Updates 2020-12-08

Welcome back, Folks!

Today is Patch Tuesday for December, 2020. It’s a big one and huge updates are available for over a hundred applications. A new OpenSSL released today means that there will be even more updates released in the near future, so this is only the first of at least two update series’ to top off December.

This Month in Technology

Apple (and others) are trying to make slavery legal, Apple’s cloud services choked this month as a result of their new on-demand certification and telemetry collection nightmare, Big Sur even bricks some MacBook Pro models, but they’re admitting that they intentionally throttled their older hardware, and Apple had a major security issue that allowed total control of their iPhones over Wi-Fi. While Apple has fixed that bug, their hardware is vulnerable to new forensic tools used by foreign (and likely US) governments to clone all the data from your device. This is “Epic.” Apple is cutting their App Store fees to 15% for small developers.

K12 Inc, Foxconn electronics, the City of Long BeachTransLink (Vancouver public transit), EmbraerKopterShirbitRandstad NVAdvantechBowie and Miller Counties (TX), and Baltimore County Public Schools have all been hit with ransomware. If you leave your backup drives connected (tethered or networked) then there’s growing evidence that the backups will be targeted by ransomware before your active data. And some ransomware gangs are cold-calling if you try to restore from backups.

Millions of IoT devices are vulnerable to a newly discovered vulnerability, thousands of PickPoint lockersLSU Health New OrleansAspenPointe, and PlutoTV have been hacked. Dell was hacked years ago which resulted in their data being abused for scam calls to Dell customers. Class action happening now.

Walmart routers and many TCL TVs have backdoorsGionee implanted malware in 21 million phones, and battery backups are used to infect mobile devices. Google Services are still being used to distribute malware, Google ads are being used to steal MetaMask. A year after the US Army’s Stryker armored vehicles were hacked the Army is finally building security defenses, and in other US military news, the military violates your privacy through third-party apps.

Social media icons are being used to inject web skimmers that are now using WebSockets to exfiltrate data using secure CloudFlare services.

If you trust your choice of password simply because a poorly designed study says that it would take thousands or millions of years to brute force a password then you should take a look at how a single quantum computer process the equivalent of 2.6 billion (with a “b”) years of computation in only 4 minutes, but using the latest quantum hardware isn’t even necessary for the vast majority of passwords since humans are so predictable.

In a random collection of news: MBAM is disabling Windows Printers. HMRC (the UKs equivalent of the IRS) has been abused to send phishing and malware messages (I warned them about this months ago). There is no end to PayPal’s hypocrisy, nor their censorship. GitHub reversed it’s decision about YouTube-dl. Twitch has failed basic EnglishComcast is capping data in 12-ish more states next year, but giving service away for free to many others. The running joke about how social censorship would be similar to your phone company preventing you from talking about certain subjects has proven to be more prescient than humorous. Cannibalism is coming to a grocery store near you. A few years ago I found that a number of IT and HVAC services in the SF bay area had their Google listings hijacked and reassigned as Korean Restaurants. It was only the beginning.

The “sciencebehind masks has never been scientific, but that won’t stop petty tyrants from mandating their use even while actively eating or drinking, or censoring dissenting voicesFalse positive tests are still leading the charge, but lockdown-related homicides are still exceeding “COVID” deaths. Censors will always target studies that demonstrate overreaching government intervention.

California is pushing out the Orwellian exposure tracking and notifications across the state.

Now for the good news:

When this election is finally resolved it’s unlikely to get to this point again any time in the near future.

As a perfect example of what 2020 has brought us – the South African lottery drew 5, 6, 7, 8, 9 and 10, which is insane enough, but the real story is that 20 people had actually selected those numbers.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 2.5 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, and Servicing Stack (~ 1.5 GB). This includes security updates. A reboot is required.

Apple released updates for iCloud for Windows 11.5, and iOS 14.2.1. Expect an update to iTunes, too, in the next few days. These are security updates.

iOS 14.2.1 is a security update. Use Settings, General, Software Update to install the most current version.

Adobe Flash Player 32.0.0.465 is a security update. Since Flash is going the way of the dodo along with the Year from Hell, this could very well be the last time you may have to install a Flash update. You’re still better off removing it yourself instead of updating. 🙂
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 87.0.4280.88 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

BullZip PDF Printer 12.0.0.2872 adds several new features, including improved email support, compatibility, and concurrent printing. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download

Crucial Storage Executive 6.09 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Logitech Options 8.36.86 allows changing function keys, customizing mouse buttons, and adds on-screen battery notifications. This is not a security update.
https://www.logitech.com/en-us/product/options

Logitech Options for macOS 8.36.76 adds Big Sur support, allows changing function keys, customizing mouse buttons, gesture controls, and adds on-screen battery notifications. This is not a security update.
https://www.logitech.com/en-us/product/options

nVidia 457.51 adds support for new hardware, updates SLI profiles, and resolves several bugs. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.17.75 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 87.0.4280.88 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 87.0.664.57 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 83.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.5.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

SeaMonkey 2.53.5.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.5.2115.73 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.5.1 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Dropbox 111.4.472 doesn’t provide a changelog so should be treated as a security update. This version is not reliable on Windows 8.
https://www.dropbox.com/

FreeFileSync 11.4 resolves several bugs, and improves compatibility. This is not a security update.
https://www.freefilesync.org/download.php

iCloud for Windows 11.5 is a security update.
https://apple.com/icloud

Technitium DNS Server 5.5 adds support for SRV records and resolves several bugs. This is not a security update.
https://technitium.com/dns/

WinSCP 5.17.9 resolves several bugs. This is not a security update.
https://winscp.net/eng/index.php

Zoom 5.4.59296.1207 adds meeting reminders, warnings for meetings that are only partially encrypted, and resolves several bugs. This is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.8 updates libraries, improves sync and face tracking, adds ability to call shortcuts, and resolves several bugs. This is not a security update.
https://en.3tene.com/

iTunes 12.11 doesn’t provide a changelog so should be treated as a security update.
https://www.apple.com/itunes/download/

Picard 2.5.2 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.12.07 is a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

PlayStation PS4 8.01 improves reliability. This is not a security update. Note that Sony changed the URLs without adding redirects, so the new location to download updates has changed:
https://www.playstation.com/en-us/support/hardware/ps4/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Blender 2.91.0 adds several new features and controls. This is not a security update.
https://www.blender.org/download/

Adobe Acrobat (version yet to be announced) is a security update. Use Help, Check for updates to get the most current version…when it’s released.

