Welcome back, Folks!
Today is Patch Tuesday for May, 2024.
There were 580+ major hacks, and over 460 application updates this month. It’s an insanely big month, with about 5 GB of updates for most users.
This Month in Technology
First, let me apologize for this list. It’s 3x longer than it was only a couple months ago and that’s not really my fault. I really want to keep sharing the hacked lists but at the rate it’s going 3/4 of the newletter will just be the list by the end of Summer. I’m going to need to rework this next month when I have more time.
1+1 Media, 4LEAF, Inc, A123 Systems, Access Intelligence, Accor, ACFIN SA, Active PCB Solutions, Acurrate Lock & Hardware, ADCOM911, Advanced Business Networks, Advarra, Inc., Aero Tec Laboratories Inc, Aetna ACE, Affordable Payroll & Bookkeeping Services, Agate Construction, Agency for the Sustainable Development of the Saint Nazaire Region, France, AirAsia Group, Airsoft, Allianz Global Risks U.S. Insurance Company, Alltruck Bodies, Alrajhi Bank, Altipal S.A.S, Amazon, Amberstone Security, AMD Radeon DirectX 11 Driver, American Builders Outlet, American Renal Associates, American Renal Management, Andovers Federal Credit Union, APS – Automotive Parts Solutions, Arbitrum, Argentina’s national registry, Army Welfare Trust, Array Networks, Asantee Games, Asbury Automotive Group, Ascension healthcare, Ashley Home Stores, Aspire Health Alliance, Astra Daihatsu Motor (ID), AT&T, Atlantic States Marine Fisheries Commission (ASMFC), Aussizz Group, Autodesk Drive, Axip Energy Services, Ayesa, B&G Foods, Badger Tag & Label, Banco Santander, Banten Regional Development Bank Tbk, Barclays Bank, Base Network, Bay Oral Surgery & Implant Center, Bağcılar Training and Research Hospital, Bega Valley Council, Belarusian KGB, Belvedere Vodka UK, BenefitsCal, Berry, Dunn, McNeil & Parker, Best Reward Federal Credit Union, BetterHelp, Bharat Sanchar Nigam Limited (BSNL), BHF Couriers, Biggs Cardosa Associates, Inc., Bira 91, Bitfinex, Blackstone Valley Community Health Care, Blooms Today, Bluebonnet Trails, Bluegrass Care Navigators, BMW BANK, Bodyartforms LLC, Boeing, Bradford-Scott, Brandywine Realty Trust, BreachForums, Bridgeway Center, Inc., British Columbia, Canada, Brocade SANnav SAN Management Software, Brovedani Group, Bundeswehr, Byron council, Café Soluble, California library system, Calumet Civil Contractors, Inc, Camino Nuevo Charter Academy, Canatal Industries, Canberra club, Cannes hospital, Cariboo library system, Carpetright, Catholic Diocese of Cleveland, Catholic Medical Center (CMC), CCM Health, Central Bank Argentina, Central Carolina Insurance Agency Inc, Central Florida Equipment, Central Power Systems & Services, Central Virginia Federal Credit Union, Change Healthcare, Channel Logistics LLC, Chemring Group, Cherry Health, Chicony Electronics, Chirp Systems, Christie’s Auction House, Cisco Duo, Cisco Integrated Management Controller (IMC), City of Buckeye, AZ, City of Donges, France, City of El Cerrito, California, City of London, UK, City of Pensacola, Florida, City of Wichita, Kansas, Cleveland Catholic Diocese, Community First Credit Union, Confins Transport, Consensus Medical Group, Consol Energy, Continuum Health, Coppel, Coradix-Magnescan, CorporateStack, Costa Edutainment SPA, Council for Relationships, County of Coffee, Georgia, County of Hernando, FL, County of Jackson, MO, County of Los Angeles, CA, Department of Health Services, County of Robeson, NC, County of San Bernardino, CA, CrushFTP, Cushman Contracting Corporation, CyberPower UPS, D-Link Devices, Daoust, Dawson Creek, Deeside Timberframe, Delinea Secret Server, Dell, Dental Group of Amarillo, Dental Health Services, DES Architects and Engineers,
Designed Receivable Solutions, Deutsche Telekom, Digi Yatra Foundation, Dijk, Discord, District of Columbia’s Department of Insurance, Securities and Banking (DISB), DocGo, Dominican Republic vaccination data, Donco Air, Doyon Drilling, Drive Sally LLC, DRM Arby’s, Dropbox Sign, Duvel Moortgat, D’amico & Pettinicchi, LLC, E-ZPass, East Central University, OK, Eden Project, Edlong and Holstein Association USA, Educational Computer Systems, EduMarket, Efrat Airlines, Egypt Ministry of Supply and Internal Trade, El Salvador, El Salvador’s Chivo Wallet, Electric Mirror, Empath Health, Engineered Automation of Maine, Enstar, Epilepsy Foundation of Metro