[German]Users of Microsoft's Outlook client may run into the problem that no login to outlook.com is possible. This is rejected with the hint to use a personal or school account after all. Now, as of October 27, 2022, Microsoft has released a workaround that looked oddly familiar – seems to be the universal lumberjack for Outlook problems.
[German]A new bug in Windows has been known for a few days that prevents the "Mark of the Web" flag from being evaluated for broken signatures. Microsoft itself has not yet released a patch for this 0-day vulnerability. The vulnerability is already being exploited. Therefore, ACROS Security has addressed the problem and developed a 0Patch micropatch to close it. The patch is freely available, only the 0patch agent is needed. Continue reading
[German]Aurubis, Europe's largest copper smelter by its own account, fell victim to a hacker attack in the night from Thursday to Friday (Oct. 28, 2022). As a precaution, the IT systems in Hamburg were then disconnected from the Internet and shut down. Production, on the other hand, continued. The consequences of this attack are currently being investigated, and the company's share price has already fallen by three percent.
[German]Small addendum to the October 2022 patchday: The security update KB5018410 rolled out for Windows 10 version 20H2-22H2 turns out to be a real problem bear. Back on October 17, Microsoft had to roll out a special update to fix the TLS/SSL issues caused by the October 2022 security update (see Out-of-band updates for Windows fixes SSL-/TLS connection issues (also with Citrix) – October 17, 2022). Now Microsoft has also admitted that security update KB5018410, dated October 11, 2022, crashes OneDrive on Windows 10. Addendum: Microsoft has released an out-of-band update as of October 28, 2022 with a fix.
[German]An October update for CVE-2022-38042 and a long history now confirmed by Microsoft. The October 11, 2022 security update also included domain join hardening to close the vulnerability (CVE-2022-38042). However, these changes had powerful collateral damage. Now Microsoft has published a support post confirming bug 0xaac (2732) in connections between Windows Domain Servers through this update. Looking it up, I noticed that I had reported this collateral damage as of October 12, 2022 here on the blog. So I'll briefly revisit the topic.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Google has released security updates for Google Chrome in the 107 branch in the stable and extended channel for Mac, Linux and Windows as well as for Android on October 27, 2022. It does so in an update that closes a vulnerability that is already being exploited.
[German]Short addendum: Microsoft has updated the Edge browser in the stable channel to version 107.0.1418.24 as of October 27, 2022. This is a security update that eliminates vulnerabilities. In addition, the Edge browser in the Extended Stable Channel has been updated to 106.0.1370.59. This is a stability update.
[German]Security researchers at Varonis Threat Labs have uncovered two Windows vulnerabilities that can create large blind spots for security software and take down machines via DoS attacks. LogCrusher and OverLog exploit the Internet Explorer-specific MS-EVEN event log, which is present on all current Windows operating systems, regardless of whether the browser was or is used. While OverLog has been fixed in the meantime, Microsoft recently issued only a partial patch for LogCrusher. Cybercriminals can therefore still carry out attacks if they gain administrator access to the victim's network.
[German]Joe Belfiore, a Microsoft Manager, currently in the executive suite of Microsoft's Office team, has just announced that he is leaving the company after 32 years. He plans his "retirement" with 54/55 years.
[German]On October 7, 2022, U.S. President Joe Biden launched the new data protection agreement with the European Union, referred to here as "Privacy Shield 2.0", by means of an Executive Order. The aim: to clear the legal way for data exchange between the EU and U.S. providers. Experts had doubts as to whether this presidential decree would hold up before the ECJ. Now an assessment by Stefan Brink, data protection commissioner of the state of Baden-Württemberg, has become known, who considers this decree (Executive Order) to be insufficient and complains about considerable deficits.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