Adobe Reader (version yet to be announced) is a security update. Use Help, Check for updates to get the most current version…when it’s released.

Adobe Lightroom 10.1 is a security update.
https://creativecloud.adobe.com/apps/all/desktop

Adobe Experience Manager 6.5.7.0 and 6.4.8.3 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb20-72.html

Adobe Prelude 9.0.2 is a security update.
https://creativecloud.adobe.com/apps/all/desktop

Security Software Updates

One or more of these is likely to be of interest to most people.

Gpg4win 3.1.14 updates libraries and resolves several bugs. This is not a security update.
https://www.gpg4win.org/download.html

Nmap 7.90 adds 1,200 new fingerprints, resolves over 70 bugs, and provides several new features. It also removes silent install. 🙁 This is a security update.
https://nmap.org/download.html

Npcap 1.00 is the first stable release of Npcap. This is not a security update.
https://nmap.org/npcap/

RogueKiller 14.8.0 resolves several bugs. This is a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.31.2 resolves reliability in Chromium. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Tails 4.13 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

OpenSSL 1.1.1i is a security update. Releases of OpenSSL always trigger updates for every other platform that uses networking in any way, so expect a series of updates for every other web platform you use in the near future.
https://www.openssl.org/

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.0.2 resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.0.9 adds support for new encodings, resolves several bugs, and improves stability. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.7 adds Privacy integration, unlock with Apple Watch, MDM integration, improved password generator, and resolves over 100 bugs. This is a security update.
https://1password.com/downloads/mac/

Agent Ransack 2019.2951 improves performance at idle and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

Bitwarden 1.23.1 resolves bugs with SSO and improves GDPR compliance. This should be treated as a security update.
https://bitwarden.com/

DesktopOK 8.08 resolves several bugs and updates language support. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Etcher 1.5.112 updates libraries, and resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Everything 1.4.1.1000 resolves a bug with silent installation, wide-character comparison, name munging and other bugs. This is not a security update.
https://www.voidtools.com/

FileLocator Pro 8.5.2951 improves performance when idle and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

GoodSync 11.4.9 resolves dozens of bugs. This is not a security update.
https://12pd.com/click?goodsync

Homedale 1.90 adds support to load access points from CSV and improves frequency usage chart. This is not a security update.
https://www.the-sz.com/products/homedale/

HWMonitor 1.43 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

MS ISO Downloader 8.44 adds support for new media (including Win10 20H2v2) and resolves several bugs. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

NTLite 2.0.0.7726 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

Aomei Partition Assistant 9.0 adds shred files support. This is not a security update.
https://www.diskpart.com/

PointerStick 4.88 updates language support. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

Rufus 3.13 adds support for a 20H2v2, adds support to cheat certain disk images, improves error handling, and resolves several bugs. This is not a security update.
https://rufus.ie/en_IE.html

Sysmon 12.03 fixes reporting and a possible crash condition for certain rules. This should be treated as a security update.
https://live.sysinternals.com/

SDelete 2.04 provides a new switch to avoid file/directory ambiguity. This should be treated as a security update.
https://live.sysinternals.com/

WinObj 2.23 resolves several bugs. This is not a security update.
https://live.sysinternals.com/

TaskSchedulerView 1.60 adds support for exporting tasks to JSON, and updates HTML export to HTML5. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TeamViewer 15.12.4 resolves several bugs, improves performance, and adds support for more web cameras. This is not a security update.
https://www.teamviewer.com/en/download/windows/

WinScan2PDF 6.33 improves detection and operation with some hardware, updates language support, and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

DB Browser for SQLite 3.12.1 resolves several bugs. This is a security update.
https://sqlitebrowser.org/

Inno Setup 6.1.2 adds Print support and resolves several bugs. This is not a security update.
https://www.jrsoftware.org/isdl.php

Node.js 12.20.0 updates libraries and resolves several bugs. This is a security update.
https://nodejs.org/en/

Node.js 14.15.1 is a security update.
https://nodejs.org/en/

Node.js 15.3.0 updates libraries and resolves several bugs. This is a security update.
https://nodejs.org/en/

SQLite 3.34.0 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Web Package Updates

These are likely to be of interest only to web developers.

Adminer 4.7.8 adds support for PHP 8 and disallows connecting to privileged ports. This is not a security update.
https://www.adminer.org/en/

Drupal 9.0.10 is a security update.
https://drupal.org/download

Drupal 9.1.0 resolves several bugs. This is not a security update.
https://drupal.org/download

HumHub 1.7.1 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 3.9.23 is a security update.
https://www.joomla.org/

Nextcloud Server 20.0.2 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

phpList 3.5.8 adds new functionality to AJAX form and updates libraries. This is not a security update.
https://www.phplist.org/

ScreenConnect 20.12.1734.7640 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.6 updates libraries, adds several new features and blocks, a new theme, and more. This is not a security update.
https://wordpress.org/download/

BuddyPress 6.4.0 is a security update.

Contact Form 7 5.3.1 now passes last_contacted based on submission timestamp. This is not a security update.