NY, EqualizeRCM and 1st Credentialing, Ernest Health, Eucatex, European Parliament, Europol, EvoBanco, F5 Central Manager, Feldstein & Stewart, Fic Expertise, Financial Business and Consumer Solutions (FBCS), Firstmac, FiXBET, Floirac, Footdistrict, Fort Worth, Texas, Foxit Reader, French Ministry of Agriculture, Frontier Communications, FrotCom, GBI Genios, Gerber Life Insurance Company, Giant Tiger, GitHub Search, GitLab, Glendale Unified School District, Glints, Global Tel Link, Google Chrome, Google, Graphic Solutions Group Inc, Grassroot DICOM, Great Firewall of China, Green Diamond Resource Company, Greylock McKinnon, Grindr, Grodno Azot, Group Health Cooperative of South-Central Wisconsin (GHC-SCW), Guadeloupe, Canada, Guardant Health, Inc., Guardian Analytics, Hapy Bear Surgery Center, Hardeman County Community Health Center, Hedgey Finance, Helapet Ltd, Helsinki Education Division, Heritage Cooperative, High Performance Services, Hillsong Church, Hirsh Industries, Hit Promotional Products, Home Depot, Hong Kong Arts Development Council, Hong Kong College of Technology, Hong Kong Fire Department, Hong Kong Union Hospital, Hooker Furniture, Hosocongty, Hospital Simone Veil, 100 hotels in Japan, Houser LLP, Hoya Optics, HP, HPE ArubaOS Devices, HSBC Bank, HTW, Hub International Limited, Human Events, IBM’s Enterprise Terminal, iCabbi, ICICI Bank, IDS Michigan, Illinois State Credit Union, Illinois Tollway, In The Know, India’s Central Board of Secondary Education (CBSE), India’s HRYLabour, India’s ICICI Bank, Ingo Money Inc, Inland Physicians Billing Services, Intel CPUs (Spectre v2), Intel Hardware Firmware, Interim Healthcare of Lubbock, International Baccalaureate Exam, Inventum Øst, Iranian Pipeline Company, Iress Ltd, Israel Electric Corporation (IEC), Israeli Real Estate Companies, ISTA International GmbH, It4 Solutions Robras Corp, Italian Red Cross Network, Ivanti Avalanche, J.P. Morgan Chase, JE Owens, Kaiser Foundation Health Plan, Inc., Kaiser Permanente, Kameymall, Kansas City Scout System, Keenan & Associates, Kintetsu World Express, Kisco Senior Living, KISTI SMART K2C, Kowloon Shangri-La, La Chapelle-des-marais, France, Ladakh Social Welfare Department, Lamont Hanley & Associates, Latvian TV Channels, LDLC, Le Slip Français, Leicester City Council, Lenovo Hardware Firmware, Lewis & Clark College, LG TVs, Lieberman LLP, Lilly Drogerie, Lincoln Project, LiteSpeed Cache, LivaNova, LiveHelpNow, LocalPlace JP, London Drugs, London Stock Exchange Group, Lopesan Hotels, Lotz Trucking, Lpdb Kumkm, LRB Info Tech, Lukfook Jewellery, Lumina Americas, Luxor, LYON TERMINAL, M2E Consulting Engineers, Macedonian Joint Stock Company, Madata, Magnet+, Malone & Co, Manchester’s Catholic Medical Center, Marpai Health, Mauritzon, McKinley Packing, Medequip Assistive Technology, Medical Home Network, MediExcel, Medios de Prevención Externos Sur SL, MedStar Health, Meduza, Mellitah Company, Mercedes, Merchants Benefit Administration, Metropolitan Life Insurance Company, Microsoft, Microsoft Azure Entra ID, Microsoft Outlook, Missouri Electric Cooperatives, Moffitt Cancer Center and Research Institute, Moldova Government, MoldTech, Molen & Associates, Monash Health, Monday.com, MongoDB, Monocon, Montoir-de-Bretagne, France, Moscow Moskollector, MovieBoxPro, MRA – The Management Association, Mt Hira College, Myers Automotive Group, National Energy Research Scientific Computing Center (NERSC), Nespresso, Nestle, New Boston Dental Care, New Hudson Facades, New Mexico Administrative Office of the District Attorneys, New Mexico Highlands University, New York’s state legislature, Nexperia, NHS Dumfries and Galloway, NK Parts Industries, NorthBay Health, Nota by M&T Bank and TTEC Databases, Nothing, Nova Scotia Health, NRS Healthcare, Numotion, NVIDIA, OakBend Medical, Octopharma Plasma, OE Federal Credit Union, Ogero, Ohio Lottery, Okta, Olson Steel, Olympus Group, OracleCMS, OraSure, Original Herkimer Cheese, OrthoConnecticut, Outabox, Pacific Guardian, Pak Suzuki, Palo Alto Networks PAN-OS, Panda Restaurant Group, Pandemonium Rocks, Panoramic Health, Parent Teacher Association (PTA), Paris Saint-Germain (PSG), Parklane Group, Patricia AI, Paychex, Inc., Paytm, Pennsylvania Convention Center, Pennsylvania Insurance Department, Peplink Smart Reader, Persyn, Philadelphia Inquirer, Philips Respironics, Phoenix Business