Updates 2021-07-13

Welcome back, Folks!

Today is Patch Tuesday for July, 2021. Bad patches, bad faith, insufferable heat, and a horrific series of holiday events for security professionals has left me in a foul mood. I’ll try to keep my temper.

This Month in Technology

Apex LegendsATMs and PoS platformsBoeingCisco Smart Switchestens of millions of Dell devicesEA (including the source code for dozens of games), IndexsinasiOS activation lock, the IRSKaseya – impacting hundreds of companies and over a million devices, and then, another Linux kernel bugLumaNSW Dept of EducationPlingSolarWinds (again), Southwest AirlinesSwedish Coop supermarkets, VMWare vCenter, Western Digital’s My Book Live devices, and Windows Print Spooler (printnightmare) have been hacked.

Malware was released posing as a Kaseya security update to address their 4th of July horror show, Microsoft signed and published the malware-laden Netfilter rootkit, the Accelion breach keeps getting worse, there’s another strain of ransomware targeting Microsoft Exchange, and 8.4 billion passwords were dumped in a new leak. There has been a 10x increase in businesses targeted by adult phishing messages.

Apple prioritized its own app before competitors in their “fair” app search engine, simply naming a wireless network a certain way can disable iPhone Wi-Fi on devices that connect to it. If it’s an open network, they’ll try to connect to it automatically. Safari broke indexedDB which broke access to almost every web app. Apple uses slave labor while refusing to hire minorities, Siri is still violating your privacy, and if your iPhone is the “key” to your bank or other sensitive information, get a better lock. At least the Woz supports the right-to-repair.

You’re not in charge of your SMART devices. Dell admits to intentionally disabling their hardware. An Australian phone carrier is injecting advertisements into texts. What this says about your use of two-factor authentication (2FA) is that at the very least, your carrier can always access them (and so can any 3-letter agencies). Google has even acknowledged the significance of this risk and is advising developers to stop using texts for 2FA.

Microsoft’s Linux reposMicrosoft Store, and Fastly had major outages. The Fastly CDN outage was caused by “one customer changing a setting.

Microsoft announced the upcoming release of Windows 11, which has only a handful of significant changes (including an uglier user interface and a requirement for home users to use a Microsoft account). This article is a great summary of why forcing a Microsoft account on their users is a bad idea.

If having the Facebook app itself installed weren’t risky enough…they can analyze the photo of a single word to recreate your handwriting, and identify the source of deepfakes, but they can’t bother to follow their own “important rules.” Facebook can be held liable for their facilitation of sex trafficking.

Secretaries of State continue to promote the false “secure election” claims when they, themselves, hold evidence to the contrary. There is now sufficient evidence to demonstrate that election fraud was the norm in 2020. Dominion blames “human error,” and why wouldn’t they? Liberty dies in darkness.

Epic Games is winning appeal in Australia. Robinhood violated the law by getting in bed with Wall Street, and the SEC is targeting independent investors. SpaceX is being investigated for their Starlink expansion (the heat is on). A federal judge has overturned California firearm ban even while California launches a vaccine passport. The Linux Foundation has jumped the shark, by joining the fracas.

The CDC keeps fudging the VAERS numbers so is it any wonder there are bills to ban a federal vaccination database? Why wouldn’t they when there are over 50,000 dead Americans thanks to the CV19 “vaccines,” and the vast majority of “COVID deaths” are to the vaccinated minority? More than half of all (government-funded) COVID “relief” was either stolen or fraudulent. Airlines are banning those who have received the vaccines and Pakistan is banning those who have not from having cell phones. Fauci keeps lying his way around the media, but that’s common when government meets health careProfit-driven labsagenda-driven judges, fake peer reviewand “science” (not to be confused with actual science) have produced defective (unless their intent is to kill) and ineffective vaccines, deadly mask mandates, and insane stay-at-home orders, that have caused irreparable damageJust say no“Voluntary” does not mean “without consent.”

Biden (falsely, in case you weren’t aware) believes “a number of officers” lost their lives during the January 6th “riot“, but is allowing actual murderers go free, even though the capitol staff allowed protesters to enter the magnetically locked doors. This is why Speaker Pelosi refused National Guard assistance. If they were there, their cronies couldn’t have staged this “mostly peaceful” false flag.

The US federal government is researching ways to implement their own version of a social credit system. NCLB=>CRT, and now they’re treating humor as racism. Thanks to interventionalism, gas is going to get much more expensive.

All terrorism is sponsored by the FBI, or concealed by them. That’s not an exaggeration. Anyone that’s turned on a TV knows that there are a lot of pedophiles in government. How many do you think are in the FBI?

Threatening to nuke your citizenry approaches the worst thing any President has ever done. When is revolution justified?

Now for the good news:

This heat wave is finally subsiding.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is very large. The typical computer should see roughly 2.5 GB in updates today. Let’s get started.

Before I begin I should point out that Microsoft released an out-of-band (OOB) security update last week. For the vast majority of users, the “fix” caused more damage than the risk of compromise. Printers, card readers, even disk drives, suffered problems after installing the update, and in some cases Windows was broken as a result. Instead of tying it to the previously (and well-tested) June patch cycle update, they released the OOB update based on the beta version of the July update. I spent most of this week dealing with the fallout from this very poorly tested patch. Grrr.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, Internet Explorer, and MSRT (~1.2 GB). This includes security updates. A reboot is required.

Apple released updates for iOS 12.5.4 and iMovie 10.2.4. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 12.5.4 is a security update. Use Settings, General, Software Update to install the most current update.

Google Chrome OS 91.0.4472.147 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.x) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H1) is very large, for the first time it’s actually smaller than the previous release, but it will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.4.2 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Logitech Options 8.54.161 resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options

Nvidia 471.11 resolves several bugs. This is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.26.74 is a security update.
https://brave.com/

Google Chrome 91.0.4472.124 is a security update.
https://www.google.com/chrome/

Microsoft Edge 91.0.864.67 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 90.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.12.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Iridium 2021.06.91 is a security update.
https://iridiumbrowser.de/

SeaMonkey 2.53.8 is a security update.
https://www.seamonkey-project.org/

Vivaldi 4.0.2312.38 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

NK2Edit 3.42 improves high-DPI support. This is not a security update.
https://www.nirsoft.net/utils/outlook_nk2_edit.html

Thunderbird 78.12.0 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Telegram 2.8.4 improves stability. This is not a security update.
https://telegram.org/

AnyDesk 6.3.2 resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

Dropbox 125.4.3474 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.55.0 improves SFTP and ALPN support, and resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.11 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 1.50 resolves several bugs and improves compatibility. This is not a security update.
https://nmap.org/npcap/

Omada Software Controller 4.4.3 resolves dozens of bugs and improves reliability. This should be treated as a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

WinSCP 5.19.1 resolves several bugs. This is not a security update.
https://winscp.net/eng/index.php

Zoom 5.7.1.543 resolves several bugs. This is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.16 adds snow, rain and fire effects, resolves several bugs. This is not a security update.
https://en.3tene.com/

darktable 3.6.0 adds several new features, resolves dozens of bugs and updates hardware support. This is not a security update.
https://www.darktable.org/install/

Flickr Downloadr 3.4.0.1 resolves several bugs and removes defunct platforms. This is not a security update.
https://flickrdownloadr.com/downloads/

Plex Media Server 1.23.4.4805 improves AAC encoding quality, hardware compatibility, play queueing specials and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

VLC Media Player 3.0.16 is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

PlayStation PS5 21.01-03.21.00 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Steam 2021.07.13 resolves dozens of bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

Krita 4.4.5 resolves dozens of bugs. This should be treated as a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.1.4 resolves 80 bugs. This is a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.2.4 resolves several bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.1.1 adds/improves dark mode, resolves performance and stability bugs. This is not a security update.
https://notepad-plus-plus.org/

Adobe Dimension 3.4.3 is a security update.
https://www.adobe.com/products/dimension.html

Adobe Illustrator 25.3 is a security update.
https://www.adobe.com/creativecloud/catalog/desktop.html

Adobe Framemaker 2019.8 and 2020.2 are security updates.
https://helpx.adobe.com/framemaker/kb/framemaker-downloads.html

Adobe Acrobat and Reader 2021.005.20058, 2020.004.30006, and 2017.011.30199 are security updates. Use Help, Check for Updates to install the most current version.

Adobe Bridge 11.1 is a security update.
https://www.adobe.com/in/products/bridge.html

Security Software Updates

One or more of these is likely to be of interest to most people.

Gpg4win 3.1.16 updates libraries and resolves several bugs. This is a security update.
https://www.gpg4win.org/download.html

Hashcat 6.2.2 improves automation, adds new hash-modes and resolves several bugs. This is not a security update.
https://hashcat.net/hashcat/#downloadlatest

RogueKiller 15.0.8 updates engine and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Tails 4.20 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

uBlock Origin 1.36.2 is a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.32.1 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 2021.4.2 resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

VideoCacheView 3.07 improves Firefox compatibility. This is not a security update.
https://www.nirsoft.net/utils/video_cache_view.html

Converter Updates

These are unlikely to be of interest to most people.