Multisite Enhancements 1.5.4 fixes favicon. This is not a security update.

Theme My Login 7.1.2 improves stability and resolves several bugs. This is not a security update.

WooCommerce 4.8.0 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-11-13

Welcome back, Folks!

Today is Friday the 13th of November, 2020. It’s not Patch Tuesday, but updates from Microsoft, Apple, Google, and others have triggered an out-of-cycle update.

This Month in Technology

Ransomware authors have long used ads on services like Google and Facebook to distribute their malware, but are now using Facebook ads for “social proof” to promote their own effectiveness and encourage compliance to their ransoms.

Animal Jam has been hacked, restaurant POS ModPipe is being actively hacked, Dell printer drivers are being flagged as malware, and Vertafore (a company offering insurance validation) has allowed over 27 million records of Texas drivers to be compromised.

After over a decade since the release of Stuxnet to target PLCs in Iranian nuclear facilities, other PLC vendors for different industries are now being massively targeted using similar methods.

Microsoft finally acknowledges that the use of your phone number for 2FA (two-factor authentication) actually weakens account security.

The EFF has a great write-up of HP’s current bait-and-switch, and Google has announced that their free unlimited photo storage “forever” isn’t quite forever after all.

The Judge in the Epic Games lawsuit has dismissed Apple’s claims of theft.

Twitch has clarified their new copyright policies and encourages users to simply disable background music when they stream.

I think the biggest difference between those who study history and the low-information crowd is that those of us who have taken the time to research instead of taking what the media spoon feeds us invariably suffer from Cassandra Syndrome. We’re forced to witness while people who have made no bones about reducing the population push an untested vaccine created in less than 6 months that purportedly resolves the ADE response flaw that virologists have failed to address over the last 18+ years to provide an estimated 90% protection from a virus with less than 0.02% mortality.

Now for the good news:

We continue to win against insane abuses of the legal system.

Let’s Get Busy

Patch Tuesday was only a couple days ago, so while these updates (except for Big Sur) are relatively small (under 1 GB total), keep in mind that there’s likely still several more GB for people that haven’t patched yet.

Apple released updates for macOS Big Sur 11.0.1, Safari 14.0.1, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, Security Update 2020-006 High Sierra, and Security Update 2020-006 Mojave. These are security updates.

The next major version of macOS has been released, macOS 11 (Big Sur), which includes some major changes under the hood and many new cosmetics and compatibility capabilities for iOS/iPadOS software.

Performance changes for some features are estimated to be as much as 1.9x faster, though with history as a guide, I would assume this statement applies only to very recent hardware, and anything older than 2 years will actually experience significant performance lags in actual use.

Some devices as old as 2013 are technically “supported” though performance and reliability on older hardware is going to be the biggest consideration. If your goal is the iOS-ification of your Mac, Big Sur will start you on that path. If you plan to upgrade then you will need to have at least 30 GB free space before installation and you’ll lose approximately 4 GB permanently. This is necessary due the to new upgrade process for the static operating system partition. My advice is to wait until at least version 11.1 before upgrading to Big Sur. They’ve already fixed some significant problems, but Apple has a history of releasing major software insufficiently tested and with significant unanticipated issues.

With the release of macOS 11, be aware that any Mac running High Sierra (10.13) and older is no longer supported. Please upgrade to Mojave (10.14) if you can, or remove your device from the Internet.

Google Chrome OS 86.0.4240.198 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.16.76 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 86.0.4240.198 is a security update. Use Menu, Help, About to install the most current version.

Microsoft Edge 86.0.622.68 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Vivaldi 3.4.2066.106 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Media Updates

These are unlikely to be of interest to most people.

Flickr Downloadr 3.3.2.1 upgrades libraries. This should be treated as a security update.
https://flickrdownloadr.com/downloads/

Game Updates

These are unlikely to be of interest to most people.

PlayStation PS4 8.00 is a re-release and doesn’t indicate what has changed. This should be treated as a security update.
https://www.playstation.com/en-us/support/system-updates/ps4/

Office Updates

One or more of these are likely to be of interest to most people.

OpenOffice 4.1.8 is a security update. I want to note that I am impressed that the otherwise-abandoned Apache OpenOffice project has released a security update. It is still a little disappointing that it took them 5 months to address it. One more reason to switch to LibreOffice.
https://www.openoffice.org/download/

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.0.6 adds support for new encodings and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

CCleaner 5.74.8198 resolves a settings bug. This is not a security update.
https://www.ccleaner.com/

CurrPorts 2.63 adds option to align numeric columns to the right. This is not a security update.
https://www.nirsoft.net/utils/cports.html

IsMyHdOK 2.66 updates language support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.0.0.7722 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

Developer Updates

These are unlikely to be of interest to most people.

Node.js 15.2.0 resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/

Web Package Updates

These are likely to be of interest only to web developers.

ScreenConnect 20.11.1622.7619 resolves stability and reliability bugs. This is not a security update.
https://www.connectwise.com/software/control/download

phpList 3.5.7 is a security update.
https://www.phplist.org/

Antispam Bee 2.9.3 improves compatibility and resolves several bugs. This is not a security update.

W3 Total Cache 0.15.2 resolves several bugs. This is not a security update.

WooCommerce 4.7.0 resolves dozens of bugs and improves compatibility. This is not a security update.

WPtouch 4.3.39 resolves style bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-11-10

Welcome back, Folks!

Today is Patch Tuesday for November, 2020. It’s a big one and many Windows computers will be pushed into v2009 unless they’ve recently installed v2004. With the release of v2009 and the election, there’s a lot going on this month.

