Updates 2023-02-14

Happy Valentine’s Day, Folks!

Today is Patch Tuesday for February, 2023.

There are a whopping 150+ major hacks and 200+ application updates this month. It’s a big one, with about 6 GB of updates for most users. Microsoft is also pushing out Windows 22H2 (Win10 and Win11) for all supported devices. If you’re not already on the latest builds, expect to be “upgraded” automatically in the coming days.

This Month in Technology

1020 South Main Street Operations LLC, 1st Franklin Financial Corporation Master Welfare Benefit Plan, 225 Evergreen Road Operations LLC, 90 Degree Benefits, Inc., A10 Networks, Aflac, Alkomprar Technology, AmerisourceBergen, an unnamed medical research company, Arizona Health Advantage, Inc., Arnold Clark, Aspire Surgical, Atlassian’s Jira Service Management Server and Data Center, Audifarma, Autotrader, Bahrain’s international airport, Benefit Administrative Systems, LLC, BonqDAO, Brazilian Government, British PM Stewart McDonald, Cacti, Cardiovascular Associates, Casa Ley, Cedar Oaks Surgery Center, Centro Médico Virgen De La Caridad, CircleCi, Cisco IOx, City Council of Durango, City of London, City of Oakland, Community Health Systems, CommuteAir – exposing the TSA no-fly list, Control Web Panel, Costa Rica’s Ministry of Public Works and Transport, Court of Justice of the State of Pará, Datadog, Diligent Corp, DNV (impacting over 1000 ships worldwide), DotHouse Health Incorporated, DPP II, LLC, Dr. Keith Rundle & Dr. Herman Rundle, Edmonds School District, Eurostar, Exclu, FortiOS SSL-VPN, General Treasury of the Republic of Chile, Git, GitHub Atom, GitHub Desktop, GoAnywhere MFT, 130 organizations using GoAnywhere, Google Fi, GoTo, Grand Theft Auto (GTA) Online, Harmony Horizon, Health Plan of San Mateo, Heritage Provider Network, Hive, Home Care Providers of Texas, Howard Memorial Hospital, Indigo Books & Music, Instituto Federal Do Pará, Intelligent Business Solutions, ION Group, iOS, IT Servicios, Italy, Jackson & Joyce Family Dentistry, JD Sports, Jefferson County Health Center, KeePass, KomplettFritid, Kroger, LastPass, League of Legends, LearnPress, Lexmark firmware, LimeVPN, Liquor Control Board of Ontario, Los Angeles Unified School District, Luaces Asesores, Lutheran Social Services of Illinois, macOS, MailChimp, Maternal and Family Health Services, Microsoft-Verified OAuth Apps, a Midwest specialty medical care clinic, Mindpath Health, Minuteman Senior Services, MKS Instruments, Morgan Hill Unified School District, multiple federal civilian executive branch (FCEB) agenciesNamecheap, Nantucket, Massachusetts, Nissan North America, Norton LifeLock (including their password manager), ODIN Intelligence, One Brooklyn Health System, Packman anti-cheat software, PayPal, Pennsburg Manor, PeopleConnect (TruthFinder and Instant Checkmate), Pepsi, Pharma Gestao, Pitt Meadows School District 42, Planet Ice, Politriz, Puma, QNAP NAS, Qualys, Quintana Roo Attorney General’s Office, Qulliq Energy Corporation, Reddit, Regal Medical Group, Rise Interactive Media & Analytics, LLC, Rostelecom, Royal Mail, Rundle Eye Care, Samsung Galaxy App Store, San Francisco Transit Police, Seguros Equinoccial S.A, Sharp HealthCare, Shell, Sistema Integral De Control Alimentario, Skyview Networks, Solaris, Southeast Colorado Hospital District, St. Rose Hospital, Stanford Medicine, Stroke Scan Inc, T-Mobile, Tallahassee Memorial HealthCare, Technion – Israel Institute of Technology, Teijin Automotive Technologies Welfare Plan, The Guardian, Ticketmaster, Toyota’s GSPIMS, Tucson, Arizona, Ukrainian Computer Emergency Response Team, Ukrinform, University of California, University of Colorado Hospital Authority, University of Colorado, University of Duisburg-Essen, University of Maryland Baltimore, University of Miami, UScellular, VMware OpenSLP, VMware vRealize Log Insight, Weee!, Yum! Brands, Zacks Investment Research, and Zurich have reportedly been hacked or compromised this month.

Most federal agencies ignore the GAO cybersecurity recommendations.

Bankdata, Bermuda, The FAA’s NOTAM, Instagram, Microsoft 365, Microsoft Outlook, Tor, Twitter, Verizon, YouTube, and Zelle suffered from significant outages.

Cloudflare managed to prevent an insane 71 million requests per second attack.

Last months updates broke the Windows Start menu, Windows 10 (if a 365 trial was active), and almost 300 MSI motherboard models.

A whopping 12% (minimum) of online stores expose private data or backups. A new strain of point-of-sale malware prevents contactless payments in order to ensure that the skimmer operates unhindered.

Now for the good news:

Impossible Foods are being hit with patent problems across the globe. Hopefully this will lead to a financial incentive to grow real foods again.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly
6 GB in updates today. Let’s get started.

Like it or not, Windows 10 and Windows 11 versions 22H2 are now being pushed out onto all supported devices, so expect it to be installed in the coming days.

Microsoft released updates to address 72 vulnerabilities in .NET and Visual Studio, .NET Framework, 3D Builder, Azure App Service, Azure Data Box Gateway, Azure DevOps, Azure Machine Learning, HoloLens, Internet Storage Name Service, Microsoft Defender for Endpoint, Microsoft Defender for IoT, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office OneNote, Microsoft Office Publisher, Microsoft Office SharePoint, Microsoft Office Word, Microsoft PostScript Printer Driver, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows Codecs Library, Power BI, SQL Server, Visual Studio, Windows Active Directory, Windows ALPC, Windows Common Log File System Driver, Windows Cryptographic Services, Windows Distributed File System (DFS), Windows Fax and Scan Service, Windows HTTP.sys, Windows Installer, Windows iSCSI, Windows Kerberos, Windows MSHTML Platform, Windows ODBC Driver, Windows Protected EAP (PEAP), Windows SChannel, Windows Win32K, and MSRT (~2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Big Sur 11.7.3, macOS Monterey 12.6.3, macOS Ventura 13.2.1, iOS 12.5.7, iOS 15.7.3, iOS 16.3.1, iPadOS 15.7.3, iPadOS 16.3.1, Safari 16.3.1, tvOS 16.3.2 and watchOS 9.3.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 12.5.7, 15.7.3, and 16.3.1 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 15.7.3 and 16.3.1 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 9.3.1 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 16.3.2 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 109.0.5414.125 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

elementary OS 7.0 is a new major version of elementary OS improving app management, controls, defaults, and many other bug fixes. This is not a security update.
https://elementary.io/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Ventura (13.x) means that macOS Catalina (10.15) and older are no longer supported. If you can not install at least macOS Big Sur (11) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.6.0 updates installer, adds option to update driver source to default, and improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DS4Windows 3.2.8 resolves over a dozen bugs. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Garmin Express 7.16.1 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.garmin.com/en-US/software/express/

JACK2 1.9.22 improves compatibility, removes example tools, updates dependencies, and resolves a couple bugs. This is a security update.
https://jackaudio.org/downloads/

NVcleanstall 1.15.1 resolves several bugs. This is not a security update.
https://www.techpowerup.com/download/techpowerup-nvcleanstall/

Drivers by Seagull 2023.1 adds support for over 200 new printer models from 20 vendors, RFID unique serial numbers (TID), and updates the license.
https://www.seagullscientific.com/support/downloads/drivers/

Wacom Driver 6.4.1-3 resolves several bugs. This is not a security update.
https://www.wacom.com/en-us/support/product-support/drivers

Xerox Smart Start 1.8.10.0 doesn’t provide a changelog so should be treated as a security update.
https://www.support.xerox.com/en-us/content/143617

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.48.158 is a security update.
https://brave.com/

Google Chrome 110.0.5481.100 is a security update.
https://www.google.com/chrome/

Microsoft Edge 110.0.1587.41 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 110.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/

SeaMonkey 2.53.15 is a security update.
https://www.seamonkey-project.org/

Vivaldi 5.6.2867.62 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

ProtonMail (Android) 3.0.11 improves stability. This is not a security update.
https://proton.me/mail/download

Spark 3.3.3.42970 improves stability. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.3.3.42968 improves stability. This is not a security update.
https://sparkmailapp.com/

Thunderbird 102.7.2 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.1.8 resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

AnyDesk (macOS) 7.0.1 resolves several bugs. This is a security update.
https://anydesk.com/en/downloads

BrowsingHistoryView 2.54 adds whitespace around the QR codes. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

Dropbox 167.4.4719 resolves several bugs and improves performance. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 176.0.0.12.101 is a security update.
https://www.messenger.com/download

FileZilla Client 3.63.1 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FileZilla Server 1.6.6 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 12.0 is a major update and adds several new security profiles, improves timeouts, and resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 71.0 resolves several bugs. This is not a security update.
https://drive.google.com/start

IPInfoOffline 1.61 resolves a crash bug. This is not a security update.
https://www.nirsoft.net/utils/ip_country_info_offline.html

Java 8u361 is a security update.
https://www.java.com/en/download/manual.jsp

Microsoft Teams 1.6.00.376 adds several new features. This is not a security update.
https://teams.microsoft.com/downloads

Nextcloud Server 25.0.3 is a security update.
https://nextcloud.com/

Omada Software Controller 5.8.4 adds global view, mapping, and adds several other features. This is not a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Pocketnet-GUI 0.8.39 adds P2P audio and video calls, improved GUI confirmations, and resolves over a dozen bugs. This is not a security update.
https://pocketnet.app/

Signal 6.5.1 resolves a crash bug. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 6.10.9 improves display of activity. This is not a security update.
https://signal.org/android/apk/

Skype 8.93.0.404 improves translator, color schemes, and resolves several bugs. This is not a security update.
https://www.skype.com/

Syncthing 1.23.1 resolves an upgrade bug. This is not a security update.
https://syncthing.net/

Telegram 4.6.2 resolves several bugs. This is not a security update.
https://telegram.org/

Telegram (Android) 9.4.0 doesn’t provide a changelog so should be treated as a security update.
https://telegram.org/apps

WinSCP 5.21.7 updates Batch Rename extension and resolves a settings change bug. This is not a security update.
https://winscp.net/eng/index.php