IsoBuster 4.8 adds ReFS support, dmg, adf, and hdf file support, metadata parsing, Amiga partitions, block range addressing and search support. This is not a security update.
https://www.isobuster.com/download.php

MakeMKV 1.16.4 improves decoding, compatibility, and resolves several bugs. This is not a security update.
https://www.makemkv.com/download/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.8.6 resolves several bugs. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 7.7.810
https://1password.com/downloads/windows/

8GadgetPack 34.0 resolves several bugs and improves compatibility. This is not a security update.
https://8gadgetpack.net/

AccessChk 6.14 adds support for NULL DACL reporting. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk

Aomei Partition Assistant 9.3 adds option to create portable version, resolves an app mover bug. This is not a security update.
https://www.diskpart.com/

Bitwarden 1.27.1 resolves several bugs. This is not a security update.
https://bitwarden.com/

Dell Command Update 4.2.1 doesn’t provide a changelog. This should be treated as a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

DesktopOK 9.11 adds support for Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.75 adds support for sorting by menu. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

Everything Toolbar 0.7.1 improves keyboard support, added options and integration, and resolves several bugs. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

Fido 1.20 adds Windows 7 ISO downloads. This is not a security update.
https://github.com/pbatard/Fido/releases

GoodSync 11.7.6 resolves several bugs. This is not a security update.
https://www.goodsync.com/

Homedale 1.97 resolves a bug. This is not a security update.
https://www.the-sz.com/products/homedale/

NetworkTrafficView 2.41 adds support for sorting by menu. This is not a security update.
https://www.nirsoft.net/utils/network_traffic_view.html

NTLite 2.1.2.8074 adds Windows 11 support and updates components. This is not a security update.
https://www.ntlite.com/download/

osquery 4.9.0 updates libraries, adds log rotation, improves table options, startup and shutdown time, and resolves other bugs. This is not a security update.
https://osquery.io/downloads

PointerStick 5.33 adds support for Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.41.3 resolves stability issues. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Process Monitor 3.83 resolves several bugs. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

RoboForm 9.1.5 resolves several bugs. This is not a security update.
https://www.roboform.com/

Strings 2.54 improves handling of files containing long strings. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/strings

Sysmon 13.22 improves performance and resolves a sub-rule bug. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TCPView 4.13 fixes a bug with connection state filtering. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview

TraceRouteOK 2.55 updates signature and languages. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

USBDeview 3.02 improves high-DPI support and adds support for sorting by menu. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

WinRAR 6.02 is a security update.
https://www.rarlab.com/

WinScan2PDF 7.22 adds Windows 11 support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 4.01 adds several new filter features, multiple simultaneous drive support, performance improvements, and adds cosmetic options. This is not a security update.
https://wiztreefree.com/

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 4.2.2.0 resolves several bugs. This is not a security update.
https://developer.android.com/studio

Node.js 16.4.2 is a security update.
https://nodejs.org/en/

Node.js 12.22.3 is a security update.
https://nodejs.org/en/

Node.js 14.17.3 is a security update.
https://nodejs.org/en/

SQLite 3.36.0 improves EXPLAIN, BOM skipping, and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.58 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Dada Mail 11.14.1 updates libraries, adds limits to Forward to a Friend, and resolves several bugs. This is not a security update.
https://dadamailproject.com/

Docker Desktop 3.5.2 resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.2.1 resolves several bugs. This is not a security update.
https://drupal.org/download

MailEnable 10.35 is a security update.
https://www.mailenable.com/

Nextcloud Server 22.0.0 adds Circles support, integrates chat and tasks, approval workflows, PDF signing, and resolves over 600 bugs. This is not a security update.
https://nextcloud.com/

ScreenConnect 21.9.4007.7863 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Akismet 4.1.10 resolves several bugs and improve API requests. This is not a security update.

Conditional Widgets 3.1 announced their native incompatibility with WP 5.8+ and how to continue to use it. This is not a security update.

Duplicator 1.4.2 resolves several bugs and updates package diagnostics. This is not a security update.

myStickymenu 2.5.3 resolves several bugs. This is not a security update.

Visual Composer 37.0 resolves several bugs, improves compatibility, and adds user interface improvements. This is not a security update.

W3 Total Cache 2.1.5 is a security update.

WooCommerce 5.5.0 resolves dozens of bugs. This is not a security update.

WP Mail SMTP 2.9.0 adds scheduler, improved notifications, and resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2021-04-13

Welcome back, Folks!

Today is Patch Tuesday for April, 2021. There have been over 50 major hacking incidents, many hardware devices with critical security issues (often these are responsible for the major hacking incidents), and over a hundred updates this month. Almost every browser has released weekly security updates for the last two months. I don’t know about you, but I’m getting kind of sick of it. Finally, there’s an OpenSSL security update this week, so expect many more updates throughout the next month from every vendor that rolls their own encryption.

This Month in Technology

Acer, Apperta FoundationAzureBIG-IP, the Blender websiteBoggi Milano MenswearBooking.comBroward County (FL) Public SchoolsBrown UniversityBuffalo SchoolsCalifornia State Controller’s OfficeClubhouseCNA FinancialCrash 4 (within a day of release!), Facebook (which had the audacity to blame it’s users), Gigaset Android Update Server (preinstalled, too), Harvard Business SchoolHaverhill Public SchoolsIdaho Central Credit Union, the Indian governmentiOS, iPhones, iPads and Apple WatchesKentucky unemployment insurance systemMaricopa (AZ) Community Colleges, Michigan-based Flagstar BankMillersville UniversityMobiKwikMultiCareNetgear switches, the Netmask libraryParkMobilePeakTPA/Carolina SeniorCarePHPRollSAPSchneider Electric Smart MetersShellShopifySierra WirelessStanford MedicineSwarmShopUbiquiti (even if they won’t admit it), Union Bank of NigeriaUniversity Of CaliforniaUniversity Of ColoradoUniversity of MiamiUniversity of WisconsinUPMCVerkada, various VPN devices, Wake Forest Baptist-Lexington Medical CenterWeLeakInfo (ironic), Yeshiva University, and Zoom (more than once) have each been hacked.

There’s still fallout from the Exchange vulnerabilities for which Microsoft released patches in March, but with today’s release there are newly discovered vulnerabilities and patches, too. Even so, about 8% of Exchange servers still aren’t patched with the March fixes.

Newly discovered vulnerabilities allow bypass of Spectre mitigations on Linux, and on other platforms via JavaScriptAMD Zen 3 CPUs, Cisco SOHO Routers, and QNAP NAS devices are just a small sampling of hardware devices with serious security problems this month. 80% of global enterprises report firmware cyberattacks, while the other 20% probably just don’t have sufficient training or equipment to be able to detect them.

Major Google Android WebView problems have been notable this month and banking malware have been found in ten apps on the Google Play store. And Apple’s macOS Mail App can be hacked simply by receiving an email (again).

Azure AD/Microsoft 365, Azure DNS, Facebook, and Google have suffered recent outages.

T-Mobile is the latest to convert their customers into products. TikTok and Facebook tracking is worse than you imagine.

From the “I’m glad it didn’t happen to me” file we have an example of an aggressive space saving measure gone horribly wrong. There’s a growing trend of targeting the customers of ransomware victims to convince them to pay and another new cross-platform cryptomining worm.

Mobile privacy is a myth as both Google and Apple collect telemetry even when telemetry is disabled, but at least they’ve finally closed one of the more significant SIM-jacking holes.

Big Tech gets to make their own rules. They’re so aggressive about it that their own security staff sometimes can’t tell if they’ve been hacked. Google is being sued in France for violation of privacy. Apple has banned an accessibility keyboard from their AppStore in an effort to force them to into a buyout. Hopefully Epic will be able to use this and Apple’s hypocritical statements in Australia in their antitrust suit.

As with all disasters and government programs (but I repeat myself), the “American Rescue Act” is being trolled by malware authors to infect unsuspecting users. LinkedIn users are also being targeted thanks to the LinkedIn hack.

Not all of those Norton Antivirus renewal messages are scams (just most of them), and the UK is now suing Norton for failing to comply with their investigation into their “Dark Pattern” subscription model.

If Big Tech, Big Government, and the MSM didn’t censor Presidents (even Venezuela’s),
representatives, doctors, Christians, students, and even knitters, push false narratives, and tolerate terror, child abuse, racism, and sexism, while providing security only to one side of the aisle and targeting the other, I suspect there would be much more peace. Virginia Tech is being sued for banning the amorphously definedhate speech“, while once more college racism turns out to be a hoax. It shouldn’t be any surprise to anyone that victimhood itself is a disease.

A single death is a tragedy but killing small businesses was always part of the plan. The lockdowns were never about a virus. They were about pushing compliance with masks and experimental (lethal and anything butsafe and effective“) mRNA treatments onto an unwilling public, to “hack the software of life” preventing the ability to survive and dismantling every freedom unless you accept the jab. A surge is happening, not just at the border, but in post-jab death rates. All of this to ensure that their slush funds would be financed and elections could never be honest again.

