Microsoft's new Store app installer with telemetry wrapper as a security trap

Stop - Pixabay[German]I just reported how the Store team has started repackaging Store apps. An executable .NET wrapper is slapped around the store apps, which smuggles telemetry and other code into the app. This is intended to simplify the installation of store apps and save a click. And by the way, the Microsoft strategists have also opened up a DLL hijacking gap that can serve as a gateway for malware.

Continue reading

Posted in Security, Windows | Tagged , , | Leave a comment

Windows print spooler vulnerability CVE-2022-38028 preferred attack vector for Russian attackers

Windows[German]The old print spooler vulnerability CVE-2022-38028 in Windows is probably the preferred target of the Russian hacker group Fancy Bear. This was revealed by Microsoft's analysis of an attack tool ('GooseEgg' malware). However, this attack vector can no longer be exploited on currently patched Windows operating systems, as Microsoft revealed in a blog post.

Continue reading

Posted in Security, Windows | Tagged , | Leave a comment

Update CrushFTP to v11.1.0, vulnerability (CVE-2024-4040) under attack

Sicherheit (Pexels, allgemeine Nutzung)[German]CrushFTP is a proprietary file transfer server with multiple protocols and platforms (macOS, Linux, Windows) that is available as shareware with a tiered pricing model. It is aimed at home users through to corporate users. As of April 19, 2024, the provider has published a security warning that a critical vulnerability (CVE-2024-4040) has been discovered in the software, which is being exploited by attackers.

Continue reading

Posted in Software, Update | Tagged , | Leave a comment

US cyber expert: Microsoft is a national security risk

Sicherheit (Pexels, allgemeine Nutzung)[German]Lousy security culture, products as full of holes as a Swiss cheese, but "to big to fail and everyone is dependent". That's a description of Microsoft – not mine, but the tenor of the statements made by the former White House Director of Cyber Policy, Andrew J. Grotto, in an interview with the British newspaper The Register.

Continue reading

Posted in Security | Tagged | Leave a comment

Microsoft packs Store apps with telemetry wrapper

Stop - Pixabay[German]The move from Microsoft, which has just been uncovered and is causing anger among developers. Their Store team has started to secretly repackage Store apps. The apps are provided with an executable .NET wrapper that adds telemetry and other code into the app. Furthermore, .netfx 4.7.2 is currently being used – regardless of what .netfx version the app uses. The explanation I read, is that Microsoft now wants to offer .exe applications for download directly from the store in a simple way. Here is some information on this.

Continue reading

Posted in Windows | Tagged , , | Leave a comment

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...


Data leak at Chinese manufacturer reveals information on surveillance devices

Sicherheit (Pexels, allgemeine Nutzung)A Chinese manufacturer has inadvertently disclosed the data of surveillance devices. An unsecured database, which was freely accessible on the internet, contained 3 billion data records with details of surveillance systems from Chinese manufacturer Raysharp.

Continue reading

Posted in Security | Tagged | Leave a comment

Microsoft Office LTSC 2024: Preview available for macOS and Windows

[German]A short addendum or information for administrators in companies who are responsible for Microsoft Office. There will be a Microsoft Office 2024 in 2024, and a preview was announced for April 2024 (see Microsoft Office Office 2024 and Microsoft Office LTSC Office LTSC 2024: Preview in April 2024). Microsoft has now officially released the Microsoft Office LTSC 2024 version as a preview for the macOS and Windows operating systems. Interested administrators from the corporate environment can now test this Office version, which is aimed at corporate environments. The preview is explicitly not aimed at private users. Continue reading

Posted in Office | Tagged | Leave a comment

Windows 10: Annoying ads about "End of Support" and for Microsoft account

Windows[German]Users of Windows 10 22H2 must be prepared to be annoyed by various prompts soon. Firstly, there is the full-screen notification that support will end in October 2025. And there is probably a request to finally switch from a local account to a Microsoft account. According to my information, these two annoying notices will be unleashed on users in the future.

Continue reading

Posted in Windows | Tagged | 4 Comments

Windows: Edge 123.0.2420.65 update from March 2024 unintentionally brings co-pilot app; no "spy function"

Edge[German]An "accidental" update to the Microsoft Edge browser at the end of March 2024 led to parts of the Copilot app being installed on Windows 10/11 and Server. Microsoft states that this was not intentional and emphasizes that this app "does not perform any spying functions" – a remarkable statement. They want to correct this with the next update.

Continue reading

Posted in browser, issue | Tagged , | 1 Comment

Critical PuTTY vulnerability CVE-2024-31497 leaks private keys

Sicherheit (Pexels, allgemeine Nutzung)[German]The free software PuTTY can be used to establish connections via Secure Shell, Telnet, remote login or serial interfaces with a server. However, there is a critical vulnerability in the software in question (CVE-2024-31497) that can be used to reconstruct private SSH keys. PuTTY versions 0.68 to 0.80 as well as other products (FileZilla for example) are affected. However, it is not enough to update the products to a patched version, as the keys may already be reconstructed.

Continue reading

Posted in Security, Software | Tagged , | Leave a comment