Updates 2022-12-13

Merry Christmas, Folks!

Today is Patch Tuesday for December, 2022.

This month brings a new version of Windows 10 (v22H2), critical security updates for all supported Apple products, and (literally) new security updates every single week since the last update cycle on November 8th. That’s on top of the 150+ major hacks, and over 165 application updates this month. Prepare yourself, there will be about 4 GB of updates for most devices this month.

This Month in Technology

Over 15,000 websites, Abandonia2022, ABB Totalflow, Accuro, Acer UEFI Secure Boot, dozens of apps using the Algolia API, Amazon ECR, Amnesty International Canada, Android, Android OEM certificates, André-Mignot Hospital, Ankr, Antwerp, Belgium, Argentina de Soluciones Satelitales, Arkansas Department of Human Services, Atlassian Bitbucket Server, Bahrain, Bank of Russia, Boa web server, California’s Department of Finance, Canadian Teachers Union, Canon hardware, CareFirst Administrators, CCA Health Plans of California, Inc d/b/a CCA Health CA, Central Depository Services Ltd, Chiropractic Board of New Zealand, Cincinnati State Technical and Community College, Cisco IP phones, Citrix ADC and Gateway, CloudSEK, Codesys, CoinTracker, CommonSpirit Health, Community Health Network, Inc. as an Affiliated Covered Entity, Connexin Software, Consumer Directed Services In Texas, Inc., CorrectCare Integrated Health Inc, County of Tehama, California, Dallam Hartley Counties Hospital District, Deribit, Dermatology & Skin Cancer Ctr, PC, Dialpad, Inc., Dietitians Board of New Zealand, Docs Medical Inc, Doctors’ Center Hospital, Dr. Douglas C. Shoenberger,PC, Durham District School Board, Dutch LNG Terminal, Easton Cardiovascular, Ellen M. Field, M.D., Epic Management LLC, European Parliament, F5 BIG-IP and BIG-IQ, Fars News Agency, Festo, FortiOS SSL-VPN, FTX, GATE Petroleum Company Employee Benefits Plan, Gateway Rehabilitation Center, General Council of the Judiciary, GGCorp, Google Pixel 5 and 6, Google’s Looker Studio, GoTo, Guatemala’s Ministry of Foreign Affairs, Health Care Management Solutions, LLC, Health New Zealand, Hope Health Systems Inc., Hospital Center of Versailles, HP hardware, Hyundai and Genesis cars, Indian Central Board of Higher Education, Indian Community Health Network, Indian Council of Medical Research, Indian electrical grid operators, Innovative Service Technology Management Services, Inc., Kaiser Foundation Health Plan of the Mid-Atlantic States, Inc., Keralty Group, Lake Charles Memorial Health System, LastPass (again), Lehigh Valley Women’s Specialties, Lenovo UEFI Secure Boot, Lexmark hardware, Magento 2, Manassas Surgery Center Anesthesia Services, MaryAnne Freeman Brndjar, DO, PC, Medibank, Mena Regional Health System, Mercury IT, Microsoft Exchange, Mikrotik hardware, NETGEAR hardware, New York-Presbyterian Hospital, New Zealand Ministry of Justice, New Zealand Psychologists Board, New York-Presbyterian Hospital, a NY salon, NU House Calls, PC, Nuance Communications, Inc., OakBend Medical Center, One Brooklyn Health System, Optometrists and Dispensing Opticians Board of New Zealand, Oracle Fusion, Orange Telecom, Orlando Health, Pendurthi Surgical Associates, Peter J. Isaac, D.O., Physiotherapy Board of New Zealand, Plascar Participacoes Industriais, Podiatrists Board of New Zealand, Polsinelli PC, Quarkus Java Framework, Rackspace, Radio Free Asia, Receivables Performance Management, Restaurants in Cincinnati, Roman Catholic Church, Rosenfeld VanWirt, PC, Royal Mail, Samsung Galaxy S22, Sequoia One, Seville Urban Transport Company, Silverstone Circuit, Sobeys, Sonder, Sonos hardware, South Staffordshire Water, South Walton Fire District, Southampton County, Virginia, Sree Saran Medical Centre, Stanley Street Treatment and Resources, Inc., Synology hardware, Tata Power, Telstra, The Smith Family, TP-Link hardware, Tuloso-Midway Independent School District, Twitter, Uber, Ubiquiti hardware, University Medical Center of Southern Nevada, UOB KayHian, Uruguay’s Ministry of Transport and Public Works, the US government, VMware ESXi, VTB Bank, Western Digital hardware, Whoosh, Work Health Solutions, Wright & Filippis LLC, Xavier College, Yakima Neighborhood Health Services, Yale University, and the Zwijndrecht police have reportedly been hacked or compromised this month.

There’s another novel method for exfiltrating information from air-gapped devices: the power supply. Most US DoD contractors fail to implement basic security controls.

Windows updates last month broke DirectAccess, gaming performance, ODBC database connections, Remote Desktop, Task Manager, Windows Kerberos, caused Windows freezes and domain controller freezes.

Meta (Facebook and Instagram) has acknowledged they’ve been used by the US Military for propaganda

Now for the good news:

Apple is finally adding end-to-end encryption for some iCloud backups.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is huge this month. The typical computer should see roughly 4 GB in updates today. Let’s get started.

Microsoft released updates to address 57 vulnerabilities in .NET Framework, Azure, Client Server Run-time Subsystem (CSRSS), Microsoft Bluetooth Driver, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office, Microsoft Office OneNote, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft Windows Codecs Library, Windows Hyper-V, SysInternals, Windows Certificates, Windows Contacts, Windows DirectX, Windows Error Reporting, Windows Fax Compose Form, Windows HTTP Print Provider, Windows Kernel, Windows PowerShell, Windows Print Spooler Components, Windows Projected File System, Windows Secure Socket Tunneling Protocol (SSTP), Windows SmartScreen, Windows Subsystem for Linux, Windows Terminal and MSRT (~ 2.5 GB). This includes security updates. A reboot is required.

Apple released updates for iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2, iOS 16.2 and iPadOS 16.2, macOS Big Sur 11.7.2, macOS Monterey 12.6.2, macOS Ventura 13.1, Safari 16.2, tvOS 16.1.1, tvOS 16.2, and watchOS 9.2. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 15.7.2, 16.1.2, and 16.2 are security updates. Use Settings, General, Software Update to install the most current update.

iPadOS 15.7.2, 16.1.2, and 16.2 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 9.2 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 16.1.1 and 16.2 are security updates. Use System, Software Update to install the most current version.

Google Chrome OS 108.0.5359.75 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 37-1.7 is a major update, adding support for Raspberry Pi 4, new editions, and updates libraries. This is not a security update.
https://getfedora.org/en/workstation/download/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Big Sur (11) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

AMD Adrenalin 22.11.2 resolves several bugs. This is not a security update.
https://www.amd.com/en/support

Display Driver Uninstaller 18.0.5.9 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

DS4Windows 3.1.11 resolves several bugs. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest

Garmin Express 7.15.2 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.garmin.com/en-US/software/express/

NVcleanstall 1.14.0 resolves several bugs. This is not a security update.
https://www.techpowerup.com/download/techpowerup-nvcleanstall/

Nvidia Driver 474.06 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Drivers by Seagull 2022.3 adds support for over 200 new devices. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/

Wacom Driver 6.4.0-11 resolves several bugs. This is not a security update.
https://www.wacom.com/en-us/support/product-support/drivers

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.46.134 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 108.0.5359.98 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 108.0.1462.46 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 108.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Vivaldi 5.6.2867.40 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.10.7 resolves a couple bugs and improves cosmetic options. This is not a security update.
https://getmailspring.com/

OutlookAttachView 3.47 adds option to cancel scan with Esc key. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Spark 3.2.1.40643 resolves many bugs. This is not a security update.
https://sparkmailapp.com/

Spark (macOS) 3.2.1.40641 resolves many bugs. This is not a security update.
https://sparkmailapp.com/

Thunderbird 102.6 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk (macOS) 7.0.0 resolves several bugs and improves interface and Settings. This is not a security update.
https://anydesk.com/en/downloads

BrowsingHistoryView 2.53 adds multiple profile support to several browsers and adds the ability to cancel scan with the Esc key. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

DNSDataView 1.70 adds support for collecting A records of all PTR record. This is not a security update.
https://www.nirsoft.net/utils/dns_records_viewer.html

Dropbox 162.4.5419 resolves several bugs. This is not a security update.
https://www.dropbox.com/

Facebook Messenger 172.0.0.23.215 is a security update.
https://www.messenger.com/download

FileZilla Client 3.62.2 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FileZilla Server 1.6.1 resolves an installation bug and improves certificate controls. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.28 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 68.0 resolves several bugs. This is not a security update.
https://drive.google.com/start

Microsoft Teams 1.5.00.33362 adds HOSI support for compatible hardware. This is not a security update.
https://teams.microsoft.com/downloads

Minds (Android) 4.30.1 resolves several bugs. This is not a security update.
https://www.minds.com/

Nextcloud Server 25.0.2 resolves dozens of bugs. This is a security update.
https://nextcloud.com/

Omada Software Controller 5.7.4 improves the user interface, adds several new options, and resolves several bugs. This is a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Pocketnet-Core 0.20.29 resolves several bugs. This is not a security update.
https://pocketnet.app/

Pocketnet-GUI 0.8.34 resolves several bugs. This is not a security update.
https://pocketnet.app/

Qbox 4.0.5.35 doesn’t provide a changelog so should be treated as a security update.
https://www.coraltreetech.com/qbox

Rclone 1.60.1 resolves several bugs and improves compatibility. This is not a security update.
https://rclone.org/

Signal 6.0.1 adds Stories support. This is not a security update.
https://signal.org/download/windows/

Signal (Android) 6.3.6 adds donation support. This is not a security update.
https://signal.org/android/apk/

Skype 8.91.0.404 adds universal translation and resolves several bugs. This is not a security update.
https://www.skype.com/

Syncthing 1.22.2 resolves several bugs and updates libraries. This is not a security update.
https://syncthing.net/

Technitium DNS Server 10.0.1 adds several features and resolves bugs. This is a security update.
https://technitium.com/dns/

Telegram 4.4.1 resolves several bugs. This is not a security update.
https://telegram.org/

Telegram (Android) 9.2.1 doesn’t provide a detailed changelog so should be treated as a security update.
https://telegram.org/apps

TP-Link Archer AX21 v1.3.6 is a security update.
https://www.tp-link.com/us/support/download/archer-ax21/v1.20/#Firmware

