[German]The Secure Boot DBX update KB5012170, which was first rolled out on August 9, 2022, still seems to cause trouble in December 2022. I had reported several times in the blog. Microsoft admitted in the follow-up to the patchday on Dec. 13, 2022, that this update can lead to the installation error 0x800F0922. Affected are all clients from Windows 10 and all servers from 2012. Below is a brief follow-up.
[German]Security researchers have come across cases where cybercriminals have managed to sign malware-infected Windows drivers using valid digital certificates from Microsoft. This allows the malware to trick the check for a digital signature under Windows. Several threat actors seem to be involved in the abuse of Microsoft's digital signature. However, Microsoft has released updates on patchday in December 2022 to detect the affected (driver) files and eliminate attacks.
[German]The security updates rolled out by Microsoft on the December 2022 patchday lead to problems with Hyper-V in certain constellations. New VMs can no longer be created, existing VM have problems with Ethernet connections, etc. Microsoft has admitted to these problems, although only Windows Server 2019 as well as Windows Server 2022 are said to be affected.
[German]As of December 13, 2022 (Patchday), Microsoft has also released updates for .NET 7.0.1, .NET 6.0.12 and .NET Core 3.1.32. These are intended to address the CVE-2022-41089 vulnerability, which allows remote code execution. But because the update makes changes to the way WPF-based applications render XPS documents, there are problems with applications that use WPF. However, Microsoft has published a support article KB5022083 including two workarounds.
[German]Google has released Google Chrome version 108.0.5359.124/125 in the stable channel for Mac, Linux and Windows on December 13, 2022. These updates close eight vulnerabilities, some of which are rated high, and probably fix bugs. Thanks to reader EP for pointing this out. In addition, the Chrome Android app has also received an update.
Continue reading
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]On (November 8, 2022 (second Tuesday of the month, Microsoft Patchday), Microsoft released several security-related updates for still-supported Microsoft Office versions and other products. The updates are available for the installable MSI version of Microsoft Office (the click-to-run packages obtain the updates through other channels). Office 2019 does not appear in the list because it is distributed via click-to-run packages and receives security updates via the Office Update feature. Below is an overview of the available updates.
[German]Microsoft has released security updates for Windows 7 and 8.1 as well as for the Windows Server counterparts 2008 R2 and 2012/R2 on Patchday. Here is an overview of these updates for Windows 7/8.1 and the corresponding Windows Server versions 2008 R2 and 2012/R2.
[German]On December 13 (second Tuesday of the month, Microsoft patch day), Microsoft also released cumulative updates for Windows 11 22H1 and 22H2. In addition, Windows Server 2022 received an update. Here are some details about these updates, which are supposed to fix vulnerabilities as well as issues.
Continue reading
[German]On December 13, 2022 (second Tuesday of the month, Patchday at Microsoft), several cumulative updates were released for the supported Windows 10 builds (from RTM version to current version) as well as for the Windows Server counterparts. Here are some details on the respective security updates for Windows 10.
[German]On December 13, 2022, Microsoft released security updates for Windows clients and servers, for Office, etc. – as well as for other products – released. The security updates fix 49 vulnerabilities, 6 of which are classified as critical, and two 0-day vulnerabilities, one of which is already being exploited. Below is a compact overview of these updates released on patchday.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