This Month in Technology

Aetna has been hacked again, dozens of hospitals (again), Mashable has been hacked, Cisco AnyConnect zero-day still isn’t patched, a Solaris zero-day is being used to hack corporate networks, and billions of credentials have been leaked after a data breach website contents are leaked online, Google Drive is being used to infect hospitals, Cloud Hospitality has exposed customer data for millions of users, Mattel has been hacked, BigBasket has been hacked, WordPress pushed out a sorely broken security update and fixed it the next day, Waze can be used to track you by nearby drivers, and X-Cart sites were hit by ransomware.

Cadillac Fairview has been illegally using secret facial recognition cameras throughout their shopping centres.

Apple has had several outages this month, and their hardware manufacturer was hit by ransomware, while they abandon another for exposed labor abuses (not for the labor abuses themselves, since that’s really within Apple’s wheelhouse), iOS apps will work on Apple Silicon Macs, but many developers are already abandoning the App Store.

Microsoft is blocking upgrades to v2004 and v2009 due to a Thunderbolt compatibility & reliability bug.

Starlink’s beta shows impressive performance (135 Mbps/25 Mbps).

It’s usually best to dismiss anything a politician says, but Biden’s assertion that he has the “most extensive and inclusive voter fraud organization in the history of American politics” should not be taken with a grain of salt.

After all, there is plenty of evidence of fraud including voter intimidationterrorism (the “use of violence and intimidation, especially against civilians, in the pursuit of political aims”), foreign nation interference, varioussoftware” “glitches” and “bugs,” fake ballotsfake voters, invalidating sharpie ballotsbackdating ballots arriving late, an untrustworthy postal systemfalse witnesses, (literally) blocking access to ballot observersnetwork and “accidentally mislabeled” ballots, throwing away ballots that poll-workers disagree with, the inability to trust even election judges, and government “open integrity” websites, but the Main Stream Media continues to preach the mantra that there is no evidence of voter fraud (mostly because big tech is censoring most of the evidence) even while Democrat representatives declare voter fraud a “time-honored tradition.”

Awkward: Joe Biden’s (77) Coronavirus task force is being lead by a man that believes people shouldn’t live past 75.

It’s not just the vote tally that’s false, the US Census faked data, too.

Fox News has lost the faith of their viewers and Judge Jeanine.

Twitter continues to demonstrate why you shouldn’t use them.

NetMarketShare had a good run. After 14 years they’ve pulled the plug due to changes in the chromium source, reasonably accurate browser identification will no longer be possible.

The Cult of Branch Covidians continues to demonstrate that science has never been their goal. Medical staff know the truth, and their efforts to save family and the world from masked parasites based on faulty tests and high false-positive rates with severe costs for a virus they’ve never isolated are being blocked and ignored. By the way, did you know that the PCR false-positive rate is as much as 4% and the number of “positive tests” in CA averages 3.7%? A judge that treats people as adults is being investigated for daring not to wear a mask in his own courtroom.

5G is finally being investigated.

The Internet Archive has surrendered to censorship.

0patch to the rescue, again. Microsoft isn’t supporting Office 2010 but don’t let that dissuade you. 0patch has been offering security fixes for many vendors of otherwise unsupported applications.

There’s a workaround for some HP printers that allow you to bypass the ban on third-party ink and toner. This is especially useful since HP Instant Ink is now demanding a ransom to keep using the ink you’ve already paid for.

Now for the good news:

The best news, to me anyway, is that scientists have now regrown optic nerves.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is very big. The typical computer should see roughly 2.5 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, Flash, Internet Explorer, and MSRT (~ 1.1 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update, iOS 14.2, iPadOS 14.2, iOS 12.4.9, watchOS 5.3.9, watchOS 6.2.9, watchOS 7.1, and tvOS 14.2. Expect an update to iTunes, too, in the next few days. These are security updates.

iOS 14.2 and 12.4.9 are security updates. Use Settings, General, Software Update to install the most current version.

iPadOS 14.2 is a security update. Use Settings, General, Software Update to install the most current version.

watchOS 5.3.9, 6.2.9 and 7.1 are security updates. Use your updated iPhone to install the most current version through the Watch app.
https://support.apple.com/en-us/HT204641

tvOS 14.2 is a security update. Use Settings, General, Updates to install the most current version.

Adobe Flash Player 32.0.0.453 is a security update. Since Flash is going the way of the dodo along with the Year from Hell, this could very well be the last time you may have to install a Flash update. You’re still better off removing it instead of updating. 🙂
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 87.0.4280.47 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

nVidia 457.30 adds support for CUDA 11.1, new hardware, new game profiles, and resolves several bugs. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Daemon Tools Lite 10.14.0 resolves several bugs and adds streaming and theme controls. This is not a security update.
https://www.daemon-tools.cc/products/dtLite

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.16.72 is a security update. Use Menu, Help, About to install the current version.
https://brave.com/

Google Chrome 86.0.4240.193 is a security update. Use Menu, Help, About to install the current version.

Microsoft Edge 86.0.622.63 is a security update. Use Menu, Help, About to install the current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 82.0.3 is a security update. Use Menu, Help, About to install the current version.

Firefox ESR 78.4.1 is a security update. Use Menu, Help, About to install the current version.

Iridium 2020.11.85 is a security update, but Iridium runs behind with chromium so should be avoided.
https://iridiumbrowser.de/

Vivaldi 3.4.2066.99 is a security update. Use Menu, Help, About to install the current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.4.2 is a security update. Use Menu, Help, About to install the current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Dropbox 109.4.517 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FreeFileSync 11.3 resolves several bugs and improves cosmetics. This is not a security update.
https://www.freefilesync.org/download.php

Zoom 5.4.58740.1105 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.10.10.2 doesn’t provide a changelog so should be treated as a security update.
https://www.apple.com/itunes/download/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.013.20064 is a security update. Use Help, Check for updates to install the most current version.

