[German]Another small addendum from this week: The Japanese CERT warns of a new technique used by cyber attackers who take malicious Word files and embed them in PDF documents. This "packaging" is intended to bypass the detection of the malicious Office documents by security software. JPCERT/CC first observed such attack techniques, known as MalDoc, via infected PDF files in July 2023.
[German]On September 1, 2023, Microsoft once again announced which functions they want to part with in future Windows versions. In the new list, some functions are marked as 'deprecated'. So the security protocols for connections, TLS 1.0 and 1.1, are to die now finally. But also WordPad, which has been delivered with Windows for 28 years and is hardly used, is going to the old age and will disappear in the future.
[German]Several vulnerabilities (CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166) are believed to exist in the popular Notepad ++ editor and have been reported to the developer by a security researcher. The vulnerability ratings range from medium to high. Although this report was made several months ago, there is no security update for Notepad ++ yet, although several product updates have been made in the meantime. When an update will be available is currently open.
[German]With CU14, Microsoft pans to enable the Windows Server Extended Protection feature by default for Exchange Server 2019 for improved protection. However, it will be possible to deactivate this feature when installing the CU14 if required. Redmond has announced this as of August 28, 2023. Furthermore, there is the announcement that Exchange 2016/2019 will finally get support for HTTP Strict Transport Security (HSTS). Microsoft has also just announced this in a tech community post.
[German]Microsoft has released version 0.73.0 of its free PowerToys for Windows 10 and Windows 11 on August 31, 2023. In this version, the developer says it has focused on new features, stability and improvements. Here is an overview of the current status. Continue reading
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Microsoft has updated the Edge browser to versions 116.0.1938.69 as of August 31, 2023. The security release notes for Edge 116.0.1938.69 state that the update includes the latest Chromium browser security fixes (CVE-2023-4572) in addition to bug fixes and stability improvements (thanks to EP for pointing this out).
The Thunderbird developers have released another update of the email client to version 115.2.0 on August 29/30, 2023. It is an update, which should eliminate errors. Furthermore, Thunderbird 102.15.0 has been released as the last version in this branch.
[German]The EU competition investigations underway against Microsoft seem to be having an effect. Suddenly, Redmond is announcing changes to Microsoft 365 and Office 365 to address European competition concerns. These changes will affect our Microsoft 365 and Office 365 suites for business customers in the European Economic Area and Switzerland, it says. For example, customers will be able to choose a Microsoft business suite without Teams at a lower price (but this has long been known). And interoperability between competing communications and collaboration solutions and the Microsoft 365 and Office 365 suites is to be made easier. Furthermore, third-party providers will get the opportunity to host Office web applications themselves.
[German]There is currently an uproar in the US media because Microsoft has overdoing it with its ads in Windows 11, which ask users to use Bing.com as a search engine. US media claims that the Microsoft ads behaves like malware – and I was already thinking about an EU complaint. It seems that Microsoft respects the regulations of the EU. Because users in Europe get the option to open links in the default browser – instead of Edge.
[German]A security researcher has come across a way to determine the IP address of a Skype user without the target person even having to click on a link (IP address spoofing). This could be used to spy on people (e.g. activists, dissidents, etc.). Microsoft has been contacted by the security researcher about this, but is of the opinion that this vulnerability in Skype does not need to be fixed immediately and wants to take its time with a patch. To my knowledge, however, it currently only affects Skype's mobile apps.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
