Welcome back, Folks!
Today is Patch Tuesday for February, 2021.
This Month in Technology
Malware planted during the SolarWinds hack is still being discovered and SolarWinds is still vulnerable.
ADT (not just employee abuse), Amazon Kindle e-readers, Azure Functions, the Australian Securities and Investments Commission, Cisco DNA Center, Cyberpunk 2077, Excellus Health Plan, Inc., Experian, FiberHome routers, Forward Air, Golang, various Home Assistant integrations, iOS, libgcrypt, Linux (and macOS) SUDO, Malwarebytes, MeetMindful, Mimecast (also a SolarWinds victim), Nespresso smart cards, New Zealand Central Bank, NoxPlayer, Office 365, OpenWRT forum, Palo Alto Networks, the Pentagon, Perl[.]com, Pfizer, SonicWall, Stormshield, UK Research and Innovation, the UN, UScellular, USDA (again), Vermont Dept of Labor, VIPGames, Washington State Auditor’s Office, WestRock Co., WhatsApp, and Wind River Systems have been hacked.
The EU is fining (victims) of data breaches 39% more than two years ago. Grindr is exposing your information. SpamCop made a boo-boo by not renewing their domain on time, resulting in a huge amount of legitimate messages being treated as spam. The LogoKit phishing platform has been updated to “improve” effectiveness.
The UK Government is giving malware-infected laptops to students and the US federal government has repeatedly supported violation of the third and fourth amendments to plant recording devices on private property. There has been an increase of 93% of leaks and data breaches in 2020.
Whether you pay the ransom or restore from backups: PATCH the vulnerabilities!
I have always called for avoiding pirated software because it poses a unique security risk. Here’s an example. (avoid travelling by train in China)
Federally funded censorship and double-standards are being used to advance cancel culture in banks, coffee, journalism, patriotism, by mere association, while actually inciting violence with absurd rhetoric such as calling a kindly neighbor a terrorist for plowing your snow are being excused as acceptable. While censorship isn’t left or right only one side is willing to ban those most likely to join the military from joining.
Worse yet, they’re even targeting third-parties for cancellation for daring to support free speech. Heck, even Mike Rowe is being cancelled.
Some are actually upset that not enough censorship is taking place while ignoring actual calls for violence, funding terrorists, openly supporting child porn, hypocritically calling censorship a violation of election integrity, and arresting people for posting memes.
No matter how much the narrative is disproven – this was planned by others well in advance, and the capitol police were directly involved, which is probably why they refused assistance from the National Guard and DoD when offered multiple times. There’s plenty more.
At least there’s finally some pushback. Hopefully it’s not too little, too late.
Meanwhile, TIME acknowledges that they did, in fact, collude with big tech, large corporations and foreign governments in violation of state and federal laws in order to steal the election. (But don’t talk about it online!) By the way, is it just a coincidence that so many opponents of free speech are pedophiles?
Facebook will pay $300/ea to Illinois users for violating state biometric laws and yet, they have still violated Polish law and blocked & banned small investors while Zuckerberg bragged about how he censored Trump to prevent a free election. WhatsApp users are leaving in droves, while WhatsApp has shifted messaging to explain that user messages (notably not their “data”) can still be removed.
There’s been a surge in BSODs for some Windows devices after January updates. Microsoft has been beaten to the patch (again) by 0patch for a vulnerability in their installer system.
Google is above the law or at least, demands the ability to be excluded from it. They’ve also banned one app for supporting a popular open source file type and another for allowing access to content it doesn’t control (like Google’s own browsers), and violated their own terms to purge negative reviews in their App Store. YouTube is removing Senate testimony. It should come as no surprise then, that developers are realizing that “doing business with [Google] is a liability.” Do you really need more justification to de-Google?
Mozilla fixed a browser bug that could trigger physical damage to your SSD.
Amazon has been caught colluding, endangering privacy, hypocritically inciting violence, and stealing, all while pursuing the ability to run the Pentagon Defense Systems (in violation of their own Terms of Service).
Apple is throttling iPhones again, preventing sideloading on M1’s, and took five years to discover a widespread crypto miner in macOS.
Still trust your mobile security? Your operating systems have intentionally designed vulnerabilities/weaknesses.