Zoom 5.13.7.12602 resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

BasicSR 1.4.2 adds torch and resolves several bugs. This is not a security update.
https://github.com/XPixelGroup/BasicSR/releases/latest

Kodi 20.0 implements over 500 changes. This is a security update.
https://kodi.tv/

Plex Desktop 1.63.3.3523 resolves audio passthrough. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.33.2.3525 resolves audio passthrough. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.31.0.6654 improves season and episode detection, end credit marker detection, scanner, and resolves over a dozen bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Real-ESRGAN-ncnn-vulkan 0.2.0 is a security update.
https://github.com/xinntao/Real-ESRGAN-ncnn-vulkan/releases/latest

TuneIn 1.26.0 doesn’t provide a changelog so should be treated as a security update.
https://tunein.com/radio/home/

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2023.1.0.58 improves installation experience, performance and image editing. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.1.157 adds new objects, improves GDevelop banner behavior, asynchronous objects, updates libraries and extensions. This is not a security update.
https://gdevelop.io/download

Lego Studio 2.23.1.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

Playstation PS5 22.02-06.50.00 adds support for the DualSense Edge wireless controller and improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2023.02.10 resolves dozens of bugs. This should be treated as a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 22.003.20314 resolves several bugs. This is not a security update.
https://get.adobe.com/reader

Adobe After Effects 23.2 and 22.6.4 are security updates.
https://helpx.adobe.com/security/products/after_effects/apsb23-02.html

Adobe Connect 11.4.6 and 12.2 are security updates.
https://helpx.adobe.com/security/products/connect/apsb23-05.html

Adobe FrameMaker 2020.5 and 2022.1 are security updates.
https://helpx.adobe.com/security/products/framemaker/apsb23-06.html

Adobe Bridge 12.0.4 and 13.0.2 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb23-09.html

Adobe Photoshop 23.5.4 and 24.1.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb23-11.html

Adobe InDesign 18.2 and 17.4.1 are security updates.
https://helpx.adobe.com/security/products/indesign/apsb23-12.html

Adobe Premiere Rush 2.7 is a security update.
https://helpx.adobe.com/security/products/premiere_rush/apsb23-14.html

Adobe Animate 22.0.9 and 23.0.1 are security updates.
https://helpx.adobe.com/security/products/animate/apsb23-15.html

Adobe Substance 3D Stager 2.0.0 is a security update.
https://helpx.adobe.com/security/products/substance3d_stager/apsb23-16.html

Audacity 3.2.4 resolves a functional bug. This is not a security update.
https://www.audacityteam.org/download/

LibreOffice 7.4.5 resolves a stability bug. This is not a security update.
https://www.libreoffice.org/

LibreOffice Fresh 7.5.0 resolves over 250 bugs. This is a security update. Be aware that the Fresh line is beta software and should be avoided in favor of the Still line above.
https://www.libreoffice.org/

Nextcloud Desktop 3.7.3 resolves dozens of bugs. This is a security update.
https://nextcloud.com/

Notepad++ 8.4.9 resolves over a dozen bugs. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 5.0.1 is a major update to Paint.net, adds several features, and resolves several bugs. This is not a security update.
https://www.getpaint.net/

Calibre 6.12.0 adds read-aloud, updates libraries, and resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Kindle for PC 1.40.65415 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

Security Software Updates

One or more of these is likely to be of interest to most people.

Chainsaw 2.3.1 resolves a panic bug. This is not a security update.
https://github.com/countercept/chainsaw

DNSQuerySniffer 1.91 resolves stability bug. This is not a security update.
https://www.nirsoft.net/utils/dns_query_sniffer.html

HTTP Toolkit 1.12.3 doesn’t provide a changelog so should be treated as a security update.
https://httptoolkit.tech/

KeePass 2.53.1 resolves several bugs. This is not a security update.
https://keepass.info/

MalwareBytes Anti-Malware 4.5.22 resolves several bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

MalwareBytes Anti-Malware Mac 4.18.11 resolves a couple bugs and removes the built-in browser. This is a security update.
https://www.malwarebytes.com/mac/

OpenSSL 1.1.1t is a security update.
https://www.openssl.org/source/

OpenSSL 3.0.8 is a security update.
https://slproweb.com/products/Win32OpenSSL.html

ProtonVPN (macOS) 3.0.13 resolves several bugs. This is not a security update.
https://protonvpn.com/download

RogueKiller 15.8.0 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Tails 5.9 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.47.0 resolves several bugs and improves performance. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

Camtasia 22.5.0 adds several new transitions, improved recorder, and several other tools. This is not a security update.
https://www.techsmith.com/video-editor.html

Open Broadcaster Software 29.0.2 resolves several bugs. This is not a security update.
https://obsproject.com/

ScreenToGif 2.37.2 adds translations. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 23.0.3 resolves a couple bugs. This is not a security update.
https://www.techsmith.com/screen-capture.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.9.9 adds support for new encodings, improves compatibility and resolves a couple bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

HandBrake 1.6.1 resolves several bugs. This is not a security update.
https://handbrake.fr/

iMazing HEIC Converter 2.0.5 doesn’t provide a changelog so should be treated as a security update.
https://imazing.com/heic

MakeMKV 1.17.3 adds support for new encodings and improves reliability. This is not a security update.
https://www.makemkv.com/download/

StreamFab 6.1.0.7 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

UniFab 1.0.1.2 resolves a couple bugs and adds support to merge. This is not a security update.
https://www.dvdfab.cn/unifab.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.20 improves performance and resolves several bugs. This is a security update.
https://www.zotero.org/

Zotero (macOS) 6.0.21 resolves several bugs. This is a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.9.15 improves compatibility. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.9.14 adds support to import directly from LastPass. This is not a security update.
https://1password.com/downloads/windows/

8GadgetPack 36.0 updates outdated gadgets. This is not a security update.
https://8gadgetpack.net/

Agent Ransack 2022.3366 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

Beyond Compare 4.4.5.27371 improves performance and resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 2023.1.1 resolves several bugs. This is not a security update.
https://bitwarden.com/

CCleaner 6.09.10300 resolves several bugs. This is not a security update.
https://www.ccleaner.com/

CPU-Z Installer 2.04 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

CurrPorts 2.66 improves stability. This is not a security update.
https://www.nirsoft.net/utils/cports.html

Cygwin 3.4.6 improves compatibility and stability. This should be treated as a security update.
https://cygwin.com/

Dell Command Update 4.8.0 improves BIOS update, self-update, and toast behaviors. This is a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

DesktopOK 10.66 improves auto save icons feature. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Etcher 1.14.3 improves compatibility and resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Everything Toolbar 1.0.2 improves performance, reliability and cosmetics. This is a security update.
https://github.com/stnkl/EverythingToolbar/

Fido 1.43 adds BITS transfer support. This is not a security update.
https://github.com/pbatard/Fido/releases

FileLocator Pro 2022.3366 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Git SCM 2.39.1 is a security update.
https://git-scm.com/

Go 1.20.1 updates the toolchain and improves performance. This is a security update.
https://go.dev/

GoodSync 12.1.7 resolves several bugs and improves compatibility. This is not a security update.
https://www.goodsync.com/

grepWin 2.0.13 adds ability to copy column content, and resolves a couple bugs. This is not a security update.
https://github.com/stefankueng/grepWin/releases/latest

HWMonitor 1.49 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

Memtest86+ 6.10 adds support for Secure Boot signing, headless EFI, various command line options, new hardware and resolves several bugs. This should be treated as a security update.
https://www.memtest.org/

NetworkTrafficView 2.43 improves stability. This is not a security update.
https://www.nirsoft.net/utils/network_traffic_view.html

NTLite 2.3.9.9039 updates components and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSForensics 10.0.1007 improves case management, VM reporting, and resolves dozens of bugs. This is not a security update.
https://www.osforensics.com/download.html

AOMEI Partition Assistant 9.14.0 improves safety of move/resize, resolves several bugs, and improves reliability. This is not a security update.
https://www.diskpart.com/

PointerStick 6.22 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.67.1 improves stability. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

PSAppDeploy 3.9.2 resolves several bugs. This is a security update.
https://psappdeploytoolkit.com/

ScreenConnect 23.1.1.8423 improves compatibility, adds several cosmetic changes, and resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SearchMyFiles 3.23 resolves a couple bugs. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

Sysmon 14.14 resolves a timeout detected deleted files. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TeamViewer 15.38.3 resolves a file resume bug. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

Unified Remote Server 3.13.0.2501 doesn’t provide a changelog so should be treated as a security update.
https://www.unifiedremote.com/

Unity 2022.2.6 resolves several bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

Ventoy 1.0.88 resolves several bugs and improves compatibility. This is not a security update.
https://www.ventoy.net/en/index.html

WhyNotWin11 2.5.0.4 updates hardware compatibility lists. This is not a security update.
https://github.com/rcmaehl/WhyNotWin11

WinGet 1.4.10173 resolves over a hundred bugs and improves stability. This is a security update.
https://github.com/microsoft/winget-cli/releases/latest

WinRAR 6.20 resolves over 20 bugs. This is not a security update.
https://www.rarlab.com/

ZoomIt 6.12 resolves a cosmetic artifact bug when zooming. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/zoomit

Developer Updates

These are unlikely to be of interest to most people.

ADB 34.0.0 resolves several bugs. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Android Studio 2022.1.1.1 resolves several bugs. This is not a security update.
https://developer.android.com/studio

GitHub Desktop 3.1.6 updates libraries, resolves several bugs, and improves compatibility. This is a security update.
https://desktop.github.com/

GitHub includefragment 6.1.1 adds refetch API. This is not a security update.
https://github.github.io/include-fragment-element/

MySQL Server 8.0.32 resolves several bugs. This is not a security update.
https://dev.mysql.com/downloads/installer/

MySQL ConnectorNet 8.0.32 resolves several bugs. This is not a security update.
https://dev.mysql.com/downloads/connector/net/

Node.js 19.6.0 updates libraries and resolves several bugs. This is not a security update.
https://nodejs.org/en/

Node.js 18.14.0 updates libraries and resolves several bugs. This is not a security update.
https://nodejs.org/en/

Redemption 6.3.0.6164 resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/

Rustup 1.25.2 adds SHA-1 support again. This is not a security update.
https://www.rust-lang.org/

TortoiseGit 2.14.0 updates libraries and resolves several bugs. This is a security update.
https://tortoisegit.org/

Visual Studio Code 1.75.1 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 7.0.6 resolves several bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 9.4.11 is a security update.
https://drupal.org/download

Joomla 4.2.7 is a security update.
https://www.joomla.org/

ownCloud Client 3.1.0.9872 resolves several bugs. This is not a security update.
https://owncloud.com/desktop-app/

phpList 3.6.12 updates dependencies and resolves several bugs. This is not a security update.
https://www.phplist.org/

phpMyAdmin 5.2.1 is a security update.
https://www.phpmyadmin.net/

Piwigo 13.5.0 is a security update.
https://piwigo.org/

Antispam Bee 2.11.2 resolves several bugs and improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/antispam-bee/

Autoptimize 3.1.5 improves compatibility and resolves a couple bugs. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

Contact Form 7 5.7.3 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.2.1 improves compatibility and resolves several bugs. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

myStickymenu 2.6.2 improves flow. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/

Postie 1.9.65 removes uname support. This is not a security update.
https://wordpress.org/extend/plugins/postie/

Redirection 5.3.9 is a security update.
https://wordpress.org/extend/plugins/redirection/

W3 Total Cache 2.3.0 improves compatibility and resolves over a dozen bugs. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 7.3.0 resolves almost 100 bugs. This is a security update.
https://wordpress.org/extend/plugins/woocommerce/

WPtouch 4.3.48 is a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2022-07-12

Welcome back, Folks!