Atom 1.53.0 resolves several bugs. This is not a security update.
https://atom.io/

Krita 4.4.1 resolves several bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.0.3 resolves over 90 bugs. This is not a security update. Remember that ‘Fresh’ is the beta version, so should be avoided by most users.
https://www.libreoffice.org/

Nextcloud Desktop 3.0.3 resolves over a dozen bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 7.9.1 resolves over 20 bugs, including several stability and reliability issues, and adds several new features. This is not a security update.
https://12pd.com/click?npp

Security Software Updates

One or more of these is likely to be of interest to most people.

TinyWall 3.0.10 resolves several bugs. This is not a security update.
https://tinywall.pados.hu/

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.0.1 adds new quick styles, direct theme access, resolves compatibility with YouTube and several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.0.5 improves hardware support, resolves several bugs, and adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

CCleaner 5.74.8184 improves application compatibility, automatic update controls, and resolves several bugs. This is not a security update.
https://www.ccleaner.com/

DesktopOK 7.99.1 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DMDE 3.8.0.790 adds APFS support, image preview, and resolves several bugs. This is not a security update.
https://dmde.com/

Eraser 6.2.0.2991 doesn’t provide a changelog so should be treated as a security update.
https://eraser.heidi.ie/download/

Etcher 1.5.110 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

GoodSync 11.4.5 resolves dozens of bugs. This is not a security update.
https://12pd.com/click?goodsync

RoboForm 8.9.5 resolves several bugs and improves Most Popular calculations. This is not a security update.
https://12pd.com/click?rf

AD Explorer 1.50 adds support for exporting data from the “Compare” dialog. This is not a security update.
https://live.sysinternals.com/

Disk Usage 1.62 adds support for the MFT and removes the MAX_PATH limitation. This is not a security update.
https://live.sysinternals.com/

VMMap 3.31 fixes a Thread Environment Block bug on Windows 10 systems. This is not a security update.
https://live.sysinternals.com/

Sysmon 12.02 fixes several configuration parsing bugs. This is not a security update.
https://live.sysinternals.com/

Developer Updates

These are unlikely to be of interest to most people.

ADB 30.0.5 improves performance and error handling. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Android Studio 4.1.1.0 resolves over a dozen bugs. This is not a security update.
https://developer.android.com/studio

Node.js 15.1.0 adds diagnostics_channel (experimental), new spawn event, DNS resolver control, and several V8 options. This is not a security update.
https://nodejs.org/en/

Redemption 5.25.0.5826 resolves 9 bugs and adds several new objects. This is not a security update.
http://www.dimastr.com/redemption/

Visual Studio Code 1.51 integrates a terminal, improves intellisense, Git, tab pinning and more. This is not a security update.
https://code.visualstudio.com/

Web Package Updates

These are likely to be of interest only to web developers.

Docker Desktop 2.5.0.1 updates libraries, system requirements, and resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

HumHub 1.7.0 resolves two minor bugs. This is not a security update.
https://www.humhub.com/en/download

OpenPetra 2020.10 resolves several bugs. This is not a security update.
https://www.openpetra.org/

ScreenConnect 20.11.1479.7606 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.5.3 resolves several security issues and automatic update failures.

bbPress 2.6.6 doesn’t have a current changelog, so should be treated as a security update.

Multisite Enhancements 1.5.3 resolves several bugs and improves cosmetics. This is not a security update.

Redirection 4.9.2 improves compatibility and cosmetics. This is not a security update.

WooCommerce 4.6.2 resolves an account creation bug. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-10-28

Welcome back, Folks!

It’s not Patch Tuesday, but updates from Microsoft, Apple, Google, Mozilla, and many others have triggered an out-of-cycle update.

This Month in Technology

Hackney Council has been hacked, Dickey’s BBQ has been hacked, Carnival Corp was hacked, a Finland psychotherapy center was hacked and the stolen data is being used to blackmail patientsSonicWall VPN Portal can be easily hacked, there’s yet another Bluetooth vulnerability (in all but the latest Linux kernel), dozens of government networks have been targeted (and some hacked) by a “Russian hacker group” (though it’s hard to believe that the Russians are behind anything anymore), and President Trump’s campaign website was hacked. Any password you can remember is a bad password. Even if you’re the President. Or a multinational security company.

Some nutjobs are still supporting the lockdowns, even though the half-baked science encouraging lockdowns and masks have been proven false again and again, but that won’t stop authoritarians from treating people as terrorists.

Facebook is permabanning users for buying $300 VR hardware Facebook sells. Really. That’s okay, it’s time for VR to abandon Facebook anyway.

An overzealous Apple security feature (XProtect) has blocked access to HP printers, Amazon Music and more. They’re humorously contradicting themselves about security. On the one hand, they advise users to never plug any device into a non-Apple power adapter, and on the other hand they say they’re saving the planet by not including power adapters anymore.

Epic Games founder and chief executive Tim Sweeney observes:
“What’s most disturbing about Apple’s position is that they seem to truly believe they “own” all commerce involving phones they make, characterizing direct payment as theft, smuggling, and even shoplifting. It’s a crazy, misguided view.”

Yes, in June T-Mobile broke the entire US cell network. No, they won’t be punished.

Twitter and Facebook are actively censoring actual news based on false claims of hacking and sensitive information…but even if it were true, they didn’t seem to mind when the target of the hacking was of a different political persuasion. Twitter acknowledges that Joe Biden is a child sex predator. It should go without saying that social networks will never treat everyone the same. The FCC and President Trump have repeatedly asserted that they will be “clarifying” Section 230. Wouldn’t it be better if they just enforced it?

Not to be outdone by mere social media, the RIAA has demonstrated that it has too much power. Google has demonstrated that they can control what the world knows and believes, which has painted them into a corner for a federal antitrust case.

Orca Security has a great write-up about Palo Alto Networks defective (and illegal) pursuit of security-by-obscurity.