Especially when it comes to science, sunlight remains the best disinfectant. It turns out “global warming” is worse when humans aren’t polluting the air. But sadly, facts don’t matter anymore, so months have passed and hundreds of thousands of lives were lost before political and social science caught up with actual science to acknowledge HCQ is, in fact, an effective treatment. And surely it’s just a coincidence that testing processes were changed immediately after inauguration?
Investigating and/or punishing people for refusing an experimental treatment (according to the FDA they’re not vaccines) is a violation of the Nuremberg Code, but that won’t prevent governments and corporations from doing it anyway, no matter how many times that is struck down as unconstitutional.
The CDC has illegally inflated COVID statistics, but is suppressing VAERS information about people dying like flies after injections.
Really though, can you trust any medical treatment created by people that struggle with math?
Now for the good news:
The Biden administration has dropped the federal lawsuit against the California Net Neutrality law. This will eventually be what breaks the Big Tech monopoly.
Let’s Get Busy
Now back to our regularly scheduled program.
Patch Tuesday this month is huge. The typical computer should see roughly 3 GB in updates today. Let’s get started.
Microsoft released updates for Windows, Edge, .NET, Servicing Stack, and MSRT (~ 2 GB). This includes security updates. A reboot is required.
Apple released updates for macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iCloud for Windows 12.0 (off and on again), iOS 14.4, iPadOS 14.4, Safari 14.0.3, tvOS 14.4, watchOS 7.3, and Xcode 12.4. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.
iOS 14.4 is a security update. Use Settings, General, Software Update to install the most current update.
iPadOS 14.4 is a security update. Use Settings, General, Software Update to install the most current update.
watchOS 7.3 is a security update. Use the Watch app on your iPhone to install the most current version.
tvOS 14.4 is a security update. Use System, Software Update to install the most current version.
Google Chrome OS 88.0.4324.109 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.
Important Notes
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.
The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com
Driver Updates
If you’re using this hardware – these updates are for you.
Display Driver Uninstaller 18.0.3.6 improves cleanup. This is a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu
nVidia 461.40 resolves a dozen bugs. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us
Browser Updates
One or more of these are likely to be of interest to everyone.
Brave 1.19.92 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/
Google Chrome 88.0.4324.150 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/
Microsoft Edge 88.0.705.63 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download
Firefox 85.0.2 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/
Firefox ESR 78.7.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/
SeaMonkey 2.53.6 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/
Vivaldi 3.6.2165.36 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/
Email Updates
One or more of these are likely to be of interest to everyone.
Mailspring 1.8.0 adds account colors, and resolves several bugs. This is not a security update.
https://getmailspring.com/
Thunderbird 78.7.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/
Internet Updates
One or more of these are likely to be of interest to everyone.
BrowsingHistoryView 2.46 adds support for Brave. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html
curl 7.75.0 resolves dozens of bugs and adds several new features. This is not a security update.
https://curl.haxx.se/windows/
Dropbox 115.4.601 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.dropbox.com/
FileZilla Client 3.52.2 resolves several bugs. This is not a security update.
https://filezilla-project.org/
Pocketnet-Core 0.18.18 resolves several bugs. This is not a security update.
https://pocketnet.app/
WinSCP 5.17.10 is a security update.
https://winscp.net/eng/index.php
Zoom 5.5.12494.0204 resolves a couple minor bugs. This is not a security update.
https://zoom.us/
Java 8u281 is a security update.
https://www.java.com/en/download/manual.jsp
Media Updates
These are unlikely to be of interest to most people.
3tene 2.0.10 resolves several bugs. This is not a security update.
https://en.3tene.com/
darktable 3.4.1 resolves about 20 bugs. This is not a security update.
https://www.darktable.org/install/
VLC Media Player 3.0.12 is a security update.
https://www.videolan.org/vlc/
Game Updates
These are unlikely to be of interest to most people.
Steam 2021.02.05 resolves several bugs, improves compatibility, and improves cosmetics. This is not a security update.
PlayStation PS5 20.02-02.50.00 resolves a PS4 installation compatibility issue, improves editing video clips and improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/
Office Updates
One or more of these are likely to be of interest to most people.