There have been tens of thousands of fraudulent ballots in Michigan Georgia, and New Hampshire. In Georgia, one county ordered voter registration applications for 25 times the population. At least we can all agree on some common sense election reform. Or can we? The same businesses that require an ID to use their services are attacking new laws that require the same scrutiny for elections.

Now for the good news:

After more than a decade the US Supreme Court has finally ruled in favor of Google.
It’s about time. While I have no love for Google, the idea that you can’t develop code that uses the same parameters or names as Oracle code is sickening. How many of you have have written functions to format a date or number? It’s not like granular coding styles leave much to the imagination. This would be like an author suing another author because the chapters of their book were named “Chapter 1”, “Chapter 2” and so on. Good decision.

As long as I have my soapbox: Save Crypto!

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Exchange, Edge, .NET, Servicing Stack, and MSRT (~ 1.5 GB). This includes security updates. A reboot is required.

Apple released updates for GarageBand 10.4.3, iOS 14.4.2, iOS 12.5.2,, iPadOS 14.4.2, and watchOS 7.3.3. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.4.2 and 12.5.2 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 14.4.2 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.3.3 is a security update. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 89.0.4389.95 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Drivers by Seagull 2021.1 adds hardware support, improves response time, and adds features to certain models. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/

Crucial Storage Executive 7.01 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.3.8 improves AMD removal and resolves several bugs. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Logitech Options (macOS) 8.50.210 resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options

NVidia 465.89 adds new profiles, improves compatibility with various games and newer hardware. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.22.71 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 89.0.4389.128 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 89.0.774.76 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 87.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.9.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

SeaMonkey 2.53.7 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.7.2218.52 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.9.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.47 adds high-DPI support and an option to copy URL QR Code to the clipboard. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 7.76.0 is a security update.
https://curl.haxx.se/windows/

Dropbox 119.4.1772 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.53.1 resolves a couple bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.9 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

IPInfoOffline 1.60 adds CIDR and Duplicate Count columns, and updates internal IP database.
https://www.nirsoft.net/utils/ip_country_info_offline.html

Npcap 1.30 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Technitium DNS Server 6.2 is a major update. The 6.0 branch adds DNS Application support, more options, and improved compatibility. This is not a security update. Be aware that the current version chokes during updates because it stalls on removal of the previous version.
https://technitium.com/dns/

Telegram 2.7.1 resolves several bugs. This is not a security update.
https://telegram.org/

WGet 1.21.1 is a security update.
https://eternallybored.org/misc/wget/

Zoom 5.6.1.617 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.14 resolves several bugs and adds new positions and motions. This is not a security update.
https://en.3tene.com/

FastStone Viewer 7.5 adds dark theme, support for audio formats, and resolves several bugs. This is not a security update.
http://www.faststone.org/FSViewerDetail.htm

Picard 2.6 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Photoshop 21.2.7 and 22.3.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb21-28.html

Adobe Digital Editions 4.5.11.187606 is a security update.
https://helpx.adobe.com/security/products/Digital-Editions/apsb21-26.html

Adobe Bridge 10.1.2 and 11.0.2 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb21-23.html

Atom 1.56.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/

RoboHelp RH2020.0.4 is a security update.
https://helpx.adobe.com/security/products/robohelp/apsb21-20.html

Krita 4.4.3 doesn’t provide a detailed changelog so should be treated as a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.1.2 resolves over 60 bugs. This is not a security update, but the “Fresh” line is beta, so should be avoided by most users.
https://www.libreoffice.org/

LibreOffice Still 7.0.5 resolves over 100 bugs. This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.2.0 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 7.9.5 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.17 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

ClamWin Portable 0.99.4.103 doesn’t provide a changelog so should be treated as a security update.
https://portableapps.com/apps/security/clamwin_portable

OpenSSL 1.1.1k is a security update.
https://www.openssl.org/source/

RogueKiller 14.8.6 is a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.34.0 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.9.2 doesn’t provide a detailed changelog so should be treated as a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.3.0 resolves several bugs and improves toolset. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.16.3 resolves several bugs. This is not a security update.
https://12pd.com/click?makemkv

Education updates

One or more of these are likely to be of interest to most people.

e-Sword 13.0 adds Audio Bible support. This is not a security update.
https://www.e-sword.net/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.6.797 resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/

Bitwarden 1.25.1 resolves installation issues, adds support for Safari 13 and updates electron. This is not a security update.
https://bitwarden.com/

CCleaner 5.78.8558 improves cleaning options and behavior. This is not a security update.
https://www.ccleaner.com/

Cygwin 3.2.0 is a major update, improving threading and symlink support, and resolves more than a dozen bugs. This is a security update.
https://cygwin.com/

DesktopOK 8.77 improves translations and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dupeGuru 4.1.1 resolves several bugs. This is not a security update.
https://dupeguru.voltaicideas.net/

Etcher 1.5.117 resolves several bugs and updates libraries. This is not a security update.
https://www.balena.io/etcher/

Everything Toolbar 0.6.3 resolves a user-mode compatibility problem, requiring uninstallation of previous versions before upgrade. All future builds will be machine-level only. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

GoodSync 11.6.2 resolves dozens of bugs. This is not a security update.
https://www.goodsync.com/

Homedale 1.95 adds translation. This is not a security update.
https://www.the-sz.com/products/homedale/

IsMyHdOK 3.13 improves SSD/SSHD detection and benchmark testing. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.1.0.7845 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

osquery 4.7.0 adds several new tables, concat* functions, and resolves dozens of bugs. This is not a security update.
https://osquery.io/downloads

ProduKey 1.96 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/product_cd_key_viewer.html

PsExec 2.33 is a security update.
https://sysinternals.com/

RoboForm 9.1.2 adds website problem reporting and resolves several bugs. This is not a security update.
https://www.roboform.com/

Samsung Magician 6.3.0 doesn’t provide a changelog so should be treated as a security update.
https://www.samsung.com/semiconductor/minisite/ssd/download/tools/

SimpleWMIView 1.43 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

System Monitor 13.02 resolves several bugs. This is not a security update.
https://sysinternals.com/

TaskSchedulerView 1.67 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TcpLogView 1.35 adds Process User column and improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/tcp_log_view.html

TCPView 4.0 adds flexible filtering, search, and display of the Windows service that owns an endpoint. This is not a security update.
https://sysinternals.com/

WifiInfoView 2.68 improves high-DPI compatibility. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinObj 3.02 resolves a crash bug. This is not a security update.
https://sysinternals.com/

WinScan2PDF 7.01 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WirelessKeyView 2.22 adds an option to copy QR Code of the selected item. This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.33.06 resolves a hotkey bug. This is not a security update.
https://www.autohotkey.com/download/

Android Studio 4.1.3.0 resolves a stable/beta channel bug. This is not a security update.
https://developer.android.com/studio

Node.js 12.22.0 is a security update.
https://nodejs.org/en/

Node.js 14.16.1 is a security update.
https://nodejs.org/en/

Node.js 15.14.0 is a security update.
https://nodejs.org/en/

Redemption 5.27.0.5916 resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/

SQLite 3.35.4 is a security update.
https://www.sqlite.org/download.html

TortoiseGit 2.12.0 updates libraries, resolves more than a dozen bugs, and improves consistency. This is not a security update.
https://tortoisegit.org/

Unreal Engine 4.26 adds many new features. This is not a security update.
https://unrealengine.com/en-US/

Visual Studio Code 1.55.2 is a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.11 adds a method to enable 2FA. This is not a security update.
https://coppermine-gallery.net/

Docker Desktop 3.3.0 resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.1.6 resolves over 50 bugs. This is not a security update.
https://drupal.org/download

HumHub 1.8.1 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 3.9.26 is a security update.
https://www.joomla.org/

MailEnable 10.34 resolves several bugs. This is not a security update.
https://www.mailenable.com/

Nextcloud Server 21.0.1 resolves over 70 bugs, updates libraries, and improves reliability and compatibility. This is not a security update.
https://nextcloud.com/

phpList 3.6.2 improves compatibility and resolves several bugs. This is not a security update.
https://www.phplist.org/

Piwigo 11.4.0 is a security update.
https://piwigo.org/

ScreenConnect 21.4.2767.7752 makes several cosmetic changes and resolves bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SpamAssassin 3.4.6 is a security update.
https://spamassassin.apache.org/downloads.cgi

Antispam Bee 2.9.4 adds support for ajax calls. This is not a security update.

Autoptimize 2.8.3 resolves a bug. This is not a security update.

BuddyPress 7.2.1 is a security update.

Social Post Feed 2.19.1 improves compatibility and reliability, and resolves several bugs. This is not a security update.

Email Log 2.4.5 resolves several bugs. This is not a security update.

Redirection 5.1.1 resolves several bugs. This is not a security update.

Sucuri Security 1.8.26 is an SJW release. This is not a security update.

Theme My Login 7.1.3 resolves several bugs. This is not a security update.

W3 Total Cache 2.1.2 resolves several bugs and adds AWS regions, new MIME types and pagination links. This is not a security update.

WooCommerce 5.2.0 resolves dozens of bugs. This is not a security update.

WP Mail SMTP 2.7.0 changes PHP requirements (5.5+) and resolves several bugs. This is not a security update.

