rockstar Games (GTA5 + GTA6), Rush System for Health, Russian sushi restaurant, Senior Scripts, Shufersal, Sony, Southeastern Orthopaedic Specialists, PA, Supreme, Swedish fintech company, Talus Pay, TaxPlus, The Foleck Center, LTD, The Jacmar Companies, LLC, The Middlefield Banking Company, Thunder Terminal, Tigo Business, Timberland, Tipalti, Toronto Zoo, Toyota Financial Services, Transformative Healthcare, TRISTAR Insurance Group, TTM Technologies, Ubiquiti, Ubisoft, Ukrainian security cameras, University of Buenos Aires, Vans, Velveeta, VF Corp, Vi Living, Vietnamese fashion store, Viking Therapeutics, Wabtec Corporation, Wealth Network, Welltok, Inc. (and many more), WICR Waterproofing and Construction Inc., WordPress Backup Migration plugin, Xerox Business Solutions, Yakult Australia, Yorkshire Wellness Group, Corp., and ZOLL Medical Corporation have reported hacking or compromised this month.

Box.com, Kyivstar, loanDepot, and First American have suffered from outages this month.

Last months updates broke Avira Antivirus, NPS (Radius) servers, various Tesla functions, Windows Explorer & task bar, and Windows Wi-Fi.

Microsoft can’t convince Microsoft to use Microsoft services.

Central authentication services like OAuth and SSO still cause all sorts of problems. And ads are still very very bad for you.

23andMe is blaming their users for exposing the data of almost 7 million users.

LastPass now requires slightly less horrible passwords. (They’re still not good.)

You should assume that software setting-based security will always fail you. Hardware switches are the only reliable method.

Now for the good news:

The FTC has ordered X-Mode to stop selling and preserving cell phone location data, a surprising win for privacy. If this is obeyed, only government agencies, hardware vendors, and operating system vendors will be able to trade in your location information.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is pretty small this month. The typical computer should see roughly 1.3 GB in updates today. Let’s get started.

Microsoft released updates to address 62 vulnerabilities in .NET, .NET Core, .NET Framework, Azure Storage Mover, Microsoft Bluetooth Driver, Microsoft Devices, Microsoft Edge, Microsoft Identity Services, Microsoft Office SharePoint, Microsoft Office, Microsoft Virtual Hard Drive, Remote Desktop Client, Servicing Stack Updates, SQL Server, SQLite, Unified Extensible Firmware Interface (UEFI), Visual Studio, Windows Active Directory, Windows AllJoyn API, Windows Authentication Methods, Windows BitLocker, Windows Cloud Files Mini Filter Driver, Windows Collaborative Translation Framework, Windows Common Log File System Driver, Windows Cryptographic Services, Windows Group Policy, Windows Hyper-V, Windows Kernel, Windows Kernel-Mode Drivers, Windows Libarchive, Windows Local Security Authority Subsystem Service (LSASS), Windows Message Queuing, Windows Nearby Sharing, Windows ODBC Driver, Windows Online Certificate Status Protocol (OCSP) SnapIn, Windows Scripting, Windows Server Key Distribution Service, Windows Subsystem for Linux, Windows TCP/IP, Windows Themes, Windows Win32 Kernel Subsystem, Windows Win32K, and MSRT (~1 GB). This includes security updates. A reboot is required.

Apple released updates for iOS 16.7.4, iOS 17.2.1, iPadOS 16.7.4, Safari 17.2.1, and macOS Sonoma 14.2.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 16.7.4 and 17.2.1 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 16.7.4 is a security update. Use Settings, General, Software Update to install the most current update.

Google Chrome OS 119.0.6045.214 and 120.0.6099.203 are security updates. Use Menu, Help, About to install the most current version. A reboot is required.

Zorin OS 17.0 is a major update, with added hardware and software compatibility, improved design and reduced hardware requirements.
https://zorin.com/os/mirrors/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Sonoma (14.x) means that macOS Big Sur (11.x) and older are no longer supported. If you can not install at least macOS Monterey (12) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current — and final — release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. All non-LTS versions of Windows 10 other than v22H2 are now out of support, upgrade to v22H2 now. If you aren’t sure whether you are using LTS, you aren’t. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v23H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is now stable and can be upgraded to if your hardware supports it, but I recommend you continue to use Windows 10 until early 2025 before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

DS4Windows 3.3.3 resolves several bugs. This is the final version so you should consider removing it instead of updating.
https://github.com/Ryochan7/DS4Windows/releases/latest

Epson ET-5880 3.04.00 doesn’t provide a changelog so should be treated as a security update.
https://epson.com/Support/Printers/All-In-Ones/ET-Series/Epson-ET-5880/s/SPT_C11CJ28201

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.61.114 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Firefox 121.0.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 115.6.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

Google Chrome 120.0.6099.200 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 120.0.2210.121 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Vivaldi 6.5.3206.50 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.13.3 resolves a couple bugs and adds a new security filter for HTML rendering. This is a security update.
https://getmailspring.com/

OutlookAttachView 3.51 improves warnings. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Spark 3.12.0.63910 adds Shared Drafts and Email Labels. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.12.0.63909 adds Shared Drafts and Email Labels. This is not a security update.
https://sparkmailapp.com/

Thunderbird 115.6.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Dropbox 189.4.8427 doesn’t provide a detailed change log so should be treated as a security update.
https://www.dropbox.com/

Facebook Messenger 202.0.0.15.225 is a security update.
https://www.messenger.com/download

FileZilla Client 3.66.4 is a security update.
https://filezilla-project.org/

FreeFileSync 13.3 resolves several compatibility issues. This is not a security update.
https://www.freefilesync.org/download.php

jq 1.7.1 is a security update.
https://jqlang.github.io/jq/

Nextcloud Server 28.0.1 is a security update.
https://nextcloud.com/

Pocketnet-GUI 0.8.76 adds support for new video servers and a Christmas theme. This is not a security update.
https://pocketnet.app/

PuTTY 0.80 is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Rclone 1.65.1 is a security update.
https://rclone.org/

Signal 6.43.2 resolves several bugs. This is not a security update.
https://signal.org/download/

Signal (Android) 6.42.3 updates buttons. This is not a security update.
https://signal.org/android/apk/

Syncthing 1.27.2 is a security update.
https://syncthing.net/

Telegram (Android) 10.5.0 doesn’t provide a change log so should be treated as a security update.
https://telegram.org/apps

Telegram 4.14.4 resolves several bugs. This is not a security update.
https://telegram.org/

Trillian 6.5.0.34 resolves several bugs. This is not a security update.
https://www.trillian.im/

Zoom 5.17.2 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 4.0.0 adds several new tracking features. This is not a security update.
https://en.3tene.com/

darktable 4.6.0 improves performance and resolves dozens of bugs. This is not a security update.
https://www.darktable.org/

Grayjay 227 improves stability and resolves dozens of bugs. This is not a security update.
https://grayjay.app/index.html

iTunes 12.13.1.3 is a security update.
https://www.apple.com/itunes/download/

Plex Desktop 1.84.1.4069 doesn’t provide a change log so should be treated as a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.53.0.4063 doesn’t provide a change log so should be treated as a security update.
https://www.plex.tv/media-server-downloads/#plex-app

TuneIn 1.28.0 doesn’t provide a change log so should be treated as a security update.
https://tunein.com/radio/home/

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2023.11.1.129 resolves several bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.3.186 improves performance and resolves several bugs. This is not a security update.
https://gdevelop.io/download

Minecraft Server (Bedrock) 1.20.51.01 doesn’t provide a change log so should be treated as a security update.
https://www.minecraft.net/en-us/download/server/bedrock

PS5 2024.104 is a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2023-12-11 resolves several bugs. This is not a security update.
https://store.steampowered.com/news/app/593110

SteamOS SteamDeck Update 2024-01-03 resolves several bugs. This is not a security update.
https://store.steampowered.com/news/app/1675200/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Experience Manager Forms 6.5.13.0+ and 6.5.19.1 are security updates.
https://helpx.adobe.com/security/products/aem-forms/apsb23-77.html

Adobe Reader DC Patch 23.008.20458 is a security update.
https://get.adobe.com/reader

Adobe Substance 3D Stager 2.1.4 is a security update.
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html

Calibre 7.3.0 adds a tag browser, OpenType improvements, and resolves several bugs. This is not a security update.
https://calibre-ebook.com/

GnuCash 5.5 resolves over two dozen bugs. This is not a security update.
https://www.gnucash.org/

ImageMagick 7.1.1-26 resolves dozens of bugs. This is not a security update.
https://imagemagick.org/

Kindle for PC 2.3.70673 doesn’t provide a change log so should be treated as a security update.
https://www.amazon.com/kindleforpc

Manager 24.1.9.1264 adds the ability to use codes and reference numbers in batch operations. This is not a security update.
https://www.manager.io/

Notepad++ 8.6.1 updates libraries, adds a couple features, and resolves over a dozen bugs. This is a security update.
https://notepad-plus-plus.org/

OpenOffice 4.1.15 is a security update.
http://www.openoffice.org/download/

PDF-XChange Editor 10.2.0.384 improves control for compression, comments and margins, and adds support to search within comments and open email messages in the editor. This is not a security update.
https://www.pdf-xchange.com/product/pdf-xchange-editor

QuickBooks Pro 2022 20231120-R13_53 doesn’t provide a change log so should be treated as a security update.
https://downloads.quickbooks.com/app/qbdt/products

QuickBooks Pro 2023 20231107-R9_116 doesn’t provide a change log so should be treated as a security update.
https://downloads.quickbooks.com/app/qbdt/products

Security Software Updates

One or more of these is likely to be of interest to most people.