Today is Patch Tuesday for July, 2022. You know how you say something like “biggest update series in well over a year” and the next month just blows that out of the water? We’re there now.

This Month in Technology

Advocates, Inc., Aerojet Rocketdyne, Alabama Eye & Cataract, P.C., Alameda Health System, Aloha Laser Vision, Amagasaki, Japan, Amazon Photos, AMD, Anker Eufy, Aon, Aruba Networks Switches, ATC Healthcare, Bangladeshi government, Bank of the West, Baptist Medical Center and Resolute Health Hospital, Bayhealth Medical Center, Inc., BeanVPN, Benefit Plan Administrators, Inc., Bookchor, Bourse des Vols, Capital Economics, Carnival Corporation, Carolina Behavioral Health Alliance, Carolina Eyecare Physicians, LLC, Catholic Health System, Center for Sight, Inc., Central Florida Inpatient Medicine, Charlotte Radiology, Cherry Creek Eye Physicians and Surgeons, P.C., CHRISTUS Spohn Health System Corporation, Cisco Secure Email, Cisco VPN routers, Citrix Application Delivery Management, CoDeSys Automation Software, Community of Hope D.C., Crema Finance, Customer.io, Disneyland’s Facebook and Instagram accounts, DivX SubTitles, Django, DTEK Group, ExpressLRS, Fast Shop, Flagstar Bank, Florida Birth-Related Neurological Injury Compensation Association, Foxhall Ob Gyn Associates, Geographic Solutions, Gol Tours LTD, Grab, Harmony, Hillrom Medical, Honda cars, Hudson Regional Hospital, IBM, Ignitis Group, Indian Flood Monitors, Indian government, thousands of industrial devices, Israeli Defense, Kaiser Foundation Health Plan of Washington, Kaiser Permanente, Kernersville Eye Surgeons, P.C., Khouzestan Steel Company, almost a million Kubernetes clusters, La Poste Mobile, Latvian government, Lithuanian government, Long Vision Center, Macmillan Publishing, Mangatoon, Marriott International, Massachusetts Child and Family Services, Inc., Mattax Neu Prater Eye Center, Inc., MCG Health and Eye Care Leaders, Medical University of Innsbruck, MEGA, Michigan Avenue Immediate Care, Microsoft Azure FabricScape, Microsoft Exchange, Microsoft Windows Domain Servers, Mitel VoIP, New Jersey Health Information Management, Nichirin-Flex U.S.A., North American Spine Society, Norway govt sites, OpenSea, OrthoNebraska, Phelps Care Regional Medical Center, Preferred Hospital Leasing Coleman Inc., Professional Finance Company, Renton School District, Resolute Health Hospital, Rodeo Pharmacy Inc, Shanghai National Police, Sharper Vision P.A., SHI International, Shoprite, Sight Partners Physicians, P.C., Sophos Firewall, Southwest Health Center, St Joseph Heritage Health, Stanford University, Stokes Regional Eye Centers, TB Kawashima, The People Concern, The Vicksburg Clinic, LLC, Tosoh America, Inc., UK Army’s Twitter & YouTube, UNC Lenoir Health Care, University of Pisa, University Pediatric Dentistry, US Bank, Walmart, WellDyneRx, LLC, Wiltshire Farm Foods, Yodel, Yuma Regional Medical Center, and Zimbra reportedly been hacked or compromised this month.

Some vendors, like CafePress, simply don’t care about security – and do their best to conceal when they’re hacked. I contacted them to report when they were hacked back in 2014 and they ignored me. Sigh.

Microsoft 365, Cloudflare, Microsoft Teams, Rogers (it was a big one), and Microsoft Office / OneDrive had widespread outages.

Facebook is collecting the patient data of millions, and is also blocking the link to the Facebook settlement class action website. You think they would have learned.

Attackers are using Google Chrome Extension fingerprinting to uniquely identify you. This method works in any Chromium browser.

Spam is still the #1 method of exploiting users. Whether it is a fake renewal notice, fake copyright complaints, or fake invoice, most spams will include a fake login form or a fake support number. In both cases they depend on the user to actually enter the login details or call the scammer to fall prey to their attacks. Online development environments are even being used for these attacks.

Counterfeit hardware can be far more dangerous than the real thing. Even though some vendors only support their hardware a few years before you have to replace it,  counterfeits are never supported and often have malicious implants.

Microsoft has rolled back (temporarily) their decision to block macros by default.

MITRE staff didn’t understand that publishing vulnerable sites, not just vulnerability information was bad, while a HackerOne employee was selling exploits before they were published, and an Amazon employee installed cryptominers on Capital One servers. Adobe is using malware traits to block antivirus software from scanning PDF files. How quickly these organizations can shatter their trust.

Here’s a great example of how a single vulnerability will be used to get far deeper into your network and hardware.

Storing your password directly in the browser is dangerous. Use a password manager.

Now for the good news:

 

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates to address 74 vulnerabilities in Azure Site Recovery, Azure Storage Library, DNS Server, Microsoft Defender for Endpoint, Microsoft Edge, Microsoft Graphics Component, Microsoft Lync, Microsoft Office, Open Source Software, Skype for Business, Windows Active Directory, Windows Advanced Local Procedure Call, Windows BitLocker, Windows Boot Manager, Windows Client/Server Runtime Subsystem, Windows Connected Devices Platform Service, Windows Credential Guard, Windows Fast FAT Driver, Windows Fax and Scan Service, Windows Fax Service, Windows Group Policy, Windows Hyper-V, Windows IIS, Windows Kernel, Windows Media, Windows Network File System, Windows Performance Counters, Windows Point-to-Point Tunneling Protocol, Windows Portable Device Enumerator Service, Windows Print Spooler Components, Windows Remote Procedure Call Runtime, Windows Security Account Manager, Windows Server Service, Windows Shell, Windows Storage, XBox, and MSRT (~3 GB). This includes security updates. A reboot is required.

Google Chrome OS 103.0.5060.114 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 22.6.1 adds support for newer hardware. This is not a security update.
https://www.amd.com/en/support

Crucial Storage Executive 7.12 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.5.2 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Intel Driver and Support Assistant 22.4.26 improves user interface. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Samsung DeX 2.4.0.29 doesn’t provide a changelog so should be treated as a security update.
https://www.samsung.com/us/apps/dex/

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.41.96 is a security update.
https://brave.com/

SeaMonkey 2.53.13 is a security update.
https://www.seamonkey-project.org/

Google Chrome 103.0.5060.114 is a security update.
https://www.google.com/chrome/

Microsoft Edge 103.0.1264.51 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 102.0.1 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 91.11.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 5.3.2679.68 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

OutlookAttachView 3.45 adds a command-line option to control columns in exports. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Thunderbird 102.0.2 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

curl 7.84.0 resolves over a hundred bugs. This is a security update.
https://curl.haxx.se/windows/

Dropbox 152.4.4880 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 153.0.0.19.110 is a security update.
https://www.messenger.com/download

FreeFileSync 11.22 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 60.0 resolves several bugs. This is not a security update.
https://drive.google.com/start

Nextcloud Server 24.0.2 updates libraries, and resolves over 50 bugs. This is a security update.
https://nextcloud.com/

Npcap 1.70 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Rclone 1.59.0 adds support for new backends, metadata framework, resolves several bugs, and updates libraries. This is not a security update.
https://rclone.org/

Signal 5.49.0 doesn’t provide a detailed changelog so should be treated as a security update.
https://signal.org/download/windows/

Skype 8.85.0.409 improves their propaganda tools and resolves several bugs. This is not a security update.
https://www.skype.com/

Syncthing 1.20.3 resolves several bugs. This is not a security update.
https://syncthing.net/

Technitium DNS Server 8.1.4 resolves several bugs. This is not a security update.
https://technitium.com/dns/

Telegram 4.0.2 resolves several bugs. This is not a security update.
https://telegram.org/

WinSCP 5.21.2 is a security update.
https://winscp.net/eng/index.php

Zoom 5.11.1.6602 resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 3.0.2 updates libraries and resolves several bugs. This is not a security update.
https://en.3tene.com/

darktable 4.0.0 is a major update. This version improves color space, exposure, contrast controls and hundreds of other features, as well as resolving over 100 issues. This should be treated as a security update.
https://www.darktable.org/

Picard 2.8.2 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

Plex Desktop 1.48.2.3124 adds option to disable some Discover features, resolves several bugs with Search and Watchlist. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.20.2.3110 resolves a stability bug. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.27.2.5929 improves logging, adds support for Musicbrainz tags, and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

Epic Games 14.1.2 resolves several bugs. This is not a security update.
https://www.epicgames.com/

GameMaker Studio 2022.6.0.23 adds Feather support, room editor filters, additional extension features, and resolves dozens of bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker

Lego Studio 2.22.6.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

PlayStation PS5 22.01-05.50.00 resolves several bugs and improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

PlayStation PS4 9.60 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps4/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe RoboHelp RH2020.0.8 is a security update.
https://www.adobe.com/support/robohelp/downloads.html

Adobe Acrobat and Reader 22.001.20169, 20.005.30362, and 17.012.30249 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb22-32.html

Adobe Character Animator 22.5 is a security update.
https://www.adobe.com/creativecloud/catalog/desktop.html

Adobe Photoshop 22.5.8 and 23.4.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb22-35.html

Artweaver 7.0.13 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Calibre 6.0 is a major update. This version adds full text search, new hardware support and performance improvements, a new URL scheme, and read-aloud support. It also removed 32-bit support. This is not a security update.
https://calibre-ebook.com/