WordPress Zero Spam 5.0.12 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2021-03-09

Welcome back, Folks!

Today is Patch Tuesday for March, 2021.

This Month in Technology

Gab has been hacked at least a couple more times. (Would you trust the security of a Gab-owned bank?)

A new form of “supply-chain” attack demonstrating dependency vulnerabilities has been used against many major vendors, including Microsoft, Apple, Tesla, and dozens more.

32redAccellionAllergy PartnersAppleBombardierCA DMVClubhouse ChatsCovenant HealthCareCSXD-Link devices, Ecuador’s Ministry of Finance and Banco Pichincha, the European Banking AuthorityEXMOExperian (again), France’s Ministry of HealthGeorgetown County (SC), Hipcam (and other baby monitors), HumanaIBM, over a hundred Italian banksKeepChangeKiaKrogerLakehead UniversityMalaysia AirlinesNess Digital EngineeringNinja FormsNgrokNurseryCam, Oxford University, RealPage, RIPE NCC accountsRockwell Automation PLCsMaza, a Russian Cybercrime forum, SingtelSITA (an airline service provider), SolarCityPayPalQualysSendgrid accounts (to send spam – how could anyone tell the difference?!), Sequoia CapitalSignalT-Mobile, TMS, 15 UK schoolsUnderwriters LaboratoriesUniversal Health ServicesVMWare vCenter ServerWashington State Unemployment DepartmentWawa, Apple’s WebKit, and Yandex have been hacked.

According to a study by Bridewell Consulting, 86% of UK critical national infrastructure organizations have experienced cyber-attacks. I think it would be more accurate to present these numbers as, “14% of UKs critical national infrastructure doesn’t have the technology in place to know they were hacked.”

Even more malware related to the SolarWinds hack has been discovered. Since AWS was used for the SolarWinds hack, shouldn’t Amazon shut AWS down, too?

Microsoft is now admitting that Azure and Exchange source code has been compromised by the SolarWinds attackers.

The big news this month is that a vulnerability in Microsoft Exchange (coincidence?) has resulted in over thirty thousand servers being hackedThis is huge. So what did Microsoft do? Microsoft has announced it has changed their policy to crack down on hosted email accounts that receive a lot of email. Sigh.

Another interesting new tactic, bitsquatting, has proved far more effective than one would think. The demonstration allowed them to hijack thousands of requests intended for Microsoft. Used maliciously, this method will cause serious damage.

Censorship has finally made it before the Supreme Court, but Dr. Suess is only the latest target, while Facebook allowed actual genocide, but forbade discussion about news articles, Google acknowledges their efforts to perform censorship “better,” and Firefox has released a new extension to aid in censorship, while Streamlabs waited for the payment to clear before censoring one paid user. The Beverly Hills Police Department is using the novel approach of playing copyrighted music to prevent their actions from being observed, and Congress is now violating federal law by demanding censorship of media.

It amazes me that people actually trust “fact checkers.” Censorship doesn’t work!

Poland isn’t taking it anymore. Italy is fining Facebook, too.

Tor was hacked years ago, but new implementations (like that in Brave) are still popping up with their own problems.

Another 21 million VPN users were taught the lesson about the difference between customers and products. If you’re not the customer, you’re the product.

Instagram (like parent Facebook) is sharing everything you do with law enforcement. So is Apple’s iCloud.

The Windows 10 implementation of web fonts can be used to hack you. Apple M1 chips (less than 6 months old) have been targeted with several pieces of malware, but we should trust the MORPHEUS chip, right? BTW, M1 Macs are eating their (soldered in) SSDs, too.

It’s not just Google. Apple can disable all of your accounts and services on a whim, too. Or for your name.

Amazon has been caught duplicating products, can they be trusted to sell your products or host your content?

Is half a billion dollars enough to get you to rethink a bad user interface?

The whole point of unified interfaces and consistent logins is to ensure a familiar experience so you know whether you’re visiting the real site. Attackers take advantage of this to build their own imagekits and forms, even using their own fake security measures to convince you you’re on the “real” site since they are forced to validate that *you* are really you.

The malicious Gootkit Trojan can help the SEO of your websites. Just not for you.

Never reuse passwords. Or hard-code them. And don’t use obvious passwords either. But if you do, don’t blame a fabricated intern.

Apple claims that a new (available since 2019, but only recently launched on iOS) application execution technique will make it more difficult for iPhones to be hacked,
while yet another iPhone bug has demonstrated to successfully jailbreak every active iOS/iPhone line.

North Dakota and Arizona may save the Internet by forbidding the ability for vendors to force the use of their own app stores.

While many treat Google’s lockdown of their data APIs in Chromium as a bad thing, I see it as getting Google further out of Chromium – which can only be a net positive.

AT&T and Frontier have consistently abandoned phone networks in California, but we knew that: AT&T said they were going to do this when Title II passed. Sometimes the only thing to make a company following through is enough bad press.

Deepfakes for everyone! While most focus on Deepfakes are about their potential for evil, they can be used for good.

On patents: Intel owes $2.2 billion for saving power, and Apple has violated several biometric patents.

Dr. Fauci has known all along that the PCR test was useless. The WHO has launched their own COVID-specific version of “we investigated ourselves and found we did nothing wrong.” The dystopian concept of vaccine passports has been struck down by the Council of Europe. Unfortunately their power is mostly cosmetic.

The CDC inflated “COVID deaths” over 1600% in violation of multiple federal laws. CDS is real though. COVID has been “really good for CNN ratings,” though. Thousands of people have died in the US from the experimental COVID “vaccines,” (and elsewhere) or suffered from other harm. Many more internationally. Quarantine internment camps are a real thing. People are being harmed from the tests (or forcefully vaccinated), too. You can do something about it. (They sure won’t.) BTW, the CDC has had to remove their claim that vaccines don’t cause Autism.

Pennsylvania, New Mexico, and Texas have joined in on efforts to end lockdown insanity.

Don’t be selfishMasks still don’t work, but masks can kill you. (At least they won’t rape you.)

Keep the pedophile, but ban the words.

Green Energy killed Texas. It shouldn’t have been allowed to happen.

Governors Cuomo and Whitmer are finally being taken to task on their “accidental” murder of thousands of nursing home residents. Don’t expect the President to get involved. Genocide is just “different norms” to him. Instead of those in “National Security” investigating this, they’re convinced their time is better used calling half the population terrorists.

Facebook has had more than 20 million child sex abuse incidents, more than 20x greater than any other website, including Google. Nevertheless, the masses aren’t calling for cancelling Facebook. It’s tolerance when “they” do it.

Speaker Pelosi (who is responsible for security at the House) refused National Guard assistance, supposedly over “optics“, before the staged January 6riot“. Chris Wray lied to Congress about Antifa dressing as Trump supporters. So did former Deputy Attorney General Rod Rosenstein. They’ve knowingly falsified FISA warrants. So is it really any surprise there are calls to shut down the FBI?

Some states are finally allowing election audits, with evidence of 6% discrepancies in every single race, others as much as 78%, and other serious math problems, while others refuse to release ballots for inspection, purge election data, or allow the FBI to shred ballots without oversight or inspection. Then they poison the people they are forcing to guard them.

Is it any surprise that their Section 230 “reforms” are designed to completely silence online discourse? After all, the President doesn’t understand what “clandestine” means. (Quick tip: If you announce your intentions on the MSM, it’s not clandestine!)

The Babylon Bee is probably the best news site on the Internet, not because they actually have any news, but because they shine a light on the fraud that passes for news today.

Now for the good news:

California has finally been allowed to implement their own brand of Net Neutrality. I strongly oppose Net Neutrality, as getting government involved in something (even under the auspices of protection) always results in unintended consequences. This is, fortunately, no exception. CA Net Neutrality can now be used by myself and others to target Big Tech to penalize them for their continuous acts of censorship.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, Internet Explorer, and MSRT (~2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Big Sur 11.2.3, watchOS 7.3.2, Safari 14.0.3, iOS 14.4.1 and iPadOS 14.4.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.4.1 is a security update. Use Settings, General, Software Update to install the most current update.

iPadOS 14.4.1 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.3.2 is a security update. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 88.0.4324.186 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

BullZip PDF Printer 12.2.0.2902 resolves several bugs. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Display Driver Uninstaller 18.0.3.7 improves cleanup and adds network path support. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DirectX 9.29.1974.1 doesn’t provide a changelog, so should be treated as a security update.

nVidia 461.72 adds support for newer hardware and resolves several bugs. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.21.74 resolved several bugs. This is a security update.
https://brave.com/

Google Chrome 89.0.4389.82 is a security update.
https://www.google.com/chrome/

Microsoft Edge 89.0.774.48 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 86.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.8.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 3.6.2165.40 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.8.0 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Mumble 1.2.19 is a security update.
http://wiki.mumble.info/wiki/Main_Page

Prosody 0.11.8 is a security update.
https://prosody.im/download/start

Trillian 6.4.0.5 resolves a settings bug. This is not a security update.
https://www.trillian.im/

Dropbox 117.4.378 does not provide a changelog so should be treated like a security update.
https://www.dropbox.com/

FreeFileSync 11.8 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Zoom 5.5.13142.0301 resolves several bugs, improves grid view, and better indicates when content is being shared. This is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.12 adds 3 new types of motion, show/hide shortcut, and resolves several bugs. This is not a security update.
https://en.3tene.com/

Flickr Downloadr 3.3.4.1 updates the Docker image. This is not a security update.
https://flickrdownloadr.com/downloads/

Office Updates

One or more of these are likely to be of interest to most people.