Consulting, PHP, Pifer’s Auction & Realty, Pilot, Pinnacle Engineering, Pinnacle Orthopaedics, Pioneer Oil Company, Inc, Piping Rock, Police Service of Northern Ireland (PSNI), Porniche, France, Pratham, Precision Fluid Controls, Premier Dermatology, Prisma Finance, Pro Metals LLC, Process Solutions, Procuraduría General de la República, Profile Products, Progress Flowmon, Promarka Peru, Pub And Club, Public service of Wallonia, PWS – The Laundry Company, Qantas, QNAP, Quebec CEGEPs, RAF El Salvador, Randolph Health, RaySharp, RB Woodcraft, Reading Electric, Rebound Orthopedics & Neurosurgery, Recology, Redwood Coast Regional Center, Rehabilitation Hospital of Southern New Mexico, Reliable Networks, Rocky Mountain Sales, Roku, Romeo Pitaro Injury and Litigation Lawyers, Rushd Bookstore, Rutgers University, Räddningstjänsten Vä stra Blekinge, Sachkhere, Sahara Bank, Saint-Nazaire, France, Sanok Rubber Company, Saudi Water Facilities, Scanda Group, Scigames, Scottish health board, Seaman’s Mechanical, SEK Studio, Seneca Nation Health System, Sentry Data Management, Servicio Móvil, Shadow, Siemens Manufacturing, Sigmund Espeland, Signature Healthcare Services LLC, SigningHub, Simmons Perrine Moyer Bergman PLC, Singapore’s Ministry of Education, Singapore’s Mobile Guardian, SinglePoint Outsourcing, Inc., SIS Automatisering, Sisense, Skanlog, Sleep Data Holdings, LLC, Sleep Management Institute, Smoke Alarm Solutions, SOA Architecture, Softura, Somerset Dental Las Vegas, Somerville, Sonadev, France, South Africa’s International Trade Administration Commission (ITAC), South Korean courts, South Korean cable & satellite, South Korean Defense Companies, South Texas Oncology and Hematology, Space X, Space-Eyes, Speedy France, Sri Lanka’s visa system, SSCL, SSS Australia, St-Jerome Company, St. Helena Public Library, Stainless Foundry & Engineering, StarWallets, States of Guernsey, Sterling Holidays, Sterling Plumbing Inc., Studio LAMBDA, Swisspro, SynLab Italia, Sysmex America, Inc, T2 Tea Australia, Tamil Nadu Police, Tappware, Targus, Tatarstan, Russia, Taxi Software, Ted Brown Music, Telecom Argentina, Telit Cinterion modems, Texas Retina Associates, The Epilepsy Institute, The Georgia Institute for Plastic Surgery, The Heritage Foundation, The Kennedy Collective, The Lagunitas Brewing Company, The Line Up, Inc, The May Institute, Inc., The Philadelphia Inquirer, PBC, The Post and Courier, The Post Millennial, The Prudential Insurance Company of America, The Roman Catholic Diocese of Phoenix, The State of Kansas Office of Judicial Administration, The Tech Interactive, Theatrixx Technologies, Therapeutic Health Services, 50,000 Tinyproxy servers, Tipton Municipal Utilities, IN, Toolmarts, Toronto Transit Commission, Transamerica Life Insurance Company, Trib Total Media, True Homes, LLC, TRUE Solicitors, Trylon Srl, Tyler Technologies, UAE Government, UK Government’s System Database, UK Ministry of Defence, UK Royal Mail, 20 Ukrainian Energy and Water Sites, Ukrainian TV, United Nations Development Programme, University of Alabama, University of Alberta, University System of Georgia (USG), US Air Force Academy (USAFA), US Atlantic Fisheries, US Coast Guard Reserve, US Consumer Database, US Health and Human Services (HHS), US Internal Revenue Service (IRS), US Medicare, US Patent and Trademark Office, US Space Forces (USSF) Military Bases, USA Health Providence Hospital, Utica Mack, Valley Mountain Regional Center, Valley Veterinary Clinic, LLC, Van Gogh Museum, Varo Bank, N.A., Veeam, Velvet Capital, Verizon, Victorian Ambulance Union, Virginia Union University, VirtualBox, Visionary Integration Professionals, VMware Cloud Foundation, VMware ESXi, VMware Fusion Pro/Fusion, VMware Workstation Pro/Player, Void Interactive, Volkswagen, VPN traffic (TunnelVision), VTRP, W.I.S. Sicherheit-Service GmbH & Co. KG, Washington State’s Swinomish Casino and Lodge, WebTPA Employer Services, LLC, WEL Partners, Wells Fargo, Welsh Government, Wescom Central Credit Union, West Idaho Orthopedics and Sports Medicine, Westboro Baptist Church, WhatsApp, Windows, Windows Apps, Windows Print Spooler, WOM, World Architects, World-Check, WP Forminator plugin, WP-Automatic Plugin, Xiaomi, Yale Mortgage, YRW Limited – Chartered Accountants, ZA Government Employees Pension Fund’s (GEPF), ZircoDATA, and Zscaler Inc have reported hacking or compromises this month.
