Author Archives: guenni


Advertising

Microsoft Edge 103.0.1264.44 download bug: .crdownload files remains

[German]After the update to Microsoft Edge 103.0.1264.44 has been released on June 30, 2022, I got reports from users, increasingly noticing that temporary download remnants (.crdownload files) remain in the download folder after downloads (e.g. of .exe and .msi files, … Continue reading

Posted in browser, issue, Software, Windows | Tagged , | Leave a comment

0patch fixes all known and exploitable Windows NTLM/Kerberos vulnerabilities

[German]In recent months, a number of vulnerabilities and attack mechanisms have become known that could be used to siphon off credentials (NTLM/Kerberos). Not all vulnerabilities are easily exploitable, not everything has been fully patched by Microsoft. ACROS Security has now … Continue reading

Posted in Security, Windows | Tagged , | Leave a comment

Advertising

Microsoft Edge 103.0.1264.44 fixes CVE-2022-33680 (June 30, 2022)

[German]Microsoft has updated the Edge browser in the stable channel to version 103.0.1264.44 as of June 30, 2022. It is a maintenance update that fixes the Elevation of Privilege vulnerability CVE-2022-33680, which is rated as critical. And this build fixes … Continue reading

Posted in browser, Security, Software, Update | Tagged , | Leave a comment

Unauthorized RCE CVE-2022-28219 in Zoho ManageEngine ADAudit Plus

[German]Security researcher Naveen Sunkavally of Horizon3.ai recently discovered vulnerability CVE-2022-28219. This allows remote code execution without further authentication by the attacker and affects Zoho ManageEngine ADAudit Plus. This is a compliance tool used by enterprises to monitor changes to Active … Continue reading

Posted in Security, Software, Windows | Tagged , , | Leave a comment

Advertising

Kaspersky finds SessionManager backdoor left by malware in IIS/Exchange servers worldwide

[German]Security vendor Kaspersky has come across a little-known backdoor, undetected by antivirus solutions, that leaves malware on Microsoft Exchange servers in the IIS module. There are infections of the so-called SessionManager backdoor in Exchange systems worldwide. The SessionManager backdoor enables … Continue reading

Posted in Security | Tagged , | Leave a comment

Azure: Container Escape Vulnerability (CVE-2022-30137) in Microsoft's Service Fabric Closed

[German]Security researchers from Palo Alto Networks have encountered a container escape vulnerability in Microsoft's Service Fabric, which they then named FabricScape. The vulnerability allowed container escapes in Microsoft's Service Fabric, which is commonly used with Azure. Palo Alto Networks has … Continue reading

Posted in Security | Tagged , , , | Leave a comment

Building materials manufacturer Knauf affected by cyber attack worldwide (June 29, 2022)

[German]The manufacturer Knauf (gypsum, Plaster, building materials) fell victim to a cyber attack on June 29, 2022. The company's IT systems are affected worldwide and had to be shut down. Too much information in terms of details is unfortunately not … Continue reading

Posted in Security | Tagged | Leave a comment

Advertising

Edge Stable 103.0.1264.37 breaks group policies (Chrome bug)

[German]I'm going to pull out an issue that may be of concern to administrators among of my blog readers. Since the release of Microsoft Edge Stable 103.0.1264.37, I got reports, that group policies no longer work. This night I came … Continue reading

Posted in browser, issue, Software, Windows | Tagged , | Leave a comment

Thunderbird 102.0 and 91.11.0

[German]In addition to Firefox developers who have provided updates to the Firefox browser (see Firefox 102.0 and ESR, as well as 91.11esr released), new versions of the Thunderbird email client were also released on June 28, 2022. At the same … Continue reading

Posted in Security, Software, Update | Tagged , , | Leave a comment

Microsoft Exchange Server: Remote Code Execution vulnerability CVE-2022-23277 exploitable despite patch?

[German]Are Microsoft Exchange servers on the current patch level still vulnerable via the remote code execution vulnerability CVE-2022-23277? Some fragments of information have just come to my attention that at least raise questions. In any case, the disclosure of the … Continue reading

Posted in Security, Software | Tagged , | 2 Comments