Welcome back, Folks!
Today is Patch Tuesday for December, 2021. This month has been relatively mild, especially for the typical user. Businesses are facing some serious Christmas disasters including massive botnets targeting WordPress, Log4j, payment platforms, and state-run “passport” systems. Nevertheless, the grind continues.
This Month in Technology
ActMobile Networks (VPN), Alberta Health, Astoria Company LLC, thousands of AT&T Edgewater Networks devices, Atraf, Bay Village High School, Beaverhead County High School, BioPlus Specialty Pharmacy Services, LLC, Bitmart, Brazilian Ministry of Health, Broward Public Schools, Brussels Bru-Vax, Bureau Veritas, Central Depository Services Ltd, California Pizza Kitchen, Costco, Cox Communications, DeKalb County School District, Delta-Montrose Electric Association, DNA Diagnostics Center, Episcopal Retirement Services, Escambia County School District, Eskenazi Health, Evanston Township High School, Florida Heart Associates, French-Public School Board, Frontier Software, GoDaddy Inc (and 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple, and tsoHost), Gravatar, Headwaters Health Care Centre, Health Service Executive, Hellman Worldwide Logistics, Hikvision surveillance systems, Hisar health department, HPE, dozens of HP printer models, Huntington Hospital, IDC Games, IKEA, Indonesian police, various Iranian gas stations, Johnson Memorial Health, Kisters AG, KMSPico, Kronos, Lakeside School, LINE Pay, Lewis and Clark Community College, Maryland Department of Health, Manhasset School District, Microsoft Exchange Servers, Medsurant Health, MNG Cargo, Newfoundland and Labrador Health-Care System, Nordic Choice Hotels, North Oklahoma County Mental Health Center, Northeastern University, Nowiny Commune Office, Old Pulaski Middle School, One Community Health, Oregon Anesthesiology Group, P.C., Pakistan’s National Database Biometric Data, Panasonic, Pellissippi State Community College, Planned Parenthood Los Angeles, millions of PlayStation 5 devices, QNAP NAS devices, RedDoorz, Rideau Valley Health Centre, Riverhead Central School District, Robinhood, S&R Membership Shopping, SanDisk SecureAccess, Sea Mar Community Health Centers, Shelley School District, Simon Eye Management, millions of Sky Routers, SonicWall SMA 100 VPNs, South Australian Government, Southern Ohio Medical Center, SPAR Stores, Spotswood Public Schools, Stor-a-file Limited, Stripchat, Supernus Pharmaceuticals, Inc., Swire Pacific Offshore, TATA, TP-Link routers, True Health New Mexico, Tulane University Medical Center, Ulss 6 Euganea, US defense contractors, U.S. State Department, Utah Imaging Associates, Virginia’s Division of Legislative Automated Systems, Vestas, Volvo, Waikato DHB, Yemeksepeti, Za: Standard Bank, and Zoho ServiceDesk have reportedly been hacked this month.
A Tesla server outage prevented owners worldwide from unlocking their cars.
Another 5 hour outage at AWS caused problems for thousands of websites that depend upon the “reliability” of cloud services. Netflix, Ring, Amazon Prime Video, Amazon deliveries, and Roku were just a few affected sites and services.
Google Photos suffered from a bug for 10 days that damaged all downloads over 128 MB. They alerted their customers to the problem about a month after fixing the bug.
Instead of focusing on providing a more secure product, Apple is suing the NSO Group for developing malware that exploits vulnerabilities in Apple products.
Google, Apple and Samsung payment services exposed to provide unlimited access to digital wallets without authentication.
Grafana – used in thousands of applications for the gorgeous displays it can provide – has patched multiple critical security vulnerabilities. Expect vendors to play catch-up as they release updates that update their Grafana libraries.
Like Grafana, Log4j is another widely used engine across thousands of applications – mostly in corporate and enterprise applications. It’s been exploited in 40% of corporate networks globally, so far. It’s not just corporate risk – even Minecraft is vulnerable.