ProtonVPN (macOS) 4.1.1 improves stability. This is not a security update.
https://protonvpn.com/download

QubesOS 4.2.0 updates libraries, updates default behaviors, and resolves several bugs. This is a security update.
https://www.qubes-os.org/downloads/

Stinger 12.2.0.709 updates detections. This is not a security update.
https://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Tails 5.21 updates libraries and resolves several bugs. This is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.55.0 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Velociraptor 0.7.1 updates notebooks, improves plugins, and resolves several bugs. This is not a security update.
https://github.com/Velocidex/velociraptor/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.40.1 resolves a couple minor bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 24.0.4 resolves a couple crash bugs. This is not a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 13.0.0.9 resolves several bugs and improves compatibility. This is not a security update.
https://www.dvdfab.cn/download.htm

HandBrake 1.7.2 resolves several bugs. This is not a security update.
https://handbrake.fr/

PDF Creator 5.2.0 adds Outlook Web Access support and resolves several bugs. This is a security update.
https://www.pdfforge.org/pdfcreator

StreamFab 6.1.5.8 resolves dozens of bugs and improves reliability. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 2.0.0.7 improves performance and stability. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Utility Updates

These are unlikely to be of interest to most people.

1Password 8.10.23 resolves a bug. This is not a security update.
https://1password.com/downloads/

AOMEI Partition Assistant 10.2.2 resolves a couple bugs. This is not a security update.
https://www.diskpart.com/

Bitwarden 2023.12.1 improves auto-fill. This is not a security update.
https://bitwarden.com/

CCleaner 6.19.10858 resolves several stability bugs. This is not a security update.
https://www.ccleaner.com/

CurrPorts 2.77 improves IPv6 compatibility. This is not a security update.
https://www.nirsoft.net/utils/cports.html

DesktopOK 11.15 resolves a couple bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 4.0.189.0 resolves several bugs. This is not a security update.
https://dngrep.github.io/

email-oauth2-proxy 2023-12-19 is a security update.
https://github.com/simonrob/email-oauth2-proxy

ExplorerPatcher 22621.2861.62.2 resolves several bugs. This is not a security update.
https://github.com/valinet/ExplorerPatcher/

Fido 1.54 adds support for Windows 11 23H2v2. This is not a security update.
https://github.com/pbatard/Fido/releases

Fing 3.6.0 resolves several bugs. This is not a security update.
https://www.fing.com/products/fing-desktop-download-windows

GoodSync and GoodSync2Go 12.5.3 improves compatibility, stability and security. This is not a security update.
https://www.goodsync.com/

Homedale 2.09 adds MAC grouping and improves oui.txt support. This is not a security update.
https://www.the-sz.com/products/homedale/

HWiNFO 7.68 doesn’t provide a detailed change log so should be treated as a security update.
https://www.hwinfo.com/download/

Kingston SSD Manager 1.5.3.4 doesn’t provide a detailed change log so should be treated as a security update.
https://www.kingston.com/us/support/technical/ssdmanager

Memtest86+ 7.00 adds support for new hardware, improves debugging and resolves several bugs. This is not a security update.
https://www.memtest.org/

NTLite 2023.12.9552 improves controls and resolves a couple bugs. This is not a security update.
https://www.ntlite.com/download/

PowerToys 0.77.0 resolves dozens of bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

ripgrep 14.1.0 resolves several bugs. This is not a security update.
https://github.com/BurntSushi/ripgrep/releases/latest

TcpLogView 1.41 adds support for setting CaptureInterval in cfg file. This is not a security update.
https://www.nirsoft.net/utils/tcp_log_view.html

WifiInfoView 2.92 adds an option to start as hidden. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinGet 1.6.3482 resolves a couple bugs. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

Developer Updates

These are unlikely to be of interest to most people.

.NET Runtime 8.0.1 is a security update. Expect well-maintained applications that package .NET Runtime with them to release new versions in the near future.
https://dotnet.microsoft.com/en-us/download/dotnet

Android Studio 2023.1.1.27 resolves a couple bugs. This is not a security update.
https://developer.android.com/studio

AutoHotkey 2.0.11 resovles several bugs. This is not a security update.
https://www.autohotkey.com/download/

Node.js 21.5.0 updates libraries and resolves several bugs. This is not a security update.
https://nodejs.org/en/

TortoiseSVN 1.14.6 resolves several bugs. This is not a security update.
https://tortoisesvn.net/downloads.html

Visual Studio Code 1.85.1 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

HumHub 1.15.2 resolves over a dozen bugs. This is not a security update.
https://www.humhub.com/en

Joomla 5.0.2 and 4.4.2 resolve several bugs. This is not a security update.
https://www.joomla.org/

Piwigo 14.1.0 improves compatibility and resolves several bugs. This is not a security update.
https://piwigo.org/

Contact Form 7 5.8.5 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

My Sticky Bar 2.6.7 resolves a couple bugs. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/

Redirection 5.4.1 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/redirection/

Social Post Feed 4.2.1 improves reliability. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

Sucuri Security 1.8.40 improves cleanup. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

WooCommerce 8.4.0 resolves dozens of bugs and provides almost 100 improvements. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Cerber Security 9.6.1 fixes a 2FA bug and a crash bug. This is not a security update.
https://wpcerber.com/

WP Mail SMTP 3.11.0 improves compatibility and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2023-09-12

Welcome back, Folks!

Today is Patch Tuesday for September, 2023.

This month has been insane. There were 223 major hacks, and over 170 application updates this month. Each browser and several other apps released at least weekly security updates. It’s a very big month, with about 5 GB of updates for most users.