WinSCP 5.21.6 is a security update.
https://winscp.net/eng/index.php

Zoom 5.12.9.10650 improves policy controls, CC and translation, and resolves several bugs. This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Bitwig Studio 4.4.3 fixes a couple stability bugs. This is not a security update.
https://www.bitwig.com/download/

Picard 2.8.5 resolves several bugs. This is a security update.
https://picard.musicbrainz.org/

Plex Desktop 1.59.1.3398 adds support for AV1 and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.30.1.3391 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.30.0.6486 adds pattern matching, improves scheduled tasks, and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

VLC Media Player 3.0.18 is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

GameMaker Studio 2022.11.0.54 resolves dozens of bugs and improves usability. This is not a security update.
https://www.yoyogames.com/en/gamemaker

GDevelop 5.1.152 adds new features, including monetization through assets, and resolves several bugs. This is not a security update.
https://gdevelop.io/download

Lego Studio 2.22.12.1 resolves several bugs. This is not a security update.
https://www.lego.com/en-us/ldd

Steam 2022.12.01 resolves 20 bugs. This is not a security update.
https://steamcommunity.com/news/client

SteamOS SteamDeck Update 2022-11-21 resolves many bugs including hardware compatibility, performance and stability issues. This is not a security update.
https://store.steampowered.com/news/app/1675200/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Campaign Classic 7.3.2 and 8.4.2 are security updates.
https://helpx.adobe.com/security/products/campaign/apsb22-58.html

Adobe Experience Manager 2022.10.0 and 6.5.15.0 resolve almost three dozen security vulnerabilities.
https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html

Illustrator 2023 27.0.1 and 2022 26.5.2 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb22-60.html

Artweaver 7.0.14 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Atom 1.63.1 is the final release of Atom before it is to be EOL in a couple days. Please switch to another editor.
https://atom.io/

Audacity 3.2.2 adds VST2 realtime effect support and resolves several bugs. This is not a security update.
https://www.audacityteam.org/download/

Calibre 6.9.0 adds signing to all binaries and resolves several bugs. This should be treated as a security update.
https://calibre-ebook.com/

Inkscape 1.2.2 resolves dozens of bugs. This is not a security update.
https://inkscape.org/release/

Kindle for PC 1.39.65383 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

LibreOffice Fresh 7.4.3 resolves 100 bugs. This is a security update. Remember that the Fresh line is beta software. Most users should use the Still line.
https://www.libreoffice.org/

Nextcloud Desktop 3.6.4 improves stability. This is not a security update.
https://nextcloud.com/

PDF-XChange Editor 9.5.366.0 resolves several bugs. This is not a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

Security Software Updates

One or more of these is likely to be of interest to most people.

Chainsaw 2.3.0 improves culprit tracking. This should be treated as a security update.
https://github.com/countercept/chainsaw

HTTP Toolkit 1.12.1 doesn’t provide a changelog so should be treated as a security update.
https://httptoolkit.tech/

MalwareBytes Anti-Malware Mac 4.17.8 adds support for macOS Ventura/13. This is not a security update.
https://www.malwarebytes.com/mac/

ProtonVPN 2.3.1 improves user interface. This is not a security update.
https://protonvpn.com/download

ProtonVPN (macOS) 3.0.10 improves the user interface. This is not a security update.
https://protonvpn.com/download

Radmin VPN 1.3.4568.3 adds ability to add exceptions from within the software. This is not a security update.
https://www.radmin-vpn.com/

RogueKiller 15.6.3 updates engine and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Tails 5.7 is a security update.
https://tails.boum.org/install/dvd/index.en.html

uBlock Origin 1.45.2 resolves a couple bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Velociraptor 0.6.7 adds PGP automation and resolves several bugs. This is not a security update.
https://github.com/Velocidex/velociraptor/releases/latest

WebBrowserPassView 2.12 adds High-DPI support and improves portable browser support. This is not a security update.
https://www.nirsoft.net/utils/web_browser_password.html

Capture Updates

These are unlikely to be of interest to most people.

Camtasia 22.4.1 resolves several bugs. This is not a security update.
https://www.techsmith.com/video-editor.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.9.4 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

iMazing HEIC Converter 2.0.3 doesn’t provide a changelog so should be treated as a security update.
https://imazing.com/heic

IsoBuster 5.1 adds support for reading the FAT directly, improves performance and stability, and resolves dozens of bugs. This is not a security update.
https://www.isobuster.com/download.php

PDF Creator 5.0.3 resolves several bugs. This is not a security update.
https://www.pdfforge.org/pdfcreator

StreamFab 6.0.0.7 adds support for new encodings and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.18 resolves a merge bug. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 8.9.10 improves 2FA support and compatibility, and resolves dozens of bugs. This is not a security update.
https://1password.com/downloads/mac/

1Password for Windows 8.9.10 improves 2FA support and compatibility, and resolves dozens of bugs. This is not a security update.
https://1password.com/downloads/windows/

Agent Ransack 2022.3349 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

Bitwarden 2022.11.0 implements 2-step authentication and resolves several bugs. This is not a security update.
https://bitwarden.com/

CCleaner 6.06.10144 adds and improves cleanup for over a dozen applications. This is not a security update.
https://www.ccleaner.com/

Cygwin 3.4.1 resolves several bugs. This is not a security update.
https://cygwin.com/

DesktopOK 10.51 improves compatibility with Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 3.1.197.0 adds recycle bin support, resolves several bugs, and improves bookmark behavior. This is not a security update.
https://dngrep.github.io/

Etcher 1.10.6 updates dependencies. This is not a security update.
https://www.balena.io/etcher/

FileLocator Pro 2022.3349 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Git SCM 2.39.0 resolves several bugs. This is not a security update.
https://git-scm.com/

Go 1.19.4 is a security update.
https://go.dev/

GoodSync 12.1.2 resolves dozens of bugs. This is not a security update.
https://www.goodsync.com/

Homedale 2.04 removes log headers and updates languages. This is not a security update.
https://www.the-sz.com/products/homedale/

HWMonitor 1.48 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

NetConnectChoose 1.10 adds Metric column and resolves a network selection bug. This is not a security update.
https://www.nirsoft.net/utils/net_connect_choose.html

NTLite 2.3.9.9018 improves compatibility and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSForensics 10.0.1006 resolves several bugs. This is not a security update.
https://www.osforensics.com/download.html

osquery 5.6.0 resolves several bugs, adds new columns and controls. This is not a security update.
https://osquery.io/downloads

AOMEI Partition Assistant 9.13.0 resolves several bugs. This is not a security update.
https://www.diskpart.com/

PointerStick 6.11 improves compatibility with Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.65.0 upgrades dependencies and resolves a couple bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Process Explorer 17.02 resolves stability bugs. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

RoboForm 9.3.8 resolves several bugs. This is not a security update.
https://www.roboform.com/

Rufus 3.21 updates dependencies, libraries, and resolves several bugs. This is not a security update.
https://rufus.ie/en_US/

ScreenConnect 22.9.10589.8370 resolves dozens of bugs including stability and reliability. This is a security update.
https://www.connectwise.com/software/control/download

Sysmon 14.13 resolves a stability bug. This is a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TeamViewer 15.36.9 improves terminal and scripting support. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

TraceRouteOK 3.22 improves compatibility with Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

Unity 2022.2.0 resolves over a hundred bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

WinScan2PDF 8.31 improves compatibility with Windows 11. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 4.12 resolves a couple bugs. This is not a security update.
https://www.diskanalyzer.com/

ZoomText 2022 2022.2211.5.400 improves integration and stability, and resolves several bugs. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

ZoomText 2023 2023.2210.28.400 is a new major version adding tethered view and improves compatibility. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.36.02 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

Docker Desktop 4.14.1 improves stability and performance, adds WebAssembly support, user interface improvements, upgrades libraries and resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Node.js 14.21.2 updates certificates and timezone information. This should be treated as a security update.
https://nodejs.org/en/

Node.js 16.19.0 updates certificates and timezone information. This should be treated as a security update.
https://nodejs.org/en/

Node.js 19.2.0 updates libraries and resolves over a dozen bugs. This is not a security update.
https://nodejs.org/en/

SQLite 3.40.0 improves support for data recovery, performance, and reliability. This is a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.74 adds several new features. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 7.0.4 resolves over a dozen bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 9.4.9 resolves several bugs. This is not a security update.
https://drupal.org/download

HumHub 1.12.3 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 4.2.6 improves compatibility and resolves several bugs. This is not a security update.
https://www.joomla.org/

jQuery 3.6.2 improves compatibility and resolves several bugs. This is not a security update.
https://code.jquery.com/

MailEnable 9.86 is a security update.
https://www.mailenable.com/

MailEnable 10.43 is a security update.
https://www.mailenable.com/

ownCloud Client 3.0.0.9215 resolves dozens of bugs. This is not a security update.
https://owncloud.com/desktop-app/

Piwigo 13.3.0 resolves several bugs. This is not a security update.
https://piwigo.org/

SMF 2.1.3 resolves dozens of bugs. This should be treated as a security update.
https://www.simplemachines.org/

WordPress 6.1.1 resolves dozens of bugs. This is not a security update.
https://wordpress.org/

Akismet 5.0.2 is a security update.
https://wordpress.org/extend/plugins/akismet/

Autoptimize 3.1.4 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

Contact Form 7 5.7 resolves dozens of bugs and improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/

Duplicator 1.5.1 adds support for the latest build of WordPress and resolves several bugs. This is a security update.
https://wordpress.org/plugins/duplicator/#developers

Redirection 5.3.6 improves translations. This is not a security update.
https://wordpress.org/extend/plugins/redirection/

Register IP – Multisite 1.8.3 is a security update.
https://wordpress.org/extend/plugins/register-ip-multisite/

Simple Lightbox 2.9.3 resolves several bugs and improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/simple-lightbox/

Sucuri Security 1.8.36 is a cosmetic update. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/

W3 Total Cache 2.2.9 improves translation support. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/

WooCommerce 7.1.1 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WPtouch 4.3.46 is a security update.
https://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2022-05-10

Welcome back, Folks!

Today is Patch Tuesday for May, 2022. There’s a lot of news this month, and sunlight is proving to be the best disinfectant. It’s a big one.