A massive series of attacks targeting managed WordPress websites has compromised at least 1.8 million sites so far. Merely patching the sites and removing unused and out-dated plugins and themes would have eliminated the risk here.
Now for the good news:
Alexa.com is finally being shut down after 25 years of misrepresenting the web.
Let’s Get Busy
Now back to our regularly scheduled program.
Patch Tuesday this month is smaller than it has been in months. The typical computer should see roughly 2 GB in updates today. Let’s get started.
Microsoft released updates for Windows, Edge, .NET, and MSRT (~1.5 GB). This includes updates for Windows Server 2008. This includes security updates. A reboot is required.
Apple released updates for macOS Monterey 12.1, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, tvOS 15.2, watchOS 8.3, and watchOS 8.1.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.
iOS 15.2 is a security update. Use Settings, General, Software Update to install the most current update.
iPadOS 15.2 is a security update. Use Settings, General, Software Update to install the most current update.
tvOS 15.2 is a security update. Use System, Software Update to install the most current version.
watchOS 8.3 and 8.1.1 are security updates. Use the Watch app on your iPhone to install the most current version.
Google Chrome OS 96.0.4664.77 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.
Important Notes
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
The release of macOS Monterey (12.x) means that macOS Mojave (10.14) and older are no longer supported. If you can not install at least macOS Catalina (10.15) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.
The now-current release of the Windows 10 (v21H2) is very large so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
The now-current release of the Windows 11 (v21H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 6 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
Windows 11 is still very young so I encourage you to wait a few more months before you consider switching to it.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com
Driver Updates
If you’re using this hardware – these updates are for you.
Citizen Driver 2021.3 adds support for over 430 hardware printer models and resolves several minor bugs. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/citizen/download/
CognitiveTPG Driver 2021.3 adds support for over 430 hardware printer models and resolves several minor bugs. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/cognitivetpg/download/
Logitech Options 9.40.86 adds support for new hardware and resolves several bugs. This is not a security update.
https://support.logi.com/hc/en-us/articles/360025297893
Logitech SetPoint 6.70.55 adds support for new hardware and resolves several bugs. This is not a security update.
https://support.logi.com/hc/en-us/articles/360025141274
Xerox Smart Start 1.6.28.0 adds support for newer drivers. This is not a security update.
https://www.support.xerox.com/en-us/content/143617
Zebra Driver 2021.3 adds support for over 430 hardware printer models and resolves several minor bugs. This is not a security update.
https://www.seagullscientific.com/support/downloads/drivers/zebra/download/
Browser Updates
One or more of these are likely to be of interest to everyone.
Brave 1.32.115 is a security update.
https://brave.com/
Google Chrome 96.0.4664.110 is a security update.
https://www.google.com/chrome/
Microsoft Edge 96.0.1054.53 is a security update.
https://www.microsoft.com/en-us/edge/business/download
Firefox 95.0 is a security update.
https://www.mozilla.org/en-US/firefox/new/
Firefox ESR 91.4.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/
SeaMonkey 2.53.10.1 is a security update.
https://www.seamonkey-project.org/
Vivaldi 5.0.2497.28 is a security update.
https://vivaldi.com/
Email Updates
One or more of these are likely to be of interest to everyone.
Thunderbird 91.4.0 is a security update.
https://www.thunderbird.net/en-US/
Internet Updates
One or more of these are likely to be of interest to everyone.
