[German]On January 2, 2023 (first Tuesday of the month), Microsoft released a non-security update for Microsoft Office 2016. It is the update KB5002500, which is supposed to fix a synchronization problem in Microsoft OneNote 2016. Here is some information about this update.
[German]I haven't reported about it for a while, but it's time to take a quick look at the figures for operating system distribution on the desktop and, in particular, Microsoft Windows distribution and distribution across all devices. How is Windows distributed on a desktop, and how Windows 10 is used compared to other operating systems? Continue reading
[German]The time has come: The Steam platform has discontinued support for Windows 7, Windows 8.0 and Windows 8.1 as of January 1, 2024. This means that Steam client installations on these operating systems will no longer receive )(security) updates with immediate effect. Steam Support will also no longer provide technical support to users of these operating system platforms for issues related to the old operating systems. Continue reading
That's what I wish all of my blog readers. 2024 will bring some changes for me – after blogging here since 2012 (and writing as a freelance author for 30 years) – it's time for me "to let it slowly fading out and enjoy my retirement, before it's too late". I will address it in a separate blog post soon.
(Source: Born – Vessel in the form of a flower – photo taken during a working stay in Japan)
[German]Recently, there was a warning to customers of the telephone system provider 3CX who have integrated an SQL database into the software for CRM purposes. I reported on the issue in the blog post 3CX warning: Disable SQL database integrations (Dec. 15, 2023). Users of the 3CX software complained about the slow processing of the early reported security vulnerability. One user subsequently contacted me by email because the response to criticism in the provider's forum was very specific: The posts were deleted. And the reader's account was also blocked – but the whole thing can be recapitulated, which I have done below.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]There is an undocumented feature in Google's OAuth implementation that is being abused by several malware strains. These use an exploit that allows them to recover expired cookies. This allows them to then log in to online accounts, steal information or take over the account. The login even works if an online account has been reset. It is currently unclear whether Google has fixed the problem in the browser.
[German]Before the end of the year, I will address a bug fix from Microsoft that was already fixed in November 2023. The bug affected Microsoft Outlook 365 and left users quite baffled. When you created a new email, the signature characters were inserted vertically into the email. Occurred when two <br> tags appeared in the signature.
[German]Microsoft has disabled the MSXI ms-appinstaller protocol because it was being abused by malware groups. I remembered, that the vulnerability CVE-2021-43890 has been patched in Dec. 2021 and the protocol has been disabled long ago. Here is an overview of hat story.
[German]There is a strange story that users of the new Outlook client under Windows 11 have already encountered. The new Outlook client refuses to add additional mailboxes if you do not have a "corresponding license" (e.g. Exchange Online Plan 1). Microsoft has already confirmed this. I'll summarize some of the information that Jan pointed out to me in an email a few days ago.
[German]A brief security information. Shortly before Christmas, a warning popped up about a Denial of Service vulnerability in the Windows Local Session Manager (LSM). However, this DoS vulnerability with the CVE identifier CVE-2022-44684 is quite "strange". The identifier indicates that the vulnerability was disclosed in 2022. During my research, I also saw that Microsoft had published something about this in December 2022 and January 2023 – but all of this has since been deleted. I've put together some information. And I'll add an interesting description of patched Outlook vulnerabilities that can also be combined into an attack vector.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