Central Power Systems & Services, Final Fantasy, Frontier Communications, Kansas City’s official website, Ogero, Reddit, and Telegram have suffered from outages this month.
Last months updates broke Outlook, Windows (thanks ManageEngine), and VPN connections.
An update to ManageEngine has caused thousands of Windows machines to fail to boot. I guess that’s one way to make sure that they can’t be hacked through ManageEngine vulnerabilities?
Windows has officially added advertisements to the Windows 11 Start Menu.
The PuTTY Pageant key generation weakness will require millions upon millions of certificates to be rekeyed.
The Windows Boot Manager update released in January still has no automated fix from Microsoft. Third parties have created several methods of installing the update, and the closest-to-perfect automation yet requires seven (7!) restarts.
Microsoft has announced plans to implement fully locked down DNS via a pairing of DNS and the firewall, branded Zero Trust DNS – ZTDNS.
A recent technical paper described the process of using LLM (GPT-4) to automate the process of building exploits for newly discovered vulnerabilities. Reviews of the paper tend to acknowledge that it can be used in this fashion but focus instead on the use of the word “autonomously” which they treat as sentience. No guys, the paper isn’t saying that Skynet is here, just that LLMs are getting to the point where they can build functional exploit code based on brief descriptions of vulnerabilities.
I first saw the description of “Kobold Letters” a couple months ago. While a very creative use of CSS and an interesting idea, what are the chances that this kind of thing would actually be used in real life? 100%. I’ve now seen this behavior on three different client mail accounts in Microsoft Online and Gmail.
The founder of Telegram has publicly reported that the FBI pressured an employee to build a backdoor into the system. They refused.
Thunderbird has added Microsoft Exchange support. This means you won’t be forced to use the “New Outlook” crapp to access your Microsoft Exchange accounts. 🙂
Now for the good news:
We won. Sony caved on the Helldivers 2 privacy-violating “account linking” change. 🙂
Let’s Get Busy
Now back to our regularly scheduled program.
Patch Tuesday is insane this month. The typical computer should see roughly 5 GB in updates today. Let’s get started.
Microsoft released updates to address 67 vulnerabilities in .NET and Visual Studio, Azure Migrate, Microsoft Bing, Microsoft Brokering File System, Microsoft Dynamics 365 Customer Insights, Microsoft Edge (Chromium-based), Microsoft Intune, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows SCSI Class System File, Microsoft Windows Search Component, Power BI, Visual Studio, Windows Cloud Files Mini Filter Driver, Windows CNG Key Isolation Service, Windows Common Log File System Driver, Windows Cryptographic Services, Windows Deployment Services, Windows DHCP Server, Windows DWM Core Library, Windows Hyper-V, Windows Kernel, Windows Mark of the Web (MOTW), Windows Mobile Broadband, Windows MSHTML Platform, Windows NTFS, Windows Remote Access Connection Manager, Windows Routing and Remote Access Service (RRAS), Windows Task Scheduler, Windows Win32K – GRFX, Windows Win32K – ICOMP, and MSRT. This includes security updates. A reboot is required.
Oracle released 441 security updates this quarter to address vulnerabilities in 119 applications.
https://www.oracle.com/security-alerts/cpuapr2024.html
Apple released updates for iOS 16.7.8, iOS 17.5, iPadOS 16.7.8, iPadOS 17.5, iTunes 12.13.2 for Windows, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, Safari 17.5, tvOS 17.5, and watchOS 10.5. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.
iOS 16.7.8 and 17.5 are security updates. Use Settings, General, Software Update to install the most current update.
iPadOS 6.7.8 and 17.5 are security updates. Use Settings, General, Software Update to install the most current update.
watchOS 10.5 is a security update. Use the Watch app on your iPhone to install the most current version.
tvOS 17.5 is a security update. Use System, Software Update to install the most current version.
Google Chrome OS 124.0.6367.154 and 120.0.6099.310 are security updates. Use Menu, Help, About to install the most current version. A reboot is required.
Fedora 40-1.14 is a major update, replacing BerkeleyDB with alternatives, updating libraries, and including adding new features and defaults. This should be treated as a security update.
https://getfedora.org/en/workstation/download/
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.
Important Notes
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
The release of macOS Sonoma (14.x) means that macOS Big Sur (11.x) and older are no longer supported. If you can not install at least macOS Monterey (12) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.
The now-current — and final — release of the Windows 10 (v22H2) is very large so will take a long time to download on slower connections. All non-LTS versions of Windows 10 other than v22H2 are now out of support, upgrade to v22H2 now. If you aren’t sure whether you are using LTS, you aren’t. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
The now-current release of the Windows 11 (v23H2) is very large so will take a long time to download on slower connections. Windows 11 pushes you to get the latest Windows 11 release every 12 months and only supports any consumer builds for 24 months. If you don’t let it finish and you’re on a slow connection, this process will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
Windows 11 is now stable and can be upgraded to if your hardware supports it, but I recommend you continue to use Windows 10 until early 2025 before you consider switching to it.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com
Driver Updates
If you’re using this hardware – these updates are for you.
