[German]Quick note to administrators of Windows environments. Microsoft has updated the Policy CSP – Update web page as of January 27, 2023. This page documents group policies for Windows Update and now shows which policies should be used for what in Windows 10/Windows 11 and which are old policies that Microsoft does not recommend.
Do we actually need Microsoft RDS licenses if we run an environment with Citrix Virtual App/Desktop? Citrix has discussed this in the article Do We Need RDS Licenses For Citrix Virtual App/Desktop Environment. Short answer: yes, you need both Citrix licenses and Microsoft RDS licenses to use the Citrix Virtual App/Desktop environment. (via Twitter)
A little note about security on Microsoft Teams. Two security researchers @adm1nkyj1 and @jinmo123 participated in pwn2own 2022 in Vancouver. There they tried to hack Microsoft Teams, but failed due to time allocation. Both discovered a bug that allowed an exploit. The deeplink handler for /l/task/:appId in Microsoft Teams can load an arbitrary url in Webview/iframe. Attackers can exploit this using Teams' RPC functionality to execute code outside the sandbox. The security researchers have shared the details in this blog post. Thanks to Jan R. for pointing this out.
[German]Security researchers from Palo Alto Networks' Unit 42 have observed cyberattacks with new variant of the old known malware. Suspected to originate from China, the PlugX malware has attracted attention because this variant infects all connected USB removable media devices such as floppy, thumb or flash drives, as well as any other systems to which the USB stick is later connected.
[German]Today, January 28, 2023, is European Data Protection Day. It's a day of action for data protection launched on the initiative of the Council of Europe. It has been celebrated annually around January 28 since 2007. This date was chosen because the European Convention on Data Protection was signed on January 28, 1981. To ensure the security of data, risk behavior should be adjusted in everyday life.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Microsoft has released the upgrade brakes for Windows 11 21H2 as of January 26, 2023, and generally released the feature update to version 22H2, which was released in November 2022. Starting on the aforementioned date, Microsoft will begin automatically upgrading consumer and unmanaged versions of Windows 11 Home and Pro to Windows 11 22H2. However, the whole thing will be done in waves.
[German]Microsoft has released the optional cumulative (preview) update KB5022360 for Windows 11 version 22H2 on January 26, 2023. There are a number of new features and especially a long list of bug fixes. Below I give an overview regarding these updates for Windows 11.
[German]One more addendum to the blog post Windows 10: Be aware of WinRE WinRE patch to fix Bitlocker bypass vulnerability CVE-2022-41099. To close the vulnerability (CVE-2022-41099), which allows bypassing Bitlocker encryption in Windows, the clients' Win RE environment (Windows 10) must be updated manually. However, there are issues in doing so, as a blog reader told me. I also came across a script that is supposed to automate the patching of the WinRE environment.
[German]Numerous on-premises Microsoft Exchange servers operating around the world are insecure because they are not up to date with the latest patches. This exposes the systems to risk, and it is critical to run unpatched Exchange servers. In a Jan. 26 Techcommunity article, the Microsoft Exchange team addresses this issue and urges administrators to patch systems urgently and immediately so that the latest January 2023 security update is installed.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
[