Gimp 2.10.32 adds HiDPI, high bit-depth and multi-threading support, dark theme, improved color control, masking, and warp. This is not a security update.
https://www.gimp.org/

Kindle for PC 1.37.65274 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

Nextcloud Desktop 3.5.2 resolves over a dozen bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.4.3 adds option to limit search results to one line per file, adds EOL customization, adds new document shortcuts, and resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

Intel CSMEVDT 7.0.2.0 resolves a documentation error. This is not a security update.
https://www.intel.com/content/www/us/en/download/19392/28632/intel-converged-security-and-management-engine-version-detection-tool-intel-csmevdt.html

FSS 2022.6.14 doesn’t provide a changelog so should be treated as a security update.
https://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

Gpg4win 4.0.3 is a security update.
https://www.gpg4win.org/download.html

HTTP Toolkit 1.9.0 improves issue tracking and feedback. This is not a security update.
https://httptoolkit.tech/

MalwareBytes Anti-Malware 4.5.10.200 is a security update.
https://www.malwarebytes.org/antimalware/

OpenSSL (SLP) 3.0.5 is a security update.
https://slproweb.com/products/Win32OpenSSL.html

OpenSSL 1.1.1q is a security update.
https://www.openssl.org/source/

ProtonVPN 2.0.3 resolves several bugs. This is not a security update.
https://protonvpn.com/download

ProtonVPN (macOS) 3.0.1 resolves several bugs. This is not a security update.
https://protonvpn.com/download

SanDisk PrivateAccess 6.3.10 does not provide a changelog so should be considered a security update.
https://kb.sandisk.com/app/answersweb/detailweb/a_id/21996

Tails 5.2 is a security update.
https://tails.boum.org/install/dvd/index.en.html

YARA 4.2.2 is a security update.
https://github.com/VirusTotal/yara/

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 22.1.0 adds several new features, improves performance, and resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/releases/snagit.msi

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.7.8 adds support for new encodings and resolves several stability bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

iMazing HEIC Converter 2.0.0 doesn’t provide a changelog so should be considered a security update.
https://imazing.com/heic

IsoBuster 5.0 is a major update that adds a 64-bit version, high-DPI scaling, themes, improved media support and resolves several bugs. This is not a security update.
https://www.isobuster.com/download.php

MakeMKV 1.17.0 improves reliability, adds support for new encodings, and resolves several bugs. This is not a security update.
https://www.makemkv.com/download/

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.9 adds PDF rotation and resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 8.7.3 is a major update adding several new cosmetic and integration improvements, and search and filter options. This is a security update.
https://1password.com/downloads/windows/

1Password for Mac 8.7.3 is a major update adding several new cosmetic and integration improvements, and search and filter options. This is a security update.
https://1password.com/downloads/mac/

7-Zip 22.00 adds support for APFS, pax, adds zone.id, and resolves several bugs. This is not a security update.
https://www.7-zip.org/

8GadgetPack 35.0 improves compatibility, adds keyboard shortcuts, and resolves several bugs. This is not a security update.
https://8gadgetpack.net/

Agent Ransack 2022.3335 adds new columns, improves view state restoration, and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

CCleaner 6.01.9825 adds support for new apps and resolves several bugs. This is not a security update.
https://www.ccleaner.com/

Dell OS Recovery Tool 2.3.7012.0 doesn’t provide a changelog so should be treated as a security update.
https://www.dell.com/support/home/uk/en/ukbsdt1/drivers/osiso/recoverytool

DesktopOK 9.97 expands toolset. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 3.0.84.0 adds personalization, search statistics, Excel row numbers, and resolves several bugs. This is not a security update.
https://dngrep.github.io/

dupeGuru 4.3.1 resolves a false duplication detection bug. This should be treated as a security update if you use dupeGuru to remove duplicate files.
https://dupeguru.voltaicideas.net/

FileLocator Pro 2022.3335 adds new columns, improves view state restoration, and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Git SCM 2.37.0 resolves several bugs and improves CLI support. This is a security update.
https://git-scm.com/

GoodSync 11.11.5 resolves dozens of bugs. This is a security update.
https://www.goodsync.com/

Intel CPU Diagnostic 4.1.7.39 adds tests for newer hardware, resolves several bugs, and updates components. This is not a security update.
https://www.intel.com/content/www/us/en/download/15951/intel-processor-diagnostic-tool.html

IsMyHdOK 3.66 improves compatibility and SSD/SSHD detection. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.3.6.8804 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

PointerStick 5.88 improves support for virtual desktops and multiple screens. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.60.0 resolves several bugs and improves compatibility. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 9.3.3 adds (and resolves bugs within) OTP feature, improves search, and resolves several bugs. This is not a security update.
https://www.roboform.com/

Rufus 3.19 adds an option for setup customization, updates drivers, and resolves several bugs. This is not a security update.
https://rufus.ie/en_US/

SearchMyFiles 3.20 adds filename length filter. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

Synergy 1.14.5 resolves several bugs. This is not a security update.
https://symless.com/synergy/

TeamViewer 15.31.5 improves video experience and adds remote terminal to the Computers & Contacts list. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

Unity 2022.1.8 updates libraries and resolves dozens of bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

WhyNotWin11 2.5.0.1 resovles several bugs. This is not a security update.
https://github.com/rcmaehl/WhyNotWin11

WifiInfoView 2.77 improves high-DPI support. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

ZoomText 2022.2206.7.400 adds languages and resolves several bugs. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

GitHub Desktop 3.0.3 resolves several bugs. This is not a security update.
https://desktop.github.com/

Node.js 18.5.0 is a security update.
https://nodejs.org/en/

Node.js 16.16.0 is a security update.
https://nodejs.org/en/

Node.js 14.20.0 is a security update.
https://nodejs.org/en/

Rustup 1.25.0 adds support for arm64, improved integration and resolves several bugs. This is not a security update.
https://www.rust-lang.org/

Redemption 6.2.0.6122 resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/

SQLite 3.39.0 adds support for right and full outer join, distinct from, and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.69.1 adds 3-way merge, improved command center UI for search, DND mode, and resolves several bugs. This is a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 9.3.18 is a security update.
https://drupal.org/download

Drupal 9.4.0 is a security update.
https://drupal.org/download

HumHub 1.11.4 is a security update.
https://www.humhub.com/en/download

Joomla 4.1.5 resolves several bugs. This is the last of the 4.1 series. This is not a security update.
https://www.joomla.org/

jQuery 3.6.0
https://code.jquery.com/

MailEnable 10.40 updates libraries and resolves over a dozen bugs. This is a security update.
https://www.mailenable.com/

Piwigo 12.3.0 resolves several bugs. This is not a security update.
https://piwigo.org/

WordPress 6.0.1 resolves over two dozen bugs. This is not a security update.
https://wordpress.org/

Akismet 4.2.5 resolves a bug. This is not a security update.
https://wordpress.org/extend/plugins/akismet/

Antispam Bee 2.11.1 cleans up code. This is not a security update.
https://wordpress.org/extend/plugins/antispam-bee/

Contact Form 7 5.6 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.4.7 improves compatibility. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

Interactive World Map 3.2.0 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/interactive-world-map/

Postie 1.9.61 resolves a MIME warning. This is not a security update.
https://wordpress.org/extend/plugins/postie/

NextScripts Social Networks Auto-Poster 4.3.26 is a security update.
https://wordpress.org/extend/plugins/social-networks-auto-poster-facebook-twitter-g/

Slider Revolution 6.5.25 resolves a dozen bugs. This is not a security update.
https://revolution.themepunch.com/

Sucuri Security 1.8.32 is a critical security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

W3 Total Cache 2.2.3 is a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 6.6.1 resolves dozens of bugs. This is a security update.
https://wordpress.org/extend/plugins/woocommerce/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

 

Updates 2021-12-14

Welcome back, Folks!

Today is Patch Tuesday for December, 2021. This month has been relatively mild, especially for the typical user. Businesses are facing some serious Christmas disasters including massive botnets targeting WordPress, Log4j, payment platforms, and state-run “passport” systems. Nevertheless, the grind continues.

This Month in Technology

ActMobile Networks (VPN), Alberta HealthAstoria Company LLC, thousands of AT&T Edgewater Networks devicesAtrafBay Village High SchoolBeaverhead County High SchoolBioPlus Specialty Pharmacy Services, LLCBitmartBrazilian Ministry of HealthBroward Public SchoolsBrussels Bru-VaxBureau VeritasCentral Depository Services LtdCalifornia Pizza KitchenCostcoCox CommunicationsDeKalb County School DistrictDelta-Montrose Electric AssociationDNA Diagnostics CenterEpiscopal Retirement ServicesEscambia County School DistrictEskenazi HealthEvanston Township High SchoolFlorida Heart AssociatesFrench-Public School BoardFrontier SoftwareGoDaddy Inc (and 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple, and tsoHost), GravatarHeadwaters Health Care CentreHealth Service ExecutiveHellman Worldwide LogisticsHikvision surveillance systemsHisar health departmentHPE, dozens of HP printer modelsHuntington HospitalIDC GamesIKEAIndonesian police, various Iranian gas stationsJohnson Memorial HealthKisters AGKMSPicoKronosLakeside SchoolLINE PayLewis and Clark Community CollegeMaryland Department of HealthManhasset School DistrictMicrosoft Exchange ServersMedsurant HealthMNG CargoNewfoundland and Labrador Health-Care SystemNordic Choice HotelsNorth Oklahoma County Mental Health CenterNortheastern UniversityNowiny Commune OfficeOld Pulaski Middle SchoolOne Community HealthOregon Anesthesiology Group, P.C.Pakistan’s National Database Biometric DataPanasonicPellissippi State Community CollegePlanned Parenthood Los Angeles, millions of PlayStation 5 devicesQNAP NAS devicesRedDoorzRideau Valley Health CentreRiverhead Central School DistrictRobinhoodS&R Membership ShoppingSanDisk SecureAccessSea Mar Community Health CentersShelley School DistrictSimon Eye Management, millions of Sky RoutersSonicWall SMA 100 VPNsSouth Australian GovernmentSouthern Ohio Medical CenterSPAR StoresSpotswood Public SchoolsStor-a-file LimitedStripchatSupernus Pharmaceuticals, Inc., Swire Pacific OffshoreTATATP-Link routersTrue Health New MexicoTulane University Medical CenterUlss 6 EuganeaUS defense contractorsU.S. State DepartmentUtah Imaging AssociatesVirginia’s Division of Legislative Automated SystemsVestasVolvoWaikato DHBYemeksepetiZa: Standard Bank, and Zoho ServiceDesk have reportedly been hacked this month.