This Month in Technology

16shop, A-Family Dental Care Center PC, Absolute Dental Services, Adobe Acrobat & Reader, Alberta Dental Services Corporation, Allison Transmission Inc., AMD CPUs, AmeriBen, American National Group, LLC, Android TV, Anonfiles, Apache’s RocketMQ, Asian national electricity grid, The Associated Press Stylebook, Associates in Pediatric Dentistry, ASUS routers, Atlas VPN, Atmeltomo, a major auction house, Avada WordPress Theme and Plugin, Ayush Jharkhand, AzeroCloud, Baesman Group, Inc., Balancer, Barracuda Email Security Gateway (ESG), Beverly Hills Plastic Surgery, Binance, Bloom Health Centers, Blue Cross Blue Shield of Arizona, Byju’s, CareSource, CentroMed, CERT Poland, Chicago IVF, Church of England Debenham High School, Church of England St. Augustine Academy, Cisco Adaptive Security Appliance (ASA), Cisco BroadWorks, Cisco Firepower Threat Defense (FTD), Cisco VPN, Citrix NetScaler, Citrix ShareFile, Cleveland City Schools, Clorox, CloudNordic, Coastal Orthopedics, Cobra DocGuard, CODESYS V3, Coffee Meets Bagel, Coinbase, Colorado Department of Health Care Policy & Financing, CraftRise, Cummins Behavioral Health Systems, CyberPower PowerPanel, Cypher, Data Media Associates, Dataprobe iBoot, Dell Compellent, Detroit Central City Community Mental Health, Discord, Discord.io, DuoLingo, Dymocks Booksellers, El Salvadoran government, a south African electrical utility, EMS Management and Consultants Inc, Energy One Limited, Enzo Clinical Labs, Inc., Exactly Protocol, Florida Healthy Kids, Ford SYNC3, Forever 21, France’s Pôle emploi, Free Download Manager, Freecycle, Geico, Gemini North Observatory, GitLab, Google Chrome, Google Looker Studio, Harbor Protocol, Harris Center for Mental Health and Intellectual and Developmental Disabilities, Health Care Service Corporation, Health Employers Association of BC, Highgate Wood School, Illinois Department of Public Health, iMenu360, Indiana University Health, Intel CPUs, iPhone iMessage, Israel’s Mayanei Hayeshua hospital, iTrust Wellness Group, Ivacy VPN, Ivanti Avalanche, Ivanti MobileIron, Ivanti Sentry, IXPERTA, Japan’s Cybersecurity Agency (NISC), Jefferson Health, Jobzone, Johnson & Johnson Health Care Systems, Juniper EX switches, Juniper SRX firewalls, Jupiter X Core, Just Kids Dental, Kroll (that’s appropriate), Leaseweb, Libbitcoin, Lifeline Health Systems, Lincoln SYNC3, LinkedIn, LogicMonitor, Lolek Bulletproof Hosting, MacOS, Madera County, Magellan Rx Management, Maiden Erlegh Trust, Manipulated Caiman, Maximus Health Services Inc, McAlester Regional Health Center, Mend.io, MGM Resorts International, Microsoft 365 corporate accounts, Microsoft Azure Active Directory, Microsoft’s PowerShell Gallery, Milan Eye Center, MinIO, Missouri Department of Social Services, Morris Hospital & Healthcare Centers, Mountain View Family Practice, PC, Nice Pak Products Inc., Norfolk and Suffolk police, Nova Scotia government, NPO Mashinostroyeniya, NVIDIA D3D10 Driver, NXP, O’Neil Digital Solutions, LLC, OAS Engine, Openfire, Orrick, Herrington & Sutcliffe, Pampling, Paramount Global, PCC Pediatric EHR Solutions, Performance Health Technology, PHPFusion, Pizza Hut Australia, PlayCyberGames, Poland’s PKP railway, Police Service of Northern Ireland (PSNI) —  twice, Prime Therapeutics, Prince George’s County Public Schools, Prospect Medical Group, Prospect Medical Holdings, PurFoods/Mom’s Meals, QakBot, Radius Global Solutions, Ranhill Utilities Berhad, Rapattoni, Resort Data Processing, Respublikinė Vilniaus Psichiatrijos Ligoninė, Rightbiz, Rite Aid, Roberto Polizzi, RocketSwap, Sabre, Schneck Medical Center, See Tickets, Seiko, Serco, Inc., SevenRooms, Seville, Spain, Singing River Health System, Sourcegraph, South African National Defence Force, SouthCoast Medical Group, LLC, Sovos Compliance LLC, Spring WebFlux, Sri Lankan Government, St. Paul Public Schools, Stake.com, Starmount Life Insurance Co, SUNY at Buffalo School of Dental Medicine, SysInformation Healthcare Services, LLC, Terra, Tesla, Three Crowns Park, Tift Regional Medical Center, TitleMax, Topgolf Callaway, TP-Link Tapo, TRACT Radiology, TTEC Healthcare Solutions, a UK internet backbone infrastructure provider, UK Metropolitan Police, UK Ministry of Defence, Ukrainian Military, United Bankshares, Inc., United Healthcare Services, Inc., UnitedHealthcare, University of Massachusetts Chan Medical School, University of Michigan, University of Sydney, University of Utah, UofL Health, US Department of Defense (DoD), US Drug Enforcement Administration (DEA), US energy company, US Government email servers, Vecino Health Centers, Venus Protocol, Virginia Dept. of Medical Assistance Services, Viva Air, VMware’s Aria Operations for Networks, VNS Health Plans, WebDetetive, WinRAR, Zaun, Zengo, Zimbra Collaboration Suite, Zoom ZTP, and Zunami have reportedly been hacked or compromised this month.

Coffee Meets Bagel, German Federal Financial Supervisory Authority (BaFin), Hotmail, Midwest Hospital Group, Rogers, Square, and Toyota have suffered from outages this month.

Last months updates broke Microsoft Exchange, MSI BIOS compatibility, Windows drive partitions, Windows EFI boot loader, Windows Group Policy, Windows LAPS, Windows Search, Windows Time service, and Windows Update for Business.

The new Microsoft Edge for Business release was such a disaster that enterprise customers are moving to Chrome and Firefox.

Facebook Messenger has become a major target of phishing. Again. So is Microsoft Teams.

The fallout from the LastPass hack last year is still coming to light, including repeated hijacks of large cryptocurrency accountsAt the time we were assured that since the data was “strongly encrypted” that there was no chance of accounts being exposed. It seems that faith was misplaced. 

Microsoft will finally be eliminating WordPad. This isn’t really that surprising since all supported versions of Windows are now born with MS Office already installed.
What is less surprising is that they’re also killing off Visual Studio for Mac and disabling support for older TLS versions in the next few months, which is likely to prevent many network and automation apps from working. 

Another ransomware key decryptor is now available.

The Taliban is working with Huawei to install facial detection cameras. Experian Consumer Services has been caught spamming, to the tune of $650k. The Federal Trade Commission has publicly named 130 healthcare firms sharing user information with third parties through web trackers.

Google has added a new feature in Chrome, “Privacy Sandbox,” to use your browsing history to show ads. Turn it all off.

Now for the good news:

There may finally be a good reason to use Microsoft Paint. It will soon have the ability to remove photo backgrounds. And — this is hard for me to believe — Apple, yes that Apple, is supporting the California State “Right to Repair” bill.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 5 GB in updates today. Let’s get started.

Microsoft released updates to address 73 vulnerabilities in .NET, .NET Core, .NET Framework, 3D Builder, 3D Viewer, AMD CPU Branch, Azure DevOps, Azure HDInsights, Microsoft Azure Kubernetes Service, Microsoft Dynamics, Microsoft Dynamics Finance & Operations, Microsoft Edge, Microsoft Exchange Server, Microsoft Identity Linux Broker, Microsoft Office, Microsoft Office Excel, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft Office Word, Microsoft PostScript Printer Driver, Microsoft Streaming Service, Microsoft Windows Codecs Library, Servicing Stack Update, Visual Studio, Visual Studio Code, Windows Cloud Files Mini Filter Driver, Windows Common Log File System Driver, Windows Defender, Windows DHCP Server, Windows GDI, Windows Internet Connection Sharing (ICS), Windows Kernel, Windows Photo Import API, Windows Scripting, Windows TCP/IP, Windows Themes, and MSRT (~1.5 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Ventura 13.5.2, macOS Monterey 12.6.9, macOS Big Sur 11.7.10, iOS 16.6.1 and 15.7.9, iPadOS 16.6.1 and 15.7.9, watchOS 9.6.2, and tvOS 16.6. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 16.6.1 and 15.7.9 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 16.6.1 and 15.7.9 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 9.6.2 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 16.6 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 115.0.5790.182 and 108.0.5359.242 are security updates. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Ventura (13.x) means that macOS Catalina (10.15) and older are no longer supported. If you can not install at least macOS Big Sur (11) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current — and final — release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. All non-LTS versions of Windows 10 other than v22H2 are now out of support, upgrade to v22H2 now. If you aren’t sure whether you are using LTS, you aren’t. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is now stable and can be upgraded to if your hardware supports it, but I recommend you continue to use Windows 10 until early 2025 before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 23.9.1 resolves a stability bug. This is not a security update.
https://www.amd.com/en/support

BullZip PDF Printer 14.4.0.2963 updates translations. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Crucial Storage Executive 9.07 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.6.7 improves cleanup and resolves a couple bugs. This is a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DS4Windows 3.2.14 adds several new controls and translations. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Garmin Express 7.18.3 doesn’t provide a changelog so should be treated as a security update.
https://www.garmin.com/en-US/software/express/

GSLite 20230809 is a security update.
https://www.bullzip.com/products/pdf/download.php

TP-Link Archer A6 v3 230828 is a security update.
https://www.tp-link.com/us/support/download/archer-a6/v3/#Firmware

TP-Link Archer AX21 v1.20 230829 is a security update.
https://www.tp-link.com/us/support/download/archer-ax21/v1.20/#Firmware

Wacom Driver 6.4.3-1 adds support for newer hardware and resolves a couple bugs. This is not a security update.
https://www.wacom.com/en-us/support/product-support/drivers

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.57.62 is a security update.
https://brave.com/

Firefox 117.0.1 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 115.2.1 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Google Chrome 116.0.5845.187 is a security update.
https://www.google.com/chrome/

Iridium 2023.09.116 is a security update.
https://iridiumbrowser.de/

Microsoft Edge 116.0.1938.81 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Vivaldi 6.2.3105.48 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

NK2Edit 3.46 adds the icon to dialogs and resolves an empty field bug. This is not a security update.
https://www.nirsoft.net/utils/outlook_nk2_edit.html

ProtonMail (Android) 3.0.16 doesn’t provide a detailed changelog so should be treated as a security update.
https://proton.me/mail/download

Spark 3.8.3 resolves several bugs. This should be treated as a security update.
https://sparkmailapp.com/

Thunderbird 115.2.1 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.1.16 improves localization. This is not a security update.
https://anydesk.com/en/downloads

BrowsingHistoryView 2.56 improves cosmetics. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

Dropbox 182.4.6427 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 195.0.0.4.225 is a security update.
https://www.messenger.com/download

FileZilla Server 1.7.3 is a security update.
https://filezilla-project.org/

FreeFileSync 13.0 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 80.0 improves performance, installation size and resolves several bugs. This is not a security update. Note that Windows 8, Windows Server 2012, and 32-bit Windows of all flavors are no longer supported — you can still access your files through Firefox on these devices.
https://drive.google.com/start