Now for the good news:

Energy scavenging may soon be a reality, hopefully it won’t be used to send us back to the 18th century like in the TV series Revolution. Isn’t it time that we pedaled for power?

Let’s Get Busy

Microsoft released the newest build of Windows 10 v2009, which isn’t that different from v2004. It’s another minor “major” update that streamlines several features and improves overall performance.
https://www.microsoft.com/en-us/software-download/windows10

Apple released updates for iOS, iPadOS, watchOS, iTunes, and Apple Music 3.4.0 for Android. These are security updates.

iOS 14.1 is a security update. Use Settings, General, Software Update to install the most current version.

iPadOS 14.1 is a security update. Use Settings, General, Software Update to install the most current version.

watchOS 7.0.3 is a security update. Use your updated iPhone to install the most current version through the Watch app.
https://support.apple.com/en-us/HT204641

Google Chrome OS 86.0.4240.112 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 33-1.2 adds PARSEC support, improves interoperability and development environment, updated libraries and resolves several bugs. This is not a security update.
https://getfedora.org/en/workstation/download/

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.3.4 improves removal capabilities. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

MS Mouse and Keyboard Center 13.0 adds support for new hardware. This is not a security update.
https://www.microsoft.com/accessories/en-us/downloads/mouse-keyboard-center

Logitech Options 8.34.82 (and 8.34.91 for macOS) resolves several bugs, adds support for new hardware and plugins, and implements the new permissions options for macOS Mojave compatibility. This is not a security update.
https://www.logitech.com/en-us/product/options

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.16.68 is a security update.
https://brave.com/

Google Chrome 86.0.4240.111 is a security update.

Microsoft Edge 86.0.622.56 is a security update.

Firefox 82.0.2 is a security update.

Firefox ESR 78.4.0 is a security update.

Vivaldi 3.4.2066.86 is a security update.
https://vivaldi.com/

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.45 adds an option to display QR codes for selected URLs. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 7.73.0 resolves over a hundred bugs and adds several new switches, improving help and error handling. This is not a security update.
https://curl.haxx.se/windows/

Dropbox 108.4.453 does not provide a detailed changelog, so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.51.0 resolves several bugs. This is not a security update.
https://filezilla-project.org/

TrueNAS 12.0 is the merger of FreeNAS and TrueNAS to build a much more powerful whole. This major update improves quality, reliability and performance, adds and improves support for new file systems and dataset encryption, improves diagnostics, 2FA, API support, quotas and much more. This is not a security update.
https://www.truenas.com/download-truenas-core

Technitium DNS Server 5.4 resolves several bugs, adds QNAME randomization and PTR zone creation. This is not a security update.
https://technitium.com/dns/

WinSCP 5.17.8 is a security update.
https://winscp.net/eng/index.php

Zoom 5.4.58636.1027 resolves several bugs. This is a security update.
https://zoom.us/

Java 8u271 is a security update.
https://www.java.com/en/download/manual.jsp

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.10.10 is a security update. Use Apple Software Update to get the most current version.

3tene 2.0.7 adds 32-bit screen capture, adjusts transition time, and resolves several bugs. This is not a security update.
https://en.3tene.com/

Picard 2.5.1 resolves dozens of bugs, improves reliability, and adds improved privacy controls. This is not a security update.
https://picard.musicbrainz.org/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.10.23 is a security update.

PlayStation PS4 8.00 is a security update.
https://www.playstation.com/en-us/support/system-updates/ps4/

Office Updates

One or more of these are likely to be of interest to most people.

LibreOffice 6.4.7 resolves over 70 bugs, including stability and reliability issues. This is not a security update.
https://www.libreoffice.org/

Paint.net 4.2.14 improves performance, adds AV1 support, and resolves several bugs. This is not a security update.
https://www.getpaint.net/

Adobe Creative Cloud Desktop Application 5.3 and 2.2 are security updates.
https://helpx.adobe.com/download-install/kb/creative-cloud-desktop-app-download.html

Adobe InDesign 16.0 is a security update.
https://helpx.adobe.com/security/products/indesign/apsb20-66.html

Adobe Media Encoder 14.5 is a security update.
https://helpx.adobe.com/security/products/media-encoder/apsb20-65.html

Adobe Premiere Pro 14.5 is a security update.
https://www.adobe.com/in/creativecloud/catalog/desktop.html

Adobe Photoshop 21.2.3 and 22.0 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb20-63.html

Adobe After Effects 17.1.3 is a security update.
https://helpx.adobe.com/security/products/after_effects/apsb20-62.html

Adobe Animate 21.0 is a security update.
https://helpx.adobe.com/security/products/animate/apsb20-61.html

Adobe Dreamweaver 21.0 is a security update.
https://helpx.adobe.com/security/products/dreamweaver/apsb20-55.html

Adobe Illustrator 25.0 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb20-53.html

Marketo 1.4357 is a security update.
https://helpx.adobe.com/security/products/marketo/apsb20-60.html

Magento 2.4.1 and 2.3.6 are security updates.
https://helpx.adobe.com/security/products/magento/apsb20-59.html

Security Software Updates

One or more of these is likely to be of interest to most people.