This Month in Technology

AA Traveller, Adaptive Health Integrations, AGCO, Aimware, Amazon Web Services, American Dental Association, Android, Apple, ARcare, Aruba and Avaya network switches, Austin Peay State University, Avvo, Bank of Israel, Beanstalk, Bob’s Red Mill Natural Foods, Central Florida Cardiology Group, Cisco Umbrella Virtual Appliances, Coca-Cola, Costa Rica government, County of Los Angeles Department of Mental Health, Dedalus Biology, Deus, Devil-Torrents, Discord, District 518 in Minnesota, Docker servers, DVR devices, EGAIS, F5 BIG-IP, Facebook, Fairfield County Implants and Periodontics, LLC, Fei protocol, Ferrari, Funky Pigeon, GHT Coeur Grand Est. Hospitals and Health Care group, Good Samaritan in West Palm Beach, Google, HealthActions, P.A., Healthplex, Inc, Heroku, Hetzner Online GmbH, IKEA Canada, Illinois Gastroenterology Group, PLLC, Illuminate Education, Kellogg Community College, Kenosha Community Health Center, King County Public Hospital District No. 2, La Casa de Salud, Lakeview Loan Servicing, Lincoln College, Linux, Lutheran Services Carolinas, Mental Health Center of Greater Manchester, MetroHealth System, Microsoft Azure, Microsoft Exchange servers, Nauru Police Force, New Creation Counseling Center, Newman Regional Health, Nordex, Nordic Hotels & Resorts, NPM, Oklahoma City Indian Clinic, Onleihe, OpenSea, Optima Dermatology Holdings, LLC, PayHere, QIWI, QNAP, RainLoop, Rarible NFT, Romania, Ronin Network, RuTube, Scott County, IowaSelect Benefits Group, LLC dba Dental Select, Sixt, Smile Brands, Snapchat, Southern Ohio Medical Center, Spanish football federation, St. Mary’s Medical Center in West Palm Beach, State Bar of Georgia, SUMMIT EYE ASSOCIATES P.C., Sunwing Airlines, Synology, T-Mobile, The Energy Cooperative Group Benefits Plan, The Mental Health Center of Greater Manchester, Twitter, U.S. DoD, UK Ministry of Defense, UK NHS, Ukrainian government, Urgent Team Holdings, US Department of Homeland Security (DHS) (with permission), US Health and Human Services, VMware Workspace ONE Access, Wayne Family Practice Associates, PC, WellDyneRx, LLC, Windows Event Logs, and WSO2 have reportedly been hacked or compromised this month.

Atlassian, Google Docs, WhatsApp, and Xbox have suffered from widespread outages.

A software bug in Harris County Jail has caused problems with hundreds of cases, preventing access to arrest and hearing information, resulting in major issues for law enforcement and the DA.

Google has added a feature to fight doxxing by removing supplied personal information from search results. This would, of course, not be so ridiculous if they hadn’t recently shared victim information with scammers so they could be scammed or abused all over again.

Science is still a joke. So is the news. And yes, the vaccines are shedding. Yet, governments are still penalizing those who refuse to participate in the experiments. VAERS is being purged in violation of federal law. Search warrants are passé. Did you know that the USPS is a spying agency?  Facebook’s Meta is a bunch of hypocrites.

The US federal government has announced a new Disinformation Governance Board under the Department of Homeland Security to combat “disinformation,” staffed by the same people that have promulgated lies and deceit for years, complicit in the very deception they claim to want to prevent. It’s different when they do it, though.

There is a very dark side of electric vehicles, including child slavery, and they still produce CO2 directly, too.

Various open source projects, node-ipc, which wiped the drives of Russian users, and event-source-polyfill “protest” by changing their behavior based on the user, or who they perceive the user to be. Projects like this destroy the trust of all of their users, even if they agree with their agenda. You never know what signal they’ll choose to use against you in the future. Others, including Avast, Coinbase, even CAs (certificate authorities), Dell, DuckDuckGo, GitHub, hacked WordPress sites, Google Play, Google News, Mozilla Firefox, and many others, are projecting their own politics on the world. Disagree and be censored.

iOS and iPadOS updates, security updates, are now being delayed by up to four weeks after release for those who have automatic updates enabled. Just how defective does your release quality testing have to be to postpone security updates for a month?

There’s yet another speculative execution vulnerability in pretty much every CPU. UPS (uninterruptible power supplies/battery backups) demonstrate the significance of a default password vulnerability. The Smart Meters that were promised to never be used to collect personal information are now being used with AI to profile individuals and households.

In an effort to make everyone want to abandon Windows, Microsoft is now pushing ads within the new File Explorer on Windows 11.

Cloud service providers can disappear on a whim. The recent disappearance of the entire Insteon service from under the feet of those that, in some cases, paid thousands of dollars for hardware to work with this home automation provider, demonstrates the insanity of reliance on external services.

Nigeria has blocked 73 million mobile phones (more than half of the Internet-connected population!) for failing to sign up for their digital identity/social credit ecosystem. Most people in Nigeria, like the vast majority of people in nations across the planet, only have access to the Internet through their mobile phones, so this digital identity implementation is intentionally cutting many users in that tiny nation from the Internet.

There is growing evidence that the entire national food supply is at risk, as well as dozens of food processing facilities (much more than in previous years). In response, California is paying farmers not to grow food.

Now for the good news:

When you think about how similar search results have become, this video will blow your mind: Where did the rest of the Internet go? Consider Swisscows for better variety, privacy and breadth of search.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday is quite large this month. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates to address 77 vulnerabilities in .NET and Visual Studio, .NET Framework, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Local Security Authority Server, Microsoft Office, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Windows ALPC, Remote Desktop Client, Servicing Stack Update, Servicing Stack Updates, Tablet Windows User Interface, Visual Studio, Visual Studio Code, Windows Active Directory, Windows Address Book, Windows Authentication Methods, Windows BitLocker, Windows Cluster Shared Volume (CSV), Windows Failover Cluster Automation Server, Windows Fax Service, Windows Hyper-V, Windows Kerberos, Windows Kernel, Windows LDAP – Lightweight Directory Access Protocol, Windows Media, Windows Network File System, Windows NTFS, Windows Point-to-Point Tunneling Protocol, Windows PowerShell, Windows Print Spooler Components, Windows Push Notifications, Windows Remote Access Connection Manager, Windows Remote Desktop, Windows Remote Procedure Call Runtime, Windows Server Service, Windows Storage Spaces Controller, Windows WLAN Auto Config Service, and MSRT (~2 GB). This includes security updates. A reboot is required.

Google Chrome OS 101.0.4951.59 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Fedora 36-1.5 is a major update, including library and dependency updates. This is not a security update.
https://getfedora.org/en/workstation/download/

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.5.0 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

HP M281cdw Firmware 20220414 is a security update.
https://support.hp.com/us-en/drivers/selfservice/hp-color-laserjet-pro-m280-m281-multifunction-printer-series/14142489/model/16748237

Logitech Unify 2.52.33 is a security update.
https://support.logitech.com/en_us/software/unifying

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.38.111 is a security update. Use Menu, Help, About to get the most current version.
https://brave.com/

Google Chrome 101.0.4951.54 is a security update. Use Menu, Help, About to get the most current version.
https://www.google.com/chrome/

Microsoft Edge 101.0.1210.39 is a security update. Use Menu, Help, About to get the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 100.0 is a security update. Use Menu, Help, About to get the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 91.9.0 is a security update. Use Menu, Help, About to get the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

SeaMonkey 2.53.12 is a security update. Use Menu, Help, About to get the most current version.
https://www.seamonkey-project.org/

Vivaldi 5.2.2623.41 is a security update. Use Menu, Help, About to get the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.10.3 resolves several bugs. This is not a security update.
https://getmailspring.com/

NK2Edit 3.44 adds column sorting from menus. This is not a security update.
https://www.nirsoft.net/utils/outlook_nk2_edit.html

Thunderbird 91.9.0 is a security update. Use Menu, Help, About to get the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.0.8 improves compatibility with Windows 11 and resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads

AnyDesk (macOS) 6.5.1 resolves several bugs and adds option to remove all stored session profiles. This is not a security update.
https://anydesk.com/en/downloads

curl 7.83.0 adds several new features and resolves dozens of bugs. This is not a security update.
https://curl.haxx.se/windows/

Dropbox 147.4.4800 adds backup settings and sync configuration, right-click menu capabilities, and taskbar icon changes. This is not a security update.
https://www.dropbox.com/

FileZilla Server 1.4.1 resolves several bugs and improves upgrade converter. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.20 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Drive 57.0 improves notifications and resolves several bugs. This is not a security update.
https://drive.google.com/start

Omada Software Controller 5.3.1 adds over 20 new features and a dozen fixes. This is not a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Java 8u333 is a security update. This is the second update in two weeks, and one of the rare out-of-cycle updates from Oracle. If you have Java installed, update as soon as possible.
https://www.java.com/en/download/manual.jsp

Nextcloud Server 23.0.4 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Rclone 1.58.1 resolves several bugs. This is not a security update.
https://rclone.org/

Syncthing 1.20.1 resolves a stability bug. This is not a security update.
https://syncthing.net/

Signal 5.42.0 resolves several bugs. This is not a security update.
https://signal.org/download/windows/

Technitium DNS Server 8.1 resolves several bugs and improves reliability. This is not a security update.
https://technitium.com/dns/

Telegram 3.7.3 resolves several bugs. This is not a security update.
https://telegram.org/

Zoom 5.10.4.5035 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Plex Desktop 1.44.0.2981 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Home Theater 1.15.1.2976 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app

Plex Media Server 1.26.0.5715 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server

VLC Media Player 3.0.17.4 should be treated as a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

Battle.net Client 2.9.0.13279 resolves several bugs. This is not a security update.
https://us.battle.net/en/app/

Epic Games 14.0.7 resolves several bugs. This is not a security update.
https://www.epicgames.com/

Nintendo Switch 14.1.1 improves stability. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989

PlayStation PS3 4.89 reduces on-device features (such as account creation and management) to improve device security.
https://www.playstation.com/en-us/support/hardware/ps3/system-software/

PlayStation PS5 22.01-05.02.00 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Artweaver 7.0.12 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Krita 5.0.6 resolves two crash bugs, and follows shortly after the 5.0.5 release which resolves dozens of outstanding bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.3.3 resolves nearly 100 bugs. This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 3.5.0 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.4 updates the Scintilla library. Be aware that some plugins may not work after this update until they’re made compatible with the new release. This is not a security update.
https://notepad-plus-plus.org/

OpenOffice 4.1.12 resolves several bugs. This is not a security update. I recommend using LibreOffice instead of OpenOffice. It’s much better maintained and does not rely on an external 32-bit Java dependency.
http://www.openoffice.org/download/

PDF-XChange Editor 9.3.361.0 resolves several bugs. This is not a security update.
https://www.tracker-software.com/product/pdf-xchange-editor

Calibre 5.42.0 resolves several bugs. This is not a security update.
https://calibre-ebook.com/

Kindle for PC 1.36.65107 doesn’t provide a changelog so should be treated as a security update.
https://www.amazon.com/kindleforpc

Adobe Reader DC 22.001.20117 is a security update. Use Help, Check for Updates to get the most current version.
https://get.adobe.com/reader

Adobe Reader DC (Mac) 22.001.20112 is a security update. Use Help, Check for Updates to get the most current version.
https://get.adobe.com/reader

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 5.0 is a major update with updates to several libraries, newer hardware support, and resolving several bugs. This is a security update.
https://tails.boum.org/install/dvd/index.en.html

Gpg4win 4.0.2 resolves dozens of bugs and updates libraries. This is a security update.
https://www.gpg4win.org/download.html

KeePass 2.51.1 resolves dozens of bugs. This is a security update.
https://keepass.info/

MalwareBytes Anti-Malware 4.5.8 improves performance and resolves several bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/

MalwareBytes Anti-Malware Mac 4.15 resolves several bugs. This is not a security update.
https://www.malwarebytes.com/mac/

OpenSSL 3.0.3 is a security update.
https://curl.se/windows/

RogueKiller 15.5.0 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.41.0 adds dark mode, and resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.10.2 improves collection management. This is not a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

YARA 4.2.1 resolves several bugs. This is not a security update.
https://github.com/countercept/chainsaw

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.37 updates libraries, resolves several bugs, and adds AV1 export. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 22.0.2 is a security update.
https://download.techsmith.com/snagit/releases/snagit.msi

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.7.1 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

Education updates

One or more of these are likely to be of interest to most people.

