Hi, Folks!
It’s Patch Tuesday! Or should I say, it’s Heartbleed Fix Day!?
Over the last month, the world has made quite the news out of a popular open source security library, OpenSSL. SSL is the underlying framework for nearly all secure communication and encryption in the world, and OpenSSL is the library which powers over 2/3rds of this. This isn’t the first time that a security issue has been discovered in OpenSSL, and it surely won’t be the last. But this particular bug enables attackers to collect information from the memory of affected services and applications, effectively creating such a significant weakness that hundreds of vendors scrambled to patch the bug, while millions of accounts from thousands of sites and services were potentially compromised.
One of the worst aspects of a popular bug like this is that everyone and their mother has their own opinion of it’s ramifications, with some dismissing it entirely and others currently shaping a second (or third) layer of tinfoil. The truth is somewhere in between. This bug has dramatic significance to the security world. Cisco routers are affected (most with no fix in sight or anticipated), as are many ATM’s, many applications for every operating system platform, including email clients & servers, browsers, web servers, financial applications, routers, modems, middleware and dedicated security hardware. Some of these the individual vendors have said will never be updated. Many others require manual installation of the current OpenSSL libraries or recompiling.
As a rule, any application that touches the Internet or network should be treated as vulnerable until patched or verified to be secure. Over the course of the last month almost every affected vendor has released updates to address the vulnerability. Unfortunately, nothing short of a complete hardware and software audit can determine if you are vulnerable.
If you run a website or other web-accessible service, then before *and* after patching your software, hardware and devices, you should take the time to re-key your SSL certificates.
The important thing to understand about this vulnerability is that it first introduced over 2 years ago and only publicly disclosed last month. This means that all “secure” traffic over the entire last two years should be treated as suspect.
Change all your passwords. All of them. Really.
Re-key your SSL certificates.
Ensure that all your browsers and mobile devices are configured to check for certificate revocation.
Meanwhile, the first major exploit for now-defunct Windows XP was discovered in use the day after support for XP ended. In a move that surprised many in the security industry (myself included), Microsoft released an update to address this vulnerability to all current versions of Windows, and included a patch for XP, as well. This was a fantastic stop-gap for those still running XP, but is likely only an act of good faith, and will be the very last one you’ll see for XP.
And now, back to our regularly scheduled update series…
Microsoft released 10 updates for Windows, Office, Internet Explorer, .NET, Visual Studio and MSRT. This includes security updates (~95mb). A reboot is required. Approximately half of these patch vulnerabilities that are either actively being exploited or were publicly disclosed.
http://update.microsoft.com/
Apple released updates for iOS, Apple TV, AirPort, OS X and printer drivers. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.
Adobe Flash Player 13.0.0.214 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac
Adobe AIR 13.0.0.111 is a security update.
Win: https://12pd.com/click?air
Mac: https://12pd.com/click?airmac
Java 7u55 is a security update. DO NOT INSTALL Java if you do not already have it installed! Remove it if you have any doubt whatsoever that you might need it. You can always install it again if you need it. If you do have it installed, make sure you update all versions that are installed, including both the 32-bit and 64-bit versions for your operating system, if both are installed.
http://www.java.com/en/download/manual.jsp
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.
Important Notes
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com
Driver Updates
If you’re using this hardware – these updates are for you.
AMD Catalyst x64 14.4 corrects a device compatibility bug. This is not a security update.
https://12pd.com/click?atidriver
BullZip PDF Printer 10.5.0.2262 is now FIPS compliant, improves encryption, adds share installation, and improved troubleshooting. This is not a security update.
https://12pd.com/click?bullzippdf
Browser Updates
One or more of these are likely to be of interest to everyone.
Firefox 29.0.1 is a security update. Use Help, About to install the most current version.
Google Chrome 34.0.1847.131 is a security update. Use Menu, About to install the most current version.
SeaMonkey 2.26 is a security update. Use Help, About to install the most current version.
HTTrack 3.48.6 fixes several bugs. This is not a security update.
http://www.httrack.com/page/2/en/index.html
Email Updates
One or more of these are likely to be of interest to everyone.
Thunderbird 24.5.0 is a security update. Use Help, About to get the most current version.