AMD Adrenalin 24.4.1 adds support for new software, performance improvements, and resolves several bugs. This is not a security update.
https://www.amd.com/en/support
Daemon Tools Lite 12.1.0 improves tooltips, and resolves a couple bugs. This is not a security update.
https://www.daemon-tools.cc/products/dtLite
Dymo Connect for Desktop 1.3.2.18 doesn’t provide a detailed change log so should be treated as a security update.
https://www.dymo.com/label-makers-printers/labelwriter-label-printers/dymo-labelwriter-450-duo-thermal-label-printer/SAP_1752267.html
TP-Link Archer AX55 v1 240325 adds almost a dozen new features, improves stability and resolves several bugs. This is a security update.
https://www.tp-link.com/us/support/download/archer-ax55/v1/#Firmware
TP-Link Archer AX73 v2.0 240323 resolves several bugs. This is a security update.
https://www.tp-link.com/us/support/download/archer-ax73/v2.0/#Firmware
UniFi Network Server 8.1.127 enhances firewall rules visibility, adds tunnel IP addresses, OSPF dynamic routing support, and resolves a dozen bugs. This is not a security update.
https://www.ui.com/download/releases/network-server
VIISAN OfficeCam 7.1.19.0 doesn’t provide a change log so should be treated as a security update.
https://www.viisan.com/en/download/type1.html
Wacom Driver 6.4.6-1 adds support for newer hardware, resolves several bugs and improves stability.
https://www.wacom.com/en-us/support/product-support/drivers
Xerox Smart Start 2.0.34.0 doesn’t provide a change log so should be treated as a security update.
https://www.support.xerox.com/en-us/content/143617
Browser Updates
One or more of these are likely to be of interest to everyone.
Brave 1.65.133 is a security update.
https://brave.com/
Firefox 126 is a security update.
https://www.mozilla.org/en-US/firefox/new/
Firefox ESR 115.11.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/
Google Chrome 124.0.6367.207 is a security update.
https://www.google.com/chrome/
Microsoft Edge 124.0.2478.97 is a security update.
https://www.microsoft.com/en-us/edge/business/download
Vivaldi 6.7.3329.29 is a security update.
https://vivaldi.com/
Email Updates
One or more of these are likely to be of interest to everyone.
Spark 3.15.5.72973 resolves several AI-related bugs. This is not a security update.
https://sparkmailapp.com/
Spark (macOS) 3.15.5.72972 resolves several AI-related bugs. This is not a security update.
https://sparkmailapp.com/
Thunderbird 115.10.2 is a security update.
https://www.thunderbird.net/en-US/
Internet Updates
One or more of these are likely to be of interest to everyone.
AnyDesk 8.0.10 is a security update.
https://anydesk.com/en/downloads
AnyDesk (macOS) 8.0.1 resolves several bugs. This is not a security update.
https://anydesk.com/en/downloads
Dropbox 199.4.6287 removes a cosmetic defect. This is not a security update.
https://www.dropbox.com/
Facebook Messenger 211.0.0.18.236 is a security update.
https://www.messenger.com/download
FileZilla Client 3.67.0 is a security update.
https://filezilla-project.org/
FileZilla Server 1.8.2 is a security update.
https://filezilla-project.org/
FreeFileSync 13.6 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php
Google Drive 90.0 resolves several bugs. This is the last version to support macOS 10.15 – if your hardware can not support macOS 11 you should have already removed it from the Internet, but if not, please take this as one more signal that it’s time to replace it.
https://drive.google.com/start
Microsoft Teams 1.7.00.10152 resolves several bugs. This is not a security update.
https://teams.microsoft.com/downloads
Nextcloud Server 29.0.0 is a major update, resolving dozens of bugs, updating libraries, and improving workflow and design. This should be treated as a security update.
https://nextcloud.com/
Nmap 7.95 adds over 6,500 more fingerprints, new scripts and resolves several bugs. This is a security update.
https://nmap.org/
PuTTY 0.81 is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Signal 7.8.0 adds emoji call responses and resolves several bugs. This is not a security update.
https://signal.org/download/windows/
Signal (Android) 7.6.2 adds emoji call responses, adds sent message editing, and resolves several bugs. This is not a security update.
https://signal.org/android/apk/
Skype 8.116.0.213 improves stability. This is not a security update.
https://www.skype.com/
Syncthing 1.27.7 resolves a potential security bug.
https://syncthing.net/
Telegram 5.0.1 resolves several bugs. This is not a security update.
https://telegram.org/
USB Drive Log 1.13 adds black background support. This is not a security update.
https://www.nirsoft.net/utils/usb_drive_log.html
Z-Library 1.02 doesn’t provide a change log so should be treated as a security update.
https://z-library.se/z-access#desktop_app_tab
Zoom 6.0.4.38135 resolves several bugs. This is not a security update.
https://zoom.us/
Media Updates
These are unlikely to be of interest to most people.