Grocy 4.0.3 improves performance and resolves several bugs. This is not a security update.
https://grocy.info/

Grocy Desktop 2.7.0 improves compatibility. This is not a security update.
https://github.com/grocy/grocy-desktop

IPInfoOffline 1.70 adds support for sapics IP-Location. This is not a security update.
https://www.nirsoft.net/utils/ip_country_info_offline.html

jq 1.7 is the first update in 5 years and doesn’t disappoint. This build adds several new functions, logical structures, stability, output formats, and resolves dozens of bugs. This is not a security update.
https://jqlang.github.io/jq/

Microsoft Teams 1.6.00.22378 doesn’t provide a changelog so should be treated as a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 27.0.2 updates dependencies and resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

PuTTY 0.79 resolves a dozen bugs. This is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Rclone 1.64.0 adds new backends, multithreaded transfers, and resolves dozens of bugs. This is not a security update.
https://rclone.org/

Signal 6.30.1 resolves several bugs. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 6.31.2 improves performance. This is not a security update.
https://signal.org/android/apk/

Skype 8.102.0.211 expands AI integration and resolves several bugs. This is not a security update.
https://www.skype.com/

Syncthing 1.24.0 resolves several bugs. This is not a security update.
https://syncthing.net/

Technitium DNS Server 11.4.1 resolves several bugs. This is not a security update.
https://technitium.com/dns/

Telegram 4.9.5 ads several new bot web-app features and resolves several bugs. This is not a security update.
https://telegram.org/

Telegram (Android) 10.0.1 doesn’t provide a changelog so should be treated as a security update.
https://telegram.org/apps

Trillian 6.5.0.31 resolves several bugs. This is not a security update.
https://www.trillian.im/

Wget2 2.1.0 adds support for sitemaps, certificate validation, improves recursion, and resolves a dozen bugs. This is a security update.
https://gitlab.com/gnuwget/wget2/-/releases

Zoom 5.15.12.21574 adds several new features (and the ability to disable!) to their integrated AI Companion offering. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 3.0.12 resolves several bugs. This is not a security update.
https://en.3tene.com/

Picard 2.9.2 resolves a dozen bugs and improves update detection behavior. This is not a security update.
https://picard.musicbrainz.org/

Plex Desktop 1.78.2.3975 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.47.1.3971 resolves a couple networking bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2023.8.0.98 updates libraries and runtimes, improves debugging capabilities, and resolves dozens of bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.2.172 resolves several bugs. This is not a security update.
https://gdevelop.io/download

Lego Studio 2.23.8.1 resolves several bugs and adds new palette controls, tagging and GUI elements. This is not a security update.
https://www.lego.com/en-us/ldd

Minecraft Server (Bedrock) 1.20.15.01 doesn’t provide a changelog so should be treated as a security update.
https://www.minecraft.net/en-us/download/server/bedrock

Nintendo Switch 16.1.0 improves stability. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

PlayStation PS5 23.01-07.61.00 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Connect 12.4.1 is a security update.
https://helpx.adobe.com/security/products/connect/apsb23-33.html

Adobe Experience Manager 6.5.18.0 is a security update.
https://helpx.adobe.com/security/products/experience-manager/apsb23-43.html

Adobe Reader DC 23.006.20320 and 20.005.30524 are security updates.
https://get.adobe.com/reader

Blender 3.6.2 resolves several bugs. This is not a security update.
https://www.blender.org/download/

Calibre 6.26.0 adds support for new hardware, new stylization options, and resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Ghostscript 10.01.2 is a security update.
https://www.ghostscript.com/releases/gsdnld.html

Kdenlive 23.08.0 adds support for several new formats, improved hardware support and performance, and resolves several bugs. This is not a security update.
https://kdenlive.org/

Kindle for PC 2.0.70301 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

LibreOffice 7.5.6 resolves over 50 bugs. This is not a security update.
https://www.libreoffice.org/

LibreOffice Fresh 7.6.1 provides over 400 new features and bug fixes. This is not a security update. Remember that the “Fresh” line is beta software and the “Still” line should be used wherever possible.
https://www.libreoffice.org/

Nextcloud Desktop 3.9.4 resolves several bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.5.7 is a security update.
https://notepad-plus-plus.org/

Paint.net 5.0.9 resolves several bugs and improves stability. This is not a security update.
https://www.getpaint.net/

PDF-XChange Editor 10.1.0.380 is a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

Security Software Updates

One or more of these is likely to be of interest to most people.

.NET Runtime 7.0.11 is a security update.
https://dotnet.microsoft.com/en-us/download/dotnet

Chainsaw 2.7.3 updates dependencies, adds new rules, and resolves export data issues. This is not a security update.
https://github.com/countercept/chainsaw

DNSQuerySniffer 1.95 adds support for sapics IP geolocation. This is not a security update.
https://www.nirsoft.net/utils/dns_query_sniffer.html

JShelter 0.14 improves performance, internationalization, and resolves several bugs. This is not a security update.
https://jshelter.org/install/

Kaspersky Removal Tool 20.0.6.0 doesn’t provide a changelog so should be treated as a security update.
https://support.kaspersky.com/viruses/utility

MalwareBytes Anti-Malware 4.6.2 improves detection, internationalization, and resolves several bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

OpenSSL 1.1.1w is a security update.
https://www.openssl.org/source/

ProtonVPN (macOS) 3.3.2 resolves several bugs and adds B2B WPN support. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.12.0 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Tails 5.17 is a short follow-on to a critical security update in 5.16.1. This version adds new printer drivers and enables all drivers by default (which I personally think is a horrible idea) and updates libraries. This is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.52.0 improves performance and stability, adds new operators, and resolves several bugs. This is a security update.
https://github.com/gorhill/uBlock/releases/latest

Velociraptor 0.7.0 adds several new features and many bug fixes. This is not a security update.
https://github.com/Velocidex/velociraptor/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 23.2.1 updates libraries, improves output options, and resolves several bugs. This is not a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.1.1.5 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

PDF Creator 5.1.2 is a security update.
https://www.pdfforge.org/pdfcreator

StreamFab 6.1.4.1 improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 1.0.3.0 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.27 resolves several bugs and adds support for macOS Sonoma. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.10.13 resolves dozens of bugs and updates libraries. This should be treated as a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.10.13 resolves dozens of bugs and updates libraries. This should be treated as a security update.
https://1password.com/downloads/windows/

Agent Ransack 2022.3406 resolves a compatibility bug. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

Bitwarden 2023.8.3 doesn’t provide a changelog so should be treated as a security update.
https://bitwarden.com/

CCleaner 6.15.10623 adds and updates cleaning rules. This is not a security update.
https://www.ccleaner.com/

CintaNotes 3.14 is *finally* released. This version resolves several stability and reliability bugs. This is not a security update.
https://cintanotes.com/download

CPU-Z Installer 2.07 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

Cygwin 3.4.9 resolves several bugs. This is a security update.
https://cygwin.com/

DesktopOK 11.08 improves compatibility and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.80 adds high DPI support, ability to run unelevated, an elevation switch, and a dark background option. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

dnGrep 4.0.69.0 adds pause/resume support, improved print output, and updates libraries. This is a security update.
https://dngrep.github.io/

email-oauth2-proxy 2023-09-06 resolves several bugs and improves compatibility. This is a security update.
https://github.com/simonrob/email-oauth2-proxy

ESEDatabaseView 1.74 resolves a couple bugs. This is not a security update.
https://www.nirsoft.net/utils/ese_database_view.html

Fido 1.51 improves compatibility. This is not a security update.
https://github.com/pbatard/Fido/releases

FileLocator Pro 2022.3406 resolves a compatibility bug. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

FileTypesMan 1.98 adds sort menus and buttons. This is not a security update.
https://www.nirsoft.net/utils/file_types_manager.html

Git SCM 2.42.0 resolves dozens of bugs. This is not a security update.
https://git-scm.com/

Go 1.21.1 is a security update.
https://go.dev/

GoodSync 12.3.6 resolves several bugs. This is not a security update.
https://www.goodsync.com/

HWiNFO 7.62 doesn’t provide a changelog so should be treated as a security update.
https://www.hwinfo.com/download/

HWMonitor 1.52 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

IsMyHdOK 3.91 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

Kingston SSD Manager 1.5.3.3 doesn’t provide a changelog so should be treated as a security update.
https://www.kingston.com/us/support/technical/ssdmanager

NConvert 7.155 improves HEIC and TIFF support. This is not a security update.
https://www.xnview.com/en/nconvert/

NTLite 2023.8.9408 improves compatibility and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

Open-Shell 4.4.191 resolves over a dozen bugs and improves compatibility. This is not a security update.
https://github.com/Open-Shell/Open-Shell-Menu

PointerStick 6.31 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.73.0 resolves dozens of bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