Zotero 6.0.7 adds new features and resolves several bugs. This is not a security update.
https://www.zotero.org/

Utility Updates

These are unlikely to be of interest to most people.

Bitwarden 1.33.0 resolves several bugs. This is not a security update.
https://bitwarden.com/

CPU-Z Installer 2.01 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 9.85 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Etcher 1.7.9 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Git SCM 2.36.1 resolves several bugs. This is not a security update.
https://git-scm.com/

GoodSync 11.10.9 improves compatibility and resolves several bugs. This is not a security update.
https://www.goodsync.com/

HWMonitor 1.46 adds support for new hardware and new sensors. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

NTLite 2.3.4.8675 cleans up leftovers from previous updates. This is not a security update.
https://www.ntlite.com/download/

OpenToonz 1.6.0 adds several new features, bug fixes and performance improvements. This is not a security update.
https://github.com/opentoonz/opentoonz/

osquery 5.2.3 is a security update.
https://osquery.io/downloads

AOMEI Partition Assistant 9.7.0 adds speed test, and app mover improvements. This is not a security update.
https://www.diskpart.com/

PointerStick 5.77 adds support for dark mode, improves DPI scaling, and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.58.0 resolves a dozen bugs. This is a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 9.2.7 resolves compatibility issues. This is not a security update.
https://www.roboform.com/

ScreenConnect 22.4.7745.8154 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SmartMonTools 7.3 resolves several bugs, adds support for new hardware, and several new diagnostic and testing options. This is not a security update.
https://smartmontools.org/

Speccy 1.32.774 improves hardware support. This is not a security update.
https://www.piriform.com/speccy

Synergy 1.14.3 improves compatibility. This is not a security update.
https://symless.com/synergy/

TeamViewer 15.29.4 resolves a file transfer bug. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

Unity 2022.1.0 resolves dozens of bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive

WhyNotWin11 2.4.3.2 resolves several bugs and improves detection and command-line support. This is not a security update.
https://github.com/rcmaehl/WhyNotWin11

WinScan2PDF 7.77 improves TWAIN support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

ZoomText 2022.2204.21.400 resolves several bugs. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.34.01 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

AutoIt 3.3.16.0 resolves dozens of bugs and adds several new features. This is not a security update.
https://www.autoitscript.com/autoit3/docs/history.htm

Docker Desktop 4.8.1 adds several new features, updates libraries, and resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

GitHub Desktop 3.0.0 updates notification capabilities, and resolves several bugs. This is not a security update.
https://desktop.github.com/

Inno Setup 6.2.1 is a security update.
https://www.jrsoftware.org/isdl.php

MySQL Server 8.0.29 is a security update.
https://dev.mysql.com/downloads/installer/

MySQL ConnectorNet 8.0.29 is a security update.
https://dev.mysql.com/downloads/connector/net/

Node.js 14.19.2 is a security update.
https://nodejs.org/en/

Node.js 16.15.0 adds fetch API and resolves several bugs. This is not a security update.
https://nodejs.org/en/

Node.js 18.1.0 updates dependencies and resolves several bugs. This is not a security update.
https://nodejs.org/en/

SQLite 3.38.5 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Visual Studio Code 1.67.1 is a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.34 resolves dozens of bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.19 improves compatibility. This is not a security update.
https://coppermine-gallery.net/

Drupal 9.2.17 resolves several bugs. This is not a security update.
https://drupal.org/download

Drupal 9.3.12 is a security update.
https://drupal.org/download

HumHub 1.11.1 is a security update.
https://www.humhub.com/en/download

Joomla 4.1.3 resolves several bugs. This is not a security update.
https://www.joomla.org/

SMF 2.1.2 is a security update.
https://www.simplemachines.org/

YOURLS 1.9 is a security update.
https://yourls.org/

Akismet 4.2.3 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/akismet/

Autoptimize 3.0.4 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

Slider Revolution 6.5.20 resolves several bugs. This is not a security update.
https://revolution.themepunch.com/

Social Post Feed 4.1.3 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

Duplicator 1.4.5 improves several features, This is not a security update.
https://wordpress.org/plugins/duplicator/#developers

Interactive World Map 3.1.9.2 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/interactive-world-map/

Postie 1.9.60 improves translatable strings. This is not a security update.
https://wordpress.org/extend/plugins/postie/

WooCommerce 6.4.1 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WP Mail SMTP 3.4.0 improves compatibility, integration, and resolves a couple bugs. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2022-03-08

Welcome back, Folks!

Today is Patch Tuesday for March, 2022. It’s a big one. This month is ugly – and not just in the tech world. It seems that in the same breath that the elite acknowledged and swept the COVID hysteria under the rug, admitting their intervention was entirely propaganda, every government, financial system, media outlet, and software vendor has chosen to simultaneously swallowed a new collection of (quickly disproven) propaganda without the slightest hint of irony. Sigh. We can only do what we can do, but do not be afraid to talk about it. Censorship is how you make enemies, not friends.

This Month in Technology

A1 Hrvatska, Adafruit, Aetna ACE, Allen ISD, Alliance Physical Therapy Group, LLC, Amazon Alexa, AON, Ascension Michigan (single affiliated covered entity) ACE, Asterisk, Asustor NAS devices, Axeda agent, Axis Communications, Baltimore Mayor’s Office of Children and Family Success, Beetle Eye, Belarus online services, Bible Fellowship Church Homes, Bronx Addiction Services Integrated Concepts Systems, Inc., CA State Bar, CareOregon Advantage, Caritas Internationalis, CBORD’s GET Mobile security platform, Charlotte Radiology, Cisco’s Email Security Appliance, Coinbase, Community Medical Center, Comprehensive Health Services LLC, Conti ransomware gang, Credit Suisse, Crossroads Health, CVS Pharmacy, dozens of COVID passport apps, Dr. Morrow, Element Vape, Englewood Health, EPIC Pharmacy Network, Inc., Expeditors International, Extend Fertility, Family Christian Health Center, Family Fare LLC, Fleetwood Area School District, FlexBooker, Gems Education, GiveSendGo/Canadian Freedom Convoy, Google Android, Harbour Plaza Hotel, Hays USD 489, Highland Hospital, Houston Health Department, Intel CPU vulnerabilities can expose your cryptographic keys, International Committee of the Red Cross, Internet Society (ISOC), Ireland’s Health Service, Jackson County Hospital District, JAX Spine and Pain Centers, Jersey City Medical Center, KLAYswap, La Posada at Park Centre, Inc., LAPSUS$, LendUs, Liberty of Oklahoma Corporation, Logan Health Medical Center, MacGeneration, Memorial Hermann Health System, Meyer, Microsoft, Microsoft App Store, Microsoft Azure, Microsoft Exchange, Microsoft SQL Servers, Mizuno, Monongalia Health System, more than 500 Magento 1-based online stores, Morley Companies, Moscow Stock Exchange, Motorola Solutions Inc, new form of distributed denial of service attack, New York State’s Joint Commission on Public Ethics, Nvidia (and it’s BAD), Ohlone College, Oklahoma City Police Department Rape Kit information, Okta Advanced Server Access, PressReader, Priority Health, PROMESA, Puma, Reality Winner’s Twitter account, Rompetrol, Russian TV stations, Samsung Electronics (including source code), San Francisco 49ers, SAP Internet Communication Manager, Sberbank, Sea Mar Community Health Centers, Seneca Nation Health System, South Shore Hospital, Swissport, T-Mobile, Taylor, Ganson & Perrin LLP, TfNSW, the Russian Military, Town Home Care, LLC, Toyota Motor Corp., UK’s Foreign Office, UK’s Information Commissioner’s Office, Ukraine local government websites, Ukrainian Cabinet of Ministers, Ukrainian Ministry of Defense, Ukrainian Ministry of Foreign Affairs, Ukrainian Verkhovna Rada, UMass Memorial Health, Inc., 52 organizations from multiple US critical infrastructure sectors, US defense contractors, US Radiology Specialists, Inc., Viasat, Visual Voice Mail, Vodafone Portugal, VxWorks-based Smart Infusion Pumps, Washington Department of Licensing, WatchGuard firewalls, Williamsville Central School District, Zabbix servers, Zenly, and Zoe Therapy Services have been hacked.

Slack and Twitter both had large outages.

AB Volvo, Activision Blizzard, Adobe, Airbnb, Apple, Apple Maps, Apple Pay, Aston Martin, BMW, Cisco, Coinbase, Daimler Truck, Dell, Epic Games, Ford Motor Company, Google, Google AdWords, Google Maps, Harley-Davidson, Intel, Jaguar Land Rover, Jolla, Mastercard, Mercedes-Benz, Microsoft, Mitsubishi Motors, Namecheap, Netflix, Nintendo, PayPal, Reddit, Readdle, Samsung Electronics, Snapchat, Spotify, SWIFT, Telegram, The EU, TikTok, Toyota Motor Corporation, Twitter, Ubisoft, Visa, Volkswagen, and YouTube have imposed their own private sanctions on Russia and sometimes Belarus.