AnyDesk 7.0.4 resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads
AnyDesk for macOS 6.3.3 improves M1 compatibility. This is not a security update.
https://anydesk.com/en/downloads
curl 7.80.0 resolves over 100 bugs. This should be treated as a security update.
https://curl.haxx.se/windows/
Dropbox 136.4.4345 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/
FileZilla Client 3.57.0 updates libraries and resolves several bugs. This is not a security update.
https://filezilla-project.org/
FreeFileSync 11.15 resolves several bugs and improves user interface and compatibility. This is not a security update.
https://www.freefilesync.org/download.php
Google Drive 54.0 improves compatibility and resolves several bugs. This is not a security update.
https://drive.google.com/start
Npcap 1.60 resolves over a dozen bugs and improves stability. This is not a security update.
https://nmap.org/npcap/
Syncthing 1.18.5 resolves several bugs. This is not a security update.
https://syncthing.net/
Telegram 3.3.0 adds media distribution controls, bot improvements and channel controls. This is not a security update.
https://telegram.org/
WinSCP 5.19.5 resolves several bugs and adds Google Cloud S3 API support. This is not a security update.
https://winscp.net/eng/index.php
Zoom 5.8.7.2058 adds many new features and resolves a dozen bugs, mostly with compatibility. This is a security update.
https://zoom.us/
Media Updates
These are unlikely to be of interest to most people.
3tene 2.0.19 improves compatibility with VRoid Studio and adds Leap Motion. This is not a security update.
https://en.3tene.com/
Plex Desktop 1.39.1.2763 resolves code signing. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app
Plex Home Theater 1.9.0.2741 adds audio stream selection, resolves several bugs, and improves stability. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-app
Plex Media Server 1.25.2.5319 resolves several bugs. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server
Game Updates
These are unlikely to be of interest to most people.
GameMaker Studio 2.3.7.606 improves reliability and performance, and resolves several bugs. This is not a security update.
https://www.yoyogames.com/en/gamemaker
Nintendo Switch 13.2.0 improves stability. This is not a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989
PS5 21.02-04.50.00 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/
Steam 2021.11.19 resolves several bugs, improves reliability and stability. This is a security update.
Office Updates
One or more of these are likely to be of interest to most people.
Audacity 3.1.2 improves stability. This is not a security update.
https://www.audacityteam.org/download/
Blender 3.0 is a major new version with dozens of new features, improvements in modeling, shadows, geometry and more. This is not a security update.
https://www.blender.org/download/
LibreOffice Fresh 7.2.4 is a security update.
https://www.libreoffice.org/
LibreOffice Still 7.1.8 is a security update.
https://www.libreoffice.org/
Notepad++ 8.1.9.3 resolves several bugs and improves diagnostics to troubleshoot a persistent crash bug. This is not a security update.
https://notepad-plus-plus.org/
Paint.net 4.3.4 resolves several bugs. This is not a security update.
https://www.getpaint.net/
PDF-XChange Editor 9.2.359.0 resolves several bugs. This is not a security update.
https://www.tracker-software.com/product/pdf-xchange-editor
Adobe Premiere Rush 2.0 is a security update.
https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html
Adobe Experience Manager 6.5.11 is a security update.
https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html
Adobe Connect 11.4 is a security update.
https://helpx.adobe.com/security/products/connect/apsb21-112.html
Adobe Photoshop 22.5.4 and 23.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb21-113.html
Adobe Prelude 22.1.1 is a security update.
https://helpx.adobe.com/security/products/prelude/apsb21-114.html
Adobe After Effects 22.1.1 and 18.4.3 are security updates.
https://helpx.adobe.com/security/products/after_effects/apsb21-115.html
Adobe Dimension 3.4.4 is a security update.
https://helpx.adobe.com/security/products/dimension/apsb21-116.html
Adobe Premiere Pro 15.4.3 and 22.1.1 are security updates.
https://helpx.adobe.com/security/products/premiere_pro/apsb21-117.html
Adobe Media Encoder 15.4.3 and 22.1.1 are security updates.
https://helpx.adobe.com/security/products/media-encoder/apsb21-118.html
Adobe Lightroom 5.1 is a security update.
https://helpx.adobe.com/security/products/lightroom/apsb21-119.html
Adobe Audition 14.4.3 and 22.1.1 are security updates.
https://helpx.adobe.com/security/products/audition/apsb21-121.html
Security Software Updates
One or more of these is likely to be of interest to most people.