A Tesla server outage prevented owners worldwide from unlocking their cars.

Another 5 hour outage at AWS caused problems for thousands of websites that depend upon the “reliability” of cloud services. Netflix, Ring, Amazon Prime Video, Amazon deliveries, and Roku were just a few affected sites and services.

Google Photos suffered from a bug for 10 days that damaged all downloads over 128 MB. They alerted their customers to the problem about a month after fixing the bug.

Instead of focusing on providing a more secure product, Apple is suing the NSO Group for developing malware that exploits vulnerabilities in Apple products.

Google, Apple and Samsung payment services exposed to provide unlimited access to digital wallets without authentication.

Grafana – used in thousands of applications for the gorgeous displays it can provide – has patched multiple critical security vulnerabilities. Expect vendors to play catch-up as they release updates that update their Grafana libraries.

Like Grafana, Log4j is another widely used engine across thousands of applications – mostly in corporate and enterprise applications. It’s been exploited in 40% of corporate networks globally, so far. It’s not just corporate risk – even Minecraft is vulnerable.

A massive series of attacks targeting managed WordPress websites has compromised at least 1.8 million sites so far. Merely patching the sites and removing unused and out-dated plugins and themes would have eliminated the risk here.

Now for the good news:

Alexa.com is finally being shut down after 25 years of misrepresenting the web.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is smaller than it has been in months. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, and MSRT (~1.5 GB). This includes updates for Windows Server 2008. This includes security updates. A reboot is required.

Apple released updates for macOS Monterey 12.1, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, tvOS 15.2, watchOS 8.3, and watchOS 8.1.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 15.2 is a security update. Use Settings, General, Software Update to install the most current update.

iPadOS 15.2 is a security update. Use Settings, General, Software Update to install the most current update.

tvOS 15.2 is a security update. Use System, Software Update to install the most current version.

watchOS 8.3 and 8.1.1 are security updates. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 96.0.4664.77 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 6 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Citizen Driver 2021.3 adds support for over 430 hardware printer models and resolves several minor bugs. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/citizen/download/

CognitiveTPG Driver 2021.3 adds support for over 430 hardware printer models and resolves several minor bugs. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/cognitivetpg/download/

Logitech Options 9.40.86 adds support for new hardware and resolves several bugs. This is not a security update.
https://support.logi.com/hc/en-us/articles/360025297893

Logitech SetPoint 6.70.55 adds support for new hardware and resolves several bugs. This is not a security update.
https://support.logi.com/hc/en-us/articles/360025141274

Xerox Smart Start 1.6.28.0 adds support for newer drivers. This is not a security update.
https://www.support.xerox.com/en-us/content/143617

Zebra Driver 2021.3 adds support for over 430 hardware printer models and resolves several minor bugs. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/zebra/download/

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.32.115 is a security update.
https://brave.com/

Google Chrome 96.0.4664.110 is a security update.
https://www.google.com/chrome/

Microsoft Edge 96.0.1054.53 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 95.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 91.4.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

SeaMonkey 2.53.10.1 is a security update.
https://www.seamonkey-project.org/

Vivaldi 5.0.2497.28 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 91.4.0 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.0.4 resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

AnyDesk for macOS 6.3.3 improves M1 compatibility. This is not a security update.
https://anydesk.com/en/downloads

curl 7.80.0 resolves over 100 bugs. This should be treated as a security update.
https://curl.haxx.se/windows/

Dropbox 136.4.4345 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.57.0 updates libraries and resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.15 resolves several bugs and improves user interface and compatibility. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 54.0 improves compatibility and resolves several bugs. This is not a security update.
https://drive.google.com/start

Npcap 1.60 resolves over a dozen bugs and improves stability. This is not a security update.
https://nmap.org/npcap/

Syncthing 1.18.5 resolves several bugs. This is not a security update.
https://syncthing.net/

Telegram 3.3.0 adds media distribution controls, bot improvements and channel controls. This is not a security update.
https://telegram.org/

WinSCP 5.19.5 resolves several bugs and adds Google Cloud S3 API support. This is not a security update.
https://winscp.net/eng/index.php

Zoom 5.8.7.2058 adds many new features and resolves a dozen bugs, mostly with compatibility. This is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.19 improves compatibility with VRoid Studio and adds Leap Motion. This is not a security update.
https://en.3tene.com/

Plex Desktop 1.39.1.2763 resolves code signing. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.9.0.2741 adds audio stream selection, resolves several bugs, and improves stability. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.25.2.5319 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2.3.7.606 improves reliability and performance, and resolves several bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker

Nintendo Switch 13.2.0 improves stability. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

PS5 21.02-04.50.00 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2021.11.19 resolves several bugs, improves reliability and stability. This is a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Audacity 3.1.2 improves stability. This is not a security update.
https://www.audacityteam.org/download/

Blender 3.0 is a major new version with dozens of new features, improvements in modeling, shadows, geometry and more. This is not a security update.
https://www.blender.org/download/

LibreOffice Fresh 7.2.4 is a security update.
https://www.libreoffice.org/

LibreOffice Still 7.1.8 is a security update.
https://www.libreoffice.org/

Notepad++ 8.1.9.3 resolves several bugs and improves diagnostics to troubleshoot a persistent crash bug. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 4.3.4 resolves several bugs. This is not a security update.
https://www.getpaint.net/

PDF-XChange Editor 9.2.359.0 resolves several bugs. This is not a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

Adobe Premiere Rush 2.0 is a security update.
https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html

Adobe Experience Manager 6.5.11 is a security update.
https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html

Adobe Connect 11.4 is a security update.
https://helpx.adobe.com/security/products/connect/apsb21-112.html

Adobe Photoshop 22.5.4 and 23.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb21-113.html

Adobe Prelude 22.1.1 is a security update.
https://helpx.adobe.com/security/products/prelude/apsb21-114.html

Adobe After Effects 22.1.1 and 18.4.3 are security updates.
https://helpx.adobe.com/security/products/after_effects/apsb21-115.html

Adobe Dimension 3.4.4 is a security update.
https://helpx.adobe.com/security/products/dimension/apsb21-116.html

Adobe Premiere Pro 15.4.3 and 22.1.1 are security updates.
https://helpx.adobe.com/security/products/premiere_pro/apsb21-117.html

Adobe Media Encoder 15.4.3 and 22.1.1 are security updates.
https://helpx.adobe.com/security/products/media-encoder/apsb21-118.html

Adobe Lightroom 5.1 is a security update.
https://helpx.adobe.com/security/products/lightroom/apsb21-119.html

Adobe Audition 14.4.3 and 22.1.1 are security updates.
https://helpx.adobe.com/security/products/audition/apsb21-121.html

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.25 adds backups, external storage support, updates applications and resolves several bugs. This is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

BelArc Advisor 11.1 doesn’t provide a changelog so should be treated as a security update.
https://www.belarc.com/products_belarc_advisor

Chainsaw 1.1.4 improves logging, error handling, and removes progress bar for reliability. This is not a security update.
https://github.com/countercept/chainsaw

Hashcat 6.2.5 improves improves hardware compatibility, performance, and resolves several bugs. This is a security update.
https://hashcat.net/hashcat/#downloadlatest

RogueKiller 15.1.4 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.39.2 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.10.0 adds support for managing collections. This is not a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Wireless Network Watcher 2.26 updates internal MAC address database and improves high-DPI support. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2022.0.0 adds several new features including a universal file format, cross-platform markup, and cloud storage, improves performance, and resolves several bugs.
https://download.techsmith.com/snagit/releases/snagit.msi

VideoCacheView 3.08 adds compatibility with newer browser builds. This is not a security update.
https://www.nirsoft.net/utils/video_cache_view.html

Converter Updates

These are unlikely to be of interest to most people.

PDF Creator 4.4.1 resolves several bugs. This is not a security update.
https://www.pdfforge.org/pdfcreator

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.9.2 improves compatibility and resolves several bugs. This is not a security update.
https://1password.com/downloads/mac/

7-Zip 21.06 adds memory controls, dictionary size improvements, hash validation support, and resolves several bugs. This is not a security update.
https://www.7-zip.org/

Agent Ransack 2022.3277 adds OCR, new themes, improves indexing, and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

Bitcoin 22.0 removes defunct protocols, updates privacy and resolves several bugs. This is not a security update.
https://bitcoin.org/en/download

Carbonite 6.4.0 improves compatibility. This is not a security update.
https://account.carbonite.com/

Cygwin 3.3.3 resolves several bugs. This is not a security update.
https://cygwin.com/

DesktopOK 9.44 adds dark theme support, high-DPI improvements, and several bug fixes. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Etcher 1.7.1 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Fido 1.27 adds support for Windows 10 v21H2. This is not a security update.
https://github.com/pbatard/Fido/releases

FileLocator Pro 2022.3277 adds OCR, new themes, improves indexing, and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Git SCM 2.34.1 resolves several bugs. This is not a security update.
https://git-scm.com/

GoodSync 11.9.7 resolves several bugs. This is not a security update.
https://www.goodsync.com/

grepWin 2.0.9 improves reliability and adds exact match support. This is not a security update.
https://github.com/stefankueng/grepWin/releases/latest

Homedale 2.01 improves MAC Address vendor detection and IE DFS dump. This is not a security update.
https://www.the-sz.com/products/homedale/

IsMyHdOK 3.44 improves accuracy. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.3.2.8519 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

PointerStick 5.61 improves high-DPI support and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.51.1 improves stability. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

ReactOS 0.4.13.32 resolves over a hundred bugs, and improves stability, compatibility and reliability. This is a security update.
https://reactos.org/

SearchMyFiles 3.15 improves summary mode, zero-value filters, and search improvements. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

Synergy 1.14.2 resolves over a dozen bugs, improves reliability, adds M1 support, and adds automatic restart on settings change. This is not a security update.
https://symless.com/synergy/

TraceRouteOK 2.66 adds dark theme support, high-DPI improvements, and several bug fixes. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

USB Oblivion 1.17.0.0 resolves a key name bug and improves performance. This is not a security update.
http://www.cherubicsoft.com/en/projects/usboblivion

WakeMeOnLan 1.90 adds global and bulk WOL support and updates MAC addresses databases. This is not a security update.
https://www.nirsoft.net/utils/wake_on_lan.html

WhyNotWin11 2.4.3.1 improves stability, hardware detection, and compatibility improvements. This is not a security update.
https://github.com/rcmaehl/WhyNotWin11

WinScan2PDF 7.51 resolves several minor bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 4.07 improves MTP/PTP compatibility, reliability, and resolves several bugs. This is not a security update.
https://www.diskanalyzer.com/

