Vendor Sophos has released an update to UTM Up2date 9.716 for its UTM firewall, which is intended to fix a number of vulnerabilities CVE-2023-0286, CVE-2023-0215, CVE-2002-20001, CVE-2022-40735, CVE-2002-20001, CVE-2022-40735, CVE-2023-3367, CVE-2002-20001, CVE-2022-40735 as well as various bugs. The vulnerabilities affect OpenSSL as well as the web admin interface and the web server.
[German]Now it's official what has been whispered behind closed doors by insiders for weeks. The European Commission has launched a formal investigation into whether Microsoft may have violated EU competition rules. At issue is Microsoft's communications and collaboration product Teams and its tying or bundling with the popular Office 365 and Microsoft 365 enterprise suites.
Mozilla developers have released versions 115.0.3 of the Firefox browser as a bug fix update. The release notes of Firefox 115.0.3 from July 27, 2023 only contain the note: Improved migration experience for users switching to the ESR release.
In case you haven't noticed, MikroTik RouterOS Stable before version 6.49.7 and in the long-term version up to 6.48.6 contains a vulnerability CVE-2023-30799 that allows an attacker to escalate privileges, but the attacker must be authenticated. However, he can then remotely escalate privileges from admin to super-admin on the Winbox or HTTP interface. This then allows him to execute arbitrary code on the system. Details can be found on GitHub; MikroTik posted this warning. This issue is fixed in all RouterOS versions available on the MikroTik download page (v7.7 and v6.49.7 and newer). According to the colleagues at Bleeping Computer, 900,000 devices are potentially vulnerable to this vulnerability.
[German]Microsoft has started to disable the possibility to import updates manually in WSUS (Windows Server Update Service). The background is that the ActiveX components in question are outdated and Internet Explorer is being replaced by Edge. Yesterday, there was already a discussion here on the blog that the manual import in Edge no longer works. Microsoft has documented the whole thing in a tech community post and provides a PowerShell script to import updates in WSUS.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Administrators should ugently patch its Ivanti EPMM used in their environment, because older version contains a 0-day vulnerability. In Norway, the ICT platform (information and communications system) on which 12 ministries operate was attacked via this 0-day vulnerability.
[German]Microsoft has released the optional cumulative (preview) update KB5027303 for Windows 11 version 22H2 as of July 25, 2023. This brings a number of fixes (similar to the preview update for Windows 11 21H2). Below I give an overview regarding these updates for Windows 11.
[German]Another addendum from July 18, 2023 – that's when vendor Atlassian released its security bulletin for July 2023. Vulnerabilities in Confluence Data Center & Server (CVE-2023-22505 and CVE-2023-22508) and Bamboo Data Center (CVE-2023-22506) have become public. An attacker can exploit these vulnerabilities to take control of an affected system.
[German]Microsoft has released optional cumulative (preview) update 5028245 for Windows 11 version 21H2 on July 25, 2023 (there's nothing for Windows 11 22H2 yet). The preview update brings a number of bug fixes for people still on version 21H2 (which, after all, drops out of support in October 2023). Below I give an overview regarding these updates for Windows 11.
Continue reading
[German]Microsoft has released an optional cumulative (preview) update KB5028244 for Windows 10 22H2 on July 25, 2023 (D-Week). This is supposed to fix numerous bugs in Windows 10 22H2. Below I provide an overview regarding these updates for Windows 10. The information about the updates can be found in the Windows 10 update history.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
