[German]On December 13, 2022 (second Tuesday of the month, Patchday at Microsoft), several cumulative updates were released for the supported Windows 10 builds (from RTM version to current version) as well as for the Windows Server counterparts. Here are some details on the respective security updates for Windows 10.
[German]On December 13, 2022, Microsoft released security updates for Windows clients and servers, for Office, etc. – as well as for other products – released. The security updates fix 49 vulnerabilities, 6 of which are classified as critical, and two 0-day vulnerabilities, one of which is already being exploited. Below is a compact overview of these updates released on patchday.
[German]The developers of Thunderbird have released another update of the email client to version 102.6.0 on December 13, 2022 (thanks to the reader for pointing this out). It's a bug-fix update that should fix some issues.
[German]The Mozilla developers have released the versions 108.0 and 102.6.0 ESR of the Firefox browser on December 13, 2022. The ESR versions are maintenance updates that are supposed to fix bugs. Firefox 108 is a new development branch. In both updates, vulnerabilities are fixed. Thanks to the reader for the tip.
Continue reading
[German]Citrix has informed about a critical vulnerability CVE-2022-27518 in its products Citrix ADC and Citrix Gateway. This affects versions: 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32 of Citrix ADC and Citrix Gateway. However, both products are only affected if they are running with a SAML SP or IdP configuration. Citrix has released updates to close the vulnerability.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]FortiGuard Labs reported a critical vulnerability CVE-2022-42475 in FortiOS on December 12, 2022, which arguably allows remote code execution over SSL VPN. The bad thing is that this vulnerability is already being exploited in the wild. The vendor has since released FortiOS security updates for the affected versions.
[German]Quick survey or note to administrators who use Sophos security solutions (ATP). Currently it looks like the Sophos security products are misclassifying the Cloudflare IP address 188.114.97.3 as ATP C2/Generic-A. After a blog reader informed me via a private Facebook message, some information on what I've found out so far.
[German]cecurity tools such as virus scanners claim to protect systems from threats. But malfunctions or vulnerabilities can unintentionally expose systems to particular risks. A security researcher recently demonstrated in a proof-of-concept (POC) that anti-malware solutions can be tricked into selectively deleting files on a system. The researcher called this approach "aikido" – derived from the Japanese martial art of using an opponent's attack against the opponent himself.
[German]A short note for administrators and users who use the Jabra Engage 75 headsets in a corporate environment. There are currently massive problems in connection with Microsoft Teams. The headsets crash as soon as Microsoft Teams calls arrive. However, it looks like there is a workaround. I'm compiling the information I received via a Facebook group – maybe someone else is affected.
[German]The countdown from when the USB-C port becomes mandatory in European Union for mobile devices as a charging port has begun. The EU has set December 28, 2024 as the start date from which this obligation will apply. This implements a decision by the EU Parliament in October 2022 to introduce the USB-C interface as a common charging port for a wide range of electronic devices.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