3tene 4.0.4 resolves several bugs. This is not a security update.
https://en.3tene.com/
Bitwig Studio 5.1.9 resolves several bugs. This is a security update.
https://www.bitwig.com/download/
Grayjay 240 adds several new features, sources, improvements, and resolves a dozen bugs. This is not a security update.
https://grayjay.app/index.html
iTunes 12.13.2.3 is a security update.
https://www.apple.com/itunes/download/
Plex Desktop 1.92.1.140 doesn’t provide a detailed change log so should be treated as a security update.
https://www.plex.tv/media-server-downloads/#plex-app
Plex Home Theater 1.60.1.134 updates libraries. This should be treated as a security update.
https://www.plex.tv/media-server-downloads/#plex-app
Plex Media Server 1.40.2.8395 resolves several bugs, including an installation path issue. If you used a custom path you will need to uninstall and reinstall in order for future automatic updates to work correctly. This is not a security update.
https://www.plex.tv/media-server-downloads/#plex-media-server
Game Updates
These are unlikely to be of interest to most people.
GameMaker Studio 2024.4.0.137 changes homepage. This is not a security update.
https://www.yoyogames.com/en/gamemaker
GDevelop 5.3.201 resolves several bugs and improves interface. This is not a security update.
https://gdevelop.io/download
Minecraft Server (Bedrock) 1.20.81.01 does not provide a change log so should be treated as a security update.
https://www.minecraft.net/en-us/download/server/bedrock
Minecraft Server (Java) 1.20.6 does not provide a change log so should be treated as a security update.
https://www.minecraft.net/en-us/download/server
Nintendo Switch 18.0.1 resolves several bugs. This is a security update.
https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/kw/system%20updates/p/989
PS5 2024.430 resolves several bugs and improves hardware support. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/
Steam 2024-05-13 resolves several bugs. This is not a security update.
https://store.steampowered.com/news/app/593110
By the way, we won. Sony caved on the Helldivers 2 privacy-violating “account linking” change. 🙂
SteamOS SteamDeck Update 2024-05-03 is a security update.
https://store.steampowered.com/news/app/1675200/
Office Updates
One or more of these are likely to be of interest to most people.
Adobe Acrobat and Reader 24.002.20759 and 20.005.30636 are security updates.
https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
Adobe Aero 0.24.4 is a security update.
https://helpx.adobe.com/security/products/aero/apsb24-33.html
Adobe Animate 23.0.6 and 24.0.3 are security updates.
https://helpx.adobe.com/security/products/animate/apsb24-36.html
Adobe Dreamweaver 21.4 is a security update.
https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html
Adobe FrameMaker 2020.6 and 2022.4 are security updates.
https://helpx.adobe.com/security/products/framemaker/apsb24-37.html
Adobe Illustrator 28.5 and 27.9.4 are security updates.
https://helpx.adobe.com/security/products/illustrator/apsb24-30.html
Adobe Substance 3D Designer 13.1.2 is a security update.
https://helpx.adobe.com/security/products/substance3d_designer/apsb24-35.html
Adobe Substance 3D Painter 10.0.0 is a security update.
https://helpx.adobe.com/security/products/substance3d_painter/apsb24-31.html
Aronium 1.43.0.2 adds dual currency and night theme, improves refund behavior, and resolves several bugs. This is not a security update.
https://aronium.com/
Audacity 3.5.1 adds a bunch of new features and resolves dozens of bugs. This is not a security update.
https://www.audacityteam.org/download/
Calibre 7.10.0 adds export support, spell check, color inversion and resolves several bugs. This is not a security update.
https://calibre-ebook.com/
Columns++ 1.0.6 improves wrapped line caompatibility. This is not a security update.
https://github.com/Coises/ColumnsPlusPlus
Formatta Filler 8.19.0.4 doesn’t provide a change log so should be treated as a security update.
https://formatta.com/formatta-products/complete-submit/
GIMP 2.10.38 doesn’t provide a detailed change log so should be treated as a security update.
https://www.gimp.org/
Java 8u411 is a security update.
https://www.java.com/en/download/manual.jsp
JShelter 0.18 improves compatibility. This is not a security update.
https://jshelter.org/install/
Kdenlive 24.02.2 improves compatibility and resolves several bugs. This is not a security update.
https://kdenlive.org/
Kindle for PC 2.3.70840 doesn’t provide a change log so should be treated as a security update.
https://www.amazon.com/kindleforpc
LibreOffice 7.6.7 resolves over 40 bugs. This is a security update.
https://www.libreoffice.org/
LibreOffice Fresh 24.2.3 resolves over 75 bugs. This is a security update.
https://www.libreoffice.org/
Manager 24.5.13.1531 adds several new features and improves email integration and display. This is not a security update.
https://www.manager.io/
Nextcloud Desktop 3.13.0 resolves dozens of bugs and updates libraries. This is a security update.
https://nextcloud.com/
Notepad++ 8.6.7 improves multiedit and language support, and resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/
PDF-XChange Editor 10.3.0.386 adds page extraction, label modification, improves sort and group behavior and resolves dozens of bugs. This is not a security update.
https://www.pdf-xchange.com/product/pdf-xchange-editor
QuickBooks Pro 2022 20240509-R15_25 updates to backend processes. This is not a security update.
https://downloads.quickbooks.com/app/qbdt/products
QuickBooks Pro 2023 20240509-R12_15 updates to backend processes. This is not a security update.
https://downloads.quickbooks.com/app/qbdt/products
Security Software Updates
One or more of these is likely to be of interest to most people.
