Updates 2010-01-21

Hey folks!

Microsoft has released an out-of-cycle update for a vulnerable library from Internet Explorer that is used within many other applications (Outlook, Outlook Express, Windows Live Mail, Trillian, Visual Basic, Access, Word, Excel, and many many others) as well as an update to Silverlight. These are both security updates. You should visit Microsoft Update immediately to install them. Depending on what you have open at the time of installation, a reboot may be required.
  http://update.microsoft.com/

Apple released security updates for all current versions of OSX as well as updates to Main Stage, Logic Pro, Unitor, Boot Camp, Graphic and Firmware updates, as well as a Firmware restoration CD. This includes security updates. All of them except the restoration CD can be obtained from Apple Update. Download the cd here:
  http://support.apple.com/kb/DL976
Use the “Apple Updater” to get the most recent versions of all the other affected software.

Java Runtime 6u18 now natively supports Windows 7 and adds several dozen bugfixes. This is a security update. All users should update ASAP:
  http://www.java.com/en/download/installed.jsp?detect=jre&try=1
If you’re using a 64bit machine and use both 32bit and 64bit browsers, you should also install the 64bit version, available here:
  http://www.java.com/en/download/index.jsp

Adobe Shockwave Player 11.5.6.606 was released earlier this week. This is a security update.
  http://get.adobe.com/shockwave
As with all Adobe products, be sure to uncheck any toolbars, add-ons and other “offers” both during download and during installation.

Adobe Reader 9.3 includes multiple security fixes. This version replaces all previous versions of Adobe Reader. This is a security update. If you have not installed 9.3 yet, you should do so IMMEDIATELY as these vulnerabilities are being exploited by a piece of “broken” malware that has so far brought half a dozen clients computers down completely, and it has been a *major* chore to get them up and running again. If you’re using Adobe Reader 9.x, use “Help, Check for updates” to upgrade to the most current version. If you’re using a version of Adobe Reader prior to 9.x, get Adobe Reader 9.3 here:
  http://get.adobe.com/reader
As with all Adobe products, be sure to uncheck any toolbars, add-ons and other “offers” both during download and during installation.


Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates, excepting only the Windows/Apple items. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed. Wherever possible, I try to start each item with the product name followed by the new version number and the severity of the update, in order to facilitate a quick scan through the list to identify applications that apply to you.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.


Internet Updates
One or more of these are likely to be of interest to everyone.

Trillian for Windows 4.1 adds over a hundred new features, including better Facebook, Twitter and Windows 7 support, clearer notifications and a reintroduction of news feeds. This is not a security update.
  http://www.trillian.im/download/

Thunderbird 3.0.1 corrects several security and reliability bugs, and also improves the user interface for attachment handling. This is a security update.
  http://www.mozillamessaging.com/en-US/


Security Software Updates
One or more of these is likely to be of interest to most people.

AVG Free Edition 9.0.730 improves polymorphic detection methods. This is a security update. Download using the link below for NEW 9.x installations, otherwise use the AVG Updater to get the upgrade to the latest version.
  http://free.avg.com/us-en/download-avg-anti-virus-free

Avast! Free Antivirus 5.0.377 improves the antivirus and antispyware engines, adds a code emulator to better detect runtime virus compilation used by many newer malware packages, an heuristics engine, multithreading improvements, behavior shield and new “silent” mode (intended for uninterrupted processing during media and gaming). This is a major update to Avast!. This is a security update. If you already use Avast! you’ll need to download this package to update your installation to the next major version as support for 4.x will be discontinued in the near future.
  http://www.avast.com/free-antivirus-download

a-squared Free 4.5.0.24 corrects an issue with the cookie quarantine feature. This is not a security update.
  http://www.emsisoft.com/en/software/free/


Media Updates
These are unlikely to be of interest to most people.