QuickSetDNS 1.35 improves high DPI support, adds menu and toolbar controls, and keyboard support. This is not a security update.
https://www.nirsoft.net/utils/quick_set_dns.html

RoboForm 9.5.2 resolves several bugs. This is not a security update.
https://www.roboform.com/

ScreenConnect 23.6.8.8644 resolves dozens of bugs. This is not a security update.
https://www.connectwise.com/software/control/download

TraceRouteOK 3.33 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

Unity 2023.1.12 resolves dozens of bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

Ventoy 1.0.95 resolves a couple bugs and adds new distros. This is not a security update.
https://www.ventoy.net/en/index.html

WifiInfoView 2.91 resolves a detection bug. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinGet 1.5.2201 resolves a couple bugs and is now available through the PowerShell Gallery. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

WizTree 4.15 improves deletion detection and display, TSV support, and updates translations. This is not a security update.
https://www.diskanalyzer.com/

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 2022.3.1.19 adds several new features. This is not a security update.
https://developer.android.com/studio

AutoHotkey 2.0.8 resolves several parsing and key mapping bugs. This is not a security update.
https://www.autohotkey.com/download/

GitHub Desktop 3.3.1 adds support for commit signing, repository rules, fixes several bugs and improves output, contrast, and accessibility. This is not a security update.
https://desktop.github.com/

Node.js 16.20.2 is a security update.
https://nodejs.org/en/

Node.js 18.17.1 is a security update.
https://nodejs.org/en/

Node.js 20.6.1 is a security update.
https://nodejs.org/en/

Python 3.11.5 is a security update.
https://www.python.org/downloads/windows/

SQLite 3.43.1 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.82.1 adds several new features and improves accessibility. This is a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.16 adds support for new backends, resolves dozens of bugs, and improves reliability. This is not a security update.
https://www.ppsspp.org/download/

Web Package Updates

These are likely to be of interest only to web developers.

Grocy 4.0.3 is a major update improving compatibility, adds several new features, improved calculations and field support, and dozens of bug fixes. This should be treated as a security update.
https://github.com/grocy/grocy

Invision Community 4.7.13 resolves dozens of bugs. This is not a security update.
https://invisioncommunity.com/

Joomla 3 is now end of life (EOL). *Please* upgrade to Joomla 4 as soon as possible.
https://www.joomla.org/announcements/release-news/5894

Joomla 4.3.4 resolves several bugs. This is not a security update.
https://www.joomla.org/

jQuery 3.7.1 resolves several bugs. This is not a security update.
https://code.jquery.com/

ownCloud Server 10.13.1 resolves dozens of bugs. This is not a security update.
https://owncloud.com/download-server/

WordPress 6.3.1 resolves several bugs. This is not a security update.
https://wordpress.org/

BuddyPress 11.3.1 is a security update.
https://wordpress.org/extend/plugins/buddypress/

Idea Publisher 1.0.9 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/idea-publisher/

Social Post Feed 4.2 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

W3 Total Cache 2.4.1 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 8.0.3 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Cerber Security 9.5.7 adds and extends 2FA support. This is not a security update.
https://wpcerber.com/

WP Mail SMTP 3.9.0 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/

WP Plugin Update Checker 5.2 improves compatibility. This is not a security update.
https://github.com/YahnisElsts/plugin-update-checker/releases/latest

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2022-11-08

Welcome back, Folks!

Today is Patch Tuesday for November, 2022.

This month brings a new major version of macOS (13/Ventura) and a new major version of Windows 10. That’s on top of the nearly 100 major hacks, and over 130 application updates this month. Well, not really this month, since there were many more published on Oct 18th in the last newsletter. There is an OpenSSL security update, so almost every network or internet capable application has a security update right now. There should be about 4.5 GB of updates for most users.

This Month in Technology

Abode Iota All-In-One Security Kit, Advanced, Advocate Aurora Health, Amazon, Argentinian Armed Forces Joint Chiefs of Staff, Ascension St. Vincent’s Coastal Cardiology, AstraZeneca, Atacama Large Millimeter Array (ALMA) Observatory, Aurubis, Australian Clinical Labs, various auto key fobs, Aveanna, Azure Cosmos DB, Bed, Bath & Beyond, Blue Cross and Blue Shield of Kansas, Bulgarian Government, Choice Health Insurance LLC, Cisco AnyConnect, CommonSpirit Health, Consorci Sanitari Integral, Defense Health Headquarters, Deribit, DESORDEN GROUP, Doomworld, DropBox, E-Pal, EnergyAustralia, Eventus WholeHealth, PLLC, Fontainebleau Development Health and Welfare Plan, Hackney Council, Heilbronn Stimme, HH/Killeen Health System, LLC, India metro, Indianapolis Housing Agency, Iranian Atomic Energy Organization, Jeppesen, Keystone Health in Pennsylvania, Legal Aid ACT, Lolzteam, Louisiana Department of Public Safety and Corrections, Mango Markets, Maple Leaf Foods, Massengale Eye Care, Massy Stores, MBDA, Medibank, Medlab Pathology, METRO, Microsoft, Mid-Westchester Anesthesia Services PC, Moola Market, MyDeal, Nelnet Servicing, New Mexico Regulation and Licensing Department, New York Post, Osaka Acute and General Medical Center, Pendragon Group, Phoenix Programs of Florida, Inc., Poland Parliament, Premier Physical Therapy and Sports Performance, LP, Presbyterian Healthcare Services, Primary Anesthesia Services, Pynenberg & Scheske DDS, SC, RecordTV, Regions Hospital, Resource Anesthesiology Associates of CA PC, Resource Anesthesiology Associates of CT PC, Resource Anesthesiology Associates Of KY PSC, Resource Anesthesiology Associates of NM Inc, Resource Anesthesiology Associates of VA LLC, Saddlebrook Anesthesia Services PC, See Tickets, Siemens PLCs, Sigmund Software, LLC, Slovakian Parliamant, Somnia Anesthesia, Somnia Pain Mgt of Kentucky, Somnia, Inc., Spain’s National Renewable Energy Center, St Luke’s Health – Texas, State Bar of Georgia, Tata Power, The Church of Jesus Christ of Latter-day Saints, Tift Regional Health System, Twilio, UK PM Liz Truss, UK’s Department for Education, Unimed Belem, hundreds of US news websites, Vastaamo, Verizon, Vinomofo, VMware Workspace One Access, Vodafone Italia, WakeMed Health and Hospitals, and Wenco Management, LLC Health and Welfare Benefit Plan have reportedly been hacked or compromised this month.

Microsoft’s Azure platform has been causing problems for their own WinGet package manager and SysInternals services. Instagram, Zscaler, and Wynncraft suffered widespread outages.

Now for the good news:

The more time you spend evaluating electric cars, the worse you will realize they are. Whether it’s electrical waste, environmental damage, increased pullution or just randomly bursting into flames, they’re clearly not ready for production. And now you know.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 4.5 GB in updates today. Let’s get started.

With the release of a new version of macOS (13/Ventura) all macOS 10.x versions are no longer supported. If you’re not running at least 11/Big Sur, upgrade now or take your device offline. Really.

Windows 10 22H2 (19045) is a major update for Windows 10. Well, it’s supposed to be – there’s really almost no changes other than the extension of the support window. Even though there’s not a lot new to it, don’t be a lemming: wait at least a couple months for them to work out the inevitable bugs.

Microsoft released updates to address 82 vulnerabilities in .NET Framework, AMD CPU Branch, Azure, Azure Real Time Operating System, Linux Kernel, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Office Word, Network Policy Server (NPS), Open Source Software, SysInternals, Visual Studio, Windows Advanced Local Procedure Call, Windows ALPC, Windows Bind Filter Driver, Windows BitLocker, Windows CNG Key Isolation Service, Windows Devices Human Interface, Windows Digital Media, Windows DWM Core Library, Windows Extensible File Allocation, Windows Group Policy Preference Client, Windows HTTP.sys, Windows Hyper-V, Windows Kerberos, Windows Mark of the Web (MOTW), Windows Netlogon, Windows Network Address Translation (NAT), Windows ODBC Driver, Windows Overlay Filter, Windows Point-to-Point Tunneling Protocol, Windows Print Spooler Components, Windows Resilient File System (ReFS), Windows Scripting, Windows Win32K
and MSRT (~3 GB). This includes security updates. A reboot is required.

Apple released updates for iOS 15.7.1, iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Big Sur 11.7.1, macOS Monterey 12.6.1, macOS Ventura 13, Safari 16.1, tvOS 16.1, watchOS 9.1, and Xcode 14.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 16.1 and 15.7.1 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 16.1 and 15.7.1 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 9.1 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 16.1 is a security update. Use Settings, General, Software Update to install the most current update.