Atom 1.55.0 allows git configuration without a repository. This is not a security update.
https://atom.io/

IcoFX 3.5.1 resolves several bugs. This is not a security update.
https://icofx.ro/

LibreOffice Fresh 7.1.1 resolves almost a hundred bugs. Remember that this is beta software, so should be avoided for the stable version whenever possible. This should be treated as a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.1.3 is a security update.
https://nextcloud.com/

Notepad++ 7.9.3 adds new folder features that now prevent it working on Windows XP. If you are still running XP you should really consider switching to Linux, but if you must continue to use XP then use Notepad++ 7.9.2. This is not a security update.
https://12pd.com/click?npp32

VideoCleaner 5.8 improves Matrix, Sharpening and Mask features. This is not a security update.
https://videocleaner.com/download.html

Adobe Connect 11.2 is a security update.
https://helpx.adobe.com/security/products/connect/apsb21-19.html

Adobe Creative Cloud Desktop Application 5.4 is a security update.
https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html

Adobe Framemaker 2020.0.2 is a security update.
https://helpx.adobe.com/security/products/framemaker/apsb21-14.html

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.16 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

OpenSSL 1.1.1j is a security update.
https://www.openssl.org/source/

RogueKiller 14.8.5 updates core and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Wireless Network Watcher 2.25 improved compatibility with high-DPI. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

Capture Updates

These are unlikely to be of interest to most people.

VideoCacheView 3.06 adds support for the new cache partitioning structure in chromium-based browsers. This is not a security update.
https://www.nirsoft.net/utils/video_cache_view.html

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.16.1 resolves several bugs and adds ARM support. This is not a security update.
https://12pd.com/click?makemkv

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.8 adds native M1 support and resolves dozens of bugs. This is a security update.
https://1password.com/downloads/mac/

1Password for Windows 7.6.793 improves performance and resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/

CCleaner 5.77.8521 improves cleaning and resolves several bugs. This is a security update.
https://www.ccleaner.com/

ControlMyMonitor 1.28 improves compatibility with high DPI. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

Coreinfo 3.52 adds reporting for CET (shadow stack). This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/coreinfo

Cygwin 3.1.7 resolves several bugs. This is not a security update.
https://cygwin.com/

Dell Command Update 4.1 is a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

DesktopOK 8.66 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Eraser 6.2.0.2992 doesn’t provide a changelog so should be treated as a security update.
https://eraser.heidi.ie/download/

Everything Toolbar 0.6.2 adds an installer, drag & drop support, elevation support, and more. This is not a security update.
https://github.com/stnkl/EverythingToolbar/

Homedale 1.93 adds an option to set the gps baud rate from the command line. This is not a security update.
https://www.the-sz.com/products/homedale/

IsMyHdOK 3.01 resolves a bug in screenshot generation. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.0.0.7820 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSFMount 3.1.1000 updates drivers and improves CLI support. This is not a security update.
https://www.osforensics.com/tools/mount-disk-images.html

PointerStick 5.05 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

QuickSetDNS 1.31 adds option to start hidden. This is not a security update.
https://www.nirsoft.net/utils/quick_set_dns.html

TeamViewer 15.15.5 was released. The TeamViewer release notes have been unavailable for months now, so while it might be a security update, it would be safer to remove TeamViewer until these issues are resolved.
https://www.teamviewer.com/en/download/windows/

TraceRouteOK 2.42 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

WinScan2PDF 6.91 adds support for multi-page TIF and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.37 improves compatibility, refresh behavior, and resolves several bugs. This is not a security update.
https://wiztreefree.com/

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.33.05 resolves several bugs and improves compatibility. This is not a security update.
https://www.autohotkey.com/download/

Node.js 12.21.0 is a security update.
https://nodejs.org/en/

Node.js 14.16.0 is a security update.
https://nodejs.org/en/

Node.js 15.11.0 resolves dozens of bugs. This is a security update.
https://nodejs.org/en/

TortoiseSVN 1.14.1 resolves several bugs. This is not a security update.
https://tortoisesvn.net/downloads.html

Visual Studio Code 1.54 resolves an extension dependency bug. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.11.3 resolves several bugs. This is not a security update.
https://ppsspp.org/downloads.html

Web Package Updates

These are likely to be of interest only to web developers.

Adminer 4.8.0 adds several new features and improves compatibility. This is not a security update.
https://www.adminer.org/en/

Docker Desktop 3.2.1 updates the Docker Engine. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.1.5 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

HumHub 1.8.0 adds a bunch of new features, improves permissions, brute force delays, style and administration improvements, and resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 3.9.25 is a security update.
https://www.joomla.org/

MailEnable 10.32 resolves several bugs and adds LDAP support. This is not a security update.
https://www.mailenable.com/

Nextcloud Server 21.0.0 improves performance (up to 10x!), collaboration, groupware and more. This is not a security update.
https://nextcloud.com/

OpenPetra 2021.02 adds several new features, improvements, and resolves bugs. This is not a security update.
https://www.openpetra.org/

phpList 3.6.1 improves short URLs, PHP8 support, and security improvements. This is a security update.
https://www.phplist.org/

phpMyAdmin 5.1.0 resolves several bugs, improves compatibility, and adds several new options. This is not a security update.
https://www.phpmyadmin.net/

ScreenConnect 21.3.2160.7699 resolves several bugs, renamed End to Delete, and improves compatibility. This is not a security update.
https://www.connectwise.com/software/control/download

YOURLS 1.8.1 improves IDN, UTF8, time zone, and PHP8 support, removes support for PHP 7.2, and resolves several bugs. This is not a security update.
https://yourls.org/

WordPress 5.7 resolves several bugs and adds a few new features, improving accessibility, and (finally) adding a feature to update HTTP to HTTPS links throughout your site when you switch to HTTPS. This is not a security update.
https://wordpress.org/

Akismet 4.1.9 improves handling of pingbacks in XML-RPC calls. This is not a security update.

BuddyPress 7.2.0 resolves several bugs. This is not a security update.

Conditional Widgets 3 improves translation support. This is not a security update.

Contact Form 7 5.4 adds Sendinblue support, updates libraries and improves reliability and compatibility. This is not a security update.

Social Post Feed 2.19 improves error handling and reporting, cleanup, resolves several bugs and updates libraries. This is not a security update.

myStickymenu 2.5.1 improves instructions and compatibility. This is not a security update.

Postie 1.9.55 improves compatibility and removes legacy image sizing feature. This is not a security update.

Really Simple CAPTCHA 2.1 improves hash comparison. This is not a security update.

W3 Total Cache 2.1.1 resolves several bugs and adds information links and ogg caching support. This is not a security update.

WooCommerce 5.1.0 is a major update. This version improves compatibility, localization, and resolves dozens of bugs. This is not a security update.

WordPress Zero Spam 5.0.9 resolves several bugs and improves spam detection. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2021-02-09

Welcome back, Folks!

Today is Patch Tuesday for February, 2021.

This Month in Technology

Malware planted during the SolarWinds hack is still being discovered and SolarWinds is still vulnerable.

ADT (not just employee abuse), Amazon Kindle e-readersAzure Functions, the Australian Securities and Investments CommissionCisco DNA CenterCyberpunk 2077Excellus Health Plan, Inc., ExperianFiberHome routers, Forward AirGolang, various Home Assistant integrationsiOSlibgcrypt, Linux (and macOS) SUDOMalwarebytesMeetMindfulMimecast (also a SolarWinds victim), Nespresso smart cards, New Zealand Central BankNoxPlayerOffice 365OpenWRT forumPalo Alto Networks, the PentagonPerl[.]comPfizerSonicWallStormshieldUK Research and Innovationthe UNUScellularUSDA (again), Vermont Dept of LaborVIPGamesWashington State Auditor’s OfficeWestRock Co., WhatsApp, and Wind River Systems have been hacked.

The EU is fining (victims) of data breaches 39% more than two years ago. Grindr is exposing your information. SpamCop made a boo-boo by not renewing their domain on time, resulting in a huge amount of legitimate messages being treated as spam. The LogoKit phishing platform has been updated to “improve” effectiveness.

The UK Government is giving malware-infected laptops to students and the US federal government has repeatedly supported violation of the third and fourth amendments to plant recording devices on private property. There has been an increase of 93% of leaks and data breaches in 2020.

Whether you pay the ransom or restore from backups: PATCH the vulnerabilities!

I have always called for avoiding pirated software because it poses a unique security risk. Here’s an example. (avoid travelling by train in China)

Federally funded censorship and double-standards are being used to advance cancel culture in bankscoffeejournalism, patriotism, by mere association, while actually inciting violence with absurd rhetoric such as calling a kindly neighbor a terrorist for plowing your snow are being excused as acceptable. While censorship isn’t left or right only one side is willing to ban those most likely to join the military from joining.

