[German]As of November 8, 2022, Microsoft has released security updates for its Office Online servers to close vulnerabilities in Word and Excel. According to my information, a vulnerability exists (Server-Side Request Forgery, SSRF, to RCE, Remote Code Execution) that Microsoft does not want to eliminate.
[German]Microsoft has released a so-called Out-of-the-Box Experience Update for Windows 10 on November 11, 2022, surprisingly for me. This is already available for Windows 10 versions 21H1, 21H2 and 22H2, but it only applies to systems with Windows 10 Home and Professional. It replaces an update from 2021 and is intended to enable a move to Windows 11 on eligible machines during a new Windows 10 installation.
[German]Microsoft has confirmed a gaming performance issue on Windows 11 version 22H2 as of November 10, 2022. Stuttering or similar problems can occur in some games and applications. The cause is probably an unintended activation of the GPU performance debugging features. A compatibility lock for feature updates has been set. Addendum: The upgrade block will be removed mid December 2022.
Continue reading
[German]Law enforcement officials have now struck a blow against a member (or an affiliate, who obtains the ransomware in exchange for participation and uses it on his own account) of the Lockbit ransomware gang. A person with Russian-Canadian citizenship was arrested in Canada, accused of involvement in Lockbit ransomware gang operations. The arrest was preceded by operations in Ukraine.
[German]Currently, the hack of the Australian healthcare company Medibank is shaking Down-Under. This is because the attacker is offering millions of patient data on the darknet. Shortly before that, the Australian telecom provider Optus was hacked and millions of customer data were siphoned off. And very recently, the same cybercriminals who attacked Medibank are offering Deutsche Bank data on the darknet. According to reports, the names of the hackers, who operate out of Russia, are known. Update: Deutsche Bank sees no indications for a hack.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]There seems to be a problem with the November 2022 security updates for Windows. At least for Windows 11 22H2, I have reports that DirectAccess connections in the network no longer work after the update installation. But there are also indications that the problem occurs on Windows 10. I'll take it up here on the blog in case there are affected people among the blog readership.
[German]Apple has released iOS/iPadOS 16.1.1 for newer iPhone and iPad models on November 9, 2022. It is a security and maintenance update that is supposed to fix a WLAN problem. Thanks to Gerold for the tip. Continue reading
[German]I'm not sure if this affects anyone in the readership. Do you have Citrix Netscaler (ADC) installations that show a "Freemium" license status after an upgrade? Citrix has published an advisory as of November 8, 2022, but it was deleted as of November 9, 2022. However, there is a discussion on the Citrix forum about this very bug. And I got a comment in my German blog post, where a reader was hit with that issues on 3 systems. Here is some information about it.
[German]Another small addendum to the November 2022 patchday. With the security updates of November 8, 2022, Microsoft has also initiated a gradual change to the Netlogon and Kerberos protocols. The whole thing will be carried out in several stages until October 2023. The reason is three vulnerabilities (CVE-2022-38023 and CVE-2022-37967) in Windows 8.1 to Windows 11 and the server counterparts. Administrators must react accordingly to ensure that these changes are taken into account in network communication. Addendum: Microsoft has released an out-of-band-update to fix the issue – see Out-of-band updates fixes Kerberos authentication issues on DCs (Nov. 17, 2022).
[German]On (November 8, 2022 (second Tuesday of the month, Microsoft Patchday), Microsoft released several security-related updates for still-supported Microsoft Office versions and other products. The updates are available for the installable MSI version of Microsoft Office (the click-to-run packages obtain the updates through other channels). Office 2019 does not appear in the list because it is distributed via click-to-run packages and receives security updates via the Office Update feature. Below is an overview of the available updates.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