ZoomText 2021 2021.2111.4.400 improves compatibility. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

ZoomText 2022 2022.2110.70.400 improves compatibility. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

Docker Desktop 4.3.1 is a security update.
https://www.docker.com/products/docker-desktop

Node.js v14 14.18.2 updates libraries and resolves several bugs. This is not a security update.
https://nodejs.org/en/

Node.js v16 16.13.1 updates libraries and resolves several bugs. This is not a security update.
https://nodejs.org/en/

Node.js v17 17.2.0 updates libraries and resolves several bugs. This is not a security update.
https://nodejs.org/en/

Redemption 6.1.0.6054 adds MarkSaved and OverridePSTDisableGrow, and IMAP4 controls, and resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/

SQLite 3.37.0 improves STRICT, CHECK constraints, and CLI improvements. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.63 adds several features and improves compatibility. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.30 resolves several bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.16 improves compatibility and resolves a couple bugs. This is not a security update.
https://coppermine-gallery.net/

Drupal 9.3.0 updates libraries and dependencies, improves compatibility, and resolves a couple bugs. This is not a security update.
https://drupal.org/download

HumHub 1.10.2 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

MailArchiva 8.4.1 is a security update.
https://mailarchiva.com/

Nextcloud Server 23.0.0 is a major update adding massing performance improvements, improved external integrations, Backup and more. This is not a security update.
https://nextcloud.com/

ownCloud Client 2.9.2.6206 resolves several bugs. This is not a security update.
https://owncloud.com/desktop-app/

phpList 3.6.6 is a security update.
https://www.phplist.org/

Piwigo 12.1.0 resolves several bugs. This is not a security update.
https://piwigo.org/

ScreenConnect 21.14.5791.8004 improves reliability and resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.8.2 is a security update.
https://wordpress.org/

Autoptimize 2.9.3 improves multisite support and resolves several bugs. This is not a security update.

bbPress 2.6.9 resolves several bugs. This is not a security update.

Contact Form 7 5.5.3 improves Constant Contact integration, filters and form properties. This is not a security update.

Slider Revolution 6.5.11 resolves several bugs. This is not a security update.

Social Post Feed 4.1 updates libraries and resolves several bugs. This version will need to reconnect to any Facebook feeds you use. This is not a security update.

Theme My Login 7.1.4 resolves several bugs. This is not a security update.

W3 Total Cache 2.2.1 resolves several bugs. This is not a security update.

WP Mail SMTP 3.2.1 improves compatibility. This is not a security update.

WordPress Zero Spam 5.2.8 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2021-04-13

Welcome back, Folks!

Today is Patch Tuesday for April, 2021. There have been over 50 major hacking incidents, many hardware devices with critical security issues (often these are responsible for the major hacking incidents), and over a hundred updates this month. Almost every browser has released weekly security updates for the last two months. I don’t know about you, but I’m getting kind of sick of it. Finally, there’s an OpenSSL security update this week, so expect many more updates throughout the next month from every vendor that rolls their own encryption.

This Month in Technology

Acer, Apperta FoundationAzureBIG-IP, the Blender websiteBoggi Milano MenswearBooking.comBroward County (FL) Public SchoolsBrown UniversityBuffalo SchoolsCalifornia State Controller’s OfficeClubhouseCNA FinancialCrash 4 (within a day of release!), Facebook (which had the audacity to blame it’s users), Gigaset Android Update Server (preinstalled, too), Harvard Business SchoolHaverhill Public SchoolsIdaho Central Credit Union, the Indian governmentiOS, iPhones, iPads and Apple WatchesKentucky unemployment insurance systemMaricopa (AZ) Community Colleges, Michigan-based Flagstar BankMillersville UniversityMobiKwikMultiCareNetgear switches, the Netmask libraryParkMobilePeakTPA/Carolina SeniorCarePHPRollSAPSchneider Electric Smart MetersShellShopifySierra WirelessStanford MedicineSwarmShopUbiquiti (even if they won’t admit it), Union Bank of NigeriaUniversity Of CaliforniaUniversity Of ColoradoUniversity of MiamiUniversity of WisconsinUPMCVerkada, various VPN devices, Wake Forest Baptist-Lexington Medical CenterWeLeakInfo (ironic), Yeshiva University, and Zoom (more than once) have each been hacked.

There’s still fallout from the Exchange vulnerabilities for which Microsoft released patches in March, but with today’s release there are newly discovered vulnerabilities and patches, too. Even so, about 8% of Exchange servers still aren’t patched with the March fixes.

Newly discovered vulnerabilities allow bypass of Spectre mitigations on Linux, and on other platforms via JavaScriptAMD Zen 3 CPUs, Cisco SOHO Routers, and QNAP NAS devices are just a small sampling of hardware devices with serious security problems this month. 80% of global enterprises report firmware cyberattacks, while the other 20% probably just don’t have sufficient training or equipment to be able to detect them.

Major Google Android WebView problems have been notable this month and banking malware have been found in ten apps on the Google Play store. And Apple’s macOS Mail App can be hacked simply by receiving an email (again).

Azure AD/Microsoft 365, Azure DNS, Facebook, and Google have suffered recent outages.

T-Mobile is the latest to convert their customers into products. TikTok and Facebook tracking is worse than you imagine.

From the “I’m glad it didn’t happen to me” file we have an example of an aggressive space saving measure gone horribly wrong. There’s a growing trend of targeting the customers of ransomware victims to convince them to pay and another new cross-platform cryptomining worm.

Mobile privacy is a myth as both Google and Apple collect telemetry even when telemetry is disabled, but at least they’ve finally closed one of the more significant SIM-jacking holes.

Big Tech gets to make their own rules. They’re so aggressive about it that their own security staff sometimes can’t tell if they’ve been hacked. Google is being sued in France for violation of privacy. Apple has banned an accessibility keyboard from their AppStore in an effort to force them to into a buyout. Hopefully Epic will be able to use this and Apple’s hypocritical statements in Australia in their antitrust suit.

As with all disasters and government programs (but I repeat myself), the “American Rescue Act” is being trolled by malware authors to infect unsuspecting users. LinkedIn users are also being targeted thanks to the LinkedIn hack.

Not all of those Norton Antivirus renewal messages are scams (just most of them), and the UK is now suing Norton for failing to comply with their investigation into their “Dark Pattern” subscription model.

If Big Tech, Big Government, and the MSM didn’t censor Presidents (even Venezuela’s),
representatives, doctors, Christians, students, and even knitters, push false narratives, and tolerate terror, child abuse, racism, and sexism, while providing security only to one side of the aisle and targeting the other, I suspect there would be much more peace. Virginia Tech is being sued for banning the amorphously definedhate speech“, while once more college racism turns out to be a hoax. It shouldn’t be any surprise to anyone that victimhood itself is a disease.

A single death is a tragedy but killing small businesses was always part of the plan. The lockdowns were never about a virus. They were about pushing compliance with masks and experimental (lethal and anything butsafe and effective“) mRNA treatments onto an unwilling public, to “hack the software of life” preventing the ability to survive and dismantling every freedom unless you accept the jab. A surge is happening, not just at the border, but in post-jab death rates. All of this to ensure that their slush funds would be financed and elections could never be honest again.

There have been tens of thousands of fraudulent ballots in Michigan Georgia, and New Hampshire. In Georgia, one county ordered voter registration applications for 25 times the population. At least we can all agree on some common sense election reform. Or can we? The same businesses that require an ID to use their services are attacking new laws that require the same scrutiny for elections.

Now for the good news:

After more than a decade the US Supreme Court has finally ruled in favor of Google.
It’s about time. While I have no love for Google, the idea that you can’t develop code that uses the same parameters or names as Oracle code is sickening. How many of you have have written functions to format a date or number? It’s not like granular coding styles leave much to the imagination. This would be like an author suing another author because the chapters of their book were named “Chapter 1”, “Chapter 2” and so on. Good decision.

As long as I have my soapbox: Save Crypto!

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Exchange, Edge, .NET, Servicing Stack, and MSRT (~ 1.5 GB). This includes security updates. A reboot is required.

Apple released updates for GarageBand 10.4.3, iOS 14.4.2, iOS 12.5.2,, iPadOS 14.4.2, and watchOS 7.3.3. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.4.2 and 12.5.2 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 14.4.2 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.3.3 is a security update. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 89.0.4389.95 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Drivers by Seagull 2021.1 adds hardware support, improves response time, and adds features to certain models. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/

Crucial Storage Executive 7.01 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.3.8 improves AMD removal and resolves several bugs. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Logitech Options (macOS) 8.50.210 resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options

NVidia 465.89 adds new profiles, improves compatibility with various games and newer hardware. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.22.71 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 89.0.4389.128 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 89.0.774.76 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 87.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.9.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

SeaMonkey 2.53.7 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.7.2218.52 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.9.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.47 adds high-DPI support and an option to copy URL QR Code to the clipboard. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 7.76.0 is a security update.
https://curl.haxx.se/windows/

Dropbox 119.4.1772 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.53.1 resolves a couple bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.9 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

IPInfoOffline 1.60 adds CIDR and Duplicate Count columns, and updates internal IP database.
https://www.nirsoft.net/utils/ip_country_info_offline.html

Npcap 1.30 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Technitium DNS Server 6.2 is a major update. The 6.0 branch adds DNS Application support, more options, and improved compatibility. This is not a security update. Be aware that the current version chokes during updates because it stalls on removal of the previous version.
https://technitium.com/dns/

Telegram 2.7.1 resolves several bugs. This is not a security update.
https://telegram.org/

WGet 1.21.1 is a security update.
https://eternallybored.org/misc/wget/

Zoom 5.6.1.617 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.14 resolves several bugs and adds new positions and motions. This is not a security update.
https://en.3tene.com/

FastStone Viewer 7.5 adds dark theme, support for audio formats, and resolves several bugs. This is not a security update.
http://www.faststone.org/FSViewerDetail.htm

Picard 2.6 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Photoshop 21.2.7 and 22.3.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb21-28.html

Adobe Digital Editions 4.5.11.187606 is a security update.
https://helpx.adobe.com/security/products/Digital-Editions/apsb21-26.html

Adobe Bridge 10.1.2 and 11.0.2 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb21-23.html

Atom 1.56.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/

RoboHelp RH2020.0.4 is a security update.
https://helpx.adobe.com/security/products/robohelp/apsb21-20.html

Krita 4.4.3 doesn’t provide a detailed changelog so should be treated as a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.1.2 resolves over 60 bugs. This is not a security update, but the “Fresh” line is beta, so should be avoided by most users.
https://www.libreoffice.org/

