[German]Microsoft does promote Bitlocker for encrypting drives under Windows. But there are always bugs that prevent encryption or allow third parties unauthorized access to encrypted drives. A Microsoft supporter has now revealed a case where Bitlocker is not enabled in the out-of-the-box (OOBE) phase of Windows installation. There are ways to work around this (yet very exotic) bug in Windows 10/11.
[German]Small addendum: Microsoft expanded its Microsoft Defender Threat Intelligence (Defender TI) this week. Defender TI now includes functions that allow logged-in users to check file hash values. It also adds support for a URL search. This should allow security managers or security researchers to check whether URLs or files are malicious. Microsoft tries to counter Google's Virustotal, but requires a user login to use Defender TI.
[German]From a security perspective, I think we're in for a disaster – I've had Claroty's State of XIoT Security Report: 2H 2022 for a few days now. It does show the positive impact of increased vulnerability research and increased vendor investment in XIoT security. But the message is also that number of vulnerabilities discovered has increased by 80% this readiness. Many XIoT vulnerabilities are also remotely exploitable.
[German]Microsoft has indeed postponed its schedules for phased adjustments to the Netlogon protocol (due to CVE-2022-38023) and the Kerberos protocol from April 11, 2023 to June 13, 2023. But with the Windows update of April 11, 2023, the option to disable RPC sealing in the registry has already been removed. In the meantime, the first problems are being reported and a Microsoft employee has just asked administrators to test the systems, as I saw on Twitter.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Microsoft is forcing/moving Azure AD customers to MFA authentication as a security standard within days. A German blog reader just informed me that he (as a global Azure AD admin) received a notification from Microsoft and that his organization will be migrated to this security standard on May 8, 2023.
[German]There was a disruption of Microsoft 365 services (I got first reports on April 19, 2023) during the last hours. User can't reach apps in Microsoft 365 – the page ist empty. Microsoft investigated that and has now recovered, according to tweets dated April 20, 2023. Here is a short overview, what we know so far.
[German]Microsoft must have quietly released an updated version of update KB4023057 (Microsoft Update Health Tools, formerly Preparatory Update or Update for Windows Update Service Components) for machines running Windows 10/11 in April 2023. The goal is to improve the reliability of the Windows update process and to find and fix update problems on Windows 10/11 systems that prevent an upgrade.
[German]As of April 11, 2023, Microsoft has released a slew of security updates for the still-supported versions of Windows, some of which address critical vulnerabilities. Administrators and users running Trend Micro Endpoint on Windows need to be wary of the April 2023 updates. The vendor has confirmed an issue that its antivirus solution is not compatible with the April 2023 updates for Windows and there are issues. Continue reading
Microsoft updated the Edge browser to version 112.0.1722.54 (security and bug fixes) on April 19, 2023 in the Stable Channel. Readers have alerted me to the browser's new update. According to the release notes, the Chrome vulnerability CVE-2023-2136 is closed.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