Tails 4.25 adds backups, external storage support, updates applications and resolves several bugs. This is a security update.
https://tails.boum.org/install/dvd-download/index.en.html
BelArc Advisor 11.1 doesn’t provide a changelog so should be treated as a security update.
https://www.belarc.com/products_belarc_advisor
Chainsaw 1.1.4 improves logging, error handling, and removes progress bar for reliability. This is not a security update.
https://github.com/countercept/chainsaw
Hashcat 6.2.5 improves improves hardware compatibility, performance, and resolves several bugs. This is a security update.
https://hashcat.net/hashcat/#downloadlatest
RogueKiller 15.1.4 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/
uBlock Origin 1.39.2 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest
VT-CLI 0.10.0 adds support for managing collections. This is not a security update.
https://github.com/VirusTotal/vt-cli/releases/latest
Wireless Network Watcher 2.26 updates internal MAC address database and improves high-DPI support. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html
Capture Updates
These are unlikely to be of interest to most people.
SnagIt 2022.0.0 adds several new features including a universal file format, cross-platform markup, and cloud storage, improves performance, and resolves several bugs.
https://download.techsmith.com/snagit/releases/snagit.msi
VideoCacheView 3.08 adds compatibility with newer browser builds. This is not a security update.
https://www.nirsoft.net/utils/video_cache_view.html
Converter Updates
These are unlikely to be of interest to most people.
PDF Creator 4.4.1 resolves several bugs. This is not a security update.
https://www.pdfforge.org/pdfcreator
Utility Updates
These are unlikely to be of interest to most people.
1Password for Mac 7.9.2 improves compatibility and resolves several bugs. This is not a security update.
https://1password.com/downloads/mac/
7-Zip 21.06 adds memory controls, dictionary size improvements, hash validation support, and resolves several bugs. This is not a security update.
https://www.7-zip.org/
Agent Ransack 2022.3277 adds OCR, new themes, improves indexing, and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/
Bitcoin 22.0 removes defunct protocols, updates privacy and resolves several bugs. This is not a security update.
https://bitcoin.org/en/download
Carbonite 6.4.0 improves compatibility. This is not a security update.
https://account.carbonite.com/
Cygwin 3.3.3 resolves several bugs. This is not a security update.
https://cygwin.com/
DesktopOK 9.44 adds dark theme support, high-DPI improvements, and several bug fixes. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK
Etcher 1.7.1 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/
Fido 1.27 adds support for Windows 10 v21H2. This is not a security update.
https://github.com/pbatard/Fido/releases
FileLocator Pro 2022.3277 adds OCR, new themes, improves indexing, and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download
Git SCM 2.34.1 resolves several bugs. This is not a security update.
https://git-scm.com/
GoodSync 11.9.7 resolves several bugs. This is not a security update.
https://www.goodsync.com/
grepWin 2.0.9 improves reliability and adds exact match support. This is not a security update.
https://github.com/stefankueng/grepWin/releases/latest
Homedale 2.01 improves MAC Address vendor detection and IE DFS dump. This is not a security update.
https://www.the-sz.com/products/homedale/
IsMyHdOK 3.44 improves accuracy. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK
NTLite 2.3.2.8519 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/
PointerStick 5.61 improves high-DPI support and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick
PowerToys 0.51.1 improves stability. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest
ReactOS 0.4.13.32 resolves over a hundred bugs, and improves stability, compatibility and reliability. This is a security update.
https://reactos.org/
SearchMyFiles 3.15 improves summary mode, zero-value filters, and search improvements. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html
Synergy 1.14.2 resolves over a dozen bugs, improves reliability, adds M1 support, and adds automatic restart on settings change. This is not a security update.
