Microsoft has updated the Edge browser to version 114.0.1823.82 as of July 13, 2023. Version 114.0.1823.79 had already been released on July 10. The release notes state that various bugs and performance issues for Microsoft Edge have been fixed. Thanks to the reader for the tip.
[German]A security researcher has developed a proof of concept to exploit a remote code execution vulnerability CVE-2023-36664, rated critical (CVSS score 9.8), in the widely used (for PostScript and PDF displays) GhostScript software. Both Linux and Windows systems are threatened if GhostScript is used before version 10.01.2. On Windows, GhostScript could have entered the system via LibreOffice or Bullzip PDF printers, for example.
[German]Short addendum regarding security. As of July 11, 2023 (patch day), another 0-day vulnerability (CVE-2023-36884) has become public, which allows remote code execution in Microsoft Windows and Office. The vulnerability has already been exploited by hackers from the group Storm-0978 for attacks on various targets (e.g. Nato summit in July 2023). I had mentioned the vulnerability in the patchday overview, but currently there is no patch. Microsoft has only published mitigation instructions.
[German]A suspected China-based hacking group, which Microsoft refers to as Storm-0558, has managed to gain access to email accounts of about 25 organizations. These include government agencies (US State Department), as well as corresponding private accounts of people who are probably connected to these organizations. The explosive fact is that access was gained using a Microsoft account (MSA) customer key, which was used to forge tokens. I summarize below what Microsoft and security researcher Kevin Beaumont and CISA have to say about this.
[German]On July 11, 2023 (second Tuesday of the month, Microsoft Patchday), Microsoft released several security-related updates for still-supported Microsoft Office versions and other products. With the April 2023 patchday, support for Office 2013 ended – but vulnerabilities were still closed in July. Below is an overview of the available updates.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Microsoft's measures to prevent the loading of malicious kernel drivers don't seem to be working at all. I've had the issue on my radar for weeks, because the driver block list doesn't really seem to work. Now security researchers at Talos have revealed a campaign in which open source tools use forged signature timestamps to load malicious Windows drivers.
[German]As of July 11, 2023, various security updates have been released for Windows Server 2008 R2 (in its 4th ESU year) and Windows Server 2012/R2 (the updates may still install on Windows 7 SP1). Here is an overview of these updates for Windows Server 2008 R2 and Windows Server 2012/R2. Continue reading
[German]On July 11, 2023 (second Tuesday of the month, Microsoft patch day), Microsoft also released cumulative updates for Windows 11 22H1 and 22H2. In addition, Windows Server 2022 received an update. Here are some details about these updates, which are supposed to fix vulnerabilities as well as problems.
Continue reading
[German]On July 11, 2023 (second Tuesday of the month, Patchday at Microsoft), several cumulative updates were released for the supported Windows 10 builds (from RTM version to current version) as well as for the Windows Server counterparts. Here are some details on the respective security updates for Windows 10.
Continue reading
MVP:
2013 – 2016
WIMVP:
2017 – 2020
[