Chainsaw 2.9.0 adds native rules, timezone improvements, and adds ability to change default conditional when searching. This is not a security update.
https://github.com/countercept/chainsaw
Microsoft Edge Policy 2024.05.07 updates policies. This is not a security update.
https://github.com/MicrosoftDocs/Edge-Enterprise/blob/public/edgeenterprise/microsoft-edge-policies.md
OpenSSL 3.3.0 is a security update.
https://slproweb.com/products/Win32OpenSSL.html
ProtonVPN (macOS) 4.2.2 improves performance. This is not a security update.
https://protonvpn.com/download
RogueKiller 15.16.1 updates engine and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/
Stinger 13.0.0.118 adds support for more detections. This is not a security update.
https://www.mcafee.com/us/downloads/free-tools/stinger.aspx
SuperAntiSpyware 10.0.1266 resolves several bugs. This is not a security update.
https://www.superantispyware.com/download.html
Tails 6.2 is a security update.
https://tails.net/install/download/index.en.html
Velociraptor 0.72 adds EWF support and resolves several bugs. This is not a security update.
https://github.com/Velocidex/velociraptor/releases/latest
Capture Updates
These are unlikely to be of interest to most people.
SnagIt 24.1.3 improves OCR, performances, updates libraries and resovles several bugs. This is a security update.
https://www.techsmith.com/screen-capture.html
Converter Updates
These are unlikely to be of interest to most people.
DVDFab 13.0.1.7 resolves several couple bugs. This is not a security update.
https://www.dvdfab.cn/download.htm
StreamFab 6.1.7.7 improves compatibility and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/downloader-new.htm
UniFab 2.0.2.0 resolves several bugs. This is not a security update.
https://www.dvdfab.cn/unifab.htm
Utility Updates
These are unlikely to be of interest to most people.
1Password 8.10.32 improves compatibility, adds support to import from more third-party platforms, and resolves several bugs. This is a security update.
https://1password.com/downloads/
Agent Ransack 2022.3434 adds support for OneNote and resovles several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/
AOMEI Partition Assistant 10.4.0 improves the user interface. This is not a security update.
https://www.diskpart.com/
Bitwarden 2024.4.2 improves passkeys support and secrets manager, and adds a new Authenticator app. This is not a security update.
https://bitwarden.com/
BulkFileChanger 1.73 resolves a timezone-related bug. This is not a security update.
https://www.nirsoft.net/utils/bulk_file_changer.html
CCleaner 6.23.11010 resolves several bugs. This is a security update.
https://www.ccleaner.com/
DesktopOK 11.21 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK
dnGrep 4.1.92.0 resolves a .git/.gitignore bug, updates .NET library and translations. This is a security update.
https://dngrep.github.io/
ExplorerPatcher 22621.3527.65.2 resolves several bugs. This is not a security update.
https://github.com/valinet/ExplorerPatcher/
FileLocator Pro 2022.3434 adds support for OneNote and resovles several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download
FoneTool 2.6.1 adds iOS Data Recovery and resolves a crash bug. This is not a security update.
https://www.fonetool.com/download.html
Git SCM 2.45.0 adds dozens of new features and behaviors, and resolves over 50 bugs. This is not a security update.
https://git-scm.com/
Go 1.22.3 is a security update.
https://go.dev/
GoodSync 12.6.5 improves compatibility and resolves several bugs. This is not a security update.
https://www.goodsync.com/
HWiNFO 8.02 doesn’t provide a change log so should be treated as a security update.
https://www.hwinfo.com/download/
InstalledAppView 1.08 resolves a CLI bug. This is not a security update.
https://www.nirsoft.net/utils/installed_app_view.html
IsMyHdOK 3.96 improves performance and testing accuracy. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK
LessMSI 2.0.1 updates dependencies and build environment, and resolves a stability bug. This is not a security update.
https://lessmsi.activescott.com/
NirCmd 2.87 adds and resolves ~$ variables. This is not a security update.
https://www.nirsoft.net/utils/nircmd.html
NTLite 2024.5.9931 resolves dozens of bugs. This is not a security update.
https://www.ntlite.com/download/
osquery 5.12.1 is a security update.
https://osquery.io/downloads
PingInfoView 3.05 adds option to map source IPv4 Address. This is not a security update.
https://www.nirsoft.net/utils/multiple_ping_tool.html
PowerToys 0.80.1 improves stability. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest
PSAppDeploy 3.10.1 adds a dozen features and parameters, improves stability and reliability, and resolves several bugs. This is not a security update.
https://psappdeploytoolkit.com/
RoboForm 9.5.8 improves GUI. This is not a security update.
https://www.roboform.com/
ScreenConnect 24.1.7.8892 resolves dozens of bugs and improves compatibility. This should be treated as a security update.
https://screenconnect.connectwise.com/download
Starwind V2V Converter 9.444 adds support for new conversions. This is not a security update.
https://www.starwindsoftware.com/starwind-v2v-converter
WinGet 1.7.11261 fixes elevation issues, updates dependencies and libraries. This is a security update.
https://github.com/microsoft/winget-cli/releases/latest
WinScan2PDF 8.81 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF
WUMT 04.22.2022 improves Windows 11 compatibility. This is not a security update.
https://www.oldergeeks.com/downloads/file.php?id=1366
Developer Updates
These are unlikely to be of interest to most people.
