Calendar invitation in Outlook can reveal password (via CVE-2023-35636)

Posted on 2024-01-22 by guenni

[German]Small addendum to the December 2023 patchday, during which an information disclosure vulnerability (CVE-2023-35636) was also closed. It has now become known that even the acceptance of a calendar invitation by a user can reveal their password. While this vulnerability in Outlook has been patched, there are other methods to retrieve an NTLM hash, e.g. via a file manager. These vulnerabilities are not patched. Here is an overview of the issue.

Continue reading

Posted in Office, Security | Tagged , | Leave a comment

Is the Microsoft 365 email quarantine broken?

Posted on 2024-01-21 by guenni

Mail[German]A quick question for Microsoft 365 administrators with Exchange Online tenants. A reader is struggling with the problem that mails are sorted into quarantine at his customers and asks whether this function is broken (presumably already since January 5, 2024).

Continue reading

Posted in issue, Software | Tagged , , | Leave a comment

Microsoft Windows 11 Security Technical Implementation Guide

Posted on 2024-01-21 by guenni

WindowsRecently I became aware of the "Security Technical Implementation Guide". The Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents.

Continue reading

Posted in Security, Windows | Tagged , | 2 Comments

Microsoft hacked by Russian Midnight Blizzard; emails exfiltrated since Nov. 2023

Posted on 2024-01-20 by guenni

[German]Microsoft has been successfully hacked by the Russian state hacker group Midnight Blizzard, also known as Nobelium. This was noticed on January 12, 2024, but the hackers were probably in the systems for months and were able to view and exfiltrate emails. The next major hack after the attack by the Chinese group Storm-0558 from May to June 2023.

Continue reading

Posted in Cloud, Security | Tagged , , , , | Leave a comment

Windows 11: Does the hardware installation check fail – or are old CPUs allowed?

Posted on 2024-01-20 by guenni

Windows[German]I'll put two topics in one post. At the end of October 2023, Microsoft extended the list of CPUs approved for Windows 11 so that older processor models are also supported (had not reported on this in the blog). Now a blog reader has contacted me because he is surprised that Windows 11 is offered on systems in his "corporate environment" where the CPU is not on the compatibility list. Does the hardware check for installing Windows 11 fail? Or have CPU restrictions been removed?

Continue reading

Posted in General | 1 Comment

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

Microsoft IP addresses landed on blacklists (Jan. 2023)

Posted on 2024-01-20 by guenni

Mail[German]Brief note to the my readers, perhaps someone has observed something similar with customers or within its enterprise environments. It seems that some IP addresses that can be assigned to Microsoft mail servers have ended up on blacklists. It may then no longer be possible to send mails from these mail servers, as they are rejected by the recipient during a check.

Continue reading

Posted in Cloud, issue, Office | Tagged , , | Leave a comment

Microsoft is working on a fix for the installation error 0x80070643 (WinRE update KB5034441)

Posted on 2024-01-19 by guenni

Windows[German]Addendum from the January 2024 patchday, where numerous users run into install error 0x80070643 with update KB5034441. This update is intended to fix a vulnerability relating to Bitlocker encryption in the WinRE environment. There are workarounds, but they are too complicated for most users and also administrators supporting thousands of Windows 10/11 clients. However, Microsoft confirmed on January 18, 2024, that they are working on a fix for these issues and intends to deliver it at some point. At the same time, it was announced that Microsoft wants to harden Secure Boot and block insecure boot environments from April 2024. I summarize the status below.

Continue reading

Posted in issue, Update, Windows | Tagged , , | 6 Comments

VirtualBox 7.0.14 and 6.1.50 released

Posted on 2024-01-19 by guenni

Virtualbox[German]On January 16, 2023, the developers of VirtualBox released both version 7.0.14 and the update to version 6.1.50. Both versions are maintenance updates for bug fixes, as you can read on the Virtualbox page. Here is a brief overview of the fixes.

Continue reading

Posted in Virtualization | Tagged | Leave a comment

After discontinuation: VMware Player, Workstation and Fusion seems to remain

Posted on 2024-01-19 by guenni

Stop - Pixabay[German]After VMware discontinued many of its products with purchase licenses on sale as of 15 January 2024 and switched to subscription solutions, the question was what the future holds for desktop virtualization. Here I can give a small all-clear for users of VMware desktop virtualization products. Currently, VMware Workstation, VMware Workstation Player and VMware Fusion for the Mac are to be retained (for the time being) and continue to be sold. What has remained unclear to me is how ESXi could continue.

Continue reading

Posted in Virtualization | Tagged , | 1 Comment

Windows Server 2022: Update KB5034129 kills Browser (Chrome, Edge, Firefox)

Posted on 2024-01-18 by guenni

Windows[German]I got reports from some administrators of Windows Server 2022. After they have installed the KB5034129 update from January 9, 2024 on this OS platform may no longer be able to use a browser. This actually affects all known browsers such as Google Chrome, Microsoft Edge or Firefox. The browsers crash with a white screen when the security update is installed and can no longer be used. However, there is a workaround, which has also been discussed by administrators in comments on the blog. And I got a report, that Windows 10 22H2 may also be affected. I will summarize the situation below.

Continue reading

Posted in issue, Update, Windows | Tagged , , | 5 Comments