[German]Before the end of the year, I will address a bug fix from Microsoft that was already fixed in November 2023. The bug affected Microsoft Outlook 365 and left users quite baffled. When you created a new email, the signature characters were inserted vertically into the email. Occurred when two <br> tags appeared in the signature.
[German]Microsoft has disabled the MSXI ms-appinstaller protocol because it was being abused by malware groups. I remembered, that the vulnerability CVE-2021-43890 has been patched in Dec. 2021 and the protocol has been disabled long ago. Here is an overview of hat story.
[German]There is a strange story that users of the new Outlook client under Windows 11 have already encountered. The new Outlook client refuses to add additional mailboxes if you do not have a "corresponding license" (e.g. Exchange Online Plan 1). Microsoft has already confirmed this. I'll summarize some of the information that Jan pointed out to me in an email a few days ago.
[German]A brief security information. Shortly before Christmas, a warning popped up about a Denial of Service vulnerability in the Windows Local Session Manager (LSM). However, this DoS vulnerability with the CVE identifier CVE-2022-44684 is quite "strange". The identifier indicates that the vulnerability was disclosed in 2022. During my research, I also saw that Microsoft had published something about this in December 2022 and January 2023 – but all of this has since been deleted. I've put together some information. And I'll add an interesting description of patched Outlook vulnerabilities that can also be combined into an attack vector.
[German]I often report on cyber attacks on companies here on the blog. In general, headlines about security incidents at large companies seem to be piling up. Fortunately, when companies release details about the incident, the security community can learn about the tactics used in the attack and be better able to protect their own organizations in the future. However, much remains under the table and the public is not told how the attack was able to occur.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Security and data protection incident in Finland involving patient health data. The genetic testing company Asper Biogene announced that unknown persons had accessed its database and the genetic data of around 10,000 people from Estonia who had applied for genetic testing there had been stolen by unauthorized third parties. The incident took place in November 2023, but only became known in mid-December 2023 through a newspaper report.
[German]Barracuda has discoverd during an ongoing investigation that a threat actor is exploiting the CVE-2023-7102 vulnerability in the Barracuda Email Security Gateway Appliance (ESG). The use of a third-party library led to this vulnerability, which affected the Barracuda ESG appliance from 5.1.3.001 to 9.2.1.001. Barracuda has provided a security update for all active ESGs as of December 21, 2023 to address the ACE vulnerability.
[German]Regular support for Windows 10 will expire in October 2025. Microsoft does want to offer a paid support extension (ESU). However, it is currently unclear how much this will cost and how many users will take up the offer. Meanwhile, the analysis firm Canalys warns that at least 250 million PCs will end up as electronic waste when support for Windows 10 ends. Canalys criticizes the high hardware requirements for Windows 11, which are responsible for the fact that a switch to Windows 11 is not possible.
[German]An unpleasant surprise for existing VMware partners, who received notice of termination from Broadcom on December 22, 2023, effective February 4, 2024. This came just a few days after Broadcom switched its license models to subscription solutions. The VMware partners are now to be reselected and given new contracts. To this end, Broadcom has launched the Advantage Partner Program, which is open by invitation only. All partners with a turnover of less than 500,000 US dollars are to be excluded from this program.
[German]Microsoft has published a new ISO installation file for Windows 11 23H2 on December 19, 2023. This ISO installation medium not only contains the latest security updates until December 2023, but the problem with the screen reader (Narrator) that became known in November 2023 is also said to have been fixed in this installation medium. Continue reading
MVP:
2013 – 2016
WIMVP:
2017 – 2020