.NET Runtime 8.0.5 is a security update.
https://dotnet.microsoft.com/en-us/download/dotnet
Android Studio 2023.3.1 adds device streaming for testing, integrates crashlytics, improves App Quality Insights, and adds audio redirection. This is not a security update.
https://developer.android.com/studio
AutoHotkey 2.0.14 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/
cx_Freeze 7.0 updates dependencies and libraries and resolves hundreds of bugs. This should be treated as a security update.
https://cx-freeze.readthedocs.io/en/latest/index.html
GitHub Desktop 3.3.17 removes support for older macOS versions, resolves a dozen bugs and improves user interface. This is not a security update.
https://desktop.github.com/
Godot 4.2.2 improves CLI support, resolves the audio bug, and more than 200 other issues. This is a security update.
https://godotengine.org/
MySQL ConnectorNet 8.4.0 updates libraries and resolves several bugs. This is a security update.
https://dev.mysql.com/downloads/connector/net/
MySQL Server 8.0.37 resolves dozens of bugs. This is a security update.
https://dev.mysql.com/downloads/installer/
NASM 2.16.03 improves the build process. This is not a security update.
https://www.nasm.us/index.php
Node.js 18.20.2 is a security update.
https://nodejs.org/en/
Node.js 20.13.1 resolves several bugs and updates libraries. This is a security update.
https://nodejs.org/en/
Node.js 21.7.3 is a security update.
https://nodejs.org/en/
Node.js 22.1.0 is a major update. This is a security update.
https://nodejs.org/en/
Redemption 6.5.0.6294 improves integration and resolves several bugs. This is not a security update.
https://www.dimastr.com/redemption/
Rustup 1.27.1 resolves several bugs. This is not a security update.
https://www.rust-lang.org/
SQLite 3.45.3 adds new JSON handling behaviors and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html
TortoiseGit 2.16.0 resolves a dozen bugs and updates libraries. This is a security update.
https://tortoisegit.org/
TortoiseSVN 1.14.7 resolves several bugs. This is a security update.
https://tortoisesvn.net/downloads.html
Visual Studio Code 1.89.1 adds support to exclude content from Copilot and resolves several bugs. This is not a security update.
https://code.visualstudio.com/
WinMerge 2.16.40 resolves several bugs. This is not a security update.
https://winmerge.org/
Virtual Machine Updates
These are unlikely to be of interest to most people.
VirtualBox 7.0.18 resolves over a dozen bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads
Web Package Updates
These are likely to be of interest only to web developers.
HumHub 1.15.5 resolves several bugs. This is not a security update.
https://www.humhub.com/en
Joomla 5.1.0 adds more than a dozen features and code and performance improvements. This is not a security update.
https://www.joomla.org/
MAMP 5.0.6 updates dependencies. This should be treated as a security update.
https://www.mamp.info/en/mamp/windows/
phpList 3.6.15 is a security update.
https://www.phplist.org/
Piwigo 14.4.0 resolves several bugs. This is not a security update.
https://piwigo.org/
WordPress 6.5.3 is a security update.
https://wordpress.org/
BuddyPress 12.4.1 is a security update.
https://wordpress.org/extend/plugins/buddypress/
Contact Form 7 5.9.4 resolves a couple bugs. This is not a security update.
https://wordpress.org/extend/plugins/contact-form-7/
Duplicator 1.5.9 improves compatibility and resolves a bug. This is not a security update.
https://wordpress.org/plugins/duplicator/#developers
My Sticky Bar 2.7 resolves a cosmetic bug. This is not a security update.
https://wordpress.org/extend/plugins/mystickymenu/
Postie 1.9.69 should be treated as a security update.
https://wordpress.org/extend/plugins/postie/
Slider Revolution 6.7 resolves several bugs. This is a security update.
https://revolution.themepunch.com/
Social Post Feed 4.2.4 improves integration. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/
Sucuri Security 1.8.44 improves API key controls. This is not a security update.
https://wordpress.org/extend/plugins/sucuri-scanner/
W3 Total Cache 2.7.2 resolves several bugs and improves compatibility. This is not a security update.
https://wordpress.org/extend/plugins/w3-total-cache/
WooCommerce 8.9.0 improves compatibility and resolves dozens of bugs. This is not a security update.
https://wordpress.org/extend/plugins/woocommerce/
WPBakery 7.6 resolves several bugs. This is a security update.
https://wpbakery.com/
WPtouch 4.3.59 adds support for Reddit, improves compatibility, and resolves several bugs. This is not a security update.
https://wordpress.org/extend/plugins/wptouch/
That’s all for now folks. Keep it clean out there. 😉
Regards,
Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/