NK2Edit 2.92 corrects a cosmetic bug. This is not a security update.
http://www.nirsoft.net/utils/outlook_nk2_edit.html
Internet Updates
One or more of these are likely to be of interest to everyone.
Adobe Shockwave 12.1.1.151 is a security update.
https://12pd.com/click?shockwave
Silverlight 5.1.30214 is a security update.
http://www.microsoft.com/silverlight/
Nmap 6.46 adds Heartbleed detection and fixes several crash bugs. This is not a security udpate.
http://nmap.org/
WinSCP 5.5.3 is a security update.
http://winscp.net/eng/index.php
Dropbox 2.6.33 fixes several reliability bugs. This is not a security update.
https://12pd.com/click?dropbox
DynDNS Updater 5.0.2 improves reliability with IPv6 and a service bug. This is not a security update.
https://www.dyndns.com/
Evernote 5.3.1.3363 fixes a reliability bug. This is not a security update.
http://www.evernote.com/
Google Drive 1.11 improves setup, adds service shortcuts and improves performance. This is not a security update.
https://drive.google.com/start
BrowsingHistoryView 1.51 corrects a search bug. This is not a security update.
http://www.nirsoft.net/utils/browsing_history_view.html
Media Updates
These are unlikely to be of interest to most people.
CDBurnerXP 4.5.3.4746 updates included libraries and fixes an audio compilation bug. This is not a security update.
http://cdburnerxp.se/
MPC HC 1.7.5 updates closed captioning, fixes CC-related crash bugs. This is not a security update.
http://sourceforge.net/projects/mpc-hc/
XBMC 13.0 is a major update that adds Android hardware decoding, performance improvements to Raspberry Pi and Android, stereoscopic 3D rendering, improved touchscreen support, UPnP, subtitles, and much more.
http://xbmc.org/
Game Updates
These are unlikely to be of interest to most people.
Minecraft 1.7.9 is a security update.
http://www.minecraft.net/
EA Origin 9.4.7.2799 does not provide a detailed change log so should be treated as a security update.
PS4 1.70 adds a number of new features and fixes. This is not a security update.
http://us.playstation.com/support/systemupdates/ps4/index.htm
SteamOS 07-May-2014 is a security update.
http://store.steampowered.com/steamos/download/?ver=custom
Office Updates
One or more of these are likely to be of interest to most people.
Adobe Reader 11.0.07 is a security update. Use Help, Check for Updates to install the most current version.
Adobe Acrobat 11.0.07 is a security update. Use Help, Check for Updates to install the most current version.
OpenOffice 4.1.0 corrects over 300 bugs and improves reliability and several features. This is not a security update.
http://www.openoffice.org/download/
Adobe Illustrator 16.2.2 is a security update. Use the Adobe Updater to install the most current version.
Adobe FrameMaker 12.0.2 is a security update. Use the Adobe Updater to install the most current version.
Adobe Premiere Pro CC 7.2.2 is a bug fix release. Use the Adobe Updater to install the most current version.
Notepad++ 6.6.2 improves session handling, reliability, stability, and corrects several bugs. This is not a security update.
https://12pd.com/click?npp
Artweaver 4.5.3 fixes several bugs including a crash. This is not a security update.
http://www.artweaver.de/
Security Software Updates
One or more of these is likely to be of interest to most people.
Avast! Home Edition 9.0.2018 improves stability and reliability, especially within the stream filtering capability. This should be treated as a security update.
http://www.avast.com/free-antivirus-download
AVG Anti-Virus 2014.4577 corrects a handful of bugs including several performance improvements. This should be treated as a security update.
http://free.avg.com/us-en/download-free-antivirus
OpenSSL 1.0.1g is a security update.
https://www.openssl.org/
DNSQuerySniffer 1.25 adds cosmetic improvements and can now optionally add itself to the Windows firewall allow list. This is not a security update.
http://www.nirsoft.net/utils/dns_query_sniffer.html
RouterPassView 1.53 adds support for more hardware. This is not a security update.
http://www.nirsoft.net/utils/router_password_recovery.html
SmartSniff 2.10 can now optionally add itself to the Windows firewall allow list. This is not a security update.
http://www.nirsoft.net/utils/smsniff.html
Wireshark 1.10.7 corrects several bugs, improves protocol handling. This is not a security update.
http://www.wireshark.org/
Capture Updates
These are unlikely to be of interest to most people.
