Happy New Year, Folks!
Today is Patch Tuesday for January, 2023.
This month brings over 200 application updates and over 100 major hacks. It’s the lightest month we’ve seen in a while, with only about 3 GB of updates for most users.
This Month in Technology
3Commas, Aetna ACE, Antwerp, Belgium, Argonne (ANL), Astro, Avem Health Partners, Azienda Ospedaliera di Alessandria hospital, Bay City Health & Rehabilitation Center, Benchmark, BetMGM, BitKeep crypto wallet users, BMW, Bosselman Energy, Inc. Employee Health Benefits Plan, Brookhaven (BNL), BTC.com, CA Department of Finance, Captify Health, Careportal, Chick-fil-A, CircleCI, Citrix ADC and Gateway, CoinTracker, Comcast Xfinity, Consulate Health Care, Copper Mountain Mining Corporation, Cott Systems, Deezer, Degroof Petercam, Digipolis, DoorDash, Empresas Públicas de Medellín, FBI’s InfraGard, Fitzgibbon Hospital, Five Guys, Flying Blue, Foundcare, Inc., FuboTV, Gemini crypto exchange, Ghost CMS, GitHub auth, Google Home smart speaker, Grupo Estrategas EMM, H-Hotels, Hawaiian Eye Center, Hospital for Sick Children (SickKids), Indian Railway Catering and Tourism Corp, Intrado, John F. Kennedy International Airport taxi dispatch system, JsonWebToken, Kubernetes clusters, L. Knife & Son, Inc. Employee Benefits Plan, Lake Charles Memorial Health System, LastPass (“most” data was encrypted), Lawrence Livermore National Laboratories (LLNL), Legacy Hospice, LEGO BrickLink, Live Oak Surgery Center, Louis A. Johnson Veterans’ Administration Medical Center, Mango Markets, Maternal & Family Health Services, Maybank, Medicare, MedStar Mobile Healthcare, Mercedes, 60,000+ Microsoft Exchange servers, Midwest Orthopaedic Consultants, S.C., Monarch, Netgear WiFi routers, New Vision Dental, Okta, Port of Lisbon Administration, Prairie Lakes Healthcare System, PyTorch, Quality Behavioral Health, Queensland University of Technology, Rackspace, SAIF Corp, Sargent & Lundy, SevenRooms, Shibuya Ward office in Tokyo, Slack, SlideTeam, Social Blade, Synology, Telas Palo Grande, The Elizabeth Hospice, The Guardian, The Malaysian Election Commission, Three Rivers Provider Network, Toyota, TPG Telecom Ltd, Twitter, Uber, UK Schools, UK’s Department for Environment, Food & Rural Affairs, Ukrainian Government (because they pirated Windows), Ukrainian Ministry of Defense, Universidad De La Salle, University of Havana, University of Miami, Verisma Systems, Inc., VSCode Marketplace, Wabtec Corporation, Windows Problem Reporting, YITH WooCommerce Gift Cards Premium, and Zoho ManageEngine have reportedly been hacked or compromised this month.
ChatGPT, the latest AI designed to make humanity obsolete, is already being used to develop malware. Adobe is using your content to train their AI.
Microsoft still hasn’t gone all-in on Windows 11. Google Chrome (and all other Chromium-based browsers – Edge, Brave, Vivaldi and so on) will no longer support Windows 7, 8, 8.1, or Server 2012/2012 R2 in only a month. The latest build of iTunes is not compatible with the end-to-end encryption feature on iOS/iPadOS.
The only government caught bombing people not party to the Russo-Ukrainian war says cyberattacks should be considered war crimes. The FTC is planning to kill the US economy, while the FCC has decided to regulate space.
Now for the good news:
Almost every ‘conspiracy theory‘ that people had about twitter turned out to be true. The FBI has seized domains involved in DDoS attacks.
John Deere will finally allow farmers to repair their own equipment. This is a major movement in conjunction with the Right to Repair, and could save farmers millions on production expenses.
