[German]One more addendum to the blog post Windows 10: Be aware of WinRE WinRE patch to fix Bitlocker bypass vulnerability CVE-2022-41099. To close the vulnerability (CVE-2022-41099), which allows bypassing Bitlocker encryption in Windows, the clients' Win RE environment (Windows 10) must be updated manually. However, there are issues in doing so, as a blog reader told me. I also came across a script that is supposed to automate the patching of the WinRE environment.
[German]Numerous on-premises Microsoft Exchange servers operating around the world are insecure because they are not up to date with the latest patches. This exposes the systems to risk, and it is critical to run unpatched Exchange servers. In a Jan. 26 Techcommunity article, the Microsoft Exchange team addresses this issue and urges administrators to patch systems urgently and immediately so that the latest January 2023 security update is installed.
[German]In a coordinated action, international law enforcement agencies have seized the infrastructure of the Hive Ransomware group. This means that the group can no longer accept payments via its Tor website. Investigators from the Netherlands, Germany and the US were involved in the action. This is yet another case of law enforcement hitting back and breaking up websites and infrastructure of a cybercriminal group.
[German]Microsoft has released update KB4023057 (Update for Windows Update service components) for machines with Windows 10/11 in an updated version on January 26, 2023. The update is intended to improve the reliability of the Windows Update Service, in other words: to find any update problems on home users' Windows 10/11 systems that prevent them from upgrading.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Microsoft has updated the Edge browser in the stable channel to version 109.0.1518.69 on January 25, 2023 (thanks to the reader for the tip). Microsoft did not reveal too much about this maintenance update.
[German]Quick question in the round, aimed at Microsoft Exchange Server administrators. Have you guys encountered any major issues (aside from services not starting automatically) when installing the January 2023 security updates? I have feedback from a service provider that the latest CU triggers the "index issue" again with Microsoft Exchange 2019. Here's a brief outline of what it's all about.
[German]There was a vulnerability in Microsoft's Windows DCOM implementation that allows security features to be bypassed. Microsoft has documented and patched this, and plans to release a final one in March 2023, however. Security vendor OTORIO has released an open source DCOM hardening toolkit for OT systems in advance, which companies can use to analyze their DCOM environments and harden them if necessary.
[German]Short remark for the morning (here in Europe) of January 25, 2023: As it looks right now (09:00 UTC), Microsoft is experiencing a major disruption to its online services such as Outlook, OneDrive, Teams, LinkedIn, etc., which have been unavailable or poorly accessible. Several German blog readers have just pointed this out to me (thanks for that) or are asking about a disruption.
[German]Google has released updates to Google Chrome browser 109 in the Stable Channel for Mac, Linux and Windows as of January 24, 2023. Furthermore, there are updates for Chrome 108 released in the Extended Stable Channel for Mac and Windows. Thanks to Gerald M. for pointing this out.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