BelArc Advisor 9.7 doesn’t provide a changelog so should be treated as a security update.
https://www.belarc.com/products_belarc_advisor

RouterPassView 1.90 adds a new display mode including backup files. This is not a security update.
https://www.nirsoft.net/utils/router_password_recovery.html

uBlock Origin 1.30.6 resolves several bugs and adds a click-to-load widget. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

RogueKiller 14.7.4 improves reliability. This is not a security update.
https://www.adlice.com/download/roguekiller/

HTTP Toolkit 1.0.2 updates libraries. This is not a security update.
https://httptoolkit.tech/

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.0.0 is a major update adding several features, updating Templates, Themes, Simplify, Magnify, and the Editor. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.0.3 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

CCleaner 5.73.8130 improves license management. This is not a security update.
https://www.ccleaner.com/

TeamViewer 15.11.6 improves RSA key length, allows flashlight while zooming, and resolves a copy/paste notification bug. This is not a security update.
https://www.teamviewer.com/en/download/windows/

Fido 1.17 adds support for the latest Windows 10 build, v2010. This is not a security update.
https://github.com/pbatard/Fido/releases

GoodSync 11.4.1 improves Google Photos FS access, event handling, GsRunner, CCRunner, updates certificate roots, and resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

NTLite 2.0.0.7705 updates components and compatibility, and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

PointerStick 4.71 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

Rufus 3.12 adds support for the latest Windows 10 build, v2010, SHA-512 digests, improved Windows To Go support, and resolves several bugs. This is not a security update.
https://rufus.ie/en_IE.html

TaskSchedulerView 1.57 adds options to copy contents of clicked cell. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

WinScan2PDF 6.13 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

VMMap 3.30 identifies .NET Core 3.0 managed heaps. This is not a security update.
https://live.sysinternals.com/

RAMMap 1.60 adds customizable map colors and a new empty system working sets. This is not a security update.
https://live.sysinternals.com/

Sysmon 12.01 is a security update.
https://live.sysinternals.com/

Developer Updates

These are unlikely to be of interest to most people.

MySQL ConnectorNet 8.0.22 resolves several bugs. This is a security update.
https://dev.mysql.com/downloads/connector/net/

Node.js 14.15.0 resolves several bugs and is now officially in Long Term Support (LTS) status. This is not a security update.
https://nodejs.org/en/

Node.js 15.0.1 is a major update adding several new features and removing others, updating libraries and resolves bugs. This is not a security update.
https://nodejs.org/en/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.16-140961 resolves several bugs. This should be treated as a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Dada Mail 11.12.2 resolves a minor bug. This is not a security update.
http://dadamailproject.com/

phpMyAdmin 4.9.7 and 5.0.4 resolve 2FA bug and PHP compatibility, and resolve several other bugs. This is not a security update.
https://www.phpmyadmin.net/

ScreenConnect 20.11.1385.7587 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Nextcloud Server 20.0.1 resolves over 60 bugs and improves performance, reliability and privacy. This is not a security update.
https://nextcloud.com/

Akismet 4.1.7 improves integration. This is not a security update.

Contact Form 7 5.3 resolves several bugs. This is not a security update.

myStickymenu 2.4.7 resolves several bugs. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.19 improves compatibility and resolves several bugs. This is not a security update.

Redirection 4.9.1 resolves logging and database upgrade bugs. This is not a security update.

Social Post Feed 2.17.1 resolves several bugs. This is not a security update.

WooCommerce 4.6.1 resolves several bugs. This is not a security update.

WP Mail SMTP 2.5.1 adds password encryption, improves Gmail compatibility, and resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-09-08

Welcome back, Folks!

Today is Patch Tuesday for September 2020.

This Month in Technology

I enjoy the soapbox I’ve taken here in my newsletters over the years, but unfortunately we were struck by a PG&E “Public Safety Power Shutoff” event so lost more than a day this week for Patch Tuesday and haven’t had the time (or Internet access!) to be able to collect this information for this newsletter. 🙁

Now for the good news:

Adobe Flash will be dead in only 113 days.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Internet Explorer, Office, Servicing Stack, and MSRT (~1.5 GB). This includes security updates. A reboot is required.

Apple released an update for Pro Video Formats 2.1.2. Use Apple Software Update to install these updates. A reboot is required.

Adobe Flash Player 32.0.0.414 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 85.0.4183.84 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.9 improves removal process, and adds support for new hardware. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

nVidia 452.06 adds support for newer hardware and improves performances in some games. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.13.82 adds several new privacy controls and display options. This is a security update.
https://brave.com/

Google Chrome 85.0.4183.102 is a security update.

Microsoft Edge 85.0.564.44 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 80.0.1 resolves several bugs. This is not a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 68.12.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 3.3.2022.39 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.2.0 resolves several bugs and improves OpenPGP integration. This should be treated as a security update.
https://www.thunderbird.net/en-US/

OutlookAttachView 3.42 adds cell context copy option. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Internet Updates

One or more of these are likely to be of interest to everyone.

curl 7.72.0 resolves one hundred bugs, adds zstd decoding, improves failure handling and adds effective method. This is a security update.
https://curl.haxx.se/windows/

Dropbox 104.4.175 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.50.0 updates Storj integration. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.1 resolves several bugs and improves compatibility. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 0.9997 is a security update.
https://nmap.org/npcap/

Prosody 0.11.6 resolves several bugs, and improves reliability and security.
https://prosody.im/download/start

Technitium DNS Server 5.2 resolves several bugs and adds certbot support. This is not a security update.
https://technitium.com/dns/

Zoom 5.2.45120.0906 disables webinar attendance by telephone. They plan to re-enable this feature “in the coming weeks.” This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Picard 2.4.4 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

3tene 2.0.3 resolves several bugs and adds z-axis tracking to Pro. This is not a security update.
https://en.3tene.com/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.09.03 resolves several bugs. This is not a security update.

PlayStation PS4 7.55 doesn’t provide a detailed changelog, so should be treated as a security update.
https://www.playstation.com/en-us/support/system-updates/ps4/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.012.20043 resolves compatibility issues with some programs. This is a security update.

