[German]Microsoft has released security updates for Exchange Server 2016 and Exchange Server 2019 on November 14, 2023. These security updates close vulnerabilities in this software. The updates should be installed on the systems promptly to close the vulnerabilities in question. Continue reading
[German]On November 14, 2023, Microsoft released security updates for Windows clients and servers, for Office – and for other products. The security updates eliminate 57 vulnerabilities (CVEs), three of which are 0-day vulnerabilities that are already being exploited. Below is a compact overview of these updates that were released on Patchday.
Continue reading
[German]There is a vulnerability in the cURL library and tool in older versions, which was closed by the project on October 11, 2023 with version 8.4.0. Microsoft delivers cURL with Windows, but has not yet updated this version. My understanding is that Windows still contains the outdated cURL version after the October 2023 updates. I have now received information that Microsoft intends to deliver cURL 8.4.0 with the Windows updates on November 14, 2023.
[German]Catching up from last week – the NAS manufacturer QNAP has published a security warning for its QTS operating system for NAS stations. The critical vulnerability CVE-2023-23368 (CVSS Index 9.8) allows remote execution of commands in older QTS versions. Another vulnerability CVE-2023-23369 (CVSS Index 9.0) also allows remote attacks. Updates are available to close the vulnerability. Here is an overview of this issue.
[German]Since Elon Musk took over Twitter and renamed it X, the social network BlueSky, created by Twitter co-founder Jack Dorsey, has experienced a boom. Access is currently only possible via invite code – i.e. recommendations from people who are represented on BlueSky. I have now come across a warning that there are mails on the way that pretend to be an invitation to BlueSky, but are ultimately intended to be used to spread malware (Trojans) or for phishing. If you need a BlueSky Invite, you can get it here on borncity.com for free and without risk. I currently have free codes available again.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Interesting story: I have noticed a post on BlueSky that mentions a special goody for cybersecurity victims. After an attack, when a victim received the decryptor and the key to decrypt his files, he asked if he could have a "security report" that would reveal how the IT network had been penetrated. And the victim did indeed receive some clues.
[German]I'm picking up on an (actually old) topic here in the blog, which is becoming virulent again with the new Outlook app introduced by Microsoft. The new Outlook app transfers all (actually secret) access data for mail accounts to Microsoft in the cloud. The topic has already been raised as a question by readers and has now become "virulent" thanks to an article by our colleagues at German site heise.
[German]The US platform Dolly.com has fallen victim to a ransomware attack. The company paid to avoid publishing data. However, the cyber criminals were not satisfied and published the captured data anyway, as research shows.
[German]With the October 2023 updates, Windows Server 2012 and Windows Server 2012 R2 have reached their end of support; there will be no more security updates in the future. Unless you book an Extended Security Update Extension (ESU license). Recently, there was still confusion because this ESU license was not to be provided for on-premises systems. Microsoft has now published or updated some details about the ESU program for Windows Server 2012/R2.
[German]The October 2023 updates for Windows Server 2022 (KB5031364) are probably causing issues with VMware ESXi. Virtual machines (VMs) running on VMware ESXi hosts may not be able to start Windows 2022 (as a guest). Affected VMs trigger a blue screen. Microsoft has now acknowledged these problems for KB5031364 in the list of known issues for Windows Server 2022 and proposes a temporary fix. Continue reading
MVP:
2013 – 2016
WIMVP:
2017 – 2020