Google Chrome OS 107.0.5304.92 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Ventura (13.x) means that all macOS X (10.x) versions are no longer supported. If you can not install at least macOS Big Sur (11) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 22.10.3 resolves several bugs. This is not a security update.
https://www.amd.com/en/support

BullZip PDF Printer 14.1.0.2951 improves compatibility. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Crucial Storage Executive 8.07 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.5.7 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DS4Windows 3.1.10 resolves several bugs and improves responsiveness. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Daemon Tools Lite 11.1.0 adds ARM support and resolves several bugs. This is not a security update.
https://www.daemon-tools.cc/products/dtLite

Garmin Express 7.15.2 doesn’t provide a detailed changelog so should be considered a security update.
https://www.garmin.com/en-US/software/express/

MSI Afterburner 2022.10.05 doesn’t provide a changelog so should be treated as a security update.
https://www.msi.com/Landing/afterburner/graphics-cards

Samsung DeX 2.4.0.29 doesn’t provide a changelog so should be treated as a security update.
https://www.samsung.com/us/apps/dex/

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.45.118 is a security update. Use Menu, Help, About to install the current version.
https://brave.com/

Google Chrome 107.0.5304.87 is a security update. Use Menu, Help, About to install the current version.
https://www.google.com/chrome/

Microsoft Edge 107.0.1418.35 is a security update. Use Menu, Help, About to install the current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 106.0.5 is a security update. Use Menu, Help, About to install the current version.
https://www.mozilla.org/en-US/firefox/new/

Vivaldi 5.5.2805.42 is a security update. Use Menu, Help, About to install the current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

ProtonMail (Android) 3.0.9 improves stability. This is not a security update.
https://proton.me/mail/download

Spark 3.1.0.38675 does not provide a changelog so should be treated as a security update.
https://sparkmailapp.com/

Spark (macOS) 3.1.0.38673 does not provide a changelog so should be treated as a security update.
https://sparkmailapp.com/

Thunderbird 102.4.2 is a security update. Use Menu, Help, About to install the current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.1.6 resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

curl 7.86.0 resolves almost 200 bugs. This is not a security update.
https://curl.haxx.se/windows/

Dropbox 160.4.4703 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 168.0.0.24.90 is a security update.
https://www.messenger.com/download

FileZilla Client 3.62.0 updates libraries. This is a security update.
https://filezilla-project.org/

Google Drive 66.0 resolves several bugs. This is not a security update.
https://drive.google.com/start

Google Earth 7.3.6 resolves several bugs and improves several features. This is not a security update.
https://earth.google.com/

Microsoft Teams 1.5.00.28361 adds transcription, e-signature integration, rich call history and music on hold. This is not a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 25.0.1 updates dependencies and resolves dozens of bugs. This is a security update.
https://nextcloud.com/

PuTTY 0.78 is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Qbox 4.0.5.32 doesn’t provide a changelog so should be treated as a security update.
https://www.coraltreetech.com/qbox

Rclone 1.60.0 adds three new backends, several new features and resolves dozens of bugs. This is a security update.
https://rclone.org/

Signal 5.63.0 doesn’t provide a detailed changelog so should be treated as a security update.
https://signal.org/download/windows/

Syncthing 1.22.1 resolves several bugs and improves reliability. This is not a security update.
https://syncthing.net/

Telegram 4.3.1 is a security update.
https://telegram.org/

Zoom 5.12.6.10137 adds a lot of new features and resolves over a dozen bugs. This is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 3.0.6 resolves several bugs. This is not a security update.
https://en.3tene.com/

Bitwig Studio 4.4.2 resolves several bugs. This is not a security update.
https://www.bitwig.com/download/

iTunes 12.12.5.8 adds support for newer iOS and iPad OS version. This is not a security update.
https://www.apple.com/itunes/download/

Plex Desktop 1.56.2.3345 doesn’t provide a changelog so should be treated as a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.28.3.3355 doesn’t provide a changelog so should be treated as a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.29.2.6364 resolves several bugs. This is a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

Epic Games 14.3.1 resolves several bugs. This is not a security update.
https://www.epicgames.com/

Lego Studio 2.22.10.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

Nintendo Switch 15.0.1 resolves several bugs. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

Steam 2022.10.18 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

SteamOS 3.3.2 resolves several bugs. This is not a security update.
https://store.steampowered.com/news/app/1675200/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Illustrator 27.0 and 26.5.1 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb22-56.html

Adobe Reader DC 22.003.20263 improves stability. This is not a security update.
https://get.adobe.com/reader

Calibre 6.8.0 resolves several bugs. This is not a security update.
https://calibre-ebook.com/

IcoFX 3.8.1 fixes jpg editor and removes shape editor. This is not a security update.
https://icofx.ro/

Krita 5.1.3 resolves dozens of bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

Kindle for PC 1.39.65323 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

LibreOffice 7.3.7 resolves over two dozen bugs. This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.6.1 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.4.7 resolves the “make my printer bleed” bug, as well as several other bugs. This is not a security update.
https://notepad-plus-plus.org/

Sage Timeslips 30.0.4.84 resolves several bugs. This is not a security update.
https://na.sage.com/Sage-Timeslips/Support

Security Software Updates

One or more of these is likely to be of interest to most people.

Chainsaw 2.2.0 resolves several bugs. This is not a security update.
https://github.com/countercept/chainsaw

HTTP Toolkit 1.12.0 doesn’t provide a changelog so should be treated as a security update.
https://httptoolkit.tech/

IISCrypto 3.3.17 adds TLS 1.3, new cipher suites, and updates templates. This is not a security update.
https://www.nartac.com/Products/IISCrypto/Download

MalwareBytes Anti-Malware 4.5.17 resolves several bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

OpenSSL (SLP) 3.0.7 is a security update.
https://slproweb.com/products/Win32OpenSSL.html

OpenSSL 1.1.1s is a security update.
https://www.openssl.org/source/

OpenSSL 3.0.7 is a security update.
https://www.openssl.org/source/

ProtonVPN 3.0.5 (macOS) is a security update.
https://protonvpn.com/download

ReactOS 0.4.14.31 resolves dozens of bugs. This is a security update.
https://reactos.org/

Tails 5.6 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.45.0 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Zorin OS 16.2 improves compatibility, updates libraries, upgrades LibreOffice, and resolves several bugs. This is a security update.
https://zorin.com/os/mirrors/

Capture Updates

These are unlikely to be of interest to most people.

Open Broadcaster Software 28.1.2 improves stability. This is not a security update.
https://obsproject.com/

SnagIt 23.0.1 resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/releases/snagit.msi

Converter Updates

These are unlikely to be of interest to most people.

PDF Creator 5.0.1 resolves several bugs. This is not a security update.
https://www.pdfforge.org/pdfcreator

StreamFab 6.0.0.1 resolves several bugs and improves stability. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

DVDFab 12.0.9.1 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.17 resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.9.8 resolves several bugs and adds many new features. This is a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.9.8 resolves several bugs and adds many new features. This is a security update.
https://1password.com/downloads/windows/

AOMEI Partition Assistant 9.12.0 adds support for moving BitLocker partitions, and resolves several bugs. This is not a security update.
https://www.diskpart.com/

Beyond Compare 4.4.4.27058 resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 2022.10.1 resolves several bugs. This is not a security update.
https://bitwarden.com/

CCleaner 6.05.10110 improves stability and resolves several bugs. This is not a security update.
https://www.ccleaner.com/

DesktopOK 10.44 improves tools. This is a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Etcher 1.8.15 updates libraries. This is a security update.
https://www.balena.io/etcher/

Fido 1.36 adds support for the latest build of Windows. This is not a security update.
https://github.com/pbatard/Fido/releases

Go 1.19.3 is a security update.
https://go.dev/

GoodSync 12.0.9 is a security update.
https://www.goodsync.com/

HWMonitor 1.47 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

IsMyHdOK 3.77 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

Kingston SSD Manager 1.5.2.5 doesn’t provide a changelog so should be treated as a security update.
https://www.kingston.com/us/support/technical/ssdmanager

Memtest86+ 6.00 is a new major version, with support for new hardware, and resolves many bugs. This is not a security update.
https://www.memtest.org/

NetworkInterfacesView 1.25 adds enable/disable option and registry key details. This is not a security update.
https://www.nirsoft.net/utils/network_interfaces.html

NetworkTrafficView 2.42 improves high-DPI mode. This is not a security update.
https://www.nirsoft.net/utils/network_traffic_view.html

NTLite 2.3.8.8978 improves compatibility. This is not a security update.
https://www.ntlite.com/download/

PowerToys 0.64.1 resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

ProcessMonitor 3.92 adds an option to set the filter driver altitude from the command line. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

Process Explorer 17.01 adds dark theme, multipane support, startup improvements and resolves several bugs. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

RoboForm 9.3.7 adds the ability to install updates without killing all the browsers and resolves several bugs. Be aware that this causes many browser extensions to fail until they’re reinstalled. This is not a security update.
https://www.roboform.com/

ScreenConnect 22.9.10231 adds several new controls and security improvements. This is a security update.
https://www.connectwise.com/software/control/download