Greenshot 1.1.9.13 corrects several bugs and adds string replacement for output and color scaling. This is not a security update.
https://12pd.com/click?greenshot
Open Broadcaster Software 0.622 Beta corrects a reliability bug. This is not a security update.
http://obsproject.com/
SnagIt 12.0.0 is a major update including a dozen new features, removing text capture, improved editor, and video trimming. This and newer versions no longer support Windows XP or Vista. This is not a security update.
http://download.techsmith.com/snagit/enu/snagit.exe
VideoCacheView 2.67 corrects a cosmetic bug. This is not a security update.
http://www.nirsoft.net/utils/video_cache_view.html
Converter Updates
These are unlikely to be of interest to most people.
DVDFab 9.1.4.2 adds rotation, mp4 and mkv support, several crash bugs, and adds multiple source support. This is not a security update.
http://www.dvdfab.cn/download.htm
MakeMKV 1.8.10 improves reliability for discs with errors, improves performance, and several bug fixes. This is not a security update.
http://www.makemkv.com/download/
Utility Updates
These are unlikely to be of interest to most people.
CintaNotes 2.6 adds search and replace, improved export and editor, and a dozen bugfixes. This is not a security update.
http://cintanotes.com/download
Bitcoin 0.9.1 is a security update.
http://bitcoin.org/en/download
BFGMiner 3.10.0 is a security update.
https://github.com/luke-jr/bfgminer/
CGMiner 4.3.1 is a security update.
https://github.com/ckolivas/cgminer
MultiBit 0.5.18 is a security update.
https://multibit.org/
FileLocator Pro 7.2.2042 fixes a NEAR bug. This is not a security update.
http://www.mythicsoft.com/filelocatorpro/download
GoodSync 9.8.4 is a security update.
https://12pd.com/click?goodsync
GPU-Z 0.7.8 improves reliability and adds support for newer hardware. This is not a security update.
http://www.techpowerup.com/downloads/SysInfo/GPU-Z/
Intel CPU Diagnostic 2.10.0.0 adds newer hardware support. This is not a security update.
https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=19792
LogMeIn 4.1.438x is a security update.
http://help.logmein.com/SelfServiceDownloads
Hamachi 2.2.0.188 corrects a stability bug. This is not a security update.
http://help.logmein.com/SelfServiceDownloads
NetworkTrafficView 1.85 adds cosmetic improvements and can now optionally add itself to the Windows firewall allow list. This is not a security update.
http://www.nirsoft.net/utils/network_traffic_view.html
WifiInfoView 1.55 improves cosmetic layout, adds more information about security mechanisms and updates internal MAC addresses file. This is not a security update.
http://www.nirsoft.net/utils/wifi_information_view.html
FolderChangesView 1.63 adds quick access to File Properties. This is not a security update
http://www.nirsoft.net/utils/folder_changes_view.html
ProduKey 1.66 adds a command-line option to suppress error messages. This is not a security update.
http://www.nirsoft.net/utils/product_cd_key_viewer.html
Acronis True Image (WDC) 16.0.0.5962 updates improves Windows 8.1 support. This is not a security update.
http://support.wdc.com/product/downloaddetail.asp?swid=119&wdc_lang=en
CCleaner 4.13.4693 improves compatibility with Windows 8.1.1, Chrome, Opera, unmounted disks and various other fixes. This is not a security update.
https://12pd.com/click?ccleaner
Defraggler 2.18.945 adds performance reporting, Quick Optimize for SSD, improved health reporting, and other fixes. This is not a security update.
https://12pd.com/click?defraggler
Speccy 1.26.698 improves SMART support, Windows 8.1 compatibility, hardware detection and other fixes. This is not a security update.
https://12pd.com/click?speccy
Recover Keys 8.0.3.109 does not provide a changelog, so should be treated as a security update.