Worse yet, they’re even targeting third-parties for cancellation for daring to support free speech. Heck, even Mike Rowe is being cancelled.

Some are actually upset that not enough censorship is taking place while ignoring actual calls for violence, funding terroristsopenly supporting child porn, hypocritically calling censorship a violation of election integrity, and arresting people for posting memes.

No matter how much the narrative is disproven – this was planned by others well in advance, and the capitol police were directly involved, which is probably why they refused assistance from the National Guard and DoD when offered multiple times. There’s plenty more.

At least there’s finally some pushback. Hopefully it’s not too little, too late.

Meanwhile, TIME acknowledges that they did, in fact, collude with big tech, large corporations and foreign governments in violation of state and federal laws in order to steal the election. (But don’t talk about it online!) By the way, is it just a coincidence that so many opponents of free speech are pedophiles?

Facebook will pay $300/ea to Illinois users for violating state biometric laws and yet, they have still violated Polish law and blocked & banned small investors while Zuckerberg bragged about how he censored Trump to prevent a free election. WhatsApp users are leaving in droves, while WhatsApp has shifted messaging to explain that user messages (notably not their “data”) can still be removed.

There’s been a surge in BSODs for some Windows devices after January updates. Microsoft has been beaten to the patch (again) by 0patch for a vulnerability in their installer system.

Google is above the law or at least, demands the ability to be excluded from it. They’ve also banned one app for supporting a popular open source file type and another for allowing access to content it doesn’t control (like Google’s own browsers), and violated their own terms to purge negative reviews in their App Store. YouTube is removing Senate testimony. It should come as no surprise then, that developers are realizing that “doing business with [Google] is a liability.” Do you really need more justification to de-Google?

Mozilla fixed a browser bug that could trigger physical damage to your SSD.

Amazon has been caught colludingendangering privacyhypocritically inciting violence, and stealing, all while pursuing the ability to run the Pentagon Defense Systems (in violation of their own Terms of Service).

Apple is throttling iPhones again, preventing sideloading on M1’s, and took five years to discover a widespread crypto miner in macOS.

Still trust your mobile security? Your operating systems have intentionally designed vulnerabilities/weaknesses.

Especially when it comes to science, sunlight remains the best disinfectant. It turns out “global warming” is worse when humans aren’t polluting the air. But sadly, facts don’t matter anymore, so months have passed and hundreds of thousands of lives were lost before political and social science caught up with actual science to acknowledge HCQ is, in fact, an effective treatment. And surely it’s just a coincidence that testing processes were changed immediately after inauguration?

Investigating and/or punishing people for refusing an experimental treatment (according to the FDA they’re not vaccines) is a violation of the Nuremberg Code, but that won’t prevent governments and corporations from doing it anyway, no matter how many times that is struck down as unconstitutional.

The CDC has illegally inflated COVID statistics, but is suppressing VAERS information about people dying like flies after injections.

Really though, can you trust any medical treatment created by people that struggle with math?

Now for the good news:

The Biden administration has dropped the federal lawsuit against the California Net Neutrality law. This will eventually be what breaks the Big Tech monopoly.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, and MSRT (~ 2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iCloud for Windows 12.0 (off and on again), iOS 14.4, iPadOS 14.4, Safari 14.0.3, tvOS 14.4, watchOS 7.3, and Xcode 12.4. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.4 is a security update. Use Settings, General, Software Update to install the most current update.

iPadOS 14.4 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.3 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 14.4 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 88.0.4324.109 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.3.6 improves cleanup. This is a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

nVidia 461.40 resolves a dozen bugs. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.19.92 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 88.0.4324.150 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 88.0.705.63 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 85.0.2 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.7.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

SeaMonkey 2.53.6 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.6.2165.36 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.8.0 adds account colors, and resolves several bugs. This is not a security update.
https://getmailspring.com/

Thunderbird 78.7.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.46 adds support for Brave. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 7.75.0 resolves dozens of bugs and adds several new features. This is not a security update.
https://curl.haxx.se/windows/

Dropbox 115.4.601 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.52.2 resolves several bugs. This is not a security update.
https://filezilla-project.org/

Pocketnet-Core 0.18.18 resolves several bugs. This is not a security update.
https://pocketnet.app/

WinSCP 5.17.10 is a security update.
https://winscp.net/eng/index.php

Zoom 5.5.12494.0204 resolves a couple minor bugs. This is not a security update.
https://zoom.us/

Java 8u281 is a security update.
https://www.java.com/en/download/manual.jsp

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.10 resolves several bugs. This is not a security update.
https://en.3tene.com/

darktable 3.4.1 resolves about 20 bugs. This is not a security update.
https://www.darktable.org/install/

VLC Media Player 3.0.12 is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

Steam 2021.02.05 resolves several bugs, improves compatibility, and improves cosmetics. This is not a security update.

PlayStation PS5 20.02-02.50.00 resolves a PS4 installation compatibility issue, improves editing video clips and improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Atom 1.54.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/

Blender 2.91.2 doesn’t have a detailed changelog so should be treated as a security update.
https://www.blender.org/download/

IcoFX 3.5 resolves several bugs. This is not a security update.
https://icofx.ro/

Krita 4.4.2 adds mesh gradients, mesh transform, gradient editor and halftone filter, new brushes, and resolves dozens of bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.1.0 resolves hundreds of bugs and improves reliability, stability, and compatibility. This is not a security update. This is beta software and should be avoided by most users.
https://www.libreoffice.org/

Lightworks NLE 2021.1 adds dozens of new features and improvements, and resolves many bugs. This is not a security update.
https://www.lwks.com/

Nextcloud Desktop 3.1.2 adds several new features: SVG client branding, push notifications for file changes, conflict resolution trigger and more. This is not a security update.
https://nextcloud.com/

OpenOffice 4.1.9 improves stability and compatibility. This is not a security update.
https://www.openoffice.org/download/

Paint.net 4.2.15 resolves several bugs. This is not a security update.
https://www.getpaint.net/

FrameMaker 2019 Update 8 64bit (2019.0.8) doesn’t provide a changelog, so should be treated as a security update.
64-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=7063
32-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=7065

Adobe Acrobat and Reader 2021.001.20135, 2020.001.30020, and 2017.011.30190 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb21-09.html

Adobe Animate 21.0.3 is a security update.
https://helpx.adobe.com/security/products/animate/apsb21-11.html

Adobe Dreamweaver 20.2.1 and 21.1 are security updates.
https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html

Adobe Illustrator 25.2 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb21-12.html

Adobe Photoshop 21.2.5 and 22.2 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb21-10.html

Magento 2.4.2, 2.4.1-p1, and 2.3.6-p1 are security updates.
https://helpx.adobe.com/security/products/magento/apsb21-08.html

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.15.1 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

RogueKiller 14.8.4 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.33.2 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.9.0 resolves a bug with URL parsing. This is not a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.2.0 resolves several bugs. This is not a security update.
https://12pd.com/click?snagit

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.6.791 resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/

Bitcoin 0.21.0 resolves over a dozen bugs and improves networking. This is not a security update.
https://bitcoin.org/en/download

Bitwarden 1.24.6 improves biometrics, search, and usability. This is not a security update.
https://bitwarden.com/

Carbonite 6.3.8 resolves a bug with NAS backups. This is not a security update.
https://account.carbonite.com/

CCleaner 5.76.8269 improves cleaning and accessibility, and resolves several bugs. This is not a security update.
https://www.ccleaner.com/

CPU-Z 1.95 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 8.44 improves toolset. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DriveImage XML 2.60 doesn’t provide a changelog so should be treated as a security update.
https://www.runtime.org/driveimage-xml.htm

Etcher 1.5.116 updates libraries and improves cleanup of temp files. This is not a security update.
https://www.balena.io/etcher/

Everything 1.4.1.1005 is a security update.
https://www.voidtools.com/

Fido 1.18 adds support for the latest 20H2 refresh. This is not a security update.
https://github.com/pbatard/Fido/releases

GoodSync 11.5.6 improves stability, reliability and sync, and resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

Homedale 1.92 resolves several bugs. This is not a security update.
https://www.the-sz.com/products/homedale/

IsMyHdOK 2.81 adds automatic update and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

LessMSI 1.8.1 resolves a display bug. This is not a security update.
https://lessmsi.activescott.com/

NTLite 2.0.0.7784 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

ProduKey 1.95 adds option to extract partial key from WMI. This is not a security update.
https://www.nirsoft.net/utils/product_cd_key_viewer.html

PSAppDeploy 3.8.4 resolves several bugs. This is not a security update.
https://psappdeploytoolkit.com/

RAMDisk 4.4.0.RC36 resolves several bugs and updates libraries. This is not a security update.
http://memory.dataram.com/products-and-services/software/ramdisk

RoboForm 9.1.1 updates credit card storage data, resolves several bugs, and now uses secure transmission for automatic updates. This is a security update.
https://12pd.com/click?rf

SimpleWMIView 1.42 adds an option to start hidden. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

