Denial of Service vulnerability CVE-2022-44684 in Windows Local Session Manager (LSM)

Posted on 2023-12-28 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]A brief security information. Shortly before Christmas, a warning popped up about a Denial of Service vulnerability in the Windows Local Session Manager (LSM). However, this DoS vulnerability with the CVE identifier CVE-2022-44684 is quite "strange". The identifier indicates that the vulnerability was disclosed in 2022. During my research, I also saw that Microsoft had published something about this in December 2022 and January 2023 – but all of this has since been deleted. I've put together some information. And I'll add an interesting description of patched Outlook vulnerabilities that can also be combined into an attack vector.

Continue reading

Posted in Office, Security, Software, Windows | Tagged , , | Leave a comment

Security: Social Engineering and VPN access

Posted on 2023-12-28 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]I often report on cyber attacks on companies here on the blog. In general, headlines about security incidents at large companies seem to be piling up. Fortunately, when companies release details about the incident, the security community can learn about the tactics used in the attack and be better able to protect their own organizations in the future. However, much remains under the table and the public is not told how the attack was able to occur.

Continue reading

Posted in Security | Tagged | Leave a comment

Asper Biogene: genetic data stolen from 10,000 Estonians

Posted on 2023-12-27 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Security and data protection incident in Finland involving patient health data. The genetic testing company Asper Biogene announced that unknown persons had accessed its database and the genetic data of around 10,000 people from Estonia who had applied for genetic testing there had been stolen by unauthorized third parties. The incident took place in November 2023, but only became known in mid-December 2023 through a newspaper report.

Continue reading

Posted in Security | Tagged | Leave a comment

Barracuda ESG vulnerability CVE-2023-7102 (Dec. 2023)

Posted on 2023-12-27 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Barracuda has discoverd during an ongoing investigation that a threat actor is exploiting the CVE-2023-7102 vulnerability in the Barracuda Email Security Gateway Appliance (ESG). The use of a third-party library led to this vulnerability, which affected the Barracuda ESG appliance from 5.1.3.001 to 9.2.1.001. Barracuda has provided a security update for all active ESGs as of December 21, 2023 to address the ACE vulnerability.

Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Canalys warns: Windows 10 support end will send at least 250 million PCs to the land fills

Posted on 2023-12-27 by guenni

Windows[German]Regular support for Windows 10 will expire in October 2025. Microsoft does want to offer a paid support extension (ESU). However, it is currently unclear how much this will cost and how many users will take up the offer. Meanwhile, the analysis firm Canalys warns that at least 250 million PCs will end up as electronic waste when support for Windows 10 ends. Canalys criticizes the high hardware requirements for Windows 11, which are responsible for the fact that a switch to Windows 11 is not possible.

Continue reading

Posted in Windows | Tagged | 1 Comment

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

Contracts for all VMware partners terminated by Broadcom for 2024

Posted on 2023-12-26 by guenni

[German]An unpleasant surprise for existing VMware partners, who received notice of termination from Broadcom on December 22, 2023, effective February 4, 2024. This came just a few days after Broadcom switched its license models to subscription solutions. The VMware partners are now to be reselected and given new contracts. To this end, Broadcom has launched the Advantage Partner Program, which is open by invitation only. All partners with a turnover of less than 500,000 US dollars are to be excluded from this program.

Continue reading

Posted in Software, Virtualization | Tagged , | Leave a comment

Windows 11 23H2 refresh media available as ISO with Narrator fix

Posted on 2023-12-25 by guenni

Windows[German]Microsoft has published a new ISO installation file for Windows 11 23H2 on December 19, 2023. This ISO installation medium not only contains the latest security updates until December 2023, but the problem with the screen reader (Narrator) that became known in November 2023 is also said to have been fixed in this installation medium. Continue reading

Posted in Windows | Tagged , | Leave a comment

Merry Christmas 2023

Posted on 2023-12-25 by guenni

I wish all blog readers a Merry Christmas 2023. While browsing the web this week, I came across Santa Claus, who now seems to be traveling on a rocket sled, as you can see in the image on the left. Just click on the picture to the right to watch the clip on YouTube. Below are a few more details about this "Santa" – or the guy driving the sled on the left.

Continue reading

Posted in General | Tagged | Leave a comment

Fails at Microsofts Printer Metadata Troubleshooter Tool (KB5034510; HP Smart app fixer)

Posted on 2023-12-24 by guenni

Windows[German]Unfortunately, I have to bring up another topic that focuses on Microsoft's "competence" in terms of writing secure software. It's about Microsoft's Printer Metadata Troubleshooter Tool, which is provided under KB5034510. It is intended to resolve issues with printer icons and the installed HP Smart app caused by updates. However, the tool does not work under RDS 2016, but throws an access error. The developers failed in several places when creating the tool.

Continue reading

Posted in Software, Windows | Tagged , , | 2 Comments

Google Chrome now with Background Safety Check

Posted on 2023-12-23 by guenni

[German]Another short piece of information from this week that affects users of the Google Chrome browser. Google has announced that a new "Safety Check" function is being rolled out in Chrome. This security function runs automatically in the background on desktop systems. Users will be warned if security threats such as compromised passwords stored in the browser or malicious extensions are detected.

Continue reading

Posted in browser, Security | Tagged , | Leave a comment