Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Category Archives: Security
Windows: RID Hijacking allows guests to become an Admin
[German]It seems that all Windows versions contains a kind of 'vulnerability' which allows to transfer user rights (administrator privileges) from another account to a Windows guest account. This is called RID hijacking, and has been known for at least 10 … Continue reading
Microsoft Security Update Releases (Oct 17, 2019)
Microsoft has published a revised security update notification as of October 17, 2018, which I would like to briefly describe below. It is about MFC in connection with the cumulative update 11 for Exchange Server 2016 (KB4134118) and the SQL … Continue reading
Oracle Critical Patch Update October 16, 2018
[German]Oracle has released a number of critical updates for its products as of October 16, 2018. Here is an overview of these updates.
FOSS LinuxBoot replaces UEFI on servers
[German]Vendors using Linux-Servers intends to move away from proprietary hardware with UEFI, Intel ME & Co. The free LinuxBoot is the answer to the UEFI glue of the commercial manufacturers, but is limited to the server area. Here is some … Continue reading
Windows: CVE-2018-8423; CVE-2018-8453, CVE-2018-8495
[German]In October 2018, Microsoft patched some vulnerabilities in Windows with updates. The vulnerability CVE-2018-8495 is now being actively exploited. For the (probably incompletely patched) vulnerability CVE-2018-8495 a Proof-of-Concept (PoC) is now available. And the vulnerability CVE-2018-8423 was probably patched. Here … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
DOM-XSS bug putsTinder, Shopify, Yelp & Co. at risk
Users of Tinder, Shopify, Yelp and others are threatened in their security. Security researchers at vpnMentor have discovered a DOM-XSS bug that allows them to extract information about other users via apps or websites concerned. Potentially 685 million users are … Continue reading
Apple: Ups, forgot to lock Intel ME on it’s notebooks
[German]It seems, that Apple has forgotten to lock the Intel Management Engine (Intel ME) against manipulation on some notebooks and left a maintenance mode open. This is the latest finding in Intel Management Engine research.
Trend Micro Business Endpoint: Windows 10 V1809 support
[German]A brief information for administrators in a business environment who use Trend Micro Business Endpoint (TMBE) and also use systems with Windows 10. Even though the rollout is currently stopped, the question is whether TMBE will be compatible with Windows … Continue reading
Skype enables complete machine takeover in Debian
[German]It's a very unpleasant story: Skype enables the complete takeover of the system by Microsoft under Debian. If a private key is known, the system could be manipulated or malware included. You should not install Skype or install it in … Continue reading
Enigmail sends crypted e-mails in clear text
A fatal bug within the popular Thunderbird extension Enigmail can cause mails that shall be encrypted will be send in plain text. Anyone who relies on privacy and sends confidential or even secret information will risks that the mails can … Continue reading