[German]Administrators of a Citrix NetScaler ADC or a Citrix NetScaler Gateway should take action. Manufacturer Citrix has published a security advisory regarding the two vulnerabilities CVE-2023-6548 and CVE-2023-6549 in the above-mentioned products on January 16, 2024. One vulnerability allows DDoS attacks, while the second vulnerability allows authenticated (low privileged) remote code execution on the management interface.
[German]Microsoft has introduced an extension to its LLM solution Copilot. Microsoft Copilot Pro is a subscription-based approach to rolling out LLM models to both home and business users, from small businesses to large enterprises, and earning money from these solutions. With the subscription solution, users should be able to access GPT-4 and GPT-4 Turbo even in times of high load, while users without a subscription will be served with GPT 3.5.
[German]The migration of Microsoft Teams client users to the new version 2.0 is proceeding very slowly. Although this new client has already been available for several months and Teams 2.0 will soon be mandatory, around 2/3 of Teams users have so far refused to migrate. Microsoft is calling on companies to force the switch to the new Teams 2.0 client.
[German]The security update rolled out on January 9, 2024 via automatic update (e.g. KB5034441) against a BitLocker Security Feature Bypass vulnerability CVE-2024-20666 in the WinRE partition fails on many systems with the installation error 0x80070643. Somehow this is a disaster with an announcement – and many users are not able to fix this installation error. Last week, Microsoft published PowerShell scripts that are supposed to fix the cause of the installation error 0x800706431. I have summarized some information about this in an addendum.
If you plan to use the Authy authentication application and would like to use it for two-factor authentication (2FA) for desktop systems, you should reconsider. The developer Twilio has announced that Authy authentication for the desktop will be discontinued in … Continue reading
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Security provider Bitdefender has informed me that security researchers in its labs have found vulnerabilities in Bosch BCC100 thermostats. Hackers can use these vulnerabilities to take control of such smart thermostats and gain access to smart home networks. The experts at Bitdefender Labs have described a specific possible attack on smart thermostats from the manufacturer Bosch in a study.
[English]Another addendum from the January 2024 patchday for Microsoft SharePoint Server. I mentioned the SharePoint Server RCE vulnerability CVE-2024-21318 in the patchday articles. This was closed with the security updates of January 9, 2023. There is a second Elevation of Privilege vulnerability CVE-2023-29357, which was already closed in June 2023 and for which an exploit is known. The US CISA has published a warning because attacks on RCE vulnerabilities have been observed in the meantime. Administrators should therefore ensure that their SharePoint servers are up to date with the latest patches.
[English]These are currently difficult times for customers and resellers of VMware products who want to reorder, extend licenses or simply activate product licenses. After the Broadcom takeover, absolute chaos reigns. Dealers have been terminated, orders via OEMs are sometimes impossible, and the end customer portal for license activation has been shut down. After reporting on problems for the first time a few days ago, I now have internal information that confirms this. Incidentally, this is not the first incident in which Broadcom products and dealer/customer relationships have been "badly strained", to say the least, as I discovered when searching the blog.
[German]In December 2023, Microsoft released the Printer Metadata Troubleshooter Tool (KB5034510) to fix the HP Smart App issue. Shortly afterwards, following a tip from Stefan Kanthak, I reported on security problems with this tool here in the blog. Microsoft has now updated the Printer Metadata Troubleshooter Tool (KB5034510) as of January 9, 2024 to close the vulnerability now named CVE-2024-21325.
[German]I'm putting two Microsoft Office-related topics in this blog post. A reader asked me whether there are any known problems with the Office Deployment Tool – in his environment there are suddenly crashes. In addition, Microsoft is retiring the Readiness Toolkit for Office VBA AddIns.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