In response to software vendors (Apple, Microsoft, Readdle and others) imposing their own form of sanctions on Russia, Russia has passed new a licensing law, effectively greenlighting piracy. After ceasing reporting from Russia, the BBC has launched Tor access in several languages. Meanwhile Russia blocks sites that violate their new propaganda law and even rocket sales to the US.

Elon Musk, never a stranger to controversy, has declared that his Starlink service will not bow to censorship demands.

It was disheartening when Canada stole the bank accounts of anyone who dared to donate to a legal protest and dispatched Antifa and the UN to put down protestors

it was worse when they simply locked down all the banks (or at least realized the damage they were doing to themselves), even if they did quickly reverse their insanity. The Mercury account lockouts affected “a large set of accounts” throughout Africa. Worse yet, the entire world banking system has locked out Russia. By the way, do Google and Apple think that disabling their pay platforms in Russia will be the move that will encourage adoption by the rest of the world?

On the topic of social credit systems, I’d like to address the theory that cryptocurrency can be used in spite of bank interventions and government lockdowns. That’s not always the case, as Coinbase demonstrated this week.

As if spurned to action by the recent release of vaccine information and bribery, Twitch is now banning streamers that share “misinformation,” such as the actual medical fraud vaccine information and research by the vaccine manufacturers themselveswill now be banned.

That’s ok, you can go back to “real life” now that cities are opening back up. Did the science change, is it all part of some greater agenda, or are people just bored?

With such a war on truth and science, how can anyone fall for the Battle of Snake Island, Ghost of Kiev, Ukrainian ransomware, or any of the dozen other examples of legacy media propaganda right now?

The CIA has been conducting bulk surveillance on US citizens and the Supreme Court is okay with police planting hidden cameras throughout your property. Telegram isn’t as secure as you might think it is.

Oh – Let’s talk about Apple AirTags…one lady tracked her shipped goods with them and caught the mover lying about it. I’m more skeptical of this story about exposing a secret intelligence service, but the reality is that stalking and tracking for vehicle/home theft are part of the downside.

Microsoft is testing a new build of Windows 11 Pro that will now require a Microsoft account in order to be able to use Windows. This directly violates their previous statements about not forcing Windows Professional and Enterprise versions to use Microsoft accounts. While this will increase deployment and maintenance costs, the real trouble is going to be with transient users that are forced to login with “a” Microsoft account on a business machine and will no longer be able to easily untie that machine or role account from the deeply embedded Microsoft “features.”

Meris Botnet was used to target a single website with over 21 million requests per second. Google Drive is flagging native macOS files as violating copyright. Another new rootable vulnerability has been discovered for Linux. The EU is trying to mandate weakened security so they can better enforce the GDPR, digital identity and social credit systems.

Now for the good news:

The problem with cryptocurrency is that it necessarily depends on a public ledger (the blockchain). Espresso intends to fix that.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is a big one. The typical computer should see roughly 2.2 GB in updates today. Let’s get started.

Microsoft released updates for .NET and Visual Studio, HEIF Image Extension, HEVC Video Extension, Microsoft 365, Raw Image Extension, Remote Desktop client, VP9 Video Extension, Windows 10, Windows 7, Windows 8.1, Windows RT, Windows Server, Azure Site Recovery, Microsoft Defender for Endpoint, Microsoft Defender for IoT, Microsoft Edge, Microsoft Exchange Server, Microsoft Intune, Microsoft Office Visio, Microsoft Office Word, Microsoft Windows ALPC, Microsoft Windows Codecs Library, Paint 3D, Role: Windows Hyper-V, Skype Extension for Chrome, Tablet Windows User Interface, Visual Studio Code, Windows Ancillary Function Driver for WinSock, Windows CD-ROM Driver, Windows Cloud Files Mini Filter Driver, Windows COM, Windows Common Log File System Driver, Windows DWM Core Library, Windows Event Tracing, Windows Fastfat Driver, Windows Fax and Scan Service, Windows HTML Platform, Windows Installer, Windows Kernel, Windows Media, Windows PDEV, Windows Point-to-Point Tunneling Protocol, Windows Print Spooler Components, Windows Remote Desktop, Windows Security Support Provider Interface, Windows SMB Server, Windows Update Stack, XBox, and MSRT (~1.5 GB). This includes security updates. A reboot is required.

Apple released updates for iOS 15.3.1 and iPadOS 15.3.1, macOS Monterey 12.2.1, macOS Big Sur 11.6.4, Security Update 2022-002 Catalina, Safari 15.3, and watchOS 8.4.2. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 15.3.1 is a security update. Use Settings, General, Software Update to install the most current update.

iPadOS 15.3.1 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 8.4.2 are security updates. Use the Watch app on your iPhone to install the most current version.

Google Chrome OS 98.0.4758.107 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 6 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.4.9 improves cleanup. This is not a security update.

HP M281cdw Firmware 20211221 resolves the network stability issue from the previous firmware that effectively disabled the device.

Logitech Options 9.60.87 is a security update.

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.36.111 is a security update.

Firefox 98.0 is a security update.

Firefox ESR 91.7.0 is a security update.

Google Chrome 99.0.4844.51 is a security update.

Microsoft Edge 99.0.1150.36 is a security update.

SeaMonkey 2.53.11 is a security update.

Vivaldi 5.1.2567.57 is a security update.

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.10.0 is a major update to the underlying code, adding ARM support, improved spellcheck, performance, and port improvements. This is not a security update.

Thunderbird 91.6.2 is a security update.

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk 7.0.6 improves password management and resolves several bugs. This should be treated as a security update.

curl 7.82.0 resolves dozens of bugs and adds several new automations. This is not a security update.

Dropbox 143.4.4161 doesn’t provide a changelog so should be treated as a security update.

FileZilla Client 3.58.0 updates libraries, log details and prepares for 2FA support. This is not a security update.

FileZilla Server 1.3.0 is a security update.

FreeFileSync 11.18 resolves several bugs. This is not a security update.

Omada Software Controller 5.1.7 resolves several bugs, adds new services and features, increases hard limits, and adds support for newer hardware. This is not a security update.

Skype 8.81.0.268 resolves several bugs and adds ability to revoke and recreate profile. This is not a security update.

Syncthing 1.19.1 resolves several bugs. This is not a security update.

WinSCP 5.19.6 is a security update.

Zoom 5.9.7.3931 is a security update.

Media Updates

These are unlikely to be of interest to most people.

darktable 3.8.1 improves performance and stability, and resolves several bugs. This is not a security update.

iTunes 12.12.2.2 doesn’t provide a changelog so should be treated as a security update.

Plex Desktop 1.41.0.2876 resolves DVR and LiveTV bugs, and improves search. This is not a security update.

Plex Home Theater 1.12.0.2884 resolves several bugs, resolution and MPV improvements, and improves stability. This is not a security update.

Plex Media Server 1.25.6.5577 resolves several bugs, improves collection, smart filtering, and reliability during media changes and replacement. This is not a security update.

Adobe Photoshop 22.5.6 and 23.2 are security updates.

Adobe Illustrator 26.1.0 is a security update.

Adobe After Effects 22.2.1 and 18.4.5 are security updates.

Game Updates

These are unlikely to be of interest to most people.

Epic Games 13.2.0 resolves several bugs. This is not a security update.

GameMaker Studio 2022.2.0.614 adds Text-In-Sequence, Track-In-Sequence, changes array behavior, updates libraries, and resolves dozens of bugs. This is not a security update.

Steam 2022.03.04 resolves over 20 bugs. This is not a security update.

PlayStation PS5 21.02-04.51.00 improves performance. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Atom 1.60.0 improves usability and resolves dozens of bugs. This is not a security update.

IcoFX 3.7 resolves several bugs and improves compatibility. This is not a security update.

LibreOffice Fresh 7.3.1 resolves over a hundred bugs, including crash and freeze issues. This is not a security update. Remember that the Fresh line is beta software and should be avoided in favor of the Still (stable) version by most users.

Nextcloud Desktop 3.4.3 resolves several bugs. This is not a security update.

Notepad++ 8.3.2 resolves several bugs. This is not a security update.

Paint.net 4.3.8 resolves several bugs and updates libraries. This is not a security update.

Calibre 5.38.0 resolves several bugs and adds new news sources. This is not a security update.

Adobe Reader DC 22.001.20085 is a security update.

Security Software Updates

One or more of these is likely to be of interest to most people.

MalwareBytes Anti-Malware 4.5.4 resolves a dozen bugs. This is not a security update.

RogueKiller 15.4.0 resolves several bugs. This is not a security update.

uBlock Origin 1.41.8 resolves several bugs. This is not a security update.

Velociraptor 0.6.3 adds several new features and improves performance. This is not a security update.

Wireless Network Watcher 2.30 adds custom context menu items option. This is not a security update.

Capture Updates

These are unlikely to be of interest to most people.

Elgato Game Capture HD 3.70.56 updates Twitch API. This is not a security update.

Open Broadcaster Software 27.2.3 resolves dozens of bugs. This is not a security update.

ScreenToGif 2.36 resolves several bugs and adds new installation packages and package types. This is not a security update.

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 12.0.6.3 adds support for new encodings and resolves several bugs. This is not a security update.

IsoBuster 4.9.1 doesn’t provide a detailed changelog so should be treated as a security update.

MakeMKV 1.16.7 improves reliability and resolves several bugs. This is not a security update.

Utility Updates

These are unlikely to be of interest to most people.

Agent Ransack 2022.3307 resolves several bugs and adds new columns for Folder Depth, Product Version, File Version, and filtering for Owner and Product Version. This is not a security update.

Autoruns 14.09 resolves a reliability bug. This is not a security update.

Bitwarden 1.31.3 resolves several bugs. This is not a security update.

Carbonite 6.4.1 resolves two bugs. This is not a security update.

CPU-Z 2.00 adds support for new hardware. This is not a security update.

DesktopOK 9.71 resolves several bugs. This is not a security update.

DMDE 4.0.0.800 adds Btrfs support, improves ReFS, and resolves several bugs. This is not a security update.

dnGrep 3.0.29.0 resolves several bugs. This is not a security update.

Etcher 1.7.7 updates libraries, improves updater, and resolves several bugs. This is a security update.

FileLocator Pro 2022.3307 resolves several bugs and adds new columns for Folder Depth, Product Version, File Version, and filtering for Owner and Product Version. This is not a security update.

GoodSync 11.10.5 resolves dozens of bugs. This is not a security update.

grepWin 2.0.10 improves cosmetics. This is not a security update.

Nextcloud Server 23.0.2 updates libraries and resolves dozens of bugs. This is not a security update.

NTLite 2.3.4.8643 resolves several bugs. This is not a security update.

osquery 5.2.2 updates libraries, improves compatibility, and resolves several bugs. This is a security update.