Sysmon 14.11 resolves a stability bug. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TeamViewer 15.35.7 doesn’t have a changelog so should be treated as a security update.
https://www.teamviewer.com/en-us/download/windows/

Unity 2022.1.21 resolves several bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

Windows 10 Upgrade 22H2 is a system update. This installs the latest build of Windows 10.
https://www.microsoft.com/en-us/software-download/windows10

WinAudit 3.4.3 resolves DNS bug. This is not a security update.
http://www.parmavex.co.uk/winaudit.html

WizTree 4.11 adds a Today filter, now supports quoting in filters, and resolves a couple bugs. This is not a security update.
https://www.diskanalyzer.com/

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.35.00 resolves several bugs and backports several features. This is not a security update.
https://www.autohotkey.com/download/

Docker Desktop 4.13.1 improves compatibility, upgrades libraries and resolves several bugs. This is a security update.
https://www.docker.com/products/docker-desktop

GitHub Desktop 3.1.2 updates embedded engine. This is not a security update.
https://desktop.github.com/

Node.js 14.21.1 is a security update.
https://nodejs.org/en/

Node.js 16.18.1 is a security update.
https://nodejs.org/en/

Node.js 18.12.1 is a security update.
https://nodejs.org/en/

Node.js 19.0.1 is a security update.
https://nodejs.org/en/

Visual Studio Code 1.73 adds include/exclude folders to search, shortcuts to Command Center, merge editor improvements and several other fixes. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 7.0.2 resolves several bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Joomla 4.2.5 is a security update.
https://www.joomla.org/

phpList 3.6.10 resolves several bugs. This is not a security update.
https://www.phplist.org/

Piwigo 13.1.0 resolves several bugs. This is a security update.
https://piwigo.org/

WordPress 6.1 adds a new default theme, new templates, improved design controls, menu editing, and resolves several bugs. This is not a security update.
https://wordpress.org/

Autoptimize 3.1.3 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

BuddyPress 10.6.0 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/buddypress/

Contact Form 7 5.6.4 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Idea Publisher 1.0.6 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/idea-publisher/

NextScripts Social Networks Auto-Poster 4.4.2 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/social-networks-auto-poster-facebook-twitter-g/

Redirection 5.3.5 resolves a language bug. This is not a security update.
https://wordpress.org/extend/plugins/redirection/

W3 Total Cache 2.2.7 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 7.0.1 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WPBakery 6.10.0 resolves over a dozen bugs. This is not a security update.
https://wpbakery.com/

WP Plugin Update Checker 5.0 switches from classes to namespaces, adds VCS controls, and resolves several bugs. This is not a security update.
https://github.com/YahnisElsts/plugin-update-checker/releases/latest

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2022-06-14

Welcome back, Folks!

Today is Patch Tuesday for June, 2022. It’s the biggest update series in well over a year.

This Month in Technology

AA Traveller, Acuity International’s Comprehensive Health Services, Adecco, Aesto Health, Aimware, Alameda Health System, Allaire Healthcare Group, Allwell Behavioral Health Services, Amart Furniture, Aon PLC, Apple iPhones (even when off), Apple M1 CPUs, Apple Watches, Arnprior Regional Health, Associated Ophthalmologists of Kansas City, P.C., Atlassian Confluence Server and Data Center, AU Health, Bangladesh government, Bank of Zambia, Behavioral Health Partners of Metrowest, LLC, BJC Health System, BlackBerry Fans, Bored Ape Yacht Club, Bryan County Ambulance Authority, Burman & Zuckerbrod Ophthalmology Associates, P.C., Capital One, Capsule, Carinthia, Austria, Central Florida Inpatient Medicine, Chicago Public Schools, CHRISTUS Health, Cisco IOS, Comstar LLC, Costa Rican Social Security Fund, Cypress Healthcare, LLC, Dis-Chem, DivX SubTitles, East Tennessee Children’s Hospital, Fanpass, Finkelstein Eye Associates, Fishman Vision, Football World Cup 2022 qualifier between Wales and Ukraine, Foxconn, Fred Hutchinson Cancer Center, General Motors, Genetics & IVF Institute, GitHub, GitLab, Greenland’s healthcare services, Healthcare Assistance Plan for Employees of Seventh-day Adventist Organization of the North American Division, Heidell, Pittoni, Murphy & Bach, LLP, Heroku, Homestead Hospice & Palliative Care, HP BIOS, 70 Indian government websites, John Knox Village of Florida, Kaiser Foundation Health Plan of Washington, Kaiser Permanente, Kiddos’ Clubhouse, Mandiant, McCoy Vision Center, McKenzie Health System, Memorial Community Health, Inc., MGM Resorts, Microsoft Teams, Mindpath Care Centers, North Carolina, PLLC, Mississippi Sports Medicine and Orthopaedic Center, Moyes Eye Center, PC, Nikkei, NLB Corporation, North Alabama Bone & Joint Clinic, P.C., North Lakes Pain Consultants, Northern Rockies Orthopaedics, Novartis, NuLife Med, LLC, Numrich Gun Parts, OE Enterprises, Inc, OGUsers, Oklahoma City Indian Clinic, Omnicell, Orangeburg Eye Center, Oswego County Opportunities, Inc, Otherside Metaverse, Palermo, Italy, Paragon Cheats, Parker-Hannifin Corporation, Partnership HealthPlan of California, PayHere, Pegasus Airlines, Platinum Hospitalists LLP, Preen.Me, QNAP NAS, Quantum Imaging & Therapeutic Associates, Quincy, Illinois, Rainier Arms, ReadNovel, RiverKids Pediatric Home Health, Russian Ministry of Construction, Housing and Utilities, Sberbank, Scarborough Health Network, Schneck Medical Center, Screencastify, Shaker Heights City School District in Ohio, Shields Health Care Group, Shoreline Eye Group, SirHurt, SonicWall Secure Mobile Access (SMA) 1000 Series, South Australia’s Treasury, SpiceJet, Stevens & Lee, Summit Healthcare Association, Sylvester Eye Care, Telegraph, Tesla Model 3, Tesla Model Y, Texas Department of Insurance, Texas Department of Transportation, The Multiple Sclerosis Center of Atlanta, Travis-CI, Trend Micro, U.S. Drug Enforcement Administration (DEA), University of Chicago Medical Center, Val Verde Regional Medical Center, Versus Market, Viasat, Virginia Mason Medical Center, Wagner Heights Nursing and Rehabilitation Center, Washington University School of Medicine, Wendy’s, and Windows 11 have reportedly been hacked or compromised this month.

Netgear broke the Orbi firmware. I’ve been warning about the privacy risks of Wi-Fi for years. It’s finally going mainstream. A pirated version of CCleaner is yet again being used to hijack user accounts.

Apple allowed 1.6 million malicious apps onto the Apple AppStore, then later removed them.

The next time someone uses the argument that “how is a web-based business supposed to stay alive without ads” to decry your use of an ad blocker, send them this link about how third-party trackers (like the ones used in Google and DuckDuckGo) are collecting everything you type.

Now for the good news:

Intuit has finally acknowledged they’re being used to send phishing messages. They’re not going to put an end to it, but they finally have admitted that it’s a widespread source of phishing emails.

Oh, and the UK has declared that defensive attacks” are legal.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates to address 62
vulnerabilities in .NET Framework, AV1 Video Extension, Azure OMI, Azure RTOS, Azure Service Fabric Container, HEVC Video Extensions, Microsoft Endpoint Configuration Manager, Microsoft File Server, Microsoft Office, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Photos App, Microsoft SharePoint Server, Microsoft SQL Server, Microsoft Windows ALPC, Microsoft Windows Codecs Library, Microsoft Windows Support Diagnostic Tool (MSDT), Remote Volume Shadow Copy Service (RVSS), Visual Studio, Windows App Store, Windows Autopilot, Windows Container Isolation FS Filter Driver, Windows Container Manager Service, Windows DCOM Server, Windows Defender, Windows Encrypting File System (EFS), Windows File History Service, Windows Hyper-V, Windows Installer, Windows iSCSI, Windows Kerberos, Windows Kernel, Windows LDAP, Windows Media, Windows Media Center, Windows Network Address Translation, Windows Network File System, Windows PowerShell, Windows SMB, Windows WinSock, and MSRT (~2.5 GB). This includes security updates. A reboot is required.