LibreOffice Still 7.0.5 resolves over 100 bugs. This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.2.0 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 7.9.5 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.17 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

ClamWin Portable 0.99.4.103 doesn’t provide a changelog so should be treated as a security update.
https://portableapps.com/apps/security/clamwin_portable

OpenSSL 1.1.1k is a security update.
https://www.openssl.org/source/

RogueKiller 14.8.6 is a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.34.0 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.9.2 doesn’t provide a detailed changelog so should be treated as a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.3.0 resolves several bugs and improves toolset. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.16.3 resolves several bugs. This is not a security update.
https://12pd.com/click?makemkv

Education updates

One or more of these are likely to be of interest to most people.

e-Sword 13.0 adds Audio Bible support. This is not a security update.
https://www.e-sword.net/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.6.797 resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/

Bitwarden 1.25.1 resolves installation issues, adds support for Safari 13 and updates electron. This is not a security update.
https://bitwarden.com/

CCleaner 5.78.8558 improves cleaning options and behavior. This is not a security update.
https://www.ccleaner.com/

Cygwin 3.2.0 is a major update, improving threading and symlink support, and resolves more than a dozen bugs. This is a security update.
https://cygwin.com/

DesktopOK 8.77 improves translations and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dupeGuru 4.1.1 resolves several bugs. This is not a security update.
https://dupeguru.voltaicideas.net/

Etcher 1.5.117 resolves several bugs and updates libraries. This is not a security update.
https://www.balena.io/etcher/

Everything Toolbar 0.6.3 resolves a user-mode compatibility problem, requiring uninstallation of previous versions before upgrade. All future builds will be machine-level only. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

GoodSync 11.6.2 resolves dozens of bugs. This is not a security update.
https://www.goodsync.com/

Homedale 1.95 adds translation. This is not a security update.
https://www.the-sz.com/products/homedale/

IsMyHdOK 3.13 improves SSD/SSHD detection and benchmark testing. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.1.0.7845 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

osquery 4.7.0 adds several new tables, concat* functions, and resolves dozens of bugs. This is not a security update.
https://osquery.io/downloads

ProduKey 1.96 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/product_cd_key_viewer.html

PsExec 2.33 is a security update.
https://sysinternals.com/

RoboForm 9.1.2 adds website problem reporting and resolves several bugs. This is not a security update.
https://www.roboform.com/

Samsung Magician 6.3.0 doesn’t provide a changelog so should be treated as a security update.
https://www.samsung.com/semiconductor/minisite/ssd/download/tools/

SimpleWMIView 1.43 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

System Monitor 13.02 resolves several bugs. This is not a security update.
https://sysinternals.com/

TaskSchedulerView 1.67 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TcpLogView 1.35 adds Process User column and improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/tcp_log_view.html

TCPView 4.0 adds flexible filtering, search, and display of the Windows service that owns an endpoint. This is not a security update.
https://sysinternals.com/

WifiInfoView 2.68 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinObj 3.02 resolves a crash bug. This is not a security update.
https://sysinternals.com/

WinScan2PDF 7.01 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WirelessKeyView 2.22 adds an option to copy QR Code of the selected item. This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.33.06 resolves a hotkey bug. This is not a security update.
https://www.autohotkey.com/download/

Android Studio 4.1.3.0 resolves a stable/beta channel bug. This is not a security update.
https://developer.android.com/studio

Node.js 12.22.0 is a security update.
https://nodejs.org/en/

Node.js 14.16.1 is a security update.
https://nodejs.org/en/

Node.js 15.14.0 is a security update.
https://nodejs.org/en/

Redemption 5.27.0.5916 resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/

SQLite 3.35.4 is a security update.
https://www.sqlite.org/download.html

TortoiseGit 2.12.0 updates libraries, resolves more than a dozen bugs, and improves consistency. This is not a security update.
https://tortoisegit.org/

Unreal Engine 4.26 adds many new features. This is not a security update.
https://unrealengine.com/en-US/

Visual Studio Code 1.55.2 is a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.11 adds a method to enable 2FA. This is not a security update.
https://coppermine-gallery.net/

Docker Desktop 3.3.0 resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.1.6 resolves over 50 bugs. This is not a security update.
https://drupal.org/download

HumHub 1.8.1 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 3.9.26 is a security update.
https://www.joomla.org/

MailEnable 10.34 resolves several bugs. This is not a security update.
https://www.mailenable.com/

Nextcloud Server 21.0.1 resolves over 70 bugs, updates libraries, and improves reliability and compatibility. This is not a security update.
https://nextcloud.com/

phpList 3.6.2 improves compatibility and resolves several bugs. This is not a security update.
https://www.phplist.org/

Piwigo 11.4.0 is a security update.
https://piwigo.org/

ScreenConnect 21.4.2767.7752 makes several cosmetic changes and resolves bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SpamAssassin 3.4.6 is a security update.
https://spamassassin.apache.org/downloads.cgi

Antispam Bee 2.9.4 adds support for ajax calls. This is not a security update.

Autoptimize 2.8.3 resolves a bug. This is not a security update.

BuddyPress 7.2.1 is a security update.

Social Post Feed 2.19.1 improves compatibility and reliability, and resolves several bugs. This is not a security update.

Email Log 2.4.5 resolves several bugs. This is not a security update.

Redirection 5.1.1 resolves several bugs. This is not a security update.

Sucuri Security 1.8.26 is an SJW release. This is not a security update.

Theme My Login 7.1.3 resolves several bugs. This is not a security update.

W3 Total Cache 2.1.2 resolves several bugs and adds AWS regions, new MIME types and pagination links. This is not a security update.

WooCommerce 5.2.0 resolves dozens of bugs. This is not a security update.

WP Mail SMTP 2.7.0 changes PHP requirements (5.5+) and resolves several bugs. This is not a security update.

WordPress Zero Spam 5.0.12 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2021-01-12

Welcome back, Folks!

Today is Patch Tuesday for January, 2021.

This Month in Technology

By now you’re probably very aware with the SolarWinds “hack” since it was 24/7 news only a month ago, though mostly conjecture. We now know they were hacked over a year before a third-party (FireEye) pointed it out to them, and the malware remained on their servers weeks after it was identified.

What we’ve learned of it over the last month is a rich reminder of do’s and don’ts:

  • Don’t trust multi-factor authentication – it’s not nearly as effective at preventing logins as you’ve been lead to believe.
  • Don’t take over devices you can’t exploit quickly – don’t expose yourself wideband for 0.2%.
  • Do use a strong, unique password for everything – never something as absurd as “solarwinds123“.
  • Do modify your firewall to eliminate automatic whitelists for government IP addresses.
  • Do regular checkups – you never know what you’re going to find.

Don’t worry, though, they’ve hired a political hack to CYA!

Austin City, the City of CorneliaCity of EllensburgIndependence City (Kansas), Chatham County (North Carolina), Huntsville City Schools (Alabama), Jefferson County (Kentucky), Subway, Intel’s Habana LabsMicrosoftFireEye, the United NationsMaryland’s GBMC HealthCare, the US Dept of JusticeNissanLivecoinSpotifyIndiGo, various Israeli companies, the US Judiciary case file system, and many gaming companies have all been hacked.

Security issues or backdoors were found in Zyxel firewalls, Typo3Android BluetoothGlassdoorNintendo 3DSMicrosoft 365Google Titan security keys, Signal App cryptography, Starbucks mobile, and terabytes of secrets and databases have been dumped online.

Point-of-sale hardware has a “service mode” with a default password, malware is fingerprinting and mapping networks using the MAC address, Smart Doorbells are still a bad idea, Gionee has been infecting their own budget smartphones for kickbacks, and Google is still the easiest way to hack Google.

Ticketmaster hacked their competition 7 years ago and is only now paying a fine for it, Twitter is being fined almost half a million Euros for its breach handling, and Sabre Corp has now settled with 27 states over data breach.

WhatsApp won’t let you use it if you don’t want it to have your data tied to the rest of Facebook. The bigger you are, the bigger the target is on your back.

The “secure communication” tool Telegram tells everyone your precise location if you enable location support. One of my favorite browser extensions, The Great Suspender, changed hands in 2020 and the new publisher has recently been caught using it to distribute malware under the guise of analytics. Shopify, BigCommerce and other large sales platforms are being targeted with a card skimmer.

Mozilla (creator of Firefox and Thunderbird) wants the entire Internet to be used to censor certain publishers (that’s a bad thing), which is sad since they recently dropped support for PWAs (that’s a good thing).

Speaking of censorship and cancel culture, a potential new federal banking rule could put an end to the social/financial terrorism employed by cancel culture devotees. However, Big Tech censorship is at an all-time high in the wake of “riots” that were tame for the last year.

Corellium is protected by Fair Use and Tim Cook is going to have to testify more than a mere 4 hours about how his elimination of competition and closed ecosystem aren’t “really” a monopoly.

Ledger WalletT-Mobile (yet again), Amazon partner JuspayUbiquitiNintendo21 ButtonsSangoma TechnologiesDental Care AllianceKoei Tecmo, and Apex Laboratory all suffered data leaks/breaches.

Zoom, however, willingly shared their US user data with China.

Facebook’s recent Instagram hack exposed a massive click farm.

Google has had several service outages in the last month, as has Apple and even #Slack.

WinZip is vulnerable to a MitM attack (dude, no SSL, really?!).

Google broke SMS on many Android devices, your RAM can be used to exfil data from your device, Apple iPhone assembly plant Wistron in India has been suspended after a riot causes $60 million in damages. That may be a good thing, though, since the Apple MagSafe chargers can deactivate pacemakers.

macOS Preview is damaging PDFs (again).

Apple has removed the ability to download combo updates for Big Sur. This is going to cause serious security problems for the vast majority of the world that doesn’t have Bay Area bandwidth available to them.

In a good move, Apple has upset Facebooks advertising ecosystem by preventing certain data collection and use on their latest platforms, even Google is trying to figure out how to get around the new privacy requirements.

Why don’t I trust government? It’s hard to pick just one reason, but this month has many examples. Government employees tasked with preserving election data call for its mass deletion, or “accidentally” delete the security log files, while ignoring hundreds of pages of evidence and “moving the goalposts.”

The FBI has been hiding Seth Rich’s laptop while claiming they didn’t have it, public schools are purchasing hacking tools to get the data off student’s phones, mass data collection never ends, agencies fine you for helping during a crisis or being in a car without permission, while they hack journalist’s phones and run pedophile rings out of large white government buildings in DC. Nevertheless, you should trust the math and not look behind the curtain. Or else.