AOMEI Partition Assistant 9.6.1 resolves several bugs. This is not a security update.

PowerToys 0.56.2 adds new features and resolves several bugs. This is not a security update.

ProcessMonitor 3.89 resolves a crash bug. This is not a security update.

Recuva 1.53.2065 adds telemetry. This is not a security update.

Macrium Reflect 8.0.6636 resolves several bugs. This is not a security update.

ScreenConnect 22.2.7029.8094 resolves several bugs. This is not a security update.

SimpleWMIView 1.48 adds quick-filter option “begins with.”

Sysmon 13.33 resolves a crash bug and improves memory handling. This is not a security update.

TaskSchedulerView 1.70 adds option to open task folder and enable or disable header line in exports. This is not a security update.

Unity 2021.2.14 updates libraries and resolves several bugs. This is not a security update.

Wazuh Agent 4.2.5 resolves several bugs. This is a security update.

WifiInfoView 2.75 adds MAC Group column, MAC Group filtering and 64-bit build. This is not a security update.

WinGet 1.1.12653 resolves dozens of bugs. This is not a security update.

WinRAR 6.11 improves reliability and compatibility. This is not a security update.

WinScan2PDF 7.55 improves reliability. This is not a security update.

WizTree 4.08 adds custom filtering for full scan results. This is not a security update.

ZoomText 2022.2202.36.400 adds new voices and languages, improves compatibility, and resolves several bugs. This is not a security update.

Developer Updates

These are unlikely to be of interest to most people.

ADB 33.0.0 resolves a crash bug. This is not a security update.

Docker Desktop 4.5.1 is a security update.

GitHub Desktop 2.9.11 resolves several bugs. This is not a security update.

Godot 3.4.3 resolves dozens of bugs. This is not a security update.

Node.js 16.14.0 resolves dozens of bugs. This is not a security update.

Node.js 17.6.0 updates libraries and resolves dozens of bugs. This is not a security update.

SQLite 3.38.0 resolves several bugs and updates syntax and compatibility. This is not a security update.

Visual Studio Code 1.65.1 is a security update.

Web Package Updates

These are likely to be of interest only to web developers.

Dada Mail 11.18.0 adds LWP support and resolves an invalid mailbox bug. This is not a security update.

Drupal 9.2.13 is a security update.

Drupal 9.3.7 is a security update.

Joomla 4.1.0 is a major update adding task scheduling, child template overrides, accessibility improvements and syntax highlighting. This is not a security update.

MailArchiva 8.7.4 improves performance. This is not a security update.

MailEnable 10.38 updates libraries and resolves several bugs. This is not a security update.

phpList 3.6.7 resolves several bugs. This is not a security update.

phpMyAdmin 5.1.3 is a security update.

SMF 2.1.1 is a major update release with several new features, and improves compatibility and reliability. This update will disable any mods and custom themes and some older mods and themes will need changes to be compatible. This is not a security update.

WordPress 5.9.1 resolves over 80 bugs. This is not a security update.

Antispam Bee 2.11.0 resolves several bugs. This is not a security update.

BuddyPress 10.1.0 resolves several bugs. This is not a security update.

Contact Form 7 5.5.6 resolves several bugs. This is not a security update.

Slider Revolution 6.5.18 resolves several bugs. This is not a security update.

Social Post Feed 4.1.2 resolves several bugs. This is not a security update.

myStickymenu 2.5.8 resolves a couple bugs and adds cosmetic and layout features. This is not a security update.

Widgets on Pages 1.6.0 is a security update.

WooCommerce 6.3.0 is a security update.

WP Mail SMTP 3.3.0 improves compatibility and resolves several bugs.

WordPress Zero Spam 5.2.15 is a security and woke-ness update. Since they’re now injecting content of their own choice into your website, they can no longer be trusted and you should remove this plugin from your websites.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2022-01-11

Welcome back, Folks!

Today is Patch Tuesday for January, 2022.

It’s a big one. This month has been insane. There’s always a surge in hacking events near holidays, but this month had almost double the *known* hacking events from previous months. What’s worse is that many of the vulnerabilities used were known weeks and sometimes years in advance, though the patches were not yet installed or the specific applications and services were simply not being maintained or secured. Grrrr.

This Month in Technology

A New Leaf, Inc., Advocate Aurora HealthAlabama Department of Rehabilitation ServicesAll in One SEOAmediaAndrew Sauchelli, DMDApache httpdApple Blossom Family PracticeAzure App ServiceBansley and Kiener (B&K), Belgium’s MilitaryBernalillo CountyBioPlus Specialty Pharmacy Services LLCBrazil’s Health MinistryBroward HealthC.E. Niehoff & CompanyChaddockCiox HealthCommission on ElectionsCOVID-19 Home TestsCrawford County Assessors OfficeDaniel J. Edelman Holdings, Inc., DatPiff, The De Montfort SchoolDouglas C Morrow ODPCDuneland School CorporationEvanston Township High SchoolExpresso and SICFertility Centers of Illinois, PLLC, FinalSiteFlexBookerFlorida Digestive Health Specialists LLP, Forensic Science IrelandFresenius Kabi infusion pump systemsGarrett metal detectorsGeorgia Bone & Joint Surgeons, P.C., Google Docs Comment PlatformGrass Valley, CAGumtreeH2 DatabaseHellmann Worldwide LogisticsImpresaInetum GroupiPhone 13James Kagan, MDJefferson Surgical ClinicKearsarge Regional School DistrictLastPassLog4j (several times)Loyola University Medical CenterLuxemburg-Casco School DistrictmacOS powerdirMcMenaminsMedQuest Pharmacy, Inc., Microsoft Active DirectoryMicrosoft TeamsMonkey Kingdom (via Grape), Monongalia Health System Inc., Monroe Public SchoolsMonterey Peninsula Unified School DistrictNetgear NighthawkNorthwest Broward Orthopaedics AssociatesNorth Shore Hebrew Academy High SchoolOG department storeONUSOregon Eye SpecialistsPeck & Associates, PC, Pithadia Medical Professional Services, Inc., ProtempsPulseTVQNAPRavkooRedLine StealerRhode Island Public Transit AuthorityR.R. Donnelley & SonsRunning Warehouse LLC, Sainsbury’sSaltzer HealthSaskatchewan Liquor and Gaming AuthoritySEGAShelley School DistrictShutterflySkate Warehouse LLC, Skin Care Specialty PhysiciansSotheby’s Realty’s BrightcoveSouthern Orthopaedic AssociatesSpar StoresStandard BankSuperior PlusSurgery Group SCT-MobileTackle Warehouse LLC, Tennis Warehouse LCC, Tiyuli and LametayelUAW Retiree Medical Benefits TrustUberUbisoftUK Defence AcademyUltimate Kronos GroupUS Commission on International Religious FreedomUScellular, Utah Department of Health, Virginia Division of Capitol PoliceVirginia General AssemblyVolvoWalgreen Co., WD MyCloudWelfare, Pension and Annuity Funds of Local No. ONE, I.A.T.S.E., and Zoho UEM have been hacked.

Norton 360 is now opting you in for their CPU cryptomining if you have their software installed. The very same software designed to protect you from evildoers that would take advantage of your computer to do this kind of thing…is now doing it. Apple has released an Android app under the auspice of helping users discover Tracker devices that might be tracking them…by enabling your device to allow them to communicate with the Apple Tracker network. Firefox still doesn’t properly support OCSP stapling. Dell BIOS updates are crashing devices. Microsoft has integrated their own financing platform into Edge.

Microsoft rang in the new year by breaking Microsoft Exchange (on-prem) for every server that had filtering enabled (almost all of them). Microsoft acknowledged the problem about 20 hours after it began and released resolution steps by deleting and rebuilding the scanning engine about 31 hours after it began. Sonicwall, too.

CloudflareAWS, Twitch, Zoom, PSN, Slack, Hulu, Imgur have had extended outages this month.

Please, for all that is holy, check your backups!

Phishing is an ever-growing problem. Sophos reminds us how to check for scams like this.

Now for the good news:

Mozilla has added Secure DNS to Firefox, now enabled by default. Unfortunately, this bypasses DNS filtering options you may have assigned yourself – so if you use Firefox you’ll need to enable your own DoH URLs within the settings.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is pretty big. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates for.NET Framework, Microsoft Dynamics, Edge, Exchange Server, Microsoft Office, SharePoint, Microsoft Teams, Active Directory, CLFS, Windows Cryptographic Services, Windows Defender, DirectX, Windows Installer, Windows RDP, Windows Remote Desktop, ReFS, Windows Security Center, Windows Storage Spaces, Windows Tile Data Repository, Windows UEFI, Windows User Profile Service, and MSRT (~2 GB). This includes security updates. A reboot is required.

Apple released updates for Safari 15.2. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

Google Chrome OS 96.0.4664.111 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 6 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.4.7 removes support for Vista, updates libraries, and improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.34.80 is a security update.
https://brave.com/

Google Chrome 97.0.4692.71 is a security update.
https://www.google.com/chrome/

Microsoft Edge 97.0.1072.55 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 96.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 91.5.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Iridium 2021.12.96 is a security update.
https://iridiumbrowser.de/

SeaMonkey 2.53.10.2 is a security update.
https://www.seamonkey-project.org/

Vivaldi 5.0.2497.35 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 91.5.0 is a security update.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

AnyDesk (macOS) 6.4.0 resolves a couple bugs. This is not a security update.
https://anydesk.com/en/downloads

curl 7.81.0 is a security update.
https://curl.haxx.se/windows/

Dropbox 139.4.4896 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Server 1.2.0 resolves several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.16 updates libraries and resolves several bugs. This is a security update.
https://www.freefilesync.org/download.php

Omada Software Controller 5.0.29 is a security update.
https://www.tp-link.com/us/support/download/omada-software-controller/

Prosody 0.11.11 resolves several bugs. This is not a security update.
https://prosody.im/download/start

Syncthing 1.18.6 improves usability. This is not a security update.
https://syncthing.net/

Telegram 3.4.3 resolves several bugs. This is not a security update.
https://telegram.org/

Zoom 5.9.1.2581 is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

darktable 3.8.0 makes nearly 4,000 changes including performance, bug fixes, new hardware support and more. This should be treated as a security update.
https://www.darktable.org/install/

Picard 2.7.2 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

TuneIn 1.25.0 does not provide a changelog so should be treated as a security update.
https://tunein.com/radio/home/

Game Updates

These are unlikely to be of interest to most people.