Apple released updates for iOS 15.5, iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.7, Security Update 2022-004 Catalina, watchOS 8.6, tvOS 15.5.1, Safari 15.5, Xcode 13.4, and iTunes 12.12.4. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 15.5 is a security update. Use Settings, General, Software Update to install the most current update.

iPadOS 15.5 is a security update. Use Settings, General, Software Update to install the most current update.

tvOS 15.5.1 is a security update. Use System, Software Update to install the most current version.

watchOS 8.6 are security updatess. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 101.0.4951.72 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Garmin Express 7.13.1 doesn’t provide a changelog so should be treated as a security update.
https://www.garmin.com/en-US/software/express/

Nvidia Driver 473.62 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.39.111 is a security update.
https://brave.com/

Google Chrome 102.0.5005.115 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 102.0.1245.41 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 101.0.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 91.10.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

Iridium 2022.04.100 is a security update. Use Menu, Help, About to install the most current version.
https://iridiumbrowser.de/

Vivaldi 5.3.2679.55 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 91.10.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.0.10 resolves an error reporting bug. This is not a security update.
https://anydesk.com/en/downloads

curl 7.83.1 resolves dozens of bugs. This is not a security update.
https://curl.haxx.se/windows/

DNSDataView 1.65 adds a new command-line parameter. This is not a security update.
https://www.nirsoft.net/utils/dns_records_viewer.html

Dropbox 150.4.5000 resolves several bugs. This is not a security update. (btw, thank you Dropbox for finally releasing a changelog!)
https://www.dropbox.com/

FileZilla Client 3.60.1 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.21 adds volume GUID support, case conflicts, and resolves several bugs. This is a security update.
https://www.freefilesync.org/download.php

Google Drive 59.0 adds support for client-side encryption, system-level search shortcuts, and resolves several bugs. This is not a security update.
https://drive.google.com/start

Nextcloud Server 24.0.1 resolves several bugs. This is not a security update.
https://nextcloud.com/

Prosody 0.12.1 adds CORS controls and resolves several bugs. This is not a security update.
https://prosody.im/download/start

PuTTY 0.77 is a major update adding several new features, networking and security features, and resolves many bugs. This should be treated as a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Signal 5.45.1 improves language leveling and data sync. This is not a security update.
https://signal.org/download/windows/

Skype 8.83.0.408 resolves several bugs. This is not a security update.
https://www.skype.com/

Syncthing 1.20.2 resolves several bugs. This is not a security update.
https://syncthing.net/

Technitium DNS Server 8.1.3 resolves several bugs. This is not a security update.
https://technitium.com/dns/

Trillian 6.5.0.20 resolves several bugs. This is not a security update.
https://www.trillian.im/

Trillian Mac 6.5.0.14 resolves dozens of bugs. This is not a security update.
https://www.trillian.im/

TrueNAS Core 13.0 resolves dozens of bugs. This is a security update.
https://www.truenas.com/download-truenas-core/

Wget2 2.0.1 is a security update.
https://gitlab.com/gnuwget/wget2/-/releases

Zoom 5.10.7.6120 adds Zoom Whiteboard sharing and resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.12.4.1 is a security update.
https://www.apple.com/itunes/download/

Picard 2.8.1 updates libraries and resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

Plex Desktop 1.46.1.3056 improves compatibility and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.18.0.3023 improves compatibility and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.27.0.5897 resolves several bugs and improves stability. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

Epic Games 14.0.12 resolves several bugs. This is not a security update.
https://www.epicgames.com/

GameMaker Studio 2022.5.1.16 updates runtime. This is not a security update.
https://www.yoyogames.com/en/gamemaker

Nintendo Switch 14.1.2 improves stability. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

PlayStation PS5 22.01-05.10.00 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2022.05.31 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

Calibre 5.43.0 resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Inkscape 1.2 adds pages, markers and dashes, more gradient controls, performance improvements and resolves several bugs. This is not a security update.
https://inkscape.org/release/

LibreOffice Fresh 7.3.4 resolves over 80 bugs. This is not a security update. Remember that the Fresh line is beta software and should be avoided by most users.
https://www.libreoffice.org/

LibreOffice 7.2.7 resolves almost 50 bugs. This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.5.1 resolves 20 bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.4.2 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 4.3.11 improves dark theme and updates plugins. This is not a security update.
https://www.getpaint.net/

PDF Candy Desktop 2.93 doesn’t provide a changelog so should be treated as a security update.
https://pdfcandy.com/

Adobe Animate 21.0.11 and 22.0.6 are security updates.
https://helpx.adobe.com/security/products/animate/apsb22-24.html

Adobe Bridge 12.0.2 is a security update.
https://helpx.adobe.com/security/products/bridge/apsb22-25.html

Adobe Illustrator 26.3.1 and 25.4.6 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb22-26.html

Adobe InCopy 17.3 and 16.4.2 are security updates.
https://helpx.adobe.com/security/products/incopy/apsb22-29.html

Adobe InDesign 17.3 and 16.4.2 are security updates.
https://helpx.adobe.com/security/products/indesign/apsb22-30.html

RoboHelp Server 11.3 is a security update.
https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html

Security Software Updates

One or more of these is likely to be of interest to most people.

RogueKiller 15.5.3 is a security update.
https://www.adlice.com/download/roguekiller/

Tails 5.1 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.43.0 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.7.4 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.8 resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.9.5 is a security update.
https://1password.com/downloads/mac/

AccessChk 6.15 resolves a crash bug. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk

Agent Ransack 2022.3326 resolves several bugs and dds support for new policies and file types. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

AOMEI Partition Assistant 9.8.0 improves compatibility. This is not a security update.
https://www.diskpart.com/

Bitwarden 2022.5.1 resolves several bugs and improves integration and compatibility. This is not a security update.
https://bitwarden.com/

Cygwin 3.3.5 resolves several bugs. This is not a security update.
https://cygwin.com/

DesktopOK 9.91 adds system-wide dark theme controls. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 3.0.64.0 resolves several bugs, improves performance and reliability. This is not a security update.
https://dngrep.github.io/

Everything 1.4.1.1017 updates localizations and resolves a search history bug. This is not a security update.
https://www.voidtools.com/

Fido 1.29 adds UEFI Shell 2.2 support. This is not a security update.
https://github.com/pbatard/Fido/releases

FileLocator Pro 2022.3326 resolves several bugs and dds support for new policies and file types. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Go 1.18.3 is a security update.
https://go.dev/

GoodSync 11.11.2 is a security update.
https://www.goodsync.com/

NTLite 2.3.6.8785 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSFMount 3.1.1001 improves command-line verbosity and error reporting. This is not a security update.
https://www.osforensics.com/tools/mount-disk-images.html

osquery 5.3.0 resolves several bugs. This is not a security update.
https://osquery.io/downloads

PowerToys 0.59.0 resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

RAMMap 1.61 improves compatibility. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/rammap

ScreenConnect 22.5.7881.8171 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SmartMonTools 7.3 resolves several bugs and improves compatibility. This is not a security update.
https://smartmontools.org/

Sysmon 13.34 resolves several bugs. This should be treated as a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TaskSchedulerView 1.71 adds a new switch to control column display and export. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TeamViewer 15.30.3 improves user interface and resolves a send-to bug. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

TraceRouteOK 3.01 improves internal networking. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

Unity 2022.1.4 improves performance and resolves several bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

USBDeview 3.05 adds WCID column. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

WinScan2PDF 7.81 improves multi-monitor support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.34.03 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

Android Studio 2021.2.1.15 resolves several bugs. This is not a security update.
https://developer.android.com/studio

GitHub Desktop 3.0.2 resolves several bugs. This is not a security update.
https://desktop.github.com/

Node.js 14.19.3 updates OpenSSL. This is not a security update.
https://nodejs.org/en/

Node.js 16.15.1 updates OpenSSL. This is not a security update.
https://nodejs.org/en/

Node.js 17.9.1 is a security update.
https://nodejs.org/en/

Node.js 18.3.0 is a security update.
https://nodejs.org/en/

Visual Studio Code 1.68.0 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 9.2.21 is a security update.
https://drupal.org/download

Drupal 9.3.15 resolves several bugs. This is not a security update.
https://drupal.org/download

HumHub 1.11.2 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 4.1.4 resolves several bugs. This is not a security update.
https://www.joomla.org/

OpenCart 4.0.0.0 is major update adding many new features and libraries. This is not a security update.
https://www.opencart.com/

phpList 3.6.8 resolves several bugs. This is not a security update.
https://www.phplist.org/

phpMyAdmin 5.2.0 updates libraries and resolves several bugs. This is not a security update.
https://www.phpmyadmin.net/

YOURLS 1.9.1 updates libraries and resolves several bugs. This is not a security update.
https://yourls.org/

WordPress 6.0 is a major update adding several new features, including block locking, performance, accessibility and new design tools. This is not a security update.
https://wordpress.org/

Akismet 4.2.4 only updates documentation. This is not a security update.
https://wordpress.org/extend/plugins/akismet/

BuddyPress 10.3.0 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/buddypress/

Contact Form 7 5.5.6.1 resolves Constant Contact API changes and improves compatibility. This should be treated as a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Social Post Feed 4.1.4 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

Duplicator 1.4.6 resolves several bugs. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

myStickymenu 2.5.9 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/

Slider Revolution 6.5.24 resolves several bugs. This is not a security update.
https://revolution.themepunch.com/

Sucuri Security 1.8.31 resolves a path bug. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

Theme My Login 7.1.5 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/theme-my-login/

WooCommerce 6.5.1 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/