[German]Microsoft has surprisingly released an unscheduled out-of-band update for .NET Framework on January 31, 2023. This should fix problems with XPS documents, which were caused by security updates from December 2022 in .NET Framework – I had reported in the blog. The update must be installed separately. The workarounds issued in December 2022 should then no longer be necessary.
[German]NAS manufacturer QNAP has issued a security warning for its QNAP products. There is a critical vulnerability CVE-2022-27596 in the QTS 5.0.1 and QuTS hero h5.0.1 software that allows malicious code injection into the firmware. The critical vulnerability has been assigned a CVSS v3 score of 9.8. Firmware updates are now available to close the vulnerability. An update should be installed immediately. Pver 29,000 devices are vulnearable.
[German]Users have been complaining about problems with remote desktop connections (RDP) under Windows 11 22H2 for months. In deed, first reports about that issue has been public sice December 2021. Last week, Microsoft released a preview update for Windows 11 22H2, which is supposed to fix confirmed RDP problems.
[German]Warning to users of KeePass Password Safe for managing passwords and credentials. The Cyber Emergency Response Team from Belgium (CERT.be) published a warning about KeePass on January 27, 2023. In the default setup, write access to the XML configuration file is possible. This leads to r vulnerability CVE-2023-24055, which could open the way for an attacker to obtain the plaintext passwords by adding an export trigger (Unauthenticated RCE, Information disclosure). However, there are lesser known ways to harden the setup somewhat – whether it is useful is another story. Here is an overview of this topic.
[German]Trouble for customers of the online mail-order pharmacy DocMorris. The mail-order company had already restricted payment options days ago due to invoice fraud and requires payment in advance. Now it is reported that 20,000 user accounts at DocMorris were hacked via a credential stuffing attack. DocMorris has blocked these accounts.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]The Sysinternals team updated the RDCMan (remote desktop session management), Sysmon (host monitoring tool) and ZoomIt (allows screen magnification and annotations) tools for Windows at the end of January 2023. These are bug fixes in the tools mentioned here.
[German]Quick note to administrators of Windows environments. Microsoft has updated the Policy CSP – Update web page as of January 27, 2023. This page documents group policies for Windows Update and now shows which policies should be used for what in Windows 10/Windows 11 and which are old policies that Microsoft does not recommend.
Do we actually need Microsoft RDS licenses if we run an environment with Citrix Virtual App/Desktop? Citrix has discussed this in the article Do We Need RDS Licenses For Citrix Virtual App/Desktop Environment. Short answer: yes, you need both Citrix licenses and Microsoft RDS licenses to use the Citrix Virtual App/Desktop environment. (via Twitter)
A little note about security on Microsoft Teams. Two security researchers @adm1nkyj1 and @jinmo123 participated in pwn2own 2022 in Vancouver. There they tried to hack Microsoft Teams, but failed due to time allocation. Both discovered a bug that allowed an exploit. The deeplink handler for /l/task/:appId in Microsoft Teams can load an arbitrary url in Webview/iframe. Attackers can exploit this using Teams' RPC functionality to execute code outside the sandbox. The security researchers have shared the details in this blog post. Thanks to Jan R. for pointing this out.
[German]Security researchers from Palo Alto Networks' Unit 42 have observed cyberattacks with new variant of the old known malware. Suspected to originate from China, the PlugX malware has attracted attention because this variant infects all connected USB removable media devices such as floppy, thumb or flash drives, as well as any other systems to which the USB stick is later connected.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