Let’s Get Busy
Now back to our regularly scheduled program.
Patch Tuesday is huge this month. The typical computer should see roughly 3
GB in updates today. Let’s get started.
Windows 11 22H2 still isn’t ready for prime time, so hold off for at least another month.
Microsoft released updates to address 90 vulnerabilities in .NET Core, 3D Builder, Azure Service Fabric Container, Microsoft Bluetooth Driver, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Local Security Authority Server (lsasrv), Microsoft Message Queuing, Microsoft Office, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft WDAC OLE DB provider for SQL, Visual Studio Code, Windows ALPC, Windows Ancillary Function Driver for WinSock, Windows Authentication Methods, Windows Backup Engine, Windows Bind Filter Driver, Windows BitLocker, Windows Boot Manager, Windows Credential Manager, Windows Cryptographic Services, Windows DWM Core Library, Windows Error Reporting, Windows Event Tracing, Windows IKE Extension, Windows Installer, Windows Internet Key Exchange (IKE) Protocol, Windows iSCSI, Windows Kernel, Windows Layer 2 Tunneling Protocol, Windows LDAP – Lightweight Directory Access Protocol, Windows Local Security Authority (LSA), Windows Local Session Manager (LSM), Windows Malicious Software Removal Tool, Windows Management Instrumentation, Windows MSCryptDImportKey, Windows NTLM, Windows ODBC Driver, Windows Overlay Filter, Windows Point-to-Point Tunneling Protocol, Windows Print Spooler Components, Windows Remote Access Service L2TP Driver, Windows RPC API, Windows Secure Socket Tunneling Protocol (SSTP), Windows Smart Card, Windows Task Scheduler, Windows Virtual Registry Provider, Windows Workstation Service and MSRT (~1.5 GB). This includes security updates. A reboot is required.
Google Chrome OS 108.0.5359.172 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.
Important Notes
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
The release of macOS Ventura (13.x) means that macOS Catalina (10.15) and older are no longer supported. If you can not install at least macOS Big Sur (11) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.
The now-current release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 12 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
The now-current release of the Windows 11 (v22H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com
Driver Updates
If you’re using this hardware – these updates are for you.
DS4Windows 3.2.3 resolves a bug with the Shift Modifier trigger. This is not a security update.
https://github.com/Ryochan7/DS4Windows/releases/latest
Nvidia Driver 474.11 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us
Xerox Smart Start 1.7.71.0 doesn’t provide a changelog so should be treated as a security update.
https://www.support.xerox.com/en-us/content/143617
Browser Updates
One or more of these are likely to be of interest to everyone.
Brave 1.46.153 is a security update.
https://brave.com/
Google Chrome 108.0.5359.124 is a security update.
https://www.google.com/chrome/
Microsoft Edge 108.0.1462.76 is a security update.
https://www.microsoft.com/en-us/edge/business/download
Firefox 108.0.2 is a security update.
https://www.mozilla.org/en-US/firefox/new/
Vivaldi 5.6.2867.50 is a security update.
https://vivaldi.com/
Email Updates
One or more of these are likely to be of interest to everyone.
Mailspring 1.10.8 resolves a couple bugs. This is not a security update.
https://getmailspring.com/
Spark 3.2.2.40861 improves stability and resolves several bugs. This is not a security update.
https://sparkmailapp.com/
Spark (macOS) 3.2.2.40859 improves stability and resolves several bugs. This is not a security update.
https://sparkmailapp.com/
Thunderbird 102.6.1 is a security update.
https://www.thunderbird.net/en-US/
Internet Updates
One or more of these are likely to be of interest to everyone.