Atom 1.54.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/
Blender 2.91.2 doesn’t have a detailed changelog so should be treated as a security update.
https://www.blender.org/download/
IcoFX 3.5 resolves several bugs. This is not a security update.
https://icofx.ro/
Krita 4.4.2 adds mesh gradients, mesh transform, gradient editor and halftone filter, new brushes, and resolves dozens of bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/
LibreOffice Fresh 7.1.0 resolves hundreds of bugs and improves reliability, stability, and compatibility. This is not a security update. This is beta software and should be avoided by most users.
https://www.libreoffice.org/
Lightworks NLE 2021.1 adds dozens of new features and improvements, and resolves many bugs. This is not a security update.
https://www.lwks.com/
Nextcloud Desktop 3.1.2 adds several new features: SVG client branding, push notifications for file changes, conflict resolution trigger and more. This is not a security update.
https://nextcloud.com/
OpenOffice 4.1.9 improves stability and compatibility. This is not a security update.
https://www.openoffice.org/download/
Paint.net 4.2.15 resolves several bugs. This is not a security update.
https://www.getpaint.net/
FrameMaker 2019 Update 8 64bit (2019.0.8) doesn’t provide a changelog, so should be treated as a security update.
64-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=7063
32-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=7065
Adobe Acrobat and Reader 2021.001.20135, 2020.001.30020, and 2017.011.30190 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb21-09.html
Adobe Animate 21.0.3 is a security update.
https://helpx.adobe.com/security/products/animate/apsb21-11.html
Adobe Dreamweaver 20.2.1 and 21.1 are security updates.
https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html
Adobe Illustrator 25.2 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb21-12.html
Adobe Photoshop 21.2.5 and 22.2 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb21-10.html
Magento 2.4.2, 2.4.1-p1, and 2.3.6-p1 are security updates.
https://helpx.adobe.com/security/products/magento/apsb21-08.html
Security Software Updates
One or more of these is likely to be of interest to most people.
Tails 4.15.1 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html
RogueKiller 14.8.4 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/
uBlock Origin 1.33.2 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest
VT-CLI 0.9.0 resolves a bug with URL parsing. This is not a security update.
https://github.com/VirusTotal/vt-cli/releases/latest
Capture Updates
These are unlikely to be of interest to most people.
SnagIt 2021.2.0 resolves several bugs. This is not a security update.
https://12pd.com/click?snagit
Utility Updates
These are unlikely to be of interest to most people.
1Password for Windows 7.6.791 resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/
Bitcoin 0.21.0 resolves over a dozen bugs and improves networking. This is not a security update.
https://bitcoin.org/en/download
Bitwarden 1.24.6 improves biometrics, search, and usability. This is not a security update.
https://bitwarden.com/
Carbonite 6.3.8 resolves a bug with NAS backups. This is not a security update.
https://account.carbonite.com/
CCleaner 5.76.8269 improves cleaning and accessibility, and resolves several bugs. This is not a security update.
https://www.ccleaner.com/
CPU-Z 1.95 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html
DesktopOK 8.44 improves toolset. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK
DriveImage XML 2.60 doesn’t provide a changelog so should be treated as a security update.
https://www.runtime.org/driveimage-xml.htm
Etcher 1.5.116 updates libraries and improves cleanup of temp files. This is not a security update.
https://www.balena.io/etcher/
Everything 1.4.1.1005 is a security update.
https://www.voidtools.com/
Fido 1.18 adds support for the latest 20H2 refresh. This is not a security update.
https://github.com/pbatard/Fido/releases
GoodSync 11.5.6 improves stability, reliability and sync, and resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync
Homedale 1.92 resolves several bugs. This is not a security update.
https://www.the-sz.com/products/homedale/
IsMyHdOK 2.81 adds automatic update and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK
LessMSI 1.8.1 resolves a display bug. This is not a security update.
https://lessmsi.activescott.com/
NTLite 2.0.0.7784 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/
ProduKey 1.95 adds option to extract partial key from WMI. This is not a security update.
https://www.nirsoft.net/utils/product_cd_key_viewer.html
PSAppDeploy 3.8.4 resolves several bugs. This is not a security update.