WinAmp 5.572 adds a dozen fixes primarily aimed at Windows 7 compatibility, though also includes security updates to several incorporated third party libraries. This is a security update.
  http://www.winamp.com/media-player

CDBurnerXP 4.2.7.1849 fixes a handful of non-security bugs, and adds return codes to the command-line processor, making automation of the program far more complete. This is not a security update.
  http://cdburnerxp.se/en/download

Vista Codec Package 5.5.3 updates various codecs. This is not a security update.
  http://shark007.net/vistacodecpackage.html

Google SketchUp 7.1.6860 adds a variety of compatibility and usability features, including photo textures and better support for large models. This is not a security update.
  http://sketchup.google.com/download/index2.html


Utility Updates
These are unlikely to be of interest to most people.

TeraCopy 2.12 adds multimonitor support, event processing and corrects an autostart bug. This is not a security update.
  http://www.codesector.com/teracopy.php

SysInternals tools Desktops, ProcDump, Sigcheck and Diskview, were updated earlier this week. The most significant update corrects reliability issues within the Desktops application for Windows 7 x64 support.
  http://www.sysinternals.com/


Web Package Updates
These are likely to be of interest only to web developers.

WordPress MU 2.9.1 and 2.9.1.1 were released this week, updating the features to match those of WordPress 2.9.1 and fixing at least two major security vulnerabilities. If you use WordPress MU, install these updates ASAP!
  http://mu.wordpress.org/download/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2010-01-05

Hey folks!

A belated merry Christmas and happy New Years!

Please remember that if you DO NOT already have any of these applications installed, you should not install them now simply because they are listed here.

Microsoft Update released an out-of-cycle update for MS Office that corrects issues with Rights Management Service. This is not a security update.
  http://update.microsoft.com/

Apple released firmware updates for the iMac last week. This is not a security update. Use the “Apple Updater” to get the most recent versions of all the affected software.

Adobe has announced a critical security vulnerability in Adobe Reader and Adobe Acrobat, all current versions. They intend to release a patch on Patch Tuesday (ONE MORE WEEK!). Be careful opening any sites that you’re not familiar with, and if you do get a popup within a browser telling you that a security update, antivirus program or virus scan is necessary, CLOSE THE WINDOWS IMMEDIATELY! This is the AVXP virus and exploits the Adobe Reader flaws that will not be patched for another week!

Also be aware that OpenOffice.org 3.2.0 is now a release candidate. That means we can expect it to be officially released in the next couple weeks. If you’re using OpenOffice.org, this means you should start planning to download the 150mb+ update package soon. This download size, and the start-up time on older hardware, are my only reservations with encouraging everyone to use OpenOffice.org instead of Microsoft Office (and the fact that there isn’t a replacement for Outlook). Well, that and the pending Oracle buyout of Sun (the developers of OpenOffice.org, the Java platform and MySQL), which freaks me out far more than the Adobe buyout of Macromedia did a few years ago.

Speaking of the Oracle buyout of Sun, please take a few moments to read an article or two from the site below:
  http://www.helpmysql.org/
Once your familiar with the issues, please sign this petition. If you use pretty much any open source web platform today, such as WordPress, SMF, phpBB, or any of literally thousands of others, you’re using a MySQL backend. That *will* be affected by the Sun buyout unless they divest MySQL, meaning that maintenance and other future development of those systems *will* cost you time, money or both.
  http://www.helpmysql.org/en/petition


Internet updates:
One or more of these are likely to be of interest to everyone.

FileZilla 3.3.1 corrects several bugs, including one to properly address closing an SFTP session. This is not a security update.
  http://filezilla-project.org/download.php?type=client


Media updates:
These are unlikely to be of interest to most people.

ATI Catalyst Drivers 9.12 improves performance in certain games and adds support for several newer cards.
  http://support.amd.com/us/gpudownload/Pages/index.aspx

Vista Codec Package 5.5.1 updates ffdshow and Gabest codecs, as well as adding the MPC audio renderer. This is not a security update. Don’t forget to UNINSTALL any previous codec packages, including previous versions of this one, before installing this update.
  http://shark007.net/vistacodecpackage.html

K-Lite Codec Pack 5.60 updates several codecs, MPC, and various other minor changes. This is not a security update.
  http://www.filehippo.com/download_klite_codec_pack/

XBMC Media Center 9.11 introduces several new features and dozens of bugfixes. This is not a security update.
  http://xbmc.org/

