Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Category Archives: Security
Patchday: Windows 10/Server Updates (August 13, 2024)
[German]On August 13, 2024 (second Tuesday of the month, patch day at Microsoft), various cumulative updates were released for the supported Windows 10 builds (from the RTM version to the current version) as well as for the Windows Server counterparts. … Continue reading
Posted in Security, Update, Windows
Tagged Patchday 8.2024, Security, Update, Windows 10, Windows Server
Leave a comment
Microsoft Security Update Summary (August 13, 2024)
[German]On August 13, 2024, Microsoft released security updates for Windows clients and servers, for Office – as well as for other products. The security updates eliminate 88 vulnerabilities (CVEs), including seven critical vulnerabilities, 10 of which are classified as 0-day … Continue reading
Posted in Office, Security, Update, Windows
Tagged Office, Patchday 8.2024, Security, Update, Windows
2 Comments
Warning about Microsoft Office spoofing vulnerability CVE-2024-38200
[German]Microsoft has published a warning of an unpatched spoofing vulnerability CVE-2024-38200 on August 8, 2024 (with update on August 10, 2024). The vulnerability is included in all Office versions (Office 2016 – 2021, Office 365).
BlackHat 2024: Remote code execution attack on M365 Copilot via email
[German]Nice topic: Microsoft is pushing its Copilot via Microsoft 365 to its customers. Any user shall do something in AI – whether it's needed is secondary. Of course, this increases the attack surface and administrators have to think about security. … Continue reading
Windows Server at risk from PoC exploit for CVE-2024-38077
[German]Another follow-up to the July 2024 patchday, in which Microsoft closed the vulnerability CVE-2024-38077 in the Windows Remote Desktop Licensing (RDL) service of Windows Server. This is a Remote Code Execution (RCE) vulnerability that has been rated with a CVSS … Continue reading
Posted in Security, Update, Windows
Tagged Patchday 7.2024, Security, Update, Windows Server
2 Comments
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Vulnerability in Windows Update allows downgrade attacks (August 2024)
[German]A security researcher from SafeBreach has taken a closer look at the Microsoft Windows update architecture. He discovered vulnerabilities in the operating system's update function (which are basically serious design flaws) that enable a downgrade attack. An attacker can thus … Continue reading
CrowdStrike: New report, current status, lawsuits and more
[German]After the CrowdStrike Falcon software paralyzed 8.5 million Windows computers some time ago, the provider has now issued a second statement. According to the statement, 99% of the sensors are now back in operation. Otherwise, some of those affected are … Continue reading
Attention: Microsoft's UEFI certificate expires on Oct. 19, 2026 – Secure Boot affected
[German]I'm posting a topic here in the blog that still has "a few days to go" but could have very unpleasant consequences. In the fall of 2026, a certificate in Windows will expire, which ensures that Secure Boot can be … Continue reading
Windows SmartScreen and Smart App Control exploited since 2018
[German]There are vulnerabilities in Windows SmartScreen and Smart App Control that are based on design errors. It has now become public that these vulnerabilities have been exploited by attackers since 2018. Security researchers at Elastic Security Labs have compiled and … Continue reading
Microsoft's analysis of the CrowdStrike incident and recommendations
[German]One more addendum, on a topic taken up in my German blog at the end of July 2024. Microsoft has recently published an analysis of the CrowdStrike incident, which confirms the statements made by Crowdstrike. And there are recommendations on … Continue reading