Apple has released another slew of security updates for its macOS, iOS/iPadOS and also WatchOS operating systems as of September 7, 2023. These updates fix two 0-day vulnerabilities that were abused by NSO Group's Pegasus spyware to monitor mobile devices.
[German]In mid-August 2023, security researcher Jaroslav Lobacevski had made public four vulnerabilities (CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166) in Notepad ++ editor for Windows. The vulnerabilities' rating ranges from medium to high. The developer, having known about these vulnerabilities for months, has now fixed them with the update to Notepad++ v8.5.7.
[German]Microsoft has updated the Edge browser in stable channel to version 116.0.1938.76 as of Sept. 7, 2023. The release notes says "Fixed various bugs and performance issues for Stable release". The security release notes state that the update includes the latest Chromium browser security fixes in addition to bug fixes and stability improvements (thanks to EP for pointing this out).
[German]The hack of Microsoft's Azure cloud by the suspected Chinese group Storm-0558 from May to June 2023 was possible due to a stolen private MSA key and bugs. At the time, accounts at Exchange Online via OWA and Outlook.com had been hacked from 25 organizations. It was unclear how the attackers came into possession of a private MSA key. Now Microsoft has announced that the MSA key came from a so-called Windows crash dump, which was created on a Microsoft PC and then dumped via a compromised system.
[German]In August, the so-called Downfall vulnerability in processors had become known, which allows information to be leaked. Now Microsoft has updated its support post with notes about the downfall vulnerability in Windows and removed information on how to disable the protections. Furthermore, after installing the August 2023 preview updates, there was an issue with Windows delivering individual users into an UNSUPPORTED_PROCESSOR Bluescreen. The motherboard manufacturer MSI has now delivered a BIOS update that is supposed to correct this problem. Here is an overview of these two issues.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]As of September 5, 2023, Google has updated the Chrome browser for its platforms (desktop, Android, iOS) (see Google Chrome 116.0.5845.179/.180 security update). In addition to security fixes and stability improvements, users will suddenly see a pop up with privacy notice. In the pop up, people will be informed about changes that the browser can make regarding displayed ads and they can accept or reject them. This change is related to the fact that Google wants to eliminate ad tracking via third-party cookies in Chrome and replace it with other forms.
[German]Google has released updates to the Google Chrome browser 116 in the stable and extended channels for Mac, Linux and Windows as of September 5, 2023. These are security updates that are rolled out and are intended to eliminate vulnerabilities (classified as "high"). Furthermore, there is an update of the Chrome app for Android as well as for iOS.
Continue reading
[German]Tip for administrators of Windows systems who work with Group Policies or want to switch from GPOs to Microsoft Intune and take over the GPO settings. Microsoft has just announced the general availability of its "Group Policy Analytics tool". Group Policy Analytics helps import GPOs in use, analyze settings through shareable reports, and migrate GPO settings to Intune.
[German]One more small warning, even if it's currently more likely to affect developers who use Microsoft's cloud stuff via API. There is a preview of the Teams transcription APIs, which can be used to create meeting transcripts and recordings using Graph APIs. Actually a fine thing, some people will interject, even if the topic of Teams recordings is its own building site and subject to co-determination if necessary. But another trap beckons, which I want to point out in this blog post. Microsoft has just announced that there will be a charge for using Teams' transcription APIs, even in the preview. That can then add up to quite a bit of money.
[German]The Berlin-based German manufacturer of routers, AVM, has released its FRITZ.OS version 7.57 for eligible FRITZ!Box models on September 4, 2023. AVM only writes that this firmware update is a necessary stability and security update. It is therefore unclear which vulnerabilities has been fixed. The manufacturer intends to publish details at a later date, which might be related to the fact that not all FRITZ!Box models have been updated to the new firmware yet. Rumors in the internet says that a serious vulnerability has been deteced in FRITZ!Box 7590 models and attacks in the wild are observed. I have compiled what the Internet believes to know.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