By the way, streaming content that you don’t have rights to is now a felony thanks to a nearly 6,000 page bill passed without anyone reading itHypocrisy is their bread and butter. Which is why they have such religiously held beliefs that violate all common sense.

Now for the good news:

It is now possible to integrate Everything into the Windows taskbar!

Starlink is approved for use in the UK, opening the door to true worldwide broadband.

Let’s Get Busy

Now back to our regularly scheduled program.

Adobe Flash Player is finally dead! There will be no more security updates released for Flash, and it’s probably the application single-most responsible for infections world-wide over the last 20 years, so it should be removed immediately. Use the utility below to remove it.
Win: https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html
Mac: https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html

Patch Tuesday this month is pretty big. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, and MSRT (~ 1.6 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, Safari 14.0.2, macOS Server 5.11, macOS X Combo Update 10.15.7, Brother Printer Drivers 4.1.1 and HP Printer Drivers 5.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.3 and iOS 12.5.1 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 14.3 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.2 and watchOS 6.3 are security updates. Use the Watch app on your iPhone to install the most current version.

tvOS 14.3 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 87.0.4280.142 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Crucial Storage Executive 6.09 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.3.5 improves removal of various artifacts. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

nVidia 461.09 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.18.78 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 87.0.4280.141 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 87.0.664.75 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 84.0.2 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/

Firefox ESR 78.6.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/

Iridium 2020.11 is a security update (but still not patched to the current Chromium security updates). Use Menu, Help, About to install the most current version.
https://iridiumbrowser.de/

Vivaldi 3.5.2115.87 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.6.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Facebook Messenger 20201207 is a security update, but is still a month behind the current chromium security level. You should remove Facebook Messenger if you have it installed.
https://www.messenger.com/download

Trillian 6.4.0.2 resolves several bugs. This is not a security update.
https://www.trillian.im/

curl 7.74.0 is a security update.
https://curl.haxx.se/windows/

Dropbox 112.4.321 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.52.0.5 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.5 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Minds 4.7.0 improves data use and channel header, restyles posts, and resolves several bugs. This is not a security update.
https://www.minds.com/mobile

Npcap 1.10 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Technitium DNS Server 5.6 adds dynamic configuration application, adds cleanup options, block list refresh intervals, forced refresh, and resolves many other bugs. This is not a security update.
https://technitium.com/dns/

Zoom 5.4.59931.0110 adds ability to block insecure participants, force authentication, silence notifications when sharing, and management improvements. This is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Adobe FrameMaker 2020.0.1 doesn’t provide a changelog so should be treated as a security update.
https://supportdownloads.adobe.com/detail.jsp?ftpID=7061

Adobe Bridge 11.0.1 is a security update.
https://helpx.adobe.com/security/products/bridge/apsb21-07.html

Adobe Captivate 2019 11.5.1.499 hotfix 1 is a security update.
https://helpx.adobe.com/security/products/captivate/apsb21-06.html

Adobe InCopy 16.0 is a security update.
https://helpx.adobe.com/security/products/incopy/apsb21-05.html

Adobe Campaign Classic Gold Standard 11, 20.3.3.9234, 20.2.4.9187, 20.1.4.9126, 19.2.4.9082, and 19.1.8.9039 are security updates.
https://helpx.adobe.com/security/products/campaign/apsb21-04.html

Adobe Animate 21.0.2 is a security update.
https://helpx.adobe.com/security/products/animate/apsb21-03.html

Adobe Illustrator 25.1 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb21-02.html

Adobe Photoshop 22.1.1 is a security update.
https://helpx.adobe.com/security/products/photoshop/apsb21-01.html

darktable 3.4.0 resolves over 100 issues and adds several new features. This is not a security update.
https://www.darktable.org/install/

Flickr Downloadr 3.3.3.2 resolves a couple bugs. This is not a security update.
https://flickrdownloadr.com/downloads/

Picard 2.5.6 resolves several bugs.
https://picard.musicbrainz.org/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.12.21 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

PlayStation PS3 4.87 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps3/system-software/

PlayStation PS4 8.03 adds option to disable Game Chat Audio. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps4/system-software/

PlayStation PS5 20.02-02.30.00 resolves PS4 transfer bugs, text input and Wi-Fi stability issues, and improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Interactive Calendar 2.2 adds color schemes, resolves search issues, improves stability & performance, and fixes several bugs. This is not a security update.
https://www.csoftlab.com/calendar

LibreOffice 7.0.4 resolves over a hundred bugs and is now the new general release. This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.1.1 resolves dozens of bugs and improves compatibility. This is not a security update.
https://nextcloud.com/

Notepad++ 7.9.2 resolves over three dozen issues including performance and stability. This is not a security update.
https://notepad-plus-plus.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.14 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

Gpg4win 3.1.15 improves AD support and resolves a random security key selection bug. This is a security update.
https://www.gpg4win.org/download.html

KeePass 2.47 resolves several bugs, improves search and options. This is not a security update.
https://keepass.info/

NSudo 8.0.1 updates libraries and adds translations. This is not a security update.
https://github.com/M2Team/NSudo/releases/latest

RogueKiller 14.8.3 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.32.4 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Wireless Network Watcher 2.23 updates internal MAC addresses database. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.1.0 improves transparency handling, scaling improvements, and resolves several bugs. This is not a security update.
https://12pd.com/click?snagit

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.1.5 adds new models and profiles, improved Enlarger AI handling. This is not a security update.
https://www.dvdfab.cn/download.htm

IsoBuster 4.7 adds an option to import and export templates, improved reliability, scanning, and read handling, and resolves several bugs. This is not a security update.
https://www.isobuster.com/download.php

MakeMKV 1.15.4 improves compatibility, implements seamless join of TrueHD streams, and resolves bugs. This is not a security update.
https://www.makemkv.com/download/

Utility Updates

These are unlikely to be of interest to most people.

BulkFileChanger 1.72 adds “Photo – Date Taken” option. This is not a security update.
https://www.nirsoft.net/utils/bulk_file_changer.html

CCleaner 5.75.8238 adds import for “Cookies to Keep” option, and resolves several bugs. This is not a security update.
https://www.ccleaner.com/

ControlMyMonitor 1.27 adds switches for turning on, off, and toggling on/off state. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

Dell Command Update 4.0 adds support for DCH drivers, adds a filter for Security updates, and improves user interface. This is not a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

DesktopOK 8.38 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dupeGuru 4.1.0 now uses tabs instead of windows, adds cosmetic fixes and options, and resolves several bugs. This is not a security update.
https://dupeguru.voltaicideas.net/

Etcher 1.5.113 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Everything 1.4.1.1003 resolves issues with the exit switch, improves shortcuts and autofocus. This is not a security update.
https://www.voidtools.com/

GoodSync 11.5.4 resolves several bugs. This is not a security update.
https://www.goodsync.com/

IsMyHdOK 2.71 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

LessMSI 1.8.0 improves usability. This is not a security update.
https://lessmsi.activescott.com/

MS ISO Downloader 8.46 adds new builds for Office 2019 for Mac, more Dell models and ISO Tools hash improvements. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

NTLite 2.0.0.7756 resolves several bugs and improves controls. This is not a security update.
https://www.ntlite.com/download/

Aomei Partition Assistant 9.1 resolves several bugs. This is not a security update.
https://www.diskpart.com/

PointerStick 5.01 improves rendering. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

Process Monitor 3.61 adds monitoring for various registry APIs and resolves a query output bug. This is not a security update.
https://live.sysinternals.com/

PsExec 2.21 is a security update.
https://live.sysinternals.com/

Sysmon 13.00 adds image tampering events and resolves several bugs. This is not a security update.
https://live.sysinternals.com/

TaskSchedulerView 1.65 adds columns for Task File Created/Modified. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TeamViewer 15.13.6 is released – but their changelog is on their community site (forum) which is currently down and redirecting to a third-party site. The new build may be a security update, but I recommend disabling TeamViewer completely for the near future just to be safe.
https://www.teamviewer.com/en/download/windows/

TraceRouteOK 2.31 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

WakeMeOnLan 1.87 updates the internal MAC addresses database. This is not a security update.
https://www.nirsoft.net/utils/wake_on_lan.html

WifiChannelMonitor 1.66 adds option to copy clicked cell and updates MAC addresses file. This is not a security update.
https://www.nirsoft.net/utils/wifi_channel_monitor.html

WifiInfoView 2.67 adds window resizing and pagination to the properties window, and adds wildcard filter support. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinScan2PDF 6.41 improves duplex support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WirelessKeyView 2.21 improves display and adds QR Code view (F2). This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html

Developer Updates

These are unlikely to be of interest to most people.

Node.js 12.20.1 is a security update.
https://nodejs.org/en/

Node.js 14.15.4 is a security update.
https://nodejs.org/en/

Node.js 15.5.1 is a security update.
https://nodejs.org/en/

Redemption 5.26.0.5872 adds ability to remember SMTP passwords, and resolves several bugs. This is not a security update.
http://www.dimastr.com/redemption/

Visual Studio Code 1.52.1 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Docker Desktop 3.0.4 resolves a stability bug. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.1.2 updates libraries and resolves several bugs. This is not a security update.
https://drupal.org/download

Joomla 3.9.24 is a security update.
https://www.joomla.org/

Nextcloud Server 20.0.4 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

OpenPetra 2020.12 removes support for SQLite, improves Find, Type Ahead, and resolves several bugs. This is not a security update.
https://www.openpetra.org/

phpList 3.6.0 adds blacklisting hook, and counter limits. This is not a security update.
https://www.phplist.org/

phpMyAdmin 5.0.4 resolves several bugs. This is not a security update.
https://www.phpmyadmin.net/

ConnectWise Control 21.1.2009.7678 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.6 improves layout flexibility, adds new block patterns, captions, new default theme, and improved auto-update capabilities. This is not a security update.
https://wordpress.org/

Akismet 4.1.8 resolves a couple bugs. This is not a security update.

Autoptimize 2.8.1 resolves several bugs. This is not a security update.

BuddyPress 7.1.0 resolves two bugs. This is not a security update.

Contact Form 7 5.3.2 is a security update.

Social Post Feed 2.18.1 resolves several bugs. This is not a security update.

Interactive World Map 3.1.9 improves compatibility. This is not a security update.

myStickymenu 2.4.9 resolves a couple bugs. This is not a security update.

W3 Total Cache 2.0.1 resolves several bugs. This is not a security update.

Widgets on Pages 1.5.0 is a security update.

WooCommerce 4.9.0 resolves dozens of bugs. This is not a security update.

Show IDs 1.1.6 improves compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/