TaskSchedulerView 1.66 adds pagination to the properties widow and adds Task Filename column. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TeamViewer 15.14.5 was released. The TeamViewer release notes have been unavailable for over a month, so while it might be a security update, it would be safer to remove TeamViewer until these issues are resolved.
https://www.teamviewer.com/en/download/windows/

USB Oblivion 1.16.0.0 adds ability to preserve desktop settings and clean UserAssist keys. This is not a security update.
http://www.cherubicsoft.com/en/projects/usboblivion

WinScan2PDF 6.55 resolves several bugs and improves scanner compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 4.1.2.0 resolves a dozen bugs. This is not a security update.
https://developer.android.com/studio

MySQL ConnectorNet 8.0.23 is a security update.
https://dev.mysql.com/downloads/connector/net/

Node.js 15.8.0 resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/

Node.js 14.15.5 resolves several bugs. This is not a security update.
https://nodejs.org/en/

SQLite 3.34.1 adds new features and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

StrawberryPerl 5.32.1.1 resolves several bugs. This is not a security update.
https://strawberryperl.com/

Visual Studio Code 1.53 resolves several bugs and adds several features and controls. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.10 resolves several bugs and adds new command-line switches and features. This is not a security update.
https://winmerge.org/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.11 resolves dozens of bugs. This is not a security update.
https://ppsspp.org/downloads.html

VirtualBox 6.1.18-142142 resolves several stability and reliability bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Adminer 4.7.9 is a security update.
https://www.adminer.org/en/

Coppermine Gallery 1.6.10 improves compatibility with PHP 8.01. This is not a security update.
https://coppermine-gallery.net/

Docker Desktop 3.1.0 resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.0.11 is a security update.
https://drupal.org/download

Drupal 9.1.4 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

HumHub 1.7.2 resolves over a dozen bugs. This is a security update.
https://www.humhub.com/en/download

Nextcloud Server 20.0.7 updates libraries and resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

OpenCart 3.0.3.7 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.opencart.com/

Piwigo 11.3.0 resolves several bugs. This is a security update.
https://piwigo.org/

ScreenConnect 21.2.2159.7699 adds a security tile to configure security options and resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SMF 2.0.18 is a security update.
https://www.simplemachines.org/

WordPress 5.6.1 resolves several bugs. This is not a security update.
https://wordpress.org/

Social Post Feed 2.18.2 improves GDPR compatibility and resolves a deletion bug. This is not a security update.

Multisite Enhancements 1.6.1 resolves a path bug. This is not a security update.

Redirection 5.0.1 adds support for PHP 8 and resolves several bugs. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.20 resolves several bugs. This is not a security update.

Sucuri Security 1.8.25 updates the password reset process. This is not a security update.

W3 Total Cache 2.1.0 resolves several bugs and adds cache groups. This is not a security update.

WooCommerce 4.9.2 improves compatibility and disables untested plugins from status and plugin pages. This is not a security update.

WP Mail SMTP 2.6.0 improves compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

 

 

Updates 2021-01-12

Welcome back, Folks!

Today is Patch Tuesday for January, 2021.

This Month in Technology

By now you’re probably very aware with the SolarWinds “hack” since it was 24/7 news only a month ago, though mostly conjecture. We now know they were hacked over a year before a third-party (FireEye) pointed it out to them, and the malware remained on their servers weeks after it was identified.

What we’ve learned of it over the last month is a rich reminder of do’s and don’ts:

  • Don’t trust multi-factor authentication – it’s not nearly as effective at preventing logins as you’ve been lead to believe.
  • Don’t take over devices you can’t exploit quickly – don’t expose yourself wideband for 0.2%.
  • Do use a strong, unique password for everything – never something as absurd as “solarwinds123“.
  • Do modify your firewall to eliminate automatic whitelists for government IP addresses.
  • Do regular checkups – you never know what you’re going to find.

Don’t worry, though, they’ve hired a political hack to CYA!

Austin City, the City of CorneliaCity of EllensburgIndependence City (Kansas), Chatham County (North Carolina), Huntsville City Schools (Alabama), Jefferson County (Kentucky), Subway, Intel’s Habana LabsMicrosoftFireEye, the United NationsMaryland’s GBMC HealthCare, the US Dept of JusticeNissanLivecoinSpotifyIndiGo, various Israeli companies, the US Judiciary case file system, and many gaming companies have all been hacked.

Security issues or backdoors were found in Zyxel firewalls, Typo3Android BluetoothGlassdoorNintendo 3DSMicrosoft 365Google Titan security keys, Signal App cryptography, Starbucks mobile, and terabytes of secrets and databases have been dumped online.

Point-of-sale hardware has a “service mode” with a default password, malware is fingerprinting and mapping networks using the MAC address, Smart Doorbells are still a bad idea, Gionee has been infecting their own budget smartphones for kickbacks, and Google is still the easiest way to hack Google.

Ticketmaster hacked their competition 7 years ago and is only now paying a fine for it, Twitter is being fined almost half a million Euros for its breach handling, and Sabre Corp has now settled with 27 states over data breach.

WhatsApp won’t let you use it if you don’t want it to have your data tied to the rest of Facebook. The bigger you are, the bigger the target is on your back.

The “secure communication” tool Telegram tells everyone your precise location if you enable location support. One of my favorite browser extensions, The Great Suspender, changed hands in 2020 and the new publisher has recently been caught using it to distribute malware under the guise of analytics. Shopify, BigCommerce and other large sales platforms are being targeted with a card skimmer.

Mozilla (creator of Firefox and Thunderbird) wants the entire Internet to be used to censor certain publishers (that’s a bad thing), which is sad since they recently dropped support for PWAs (that’s a good thing).

Speaking of censorship and cancel culture, a potential new federal banking rule could put an end to the social/financial terrorism employed by cancel culture devotees. However, Big Tech censorship is at an all-time high in the wake of “riots” that were tame for the last year.

Corellium is protected by Fair Use and Tim Cook is going to have to testify more than a mere 4 hours about how his elimination of competition and closed ecosystem aren’t “really” a monopoly.

Ledger WalletT-Mobile (yet again), Amazon partner JuspayUbiquitiNintendo21 ButtonsSangoma TechnologiesDental Care AllianceKoei Tecmo, and Apex Laboratory all suffered data leaks/breaches.

Zoom, however, willingly shared their US user data with China.

Facebook’s recent Instagram hack exposed a massive click farm.

Google has had several service outages in the last month, as has Apple and even #Slack.

WinZip is vulnerable to a MitM attack (dude, no SSL, really?!).

Google broke SMS on many Android devices, your RAM can be used to exfil data from your device, Apple iPhone assembly plant Wistron in India has been suspended after a riot causes $60 million in damages. That may be a good thing, though, since the Apple MagSafe chargers can deactivate pacemakers.

macOS Preview is damaging PDFs (again).

Apple has removed the ability to download combo updates for Big Sur. This is going to cause serious security problems for the vast majority of the world that doesn’t have Bay Area bandwidth available to them.

In a good move, Apple has upset Facebooks advertising ecosystem by preventing certain data collection and use on their latest platforms, even Google is trying to figure out how to get around the new privacy requirements.

Why don’t I trust government? It’s hard to pick just one reason, but this month has many examples. Government employees tasked with preserving election data call for its mass deletion, or “accidentally” delete the security log files, while ignoring hundreds of pages of evidence and “moving the goalposts.”

The FBI has been hiding Seth Rich’s laptop while claiming they didn’t have it, public schools are purchasing hacking tools to get the data off student’s phones, mass data collection never ends, agencies fine you for helping during a crisis or being in a car without permission, while they hack journalist’s phones and run pedophile rings out of large white government buildings in DC. Nevertheless, you should trust the math and not look behind the curtain. Or else.

By the way, streaming content that you don’t have rights to is now a felony thanks to a nearly 6,000 page bill passed without anyone reading itHypocrisy is their bread and butter. Which is why they have such religiously held beliefs that violate all common sense.

Now for the good news:

It is now possible to integrate Everything into the Windows taskbar!

Starlink is approved for use in the UK, opening the door to true worldwide broadband.

Let’s Get Busy

Now back to our regularly scheduled program.