Adobe DNG Converter 12.4 adds support for new hardware.
Win: https://supportdownloads.adobe.com/detail.jsp?ftpID=6975
Mac: https://supportdownloads.adobe.com/detail.jsp?ftpID=6973

Adobe Experience Manager 6.5.6.0 and 6.4.8.2 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html

Adobe Framemaker 2019.0.7 is a security update.
https://helpx.adobe.com/security/products/framemaker/apsb20-54.html

Adobe InDesign 15.1.2 is a security update.
https://helpx.adobe.com/security/products/indesign/apsb20-52.html

Atom 1.51.0 improves performance resolves several bugs. This is not a security update.
https://atom.io/

Blender 2.90 adds many new features and controls. This is a major update.
https://www.blender.org/download/

LibreOffice 6.4.6 resolves 70 bugs. This is a security update.
https://www.libreoffice.org/

LibreOffice Fresh 7.0.1 resolves over 70 bugs. This is a security update. Remember that this is a beta version of LibreOffice, so should be avoided by most users.
https://www.libreoffice.org/

Nextcloud Desktop 3.0.1 resolves several bugs and adds several new features. This is not a security update.
https://nextcloud.com/

Security Software Updates

One or more of these is likely to be of interest to most people.

Gpg4win 3.1.13 resolves several bugs and improves compatibility. This is a security update.
https://www.gpg4win.org/download.html

RogueKiller 14.7.2 adds several new features and updates libraries. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.29.2 resolves a couple bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.27 adds several new features and resolves more than a dozen bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.1.0.5 resolves a couple bugs and adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

Education updates

One or more of these are likely to be of interest to most people.

e-Sword 12.2 improves search and display. This is not a security update.
https://www.e-sword.net/

Utility Updates

These are unlikely to be of interest to most people.

Agent Ransack 2019.2947 adds installer flags for language, ui, and registration, resolves a performance bug with exporting searches that don’t parse content. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

DesktopOK 7.81 adds 64-bit improvements. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.71 adds option to copy contents of the clicked cell. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

DriverView 1.50 resolves a 64-bit compatibility problem. This is not a security update.
https://www.nirsoft.net/utils/driverview.html

Etcher 1.5.107 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

FileLocator Pro 8.5.2947 adds installer flags for language, UI, and registration, resolves a performance bug with exporting searches that don’t parse content. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Fing 2.0.1 adds support for new device detection, Wi-Fi heatmap, security details and resolves a bug in Bonjour discovery. This is not a security update.
https://www.fing.com/products/fing-desktop-download-windows

GoodSync 11.3.3 resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

Homedale 1.89 improves columns in GUI, and now uses UTF8 for logs. This is not a security update.
https://www.the-sz.com/products/homedale/

HWMonitor 1.42 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

IsMyHdOK 2.32 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.0.0.7640 improves component controls and settings, and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

Aomei Partition Assistant 8.9 improves GUI, and resolves several bugs. This is not a security update.
https://www.diskpart.com/

PointerStick 4.66 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.21.1 improves stability, adds several features, and resolves bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 8.9.2 resolves several bugs, including a reliability bug in manual saves. This is not a security update.
https://12pd.com/click?rf

TeamViewer 15.9.4 resolves several bugs. This is not a security update.
https://www.teamviewer.com/en/download/windows/

TraceRouteOK 2.22 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

Ultimate Boot CD 5.3.9 updates libraries. This is not a security update.
http://www.ultimatebootcd.com/download.html

WinGet 0.1.42241 adds autocomplete. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

WinScan2PDF 6.01 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.35 improves logging and export capabilities, and adds max last-modified date for newest file in the folder tree. This should be treated as a security update.
https://wiztreefree.com/

Developer Updates

These are unlikely to be of interest to most people.

Node.js 14.10.0 resolves dozens of bugs, updates libraries, and improves stability. This is not a security update.
https://nodejs.org/en/

SQLite 3.33.0 resolves several bugs, adds support for arbitrary-precision decimal arithmetic, UPDATE FROM, increases maximum database size, and improves integrity checks.
https://www.sqlite.org/download.html

StrawberryPerl 5.32.0.1 is a major update adding new features, bug fixes, libraries and compatibility. This is not a security update.
http://strawberryperl.com/

Visual Studio Code 1.48.2 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.8 resolves several bugs, improves stability and reliability. This is not a security update.
https://winmerge.org/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.14-140239 resolves several bugs and adds support for Linux kernel 5.8. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.09 resolves several bugs. This is not a security update.
https://coppermine-gallery.net/

Dada Mail 11.11.2 is a security update.
https://dadamailproject.com/

Drupal 9.0.5 resolves a cosmetic bug and changes component registry to avoid flagging for non-existent security vulnerability. This is not a security update.
https://drupal.org/download

HumHub 1.6.3 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 3.9.21 is a security update.
https://www.joomla.org/

Nextcloud Server 19.0.2 resolves dozens of bugs and updates libraries. This is not a security update.
https://nextcloud.com/

phpList 3.5.6 adds reply-to support, forwarding improvements, and resolves several bugs. This is not a security update.
https://www.phplist.org/

ScreenConnect 20.10.957.7556 resolves several bugs and adds new user controls. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.5.1 resolves dozens of bugs. This is not a security update.

Autoptimize 2.7.7 is a security update.

Contact Form 7 5.2.2 resolves several bugs. This is not a security update.

Social Post Feed 2.16.1 resolves several bugs. This is not a security update.

Interactive World Map 3.1.8 improves compatibility and resolves several bugs. This is not a security update.

myStickymenu 2.4.4 resolves several bugs. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.18 resolves several bugs and improves compatibility. This is a security update.

W3 Total Cache 0.14.4 resolves several bugs and improves compatibility. This is not a security update.

WooCommerce 4.5.1 resolves several bugs and improves compatibility. This is not a security update.

WP Mail SMTP 2.3.1 improves compatibility and resolves several bugs. This is not a security update.

Show IDs 1.1.5 improves compatibility. This is not a security update.

WPtouch 4.3.38 resolves several bugs. This is not a security update.

WordPress Zero Spam 4.10.1 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/