DVDFab 6.2.1.8 adds newer codecs, and various minor bugfixes. This is not a security update.
  http://www.dvdfab.com/download.htm

SUPER v2010 build 37 adds support for a handful of additional codecs, corrects several bugs and improves support on multi-processor computers. This is not a security update.
  http://www.erightsoft.com/SUPER.html#Dnload

Paint.NET 3.5.2 adds more intuitive font support, and fixes several non-critical bugs. This is not a security update.
  http://www.getpaint.net/download.html

The Gimp 2.6.8 corrects a number of stability issues and several exploitable bugs in image rendering. This is a security update.
  http://www.gimp.org/downloads/


Utility updates:
These are unlikely to be of interest to most people.

CPU-Z 1.53 adds various hardware. This is not a security update.
  http://www.cpuid.com/cpuz.php

Recuva 1.34.460 adds performance improvements and corrects a couple bugs. This is not a security update.
  http://www.piriform.com/recuva

Defraggler 1.16.165 adds 64bit support, and several tweaks and improvements. This is not a security update.
  http://www.piriform.com/defraggler

Roboform 6.9.98 fixes form filling on certain sites, license and activation issues, and a couple of bugs in the Firefox implementation. This is not a security update. You will be required to close all browser windows in order to upgrade.
  http://www.roboform.com/download-update.html

GoodSync 8.1.1.5 (and several other recent versions) correct well over two dozen reliability and shared computer issues, including an important fix for those using non-latin character sets. This is not a security update.
  http://www.goodsync.com/download.html

Notepad++ 5.6.3 and 5.6.4 correct several minor bugs. This is not a security update.
  http://sourceforge.net/projects/notepad-plus/files/

CCleaner 2.27.1070 adds a number of reliablity and cosmetic improvements. This is not a security update.
  http://www.ccleaner.com/download

Malwarebytes Anti-Malware 1.43 corrects several bugs, including those causing crashes in certain scenarios. This is not a security update.
  http://www.malwarebytes.org/mbam.php

a-squared Free 4.5.0.22 fixes a number of bugs, some responsible for crashing or freezing the machine. This is not a security update, but all users of a-squared should upgrade.
  http://www.emsisoft.com/en/software/free/

IsoBuster 2.7 adds a number of performance and reliability changes, including additional file format support and raw recovery from damaged/blank media. This is not a security update.
  http://www.smart-projects.net/isobusterdownload.php

WinSCP 4.2.5 is the first stable release in the 4.2 branch, and features a handful of security and user interface improvements, as well as over a hundred bugfixes. This is a security update. If you use WinSCP, you should update before initiating your next connection.
  http://winscp.net/eng/download.php

TeraCopy 2.1 corrects two large file transfer bugs. This is not a security update.
  http://www.codesector.com/teracopy.php


Developer updates:
These are unlikely to be of interest to most people.

Microsoft released the new Internet Explorer Application Compatibility VPC images, with a new shelf life of only about 3 months. However, if you *need* to test your site or applications on various Windows operating systems, this is by far the easiest way.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=21EABB90-958F-4B64-B5F1-73D0A413C8EF&displaylang=en

MySQL 5.1.42 adds several dozen reliability and consistency fixes to the 5.1 branch. This is not a security update.
  http://dev.mysql.com/downloads/mysql/5.1.html#downloads


Web Package Updates
These are likely to be of interest only to web developers.

WordPress 2.9.1 was released today. WP 2.9, released over Christmas, added over 500 requested features and bugfixes. Most notable among the new features is plugin-less embedding for third-party video (just paste the URL, it’ll figure out what you want to do), global “undo” functionality, a built-in image editor (for minor changes you don’t have to do the work BEFORE you upload anymore!), and a much improved updater for plugins and versions, enabling you to globally update plugins that are known to be compatible with your current version based on actual user experiences, instead of doing them one by one by trial and error. 2.9.1 fixes certain CURL, scheduled posts and pingback issues introduced in 2.9. This is a security update.
  http://www.wordpress.org/download/
WordPress 2.9.x is expected to be the last feature branch before the version 3 release. V3 will merge the codebases for WordPress and WordPress MU, enabling you to quickly add users and editors to your existing WP powered sites.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/