Adobe Flash Player is finally dead! There will be no more security updates released for Flash, and it’s probably the application single-most responsible for infections world-wide over the last 20 years, so it should be removed immediately. Use the utility below to remove it.
Win: https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html
Mac: https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html

Patch Tuesday this month is pretty big. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, and MSRT (~ 1.6 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, Safari 14.0.2, macOS Server 5.11, macOS X Combo Update 10.15.7, Brother Printer Drivers 4.1.1 and HP Printer Drivers 5.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.3 and iOS 12.5.1 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 14.3 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.2 and watchOS 6.3 are security updates. Use the Watch app on your iPhone to install the most current version.

tvOS 14.3 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 87.0.4280.142 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Crucial Storage Executive 6.09 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Display Driver Uninstaller 18.0.3.5 improves removal of various artifacts. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

nVidia 461.09 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.18.78 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 87.0.4280.141 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 87.0.664.75 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 84.0.2 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/

Firefox ESR 78.6.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/

Iridium 2020.11 is a security update (but still not patched to the current Chromium security updates). Use Menu, Help, About to install the most current version.
https://iridiumbrowser.de/

Vivaldi 3.5.2115.87 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.6.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Facebook Messenger 20201207 is a security update, but is still a month behind the current chromium security level. You should remove Facebook Messenger if you have it installed.
https://www.messenger.com/download

Trillian 6.4.0.2 resolves several bugs. This is not a security update.
https://www.trillian.im/

curl 7.74.0 is a security update.
https://curl.haxx.se/windows/

Dropbox 112.4.321 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.52.0.5 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.5 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Minds 4.7.0 improves data use and channel header, restyles posts, and resolves several bugs. This is not a security update.
https://www.minds.com/mobile

Npcap 1.10 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Technitium DNS Server 5.6 adds dynamic configuration application, adds cleanup options, block list refresh intervals, forced refresh, and resolves many other bugs. This is not a security update.
https://technitium.com/dns/

Zoom 5.4.59931.0110 adds ability to block insecure participants, force authentication, silence notifications when sharing, and management improvements. This is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Adobe FrameMaker 2020.0.1 doesn’t provide a changelog so should be treated as a security update.
https://supportdownloads.adobe.com/detail.jsp?ftpID=7061

Adobe Bridge 11.0.1 is a security update.
https://helpx.adobe.com/security/products/bridge/apsb21-07.html

Adobe Captivate 2019 11.5.1.499 hotfix 1 is a security update.
https://helpx.adobe.com/security/products/captivate/apsb21-06.html

Adobe InCopy 16.0 is a security update.
https://helpx.adobe.com/security/products/incopy/apsb21-05.html

Adobe Campaign Classic Gold Standard 11, 20.3.3.9234, 20.2.4.9187, 20.1.4.9126, 19.2.4.9082, and 19.1.8.9039 are security updates.
https://helpx.adobe.com/security/products/campaign/apsb21-04.html

Adobe Animate 21.0.2 is a security update.
https://helpx.adobe.com/security/products/animate/apsb21-03.html

Adobe Illustrator 25.1 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb21-02.html

Adobe Photoshop 22.1.1 is a security update.
https://helpx.adobe.com/security/products/photoshop/apsb21-01.html

darktable 3.4.0 resolves over 100 issues and adds several new features. This is not a security update.
https://www.darktable.org/install/

Flickr Downloadr 3.3.3.2 resolves a couple bugs. This is not a security update.
https://flickrdownloadr.com/downloads/

Picard 2.5.6 resolves several bugs.
https://picard.musicbrainz.org/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.12.21 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

PlayStation PS3 4.87 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps3/system-software/

PlayStation PS4 8.03 adds option to disable Game Chat Audio. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps4/system-software/

PlayStation PS5 20.02-02.30.00 resolves PS4 transfer bugs, text input and Wi-Fi stability issues, and improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Interactive Calendar 2.2 adds color schemes, resolves search issues, improves stability & performance, and fixes several bugs. This is not a security update.
https://www.csoftlab.com/calendar

LibreOffice 7.0.4 resolves over a hundred bugs and is now the new general release. This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.1.1 resolves dozens of bugs and improves compatibility. This is not a security update.
https://nextcloud.com/

Notepad++ 7.9.2 resolves over three dozen issues including performance and stability. This is not a security update.
https://notepad-plus-plus.org/

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.14 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

Gpg4win 3.1.15 improves AD support and resolves a random security key selection bug. This is a security update.
https://www.gpg4win.org/download.html

KeePass 2.47 resolves several bugs, improves search and options. This is not a security update.
https://keepass.info/

NSudo 8.0.1 updates libraries and adds translations. This is not a security update.
https://github.com/M2Team/NSudo/releases/latest

RogueKiller 14.8.3 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.32.4 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Wireless Network Watcher 2.23 updates internal MAC addresses database. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.1.0 improves transparency handling, scaling improvements, and resolves several bugs. This is not a security update.
https://12pd.com/click?snagit

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.1.5 adds new models and profiles, improved Enlarger AI handling. This is not a security update.
https://www.dvdfab.cn/download.htm

IsoBuster 4.7 adds an option to import and export templates, improved reliability, scanning, and read handling, and resolves several bugs. This is not a security update.
https://www.isobuster.com/download.php

MakeMKV 1.15.4 improves compatibility, implements seamless join of TrueHD streams, and resolves bugs. This is not a security update.
https://www.makemkv.com/download/

Utility Updates

These are unlikely to be of interest to most people.

BulkFileChanger 1.72 adds “Photo – Date Taken” option. This is not a security update.
https://www.nirsoft.net/utils/bulk_file_changer.html

CCleaner 5.75.8238 adds import for “Cookies to Keep” option, and resolves several bugs. This is not a security update.
https://www.ccleaner.com/

ControlMyMonitor 1.27 adds switches for turning on, off, and toggling on/off state. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

Dell Command Update 4.0 adds support for DCH drivers, adds a filter for Security updates, and improves user interface. This is not a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

DesktopOK 8.38 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dupeGuru 4.1.0 now uses tabs instead of windows, adds cosmetic fixes and options, and resolves several bugs. This is not a security update.
https://dupeguru.voltaicideas.net/

Etcher 1.5.113 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Everything 1.4.1.1003 resolves issues with the exit switch, improves shortcuts and autofocus. This is not a security update.
https://www.voidtools.com/

GoodSync 11.5.4 resolves several bugs. This is not a security update.
https://www.goodsync.com/

IsMyHdOK 2.71 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

LessMSI 1.8.0 improves usability. This is not a security update.
https://lessmsi.activescott.com/

MS ISO Downloader 8.46 adds new builds for Office 2019 for Mac, more Dell models and ISO Tools hash improvements. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

NTLite 2.0.0.7756 resolves several bugs and improves controls. This is not a security update.
https://www.ntlite.com/download/

Aomei Partition Assistant 9.1 resolves several bugs. This is not a security update.
https://www.diskpart.com/

PointerStick 5.01 improves rendering. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

Process Monitor 3.61 adds monitoring for various registry APIs and resolves a query output bug. This is not a security update.
https://live.sysinternals.com/

PsExec 2.21 is a security update.
https://live.sysinternals.com/

Sysmon 13.00 adds image tampering events and resolves several bugs. This is not a security update.
https://live.sysinternals.com/

TaskSchedulerView 1.65 adds columns for Task File Created/Modified. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TeamViewer 15.13.6 is released – but their changelog is on their community site (forum) which is currently down and redirecting to a third-party site. The new build may be a security update, but I recommend disabling TeamViewer completely for the near future just to be safe.
https://www.teamviewer.com/en/download/windows/

TraceRouteOK 2.31 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

WakeMeOnLan 1.87 updates the internal MAC addresses database. This is not a security update.
https://www.nirsoft.net/utils/wake_on_lan.html

WifiChannelMonitor 1.66 adds option to copy clicked cell and updates MAC addresses file. This is not a security update.
https://www.nirsoft.net/utils/wifi_channel_monitor.html

WifiInfoView 2.67 adds window resizing and pagination to the properties window, and adds wildcard filter support. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinScan2PDF 6.41 improves duplex support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WirelessKeyView 2.21 improves display and adds QR Code view (F2). This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html

Developer Updates

These are unlikely to be of interest to most people.

Node.js 12.20.1 is a security update.
https://nodejs.org/en/

Node.js 14.15.4 is a security update.
https://nodejs.org/en/

Node.js 15.5.1 is a security update.
https://nodejs.org/en/

Redemption 5.26.0.5872 adds ability to remember SMTP passwords, and resolves several bugs. This is not a security update.
http://www.dimastr.com/redemption/

Visual Studio Code 1.52.1 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Docker Desktop 3.0.4 resolves a stability bug. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.1.2 updates libraries and resolves several bugs. This is not a security update.
https://drupal.org/download

Joomla 3.9.24 is a security update.
https://www.joomla.org/

Nextcloud Server 20.0.4 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

OpenPetra 2020.12 removes support for SQLite, improves Find, Type Ahead, and resolves several bugs. This is not a security update.
https://www.openpetra.org/

phpList 3.6.0 adds blacklisting hook, and counter limits. This is not a security update.
https://www.phplist.org/

phpMyAdmin 5.0.4 resolves several bugs. This is not a security update.
https://www.phpmyadmin.net/

ConnectWise Control 21.1.2009.7678 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.6 improves layout flexibility, adds new block patterns, captions, new default theme, and improved auto-update capabilities. This is not a security update.
https://wordpress.org/

Akismet 4.1.8 resolves a couple bugs. This is not a security update.

Autoptimize 2.8.1 resolves several bugs. This is not a security update.

BuddyPress 7.1.0 resolves two bugs. This is not a security update.

Contact Form 7 5.3.2 is a security update.

Social Post Feed 2.18.1 resolves several bugs. This is not a security update.

Interactive World Map 3.1.9 improves compatibility. This is not a security update.

myStickymenu 2.4.9 resolves a couple bugs. This is not a security update.

W3 Total Cache 2.0.1 resolves several bugs. This is not a security update.

Widgets on Pages 1.5.0 is a security update.

WooCommerce 4.9.0 resolves dozens of bugs. This is not a security update.

Show IDs 1.1.6 improves compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/