http://recover-keys.com/en/download.html
AccessChk 5.2 adds support for file and printer shares, adds filtering options for viewing accesses related to specified accounts and now includes the System Access Control List (SACL) when it dumps security descriptors. This is a security update.
http://sysinternals.com/
PsExec 2.11 fixes a bug in the implementation of the execute as local system option on Windows Server 2003. This is a security update.
http://sysinternals.com/
Sigcheck 2.1 now reports a file’s entropy, can dump information about catalog files, and can list the certificates installed in the per-user and machine certificate store. This is a security update.
http://sysinternals.com/
VMMap 3.12 fixes several reliability bugs. This is a security update.
http://sysinternals.com/
Developer Updates
These are unlikely to be of interest to most people.
TortoiseSVN 1.8.6 is a security update.
http://tortoisesvn.net/downloads.html
Virtual Machine Updates
These are unlikely to be of interest to most people.
VMware Player 6.0.2 is a security update.
http://www.vmware.com/products/player/
Web Package Updates
These are likely to be of interest only to web developers.
phpMyAdmin 4.2.1 corrects several bugs. This is not a security update.
http://www.phpmyadmin.net/home_page/news.php
Adminer 4.1.0 adds brute-force detection and fixes several bugs. This is not a security update.
http://www.adminer.org/en/
Drupal 7.28 is a bugfix following shortly after another security update. Treat this as a security update.
http://drupal.org/download
phpList 3.0.6 is a security update.
http://www.phplist.com/download
Dada Mail 7.0.3 fixes several bugs. This is not a security update.
http://dadamailproject.com/download/
MailEnable 8.50 adds global search and TinyMCE support to webmail, improved indexing engine, reduced bandwidth requirements, improved ActiveSync and Autodiscovery support. This is not a security update.
http://www.mailenable.com/
ScreenConnect 4.3.6563.5232 corrects a handful of bugs, including improved clickonce behavior and search/filter sorting. This is not a security update.
http://www.screenconnect.com/Download
WordPress 3.9.1 fixes 34 bugs in the recent 3.9 release. This is not a security update.
http://wordpress.org/
Activate Update Services 1.0.7 provides no changes. This is not a security update.
Anti-Splog 2.1.1 fixes a reliability update with IP blocking. This is not a security update.
Autoptimize 1.8.4 corrects a comment storage bug. This is not a security update.
bbPress 2.5.3 fixes several bugs. This is not a security update.
BuddyPress 2.0.1 fixes a couple dozen bugs with the new 2.0 release. This is not a security update.
BuddyStream 3.2.5 is a compatibility update. This is not a security update.
Conditional Widgets 1.7 is a cosmetic update. This is not a security update.
Contact Form 7 3.8.1 is a security update.
Cookies For Comments 0.5.5 is a security update.
Easy Bootstrap Shortcode 4.2.1 corrects a missing file bug. This is not a security update.
Email Log 1.7.2 fixes a bug in registration. This is not a security update.
Multisite Enhancements 1.0.4 fixes a couple bugs. This is not a security update.
Multisite Plugin Manager 3.1.4 fixes a major stability bug. This is not a security update.
Raw HTML 1.4.12 updated for WP 3.9 compatibility. This is not a security update.
Smart YouTube 4.2.3 corrects Facebook sharing. This is not a security update.
Theme Authenticity Checker 1.5.2 updated for WP 3.9 compatibility. This is not a security update.
Top Commentators Widget 1.4.2 is a compatibility update. This version WILL NOT work with WP 3.9+! This is not a security update.
Ultimate TinyMCE 5.3 is a compatibility update. This version WILL NOT work with WP 3.9+! This is not a security update.
WooCommerce 2.1.8 corrects a couple dozen bugs, improves reliability and consistency. This is not a security update.
WP Update Server 20140421 improves logging consistency. This is not a security update.
WP Edit 1.8 adds font px support, updates TinyMCE and corrects a path bug. This is not a security update.
WPtouch 3.2.4.1 corrects WPML behavior, adds Windows Phone support and updates output, languages and product links. This is not a security update.
Zemanta 1.2.4 fixes an upload filename bug. This is not a security update.
That’s all for now folks. Keep it clean out there. 😉
Regards,
Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/