[German]On March 12, 2024, Microsoft released security updates for Windows clients and servers, for Office – and for other products. The security updates eliminate 73 vulnerabilities (CVEs), two of which are 0-day vulnerabilities that are already being exploited. Below is a compact overview of the updates that were released on Patchday.
Continue reading
[German]On February 13, 2024, the remote code execution vulnerability CVE-2024-21378 in Microsoft Outlook was also closed with the security updates. As of March 11, 2024, an in-depth analysis of the vulnerability has now been published, as I saw in a tweet yesterday.
[German]Monday, March 11, 2024, the European Data Protection Supervisors (EDPS) publicly stated in a report that the European Commission has violated its own (data protection) regulations when using Microsoft 365. The EDPB panel has instructed the EU Commission to stop transferring data from the use of Microsoft 365 to Microsoft and its subsidiaries in non-EU/EEA countries without an adequacy decision as of December 9, 2024.
[German]Owners of QNAP NAS drives are at risk from the critical vulnerability CVE-2024-21899. This allows access to devices without requiring authentication via username and password. The manufacturer has released security updates to its vulnerable operating systems to close the vulnerability.
[German]A short addendum from last week. I recently reported on updates to VMware products. VMware has now classified certain vulnerabilities in its virtualization products as critical in a security advisory. It should therefore be patched quickly, if not already done. Addendum: I have just seen that around 1,800 VMware ESXi installations in Germany are potentially affected.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Microsoft has presented last week a road map for the provision of the new Outlook app for commercial users. As soon as the new Outlook app is generally available, business users can opt out to remain with classic Outlook. This document also states that classic Outlook client for Windows will remain available for Windows until at least 2029.
[German]Microsoft has a problem with its Exchange Online instances that can easily sideline its customers. The sender domains for emails are classified as spam and rejected. This means that companies can no longer send mail. After I discussed this several times here in the blog, a blog reader sent me confirmation from Microsoft.
[German]Follow-up to this week's Facebook disruption, where users were forcibly logged out and could only log back in after a few hours. A reader has contacted me and reported that he was able to log in to Facebook under a friend's profile. And later I received several confirmations from other users.
[German]Microsoft has now had to confirm that Russian cyber spies from the Midnight Blizzard group not only had access to the email accounts of Microsoft management in January 2024. The attackers were also able to gain access to internal systems and access product source codes. Microsoft has indications that further accesses were made following the January 2024 hack, during which source code was also accessed.
[German]Microsoft has released another update of the Edge (Chromium) browser to version 122.0.2365.80 in the stable channel on March 7, 2024. It is a maintenance update that fixes bugs (Fixed a browser crash which occurred when the BrowsingDataLifetime policy was enabled). Vulnerabilities have also been closed (see).
MVP:
2013 – 2016
WIMVP:
2017 – 2020