https://symless.com/synergy/
TraceRouteOK 2.66 adds dark theme support, high-DPI improvements, and several bug fixes. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK
USB Oblivion 1.17.0.0 resolves a key name bug and improves performance. This is not a security update.
http://www.cherubicsoft.com/en/projects/usboblivion
WakeMeOnLan 1.90 adds global and bulk WOL support and updates MAC addresses databases. This is not a security update.
https://www.nirsoft.net/utils/wake_on_lan.html
WhyNotWin11 2.4.3.1 improves stability, hardware detection, and compatibility improvements. This is not a security update.
https://github.com/rcmaehl/WhyNotWin11
WinScan2PDF 7.51 resolves several minor bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF
WizTree 4.07 improves MTP/PTP compatibility, reliability, and resolves several bugs. This is not a security update.
https://www.diskanalyzer.com/
ZoomText 2021 2021.2111.4.400 improves compatibility. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText
ZoomText 2022 2022.2110.70.400 improves compatibility. This is not a security update.
https://support.freedomscientific.com/Downloads/ZoomText
Developer Updates
These are unlikely to be of interest to most people.
Docker Desktop 4.3.1 is a security update.
https://www.docker.com/products/docker-desktop
Node.js v14 14.18.2 updates libraries and resolves several bugs. This is not a security update.
https://nodejs.org/en/
Node.js v16 16.13.1 updates libraries and resolves several bugs. This is not a security update.
https://nodejs.org/en/
Node.js v17 17.2.0 updates libraries and resolves several bugs. This is not a security update.
https://nodejs.org/en/
Redemption 6.1.0.6054 adds MarkSaved and OverridePSTDisableGrow, and IMAP4 controls, and resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/
SQLite 3.37.0 improves STRICT, CHECK constraints, and CLI improvements. This is not a security update.
https://www.sqlite.org/download.html
Visual Studio Code 1.63 adds several features and improves compatibility. This is not a security update.
https://code.visualstudio.com/
Virtual Machine Updates
These are unlikely to be of interest to most people.
VirtualBox 6.1.30 resolves several bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads
Web Package Updates
These are likely to be of interest only to web developers.
Coppermine Gallery 1.6.16 improves compatibility and resolves a couple bugs. This is not a security update.
https://coppermine-gallery.net/
Drupal 9.3.0 updates libraries and dependencies, improves compatibility, and resolves a couple bugs. This is not a security update.
https://drupal.org/download
HumHub 1.10.2 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download
MailArchiva 8.4.1 is a security update.
https://mailarchiva.com/
Nextcloud Server 23.0.0 is a major update adding massing performance improvements, improved external integrations, Backup and more. This is not a security update.
https://nextcloud.com/
ownCloud Client 2.9.2.6206 resolves several bugs. This is not a security update.
https://owncloud.com/desktop-app/
phpList 3.6.6 is a security update.
https://www.phplist.org/
Piwigo 12.1.0 resolves several bugs. This is not a security update.
https://piwigo.org/
ScreenConnect 21.14.5791.8004 improves reliability and resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download
WordPress 5.8.2 is a security update.
https://wordpress.org/
Autoptimize 2.9.3 improves multisite support and resolves several bugs. This is not a security update.
bbPress 2.6.9 resolves several bugs. This is not a security update.
Contact Form 7 5.5.3 improves Constant Contact integration, filters and form properties. This is not a security update.
Slider Revolution 6.5.11 resolves several bugs. This is not a security update.
Social Post Feed 4.1 updates libraries and resolves several bugs. This version will need to reconnect to any Facebook feeds you use. This is not a security update.
Theme My Login 7.1.4 resolves several bugs. This is not a security update.
W3 Total Cache 2.2.1 resolves several bugs. This is not a security update.
WP Mail SMTP 3.2.1 improves compatibility. This is not a security update.
WordPress Zero Spam 5.2.8 resolves several bugs. This is not a security update.
That’s all for now folks. Keep it clean out there. 😉
Regards,
Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/