https://psappdeploytoolkit.com/
RAMDisk 4.4.0.RC36 resolves several bugs and updates libraries. This is not a security update.
http://memory.dataram.com/products-and-services/software/ramdisk
RoboForm 9.1.1 updates credit card storage data, resolves several bugs, and now uses secure transmission for automatic updates. This is a security update.
https://12pd.com/click?rf
SimpleWMIView 1.42 adds an option to start hidden. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html
TaskSchedulerView 1.66 adds pagination to the properties widow and adds Task Filename column. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html
TeamViewer 15.14.5 was released. The TeamViewer release notes have been unavailable for over a month, so while it might be a security update, it would be safer to remove TeamViewer until these issues are resolved.
https://www.teamviewer.com/en/download/windows/
USB Oblivion 1.16.0.0 adds ability to preserve desktop settings and clean UserAssist keys. This is not a security update.
http://www.cherubicsoft.com/en/projects/usboblivion
WinScan2PDF 6.55 resolves several bugs and improves scanner compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF
Developer Updates
These are unlikely to be of interest to most people.
Android Studio 4.1.2.0 resolves a dozen bugs. This is not a security update.
https://developer.android.com/studio
MySQL ConnectorNet 8.0.23 is a security update.
https://dev.mysql.com/downloads/connector/net/
Node.js 15.8.0 resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/
Node.js 14.15.5 resolves several bugs. This is not a security update.
https://nodejs.org/en/
SQLite 3.34.1 adds new features and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html
StrawberryPerl 5.32.1.1 resolves several bugs. This is not a security update.
https://strawberryperl.com/
Visual Studio Code 1.53 resolves several bugs and adds several features and controls. This is not a security update.
https://code.visualstudio.com/
WinMerge 2.16.10 resolves several bugs and adds new command-line switches and features. This is not a security update.
https://winmerge.org/
Virtual Machine Updates
These are unlikely to be of interest to most people.
PPSSPP 1.11 resolves dozens of bugs. This is not a security update.
https://ppsspp.org/downloads.html
VirtualBox 6.1.18-142142 resolves several stability and reliability bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads
Web Package Updates
These are likely to be of interest only to web developers.
Adminer 4.7.9 is a security update.
https://www.adminer.org/en/
Coppermine Gallery 1.6.10 improves compatibility with PHP 8.01. This is not a security update.
https://coppermine-gallery.net/
Docker Desktop 3.1.0 resolves several bugs. This is not a security update.
https://www.docker.com/products/docker-desktop
Drupal 9.0.11 is a security update.
https://drupal.org/download
Drupal 9.1.4 resolves dozens of bugs. This is not a security update.
https://drupal.org/download
HumHub 1.7.2 resolves over a dozen bugs. This is a security update.
https://www.humhub.com/en/download
Nextcloud Server 20.0.7 updates libraries and resolves dozens of bugs. This is not a security update.
https://nextcloud.com/
OpenCart 3.0.3.7 doesn’t provide a detailed changelog so should be treated as a security update.
https://www.opencart.com/
Piwigo 11.3.0 resolves several bugs. This is a security update.
https://piwigo.org/
ScreenConnect 21.2.2159.7699 adds a security tile to configure security options and resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download
SMF 2.0.18 is a security update.
https://www.simplemachines.org/
WordPress 5.6.1 resolves several bugs. This is not a security update.
https://wordpress.org/
Social Post Feed 2.18.2 improves GDPR compatibility and resolves a deletion bug. This is not a security update.
Multisite Enhancements 1.6.1 resolves a path bug. This is not a security update.
Redirection 5.0.1 adds support for PHP 8 and resolves several bugs. This is not a security update.
NextScripts Social Networks Auto-Poster 4.3.20 resolves several bugs. This is not a security update.
Sucuri Security 1.8.25 updates the password reset process. This is not a security update.
W3 Total Cache 2.1.0 resolves several bugs and adds cache groups. This is not a security update.
WooCommerce 4.9.2 improves compatibility and disables untested plugins from status and plugin pages. This is not a security update.
WP Mail SMTP 2.6.0 improves compatibility. This is not a security update.
That’s all for now folks. Keep it clean out there. 😉
Regards,
Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/