AnyDesk 7.1.7 improves command-line controls and resolves dozens of bugs. This is not a security update.
https://anydesk.com/en/downloads
curl 7.87.0 resolves dozens of bugs. This is not a security update.
https://curl.haxx.se/windows/
Dropbox 164.4.7914 resolves several bugs. This is not a security update.
https://www.dropbox.com/
Facebook Messenger 172.0.0.28.215 is a security update.
https://www.messenger.com/download
FreeFileSync 11.29 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php
Google Drive 69.0 is a security update.
https://drive.google.com/start
Npcap 1.72 resolves a couple bugs. This is not a security update.
https://nmap.org/npcap/
Prosody 0.12.2 is a security update.
https://prosody.im/download/start
Rclone 1.61.1 adds several new features and resolves many bugs. This is not a security update.
https://rclone.org/
Signal (Android) 6.6.3 doesn’t provide a public changelog so should be treated as a security update.
https://signal.org/android/apk/
Signal 6.1.0 resolves several bugs. This is not a security update.
https://signal.org/download/windows/
Skype 8.91.0.404 adds automatic audio translation. Really. This is not a security update.
https://www.skype.com/
Syncthing 1.23.0 resolves several bugs. This is not a security update.
https://syncthing.net/
Telegram 4.5.3 resolves a bug. This is not a security update.
https://telegram.org/
Zoom 5.13.4.11835 is a security update.
https://zoom.us/
Media Updates
These are unlikely to be of interest to most people.
Bitwig Studio 4.4.6 resolves a couple bugs. This is not a security update.
https://www.bitwig.com/download/
darktable 4.2.0 resolves dozens of bugs. This is not a security update.
https://www.darktable.org/
iTunes 12.12.7.1 resolves several bugs and improves compatibility. This is not a security update.
https://www.apple.com/itunes/download/
Kodi 19.5 doesn’t provide a changelog so should be treated as a security update.
https://kodi.tv/
Plex Desktop 1.60.1.3413 improves album art and Discover behavior, and resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app
Plex Home Theater 1.31.1.3412 improves album art and adds an option to dismiss Discover What to Watch. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app
Unreal Media Server 15.0 improves streaming capabilities. This is a security update.
http://www.umediaserver.net/umediaserver/download.html
Winamp 5.9.1.10029 updates libraries and resolves several bugs. This is a security update.
https://www.winamp.com/player/
Game Updates
These are unlikely to be of interest to most people.
GameMaker Studio 2022.11.1.56 resolves several bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker
GDevelop 5.1.155 integrates direct access to the Asset Store and resolves several bugs. This is not a security update.
https://gdevelop.io/download
Steam 2023.12.01 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0
Office Updates
One or more of these are likely to be of interest to most people.
Adobe Reader DC 22.003.20310 is a security update.
https://get.adobe.com/reader
Adobe Acrobat 22.003.20310 and 20.005.30436 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb23-01.html
Adobe InDesign 18.1 and 17.4.1 are security updates.
https://helpx.adobe.com/security/products/indesign/apsb23-07.html
Adobe InCopy 18.0 and 17.4 are security updates.
https://helpx.adobe.com/security/products/incopy/apsb23-08.html
Adobe Dimension 3.4.7 is a security update.
https://helpx.adobe.com/security/products/dimension/apsb23-10.html
Audacity 3.2.3 adds support for audio.com and resolves several bugs. This is not a security update.
https://www.audacityteam.org/download/
Calibre 6.11.0 adds automatic editing of CSS and resolves several bugs. This is not a security update.
https://calibre-ebook.com/
Krita 5.1.5 resolves several bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/
Notepad++ 8.4.8 updates libraries and resolves over a dozen bugs. This is not a security update.
https://notepad-plus-plus.org/
Security Software Updates
One or more of these is likely to be of interest to most people.
