[German]SonicWall has issued a security alert SNWLID-2023-0004 as of March 2, 2023. Several applications are at risk from critical vulnerability CVE-2023-0656. A stack-based buffer overflow vulnerability in SonicOS allows an unauthenticated attacker to remotely cause a denial of service (DoS) that can crash an affected firewall.
Are Citrix customers who still have perpetual licenses run into problems? The manufacturer is now trying to force these customers into a subscription with its "Universal License". In the medium term, customers with perpetual licenses will have a harder time getting updates.
[German]Just a reminder for administrators of Windows in enterprise environments. There is a vulnerability in Microsoft's Windows DCOM implementation (Windows DCOM Server Security Feature Bypass, CVE-2021-26414) that allowed security features to be bypassed. Microsoft documented this in 2021, and patched it then, closing this vulnerability in stages. Recently, I was reminded that Microsoft will release a final patch on March 14, 2023 that will remove the ability to disable this DCOM hardening.
[German]A little Sunday topic for readers who are using Windows 11 or are looking at this platform and are in need for a "Leightweigt Windows 11". There is a project called Tiny 11, where a hobbyist has stripped of all the bloatware that Microsoft ships with a Windows 11 Pro. The system is slim and runs smoother than the Windows 11 delivered by Microsoft. The hobbyist has shown in a video what he has removed and optimized for Tiny 11.
[English]Security researchers have come across an open Cassandra database instance that probably contained data from the Russian website instarobot.pro. The website is known for offering services for spamming and botting on Instagram under the name Zeus. The records also included a reference to an Instagram influencer with 40 million followers using the Russian Zeus bot.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]It is still a few weeks until the April 2023 patchday. However, I would like to remind administrators who are responsible for updating Windows Domain Controllers about a topic in the Domain Controller area. It is about the fact that Microsoft has adjusted the certificate-based authentication for Domain Controllers (DC) via update in 2023 and disabled the possibility to disable it (in case of occurring problems) as of April 11, 2023.
[German]Brief note for troubled administrators in companies who use FSLogix and are annoyed by the numerous bugs in version 2210. Microsoft has now released FSLogix 2210 Hotfix 1 (2.9.8440.42104). This is supposed to fix the numerous problems of version 2210. Here is some information about what it is all about in the end.
[German]A short post from the Linux world, although I'm not yet sure if and how widespread the problem is. A blog reader contacted me last Friday and complained that his LibreOffice wouldn't start after he upgraded a Linux Mint system to version 21.1. I did a little research.
[German]A brief flashback to February 2023 – since the beginning of the year, numerous VMware ESXi servers have been hijacked via a known vulnerability that has long since been closed. This VMware ESXi vulnerability has a huge threat potential and there are probably still thousands of unpatched systems. Here is a brief overview again.
[German]Microsoft has released special updates for Windows versions still in support on March 2, 2023. These are supposed to fix vulnerabilities (Speculative Execution Control and side-channel attacks) in Intel's CPUs. These vulnerabilities in Intel processors have been known since last summer. The special updates are also only available for manual download from the Microsoft Update Catalog.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