Steam 2022.12.16 resolves several bugs. This is not a security update.
https://store.steampowered.com/about/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 21.011.20039 is a security update.
https://get.adobe.com/reader

Adobe Acrobat and Reader 21.011.20039, 20.004.30020, and 17.011.30207 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb22-01.html

Adobe Illustrator 26.0.2 and 25.4.3 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb22-02.html

Adobe Bridge 12.0.1 and 11.1.3 are security updates.
https://helpx.adobe.com/security/products/bridge/apsb22-03.html

Adobe InCopy 16.4.1 is a security update.
https://helpx.adobe.com/security/products/incopy/apsb22-04.html

Adobe InDesign 16.4.1 is a security update.
https://helpx.adobe.com/security/products/indesign/apsb22-05.html

Audacity 3.1.3 improves stability. This is not a security update.
https://www.audacityteam.org/download/

Krita 5.0.2 is a major update. This version adds several features, resolves bugs and improves stability and reliability. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.2.5 resolves almost 100 bugs. This is not a security update. The “Fresh” line is beta software and should be avoided in favor of the stable version (“Still”) by most users.
https://www.libreoffice.org/

Nextcloud Desktop 3.4.1 resolves several bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 8.2 improves stability. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 4.3.7 resolves a stability bug. This is not a security update.
https://www.getpaint.net/

Security Software Updates

One or more of these is likely to be of interest to most people.

elementary OS 6.1
https://elementary.io/

Gpg4win 4.0.0 is a major update adding several new features and updates libraries. This is a security update.
https://www.gpg4win.org/download.html

KeePass 2.50 improves performance and generator, updates libraries, and resolves several bugs. This is not a security update.
https://keepass.info/

OpenSSL 1.1.1m is a security update.
https://www.openssl.org/source/

OpenSSL 3.0.1 is a security update.
https://curl.se/windows/

OpenSSL 3.0.1 is a security update.
https://slproweb.com/products/Win32OpenSSL.html

ReactOS 0.4.13 provides over 250 bug fixes and improvements. This is not a security update.
https://reactos.org/

RogueKiller 15.1.5 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

Tails 4.26 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

TinyWall 3.2.5 resolves several bugs. This is not a security update.
https://tinywall.pados.hu/

uBlock Origin 1.40.6 improves reliability. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.35.4 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

HandBrake 1.5.1 updates libraries, resolves several bugs and improves stability and reliability. This is not a security update.
https://handbrake.fr/

IsoBuster 4.9 adds support for new hardware, new formats, and resolves several bugs. This is not a security update.
https://www.isobuster.com/download.php

Utility Updates

These are unlikely to be of interest to most people.

7-Zip 21.07 adds VHDX support, improved parameter handling and compatibility. This is not a security update.
https://www.7-zip.org/

Agent Ransack 2022.3283 improves performance and reliability, and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

Aomei Partition Assistant 9.6.0 resolves several bugs and improves compatibility. This is not a security update.
https://www.diskpart.com/

Autoruns 14.07 resolves several bugs. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Active Directory Explorer 1.51 fixes a Windows Store packaging crash. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer

CacheSet 1.02 fixes a 64 bit OS regression. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/cacheset

Beyond Compare 4.4.1.26165 resolves several bugs and improves compatibility. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

ControlMyMonitor 1.31 adds a new parameter for Secondary displays. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

CPU-Z 1.99 adds support for new hardware and resolves a couple bugs. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 9.51 adds dark mode. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

dnGrep 2.9.482.0 resolves several bugs. This is not a security update.
https://dngrep.github.io/

Etcher 1.7.3 is a security update.
https://www.balena.io/etcher/

Everything 1.4.1.1015 resolves several bugs. This is not a security update.
https://www.voidtools.com/

Everything CLI 1.1.0.21 resolves several bugs. This is not a security update.
https://www.voidtools.com/

FileLocator Pro 2022.3283 provides performance and reliability improvements. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

GoodSync 11.10.0 resolves several bugs and improves stability. This is not a security update.
https://www.goodsync.com/

Homedale 2.02 improves colors. This is not a security update.
https://www.the-sz.com/products/homedale/

Macrium Reflect 8.0.6495 doesn’t provide a changelog, so should be treated as a security update.
https://www.macrium.com/reflectfree

NTLite 2.3.2.8526 updates libraries and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

osquery 5.1.0 adds resource limiting, new objects, and resolves several bugs. This is not a security update.
https://osquery.io/downloads

PowerToys 0.53.1 adds several new features and resolves bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Process Monitor 3.87 fixes resolves several bugs. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

Samsung Magician 7.0.1 is a major update, but doesn’t provide a changelog so should be treated as a security update.
https://www.samsung.com/semiconductor/minisite/ssd/download/tools/

SearchMyFiles 3.16 is a cosmetic update. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

Sysmon 13.31 improves reliability. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

TeamViewer 15.25.8 fixes a VOIP bug. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

TraceRouteOK 2.71 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

WifiInfoView 2.72 updates the internal MAC database and resolves a high-DPI bug. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

ZoomText 2022.2112.10.400 resolves several bugs and improves display. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText

Developer Updates

These are unlikely to be of interest to most people.

Maraura 3.9.7 updates Java support and libraries, and resolves several bugs. This is a security update.
http://arianne.sourceforge.net/engine/marauroa.html

Docker Desktop 4.3.2 updates the scan engine to detect log4j vulnerabilities. This is a security update.
https://www.docker.com/products/docker-desktop

Godot 3.4.2 updates libraries and resolves several bugs. This is a security update.
https://godotengine.org/

Node.js 12.22.9 is a security update.
https://nodejs.org/en/

Node.js 14.18.3 is a security update.
https://nodejs.org/en/

Node.js 16.13.2 is a security update.
https://nodejs.org/en/

Node.js 17.3.1 is a security update.
https://nodejs.org/en/

SQLite 3.37.2 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 9.3.2 resolves a major stability bug. This is not a security update.
https://drupal.org/download

HumHub 1.10.3 is a security update.
https://www.humhub.com/en/download

MailArchiva 8.5.6 resolves several bugs. This is not a security update.
https://mailarchiva.com/

ownCloud Server 10.9 is a security update.
https://owncloud.org/install/

Piwigo 12.2.0 resolves several bugs. This is not a security update.
https://piwigo.org/

ScreenConnect 21.14.5924.8013 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SMF 2.0.19 is a security update.
https://www.simplemachines.org/

WordPress 5.8.3 is a security update.
https://wordpress.org/

Slider Revolution 6.5.14 updates libraries and resolves several bugs. This is not a security update.
https://revolution.themepunch.com/

WPBakery 6.8.0 improves compatibility and resolves several bugs. This is not a security update.
https://wpbakery.com/

Autoptimize 2.9.5 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/autoptimize/

BuddyPress 9.2.0 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/buddypress/

Social Post Feed 4.1.1 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

Postie 1.9.59 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/postie/

NextScripts Social Networks Auto-Poster 4.3.25 is a security update.
https://wordpress.org/extend/plugins/social-networks-auto-poster-facebook-twitter-g/

Visual Composer 41.1 improves compatibility. This is not a security update.
https://visualcomposer.com/

WooCommerce 6.1.0 is a major update, resolving several bugs and adding features. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/

WordPress Zero Spam 5.2.9 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/zero-spam/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2021-02-09

Welcome back, Folks!

Today is Patch Tuesday for February, 2021.

This Month in Technology

Malware planted during the SolarWinds hack is still being discovered and SolarWinds is still vulnerable.

ADT (not just employee abuse), Amazon Kindle e-readersAzure Functions, the Australian Securities and Investments CommissionCisco DNA CenterCyberpunk 2077Excellus Health Plan, Inc., ExperianFiberHome routers, Forward AirGolang, various Home Assistant integrationsiOSlibgcrypt, Linux (and macOS) SUDOMalwarebytesMeetMindfulMimecast (also a SolarWinds victim), Nespresso smart cards, New Zealand Central BankNoxPlayerOffice 365OpenWRT forumPalo Alto Networks, the PentagonPerl[.]comPfizerSonicWallStormshieldUK Research and Innovationthe UNUScellularUSDA (again), Vermont Dept of LaborVIPGamesWashington State Auditor’s OfficeWestRock Co., WhatsApp, and Wind River Systems have been hacked.

The EU is fining (victims) of data breaches 39% more than two years ago. Grindr is exposing your information. SpamCop made a boo-boo by not renewing their domain on time, resulting in a huge amount of legitimate messages being treated as spam. The LogoKit phishing platform has been updated to “improve” effectiveness.

The UK Government is giving malware-infected laptops to students and the US federal government has repeatedly supported violation of the third and fourth amendments to plant recording devices on private property. There has been an increase of 93% of leaks and data breaches in 2020.

Whether you pay the ransom or restore from backups: PATCH the vulnerabilities!

I have always called for avoiding pirated software because it poses a unique security risk. Here’s an example. (avoid travelling by train in China)

Federally funded censorship and double-standards are being used to advance cancel culture in bankscoffeejournalism, patriotism, by mere association, while actually inciting violence with absurd rhetoric such as calling a kindly neighbor a terrorist for plowing your snow are being excused as acceptable. While censorship isn’t left or right only one side is willing to ban those most likely to join the military from joining.

Worse yet, they’re even targeting third-parties for cancellation for daring to support free speech. Heck, even Mike Rowe is being cancelled.

Some are actually upset that not enough censorship is taking place while ignoring actual calls for violence, funding terroristsopenly supporting child porn, hypocritically calling censorship a violation of election integrity, and arresting people for posting memes.

No matter how much the narrative is disproven – this was planned by others well in advance, and the capitol police were directly involved, which is probably why they refused assistance from the National Guard and DoD when offered multiple times. There’s plenty more.

At least there’s finally some pushback. Hopefully it’s not too little, too late.

Meanwhile, TIME acknowledges that they did, in fact, collude with big tech, large corporations and foreign governments in violation of state and federal laws in order to steal the election. (But don’t talk about it online!) By the way, is it just a coincidence that so many opponents of free speech are pedophiles?

Facebook will pay $300/ea to Illinois users for violating state biometric laws and yet, they have still violated Polish law and blocked & banned small investors while Zuckerberg bragged about how he censored Trump to prevent a free election. WhatsApp users are leaving in droves, while WhatsApp has shifted messaging to explain that user messages (notably not their “data”) can still be removed.

There’s been a surge in BSODs for some Windows devices after January updates. Microsoft has been beaten to the patch (again) by 0patch for a vulnerability in their installer system.