DNSQuerySniffer 1.90 adds Show High Resolution Duration option. This is not a security update.
https://www.nirsoft.net/utils/dns_query_sniffer.html
Gpg4win 4.1.0 improves certificate handling and resolve several bugs. This is not a security update.
https://www.gpg4win.org/download.html
HTTP Toolkit 1.12.2 doesn’t provide a changelog so should be treated as a security update.
https://httptoolkit.tech/
KeePass 2.53 adds keyboard controls and history and filter improvements. This is not a security update.
https://keepass.info/
MalwareBytes Anti-Malware 4.5.19 resolves several bugs. This is not a security update.
https://www.malwarebytes.org/antimalware/
ProtonVPN 2.3.2 adds new languages. This is not a security update.
https://protonvpn.com/download
ProtonVPN (macOS) 3.0.11 adds new languages. This is not a security update.
https://protonvpn.com/download
RogueKiller 15.6.5 resolves several bugs and improves reliability. This is not a security update.
https://www.adlice.com/download/roguekiller/
Tails 5.8 is a security update.
https://tails.boum.org/install/dvd/index.en.html
uBlock Origin 1.46.0 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest
Capture Updates
These are unlikely to be of interest to most people.
Open Broadcaster Software 29.0.0 adds several new encoders and decoders, and resolves several bugs. This is not a security update.
https://obsproject.com/
SnagIt 23.0.2 improves Grab Text feature and resolves several bugs. This is not a security update.
https://www.techsmith.com/screen-capture.html
Converter Updates
These are unlikely to be of interest to most people.
DVDFab 12.0.9.6 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm
HandBrake 1.6.0 adds several transcoding options, updates libraries, and resolves several bugs. This is not a security update.
https://handbrake.fr/
StreamFab 6.1.0.2 improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm
Education updates
One or more of these are likely to be of interest to most people.
Zotero 6.0.19 adds automatic relinking of Mendeley citations, and resolves several bugs. This is not a security update.
https://www.zotero.org/
Utility Updates
These are unlikely to be of interest to most people.
1Password for Mac 8.9.12 improves reliability and resolves several bugs. This is not a security update.
https://1password.com/downloads/mac/
1Password for Windows 8.9.12 improves reliability and resolves several bugs. This is not a security update.
https://1password.com/downloads/windows/
AOMEI Partition Assistant 9.13.1 resolves several bugs. This is not a security update.
https://www.diskpart.com/
Bitwarden 2022.12.0 resolves several bugs. This is not a security update.
https://bitwarden.com/
CCleaner 6.07.10191 improves startup speed and resolves several bugs. This is not a security update.
https://www.ccleaner.com/
Cygwin 3.4.3 resolves a couple bugs. This is not a security update.
https://cygwin.com/
Dell Command Update 4.7.1 doesn’t provide release notes for this build, so it should be treated as a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en
DesktopOK 10.61 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK
dnGrep 3.2.242.0 adds a portable version, improves extension support, syntax highlighting, selection keys, and updates libraries. This is not a security update.
https://dngrep.github.io/
DMDE 4.0.2.804 resolves several bugs. This is not a security update.
https://dmde.com/
Etcher 1.13.2 resolves several bugs and updates dependencies. This is not a security update.
https://www.balena.io/etcher/
Fido 1.40 improves error handling. This is not a security update.
https://github.com/pbatard/Fido/releases
Go 1.19.5 resolves several bugs. This is not a security update.
https://go.dev/
GoodSync 12.1.4 resolves several bugs. This is not a security update.
https://www.goodsync.com/
grepWin 2.0.12 resolves several bugs. This is not a security update.
https://github.com/stefankueng/grepWin/releases/latest
Homedale 2.05 improves logging and SSID reporting. This is not a security update.
https://www.the-sz.com/products/homedale/
Memtest86+ 6.01 resolves a couple bugs. This is not a security update.
https://www.memtest.org/
NetworkInterfacesView 1.26 add Interface Index column. This is not a security update.
https://www.nirsoft.net/utils/network_interfaces.html
NTLite 2.3.9.9020 updates languages and components. This is not a security update.
https://www.ntlite.com/download/
osquery 5.7.0 provides several table updates, introduces security_profile_info, and resolves several bugs. This is not a security update.
https://osquery.io/downloads
PowerToys 0.66.0 improves installer and resolves dozens of bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest
RoboForm 9.4.1 imposes new licensing restrictions for free accounts. This is not a security update.
https://www.roboform.com/
ScreenConnect 22.10.10924.8404 adds several new security features and controls, and resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download
Superpaper 2.2.1 resolves several bugs. This is not a security update.
https://github.com/hhannine/superpaper/
TeamViewer 15.37.3 resolves a couple bugs. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/
Unity 2022.2.1 resolves several bugs. This is not a security update.
https://unity3d.com/get-unity/download/archive
Ventoy 1.0.87 resolves several bugs. This is not a security update.
https://www.ventoy.net/en/index.html
WinScan2PDF 8.41 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF
ZoomText 2023 2023.2212.21.400 adds Freeze View and Early Adopter support. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText
Developer Updates
These are unlikely to be of interest to most people.
GitHub Desktop 3.1.3 resolves several bugs. This is not a security update.
https://desktop.github.com/
NASM 2.16.01 resolves several bugs. This is not a security update.
https://www.nasm.us/index.php
Node.js 19.4.0 resolves dozens of bugs. This is not a security update.
https://nodejs.org/en/
Node.js 18.13.0 resolves several bugs. This is not a security update.
https://nodejs.org/en/
SQLite 3.40.1 resolves a couple bugs. This is not a security update.
https://www.sqlite.org/download.html
Visual Studio Code 1.74.2 resolves several bugs. This is not a security update.
https://code.visualstudio.com/
Virtual Machine Updates
These are unlikely to be of interest to most people.
PPSSPP 1.14.4 resolves dozens of bugs. This is not a security update.
https://ppsspp.org/downloads.html
VMware Workstation Player 17.0.0 improves TPM, adds support for newer operating systems, adds encryption, and updates OpenGL 4.3 and WDDM 1.2. This is a security update.
https://customerconnect.vmware.com/downloads/#all_products
Web Package Updates
These are likely to be of interest only to web developers.
Coppermine Gallery 1.6.21 corrects a couple bugs. This is not a security update.
https://coppermine-gallery.net/
Drupal 9.5.1 resolves several bugs. This is not a security update.
https://drupal.org/download
HumHub 1.13.0 improves module integration, Spaces, adds Open Graph, diagnostics and several other features. This is not a security update.
https://www.humhub.com/en/download
ISPConfig 3.2.9 adds 2FA and support for latest Ubuntu, and resolves several bugs. This is not a security update.
https://www.ispconfig.org/ispconfig/download/
jQuery 3.6.3 resolves the CSS.supports selector bug. This is not a security update.
https://code.jquery.com/
Piwigo 13.4.0 resolves several bugs. This is not a security update.
https://piwigo.org/
SpamAssassin 4.0.0 is a major update adding full Unicode support, parsing for many more URL forms and TLDs, and resolves several bugs. This is not a security update.
https://spamassassin.apache.org/downloads.cgi
BuddyPress 11.0.0 improves performance, adds webp support, and resolves dozens of bugs. This is a security update.
https://wordpress.org/extend/plugins/buddypress/
Contact Form 7 5.7.2 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/
Social Post Feed 4.1.6 resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/
Postie 1.9.63 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/postie/
Raw HTML 1.6.4 improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/raw-html/
Register IP – Multisite 1.9.1 resolves a couple bugs. This is not a security update.
https://wordpress.org/extend/plugins/register-ip-multisite/
WooCommerce 7.2.2 resolves dozens of bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/
WP Mail SMTP 3.7.0 improves cleanup and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/wp-mail-smtp/
WP Update Server 2.0.1 improves compatibility. This is not a security update.
https://github.com/YahnisElsts/wp-update-server
That’s all for now folks. Keep it clean out there. 😉
Regards,
Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/