Google is above the law or at least, demands the ability to be excluded from it. They’ve also banned one app for supporting a popular open source file type and another for allowing access to content it doesn’t control (like Google’s own browsers), and violated their own terms to purge negative reviews in their App Store. YouTube is removing Senate testimony. It should come as no surprise then, that developers are realizing that “doing business with [Google] is a liability.” Do you really need more justification to de-Google?

Mozilla fixed a browser bug that could trigger physical damage to your SSD.

Amazon has been caught colludingendangering privacyhypocritically inciting violence, and stealing, all while pursuing the ability to run the Pentagon Defense Systems (in violation of their own Terms of Service).

Apple is throttling iPhones again, preventing sideloading on M1’s, and took five years to discover a widespread crypto miner in macOS.

Still trust your mobile security? Your operating systems have intentionally designed vulnerabilities/weaknesses.

Especially when it comes to science, sunlight remains the best disinfectant. It turns out “global warming” is worse when humans aren’t polluting the air. But sadly, facts don’t matter anymore, so months have passed and hundreds of thousands of lives were lost before political and social science caught up with actual science to acknowledge HCQ is, in fact, an effective treatment. And surely it’s just a coincidence that testing processes were changed immediately after inauguration?

Investigating and/or punishing people for refusing an experimental treatment (according to the FDA they’re not vaccines) is a violation of the Nuremberg Code, but that won’t prevent governments and corporations from doing it anyway, no matter how many times that is struck down as unconstitutional.

The CDC has illegally inflated COVID statistics, but is suppressing VAERS information about people dying like flies after injections.

Really though, can you trust any medical treatment created by people that struggle with math?

Now for the good news:

The Biden administration has dropped the federal lawsuit against the California Net Neutrality law. This will eventually be what breaks the Big Tech monopoly.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 3 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Servicing Stack, and MSRT (~ 2 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iCloud for Windows 12.0 (off and on again), iOS 14.4, iPadOS 14.4, Safari 14.0.3, tvOS 14.4, watchOS 7.3, and Xcode 12.4. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 14.4 is a security update. Use Settings, General, Software Update to install the most current update.

iPadOS 14.4 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 7.3 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 14.4 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 88.0.4324.109 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.3.6 improves cleanup. This is a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

nVidia 461.40 resolves a dozen bugs. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.19.92 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 88.0.4324.150 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/

Microsoft Edge 88.0.705.63 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 85.0.2 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 78.7.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/

SeaMonkey 2.53.6 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.6.2165.36 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.8.0 adds account colors, and resolves several bugs. This is not a security update.
https://getmailspring.com/

Thunderbird 78.7.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.46 adds support for Brave. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

curl 7.75.0 resolves dozens of bugs and adds several new features. This is not a security update.
https://curl.haxx.se/windows/

Dropbox 115.4.601 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.52.2 resolves several bugs. This is not a security update.
https://filezilla-project.org/

Pocketnet-Core 0.18.18 resolves several bugs. This is not a security update.
https://pocketnet.app/

WinSCP 5.17.10 is a security update.
https://winscp.net/eng/index.php

Zoom 5.5.12494.0204 resolves a couple minor bugs. This is not a security update.
https://zoom.us/

Java 8u281 is a security update.
https://www.java.com/en/download/manual.jsp

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.10 resolves several bugs. This is not a security update.
https://en.3tene.com/

darktable 3.4.1 resolves about 20 bugs. This is not a security update.
https://www.darktable.org/install/

VLC Media Player 3.0.12 is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

Steam 2021.02.05 resolves several bugs, improves compatibility, and improves cosmetics. This is not a security update.

PlayStation PS5 20.02-02.50.00 resolves a PS4 installation compatibility issue, improves editing video clips and improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/

Office Updates

One or more of these are likely to be of interest to most people.

Atom 1.54.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/

Blender 2.91.2 doesn’t have a detailed changelog so should be treated as a security update.
https://www.blender.org/download/

IcoFX 3.5 resolves several bugs. This is not a security update.
https://icofx.ro/

Krita 4.4.2 adds mesh gradients, mesh transform, gradient editor and halftone filter, new brushes, and resolves dozens of bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 7.1.0 resolves hundreds of bugs and improves reliability, stability, and compatibility. This is not a security update. This is beta software and should be avoided by most users.
https://www.libreoffice.org/

Lightworks NLE 2021.1 adds dozens of new features and improvements, and resolves many bugs. This is not a security update.
https://www.lwks.com/

Nextcloud Desktop 3.1.2 adds several new features: SVG client branding, push notifications for file changes, conflict resolution trigger and more. This is not a security update.
https://nextcloud.com/

OpenOffice 4.1.9 improves stability and compatibility. This is not a security update.
https://www.openoffice.org/download/

Paint.net 4.2.15 resolves several bugs. This is not a security update.
https://www.getpaint.net/

FrameMaker 2019 Update 8 64bit (2019.0.8) doesn’t provide a changelog, so should be treated as a security update.
64-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=7063
32-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=7065

Adobe Acrobat and Reader 2021.001.20135, 2020.001.30020, and 2017.011.30190 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb21-09.html

Adobe Animate 21.0.3 is a security update.
https://helpx.adobe.com/security/products/animate/apsb21-11.html

Adobe Dreamweaver 20.2.1 and 21.1 are security updates.
https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html

Adobe Illustrator 25.2 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb21-12.html

Adobe Photoshop 21.2.5 and 22.2 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb21-10.html

Magento 2.4.2, 2.4.1-p1, and 2.3.6-p1 are security updates.
https://helpx.adobe.com/security/products/magento/apsb21-08.html

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 4.15.1 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html

RogueKiller 14.8.4 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.33.2 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.9.0 resolves a bug with URL parsing. This is not a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2021.2.0 resolves several bugs. This is not a security update.
https://12pd.com/click?snagit

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.6.791 resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/

Bitcoin 0.21.0 resolves over a dozen bugs and improves networking. This is not a security update.
https://bitcoin.org/en/download

Bitwarden 1.24.6 improves biometrics, search, and usability. This is not a security update.
https://bitwarden.com/

Carbonite 6.3.8 resolves a bug with NAS backups. This is not a security update.
https://account.carbonite.com/

CCleaner 5.76.8269 improves cleaning and accessibility, and resolves several bugs. This is not a security update.
https://www.ccleaner.com/

CPU-Z 1.95 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

DesktopOK 8.44 improves toolset. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DriveImage XML 2.60 doesn’t provide a changelog so should be treated as a security update.
https://www.runtime.org/driveimage-xml.htm

Etcher 1.5.116 updates libraries and improves cleanup of temp files. This is not a security update.
https://www.balena.io/etcher/

Everything 1.4.1.1005 is a security update.
https://www.voidtools.com/

Fido 1.18 adds support for the latest 20H2 refresh. This is not a security update.
https://github.com/pbatard/Fido/releases

GoodSync 11.5.6 improves stability, reliability and sync, and resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

Homedale 1.92 resolves several bugs. This is not a security update.
https://www.the-sz.com/products/homedale/

IsMyHdOK 2.81 adds automatic update and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

LessMSI 1.8.1 resolves a display bug. This is not a security update.
https://lessmsi.activescott.com/

NTLite 2.0.0.7784 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

ProduKey 1.95 adds option to extract partial key from WMI. This is not a security update.
https://www.nirsoft.net/utils/product_cd_key_viewer.html

PSAppDeploy 3.8.4 resolves several bugs. This is not a security update.
https://psappdeploytoolkit.com/

RAMDisk 4.4.0.RC36 resolves several bugs and updates libraries. This is not a security update.
http://memory.dataram.com/products-and-services/software/ramdisk

RoboForm 9.1.1 updates credit card storage data, resolves several bugs, and now uses secure transmission for automatic updates. This is a security update.
https://12pd.com/click?rf

SimpleWMIView 1.42 adds an option to start hidden. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

TaskSchedulerView 1.66 adds pagination to the properties widow and adds Task Filename column. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TeamViewer 15.14.5 was released. The TeamViewer release notes have been unavailable for over a month, so while it might be a security update, it would be safer to remove TeamViewer until these issues are resolved.
https://www.teamviewer.com/en/download/windows/

USB Oblivion 1.16.0.0 adds ability to preserve desktop settings and clean UserAssist keys. This is not a security update.
http://www.cherubicsoft.com/en/projects/usboblivion

WinScan2PDF 6.55 resolves several bugs and improves scanner compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 4.1.2.0 resolves a dozen bugs. This is not a security update.
https://developer.android.com/studio

MySQL ConnectorNet 8.0.23 is a security update.
https://dev.mysql.com/downloads/connector/net/

Node.js 15.8.0 resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/

Node.js 14.15.5 resolves several bugs. This is not a security update.
https://nodejs.org/en/

SQLite 3.34.1 adds new features and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

StrawberryPerl 5.32.1.1 resolves several bugs. This is not a security update.
https://strawberryperl.com/

Visual Studio Code 1.53 resolves several bugs and adds several features and controls. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.10 resolves several bugs and adds new command-line switches and features. This is not a security update.
https://winmerge.org/

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.11 resolves dozens of bugs. This is not a security update.
https://ppsspp.org/downloads.html

VirtualBox 6.1.18-142142 resolves several stability and reliability bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Adminer 4.7.9 is a security update.
https://www.adminer.org/en/

Coppermine Gallery 1.6.10 improves compatibility with PHP 8.01. This is not a security update.
https://coppermine-gallery.net/

Docker Desktop 3.1.0 resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.0.11 is a security update.
https://drupal.org/download

Drupal 9.1.4 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

HumHub 1.7.2 resolves over a dozen bugs. This is a security update.
https://www.humhub.com/en/download

Nextcloud Server 20.0.7 updates libraries and resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

OpenCart 3.0.3.7 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.opencart.com/

Piwigo 11.3.0 resolves several bugs. This is a security update.
https://piwigo.org/

ScreenConnect 21.2.2159.7699 adds a security tile to configure security options and resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

SMF 2.0.18 is a security update.
https://www.simplemachines.org/

WordPress 5.6.1 resolves several bugs. This is not a security update.
https://wordpress.org/

Social Post Feed 2.18.2 improves GDPR compatibility and resolves a deletion bug. This is not a security update.

Multisite Enhancements 1.6.1 resolves a path bug. This is not a security update.

Redirection 5.0.1 adds support for PHP 8 and resolves several bugs. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.20 resolves several bugs. This is not a security update.

Sucuri Security 1.8.25 updates the password reset process. This is not a security update.

W3 Total Cache 2.1.0 resolves several bugs and adds cache groups. This is not a security update.

WooCommerce 4.9.2 improves compatibility and disables untested plugins from status and plugin pages. This is not a security update.

WP Mail SMTP 2.6.0 improves compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/