Update on Exchange Server 0-day Vulnerability ZDI-CAN-18333: Fixes, Scripts and EMS Solution

Posted on 2022-10-01 by guenni

Exchange Logo[German]The 0-day vulnerability ZDI-CAN-18333 in Microsoft's on-premises Exchange Servers (2013, 2016 and 2019) became public at the end of September. The vulnerabilities (CVE-2022-41040, CVE-2022-41082) are already being exploited in the wild. Now Microsoft is rolling out URI rewrite rules via EMS for protection. Furthermore, wrong suggestions in the Microsoft support articles published in the meantime have been amended, and there are scripts for checking and securing Exchange installations. Here is an overview of the latest developments.

Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Serious vulnerabilities in Cisco networking hardware (Sept. 2022)

Posted on 2022-10-01 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Short addendum from this week. The manufacturer Cisco has published extensive security advisories and updates for its network hardware as of September 28, 2022. The updates affect switches and wireless controllers from this manufacturer, among others. Attackers could disrupt the devices or services, or take control. The vulnerabilities are largely classified with the threat level high.

Continue reading

Posted in Security | Tagged | Leave a comment

Windows 11: Printer driver confirmed as upgrade stopper (Sep 29, 2022)

Posted on 2022-10-01 by guenni

Windows[German]Microsoft has acknowledged compatibility problems with the drivers of certain printers under Windows 11 21H2 and 22H2. This can result in the printers only being able to be used with standard printing options. Microsoft has blocked the feature update to Windows 11 version 22H2 on the affected systems.

Continue reading

Posted in issue, Windows | Tagged , | Leave a comment

Windows 11: Preview-Update KB5017389 (Sept. 30, 2022)

Posted on 2022-10-01 by guenni

Windows[German]Microsoft has released optional cumulative (preview) update KB5017389 for Windows 11 version 22H2 (i.e. not the 21H2) on September 30, 2022. It is the first "servicing" preview update for Windows 11 22H2. Below I provide an overview regarding these updates for Windows 11.

Continue reading

Posted in Update, Windows | Tagged , | Leave a comment

Mandiant, VMware and US-CERT warn of malware targeting VMware ESXi servers

Posted on 2022-09-30 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Google-acquired security vendor Mandiant has encountered a new malware family (VirtualPITA, VirtualPIE, and VirtualGATE) that targets virtualization solutions like VMware ESXi Server and uses specialized techniques to infiltrate. VMware has issued a security advisory to that effect, and US-CERT is also warning against this malware.

Continue reading

Posted in Security, Virtualization | Tagged , , | Leave a comment

Microsoft's recommendations for Exchange Server 0-day vulnerability ZDI-CAN-18333

Posted on 2022-09-30 by guenni

Exchange Logo[German]Last night I had reported on the blog about a 0-day vulnerability ZDI-CAN-18333 in Microsoft's on-premises Exchange Servers, which is already being exploited in the wild. Within hours, Microsoft has now responded and confirmed that they are currently investigating two reported zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) affecting Microsoft Exchange Server 2013, 2016 and 2019. At the same time, Microsoft is providing affected administrators with guidance on what to do to protect against these zero-day vulnerabilities until appropriate security updates are available.

Continue reading

Posted in Security, Software | Tagged , , | 2 Comments

Exchange Server servers attacked via 0-day exploit (Sept. 29, 2022)

Posted on 2022-09-30 by guenni

Exchange Logo[German]There are reports that a new zero-day exists in Microsoft Exchange that is being actively exploited in the wild. Security researchers confirm that some installations – including a honeypot – are already infected. Details about the zero-day are not yet available. Here's an overview of what I know so far and what, if anything, can be done to detect attacks.

Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Tip: Exchange Health Checker – Script extensions by Frank Zöchling

Posted on 2022-09-30 by guenni

Exchange Logo[German]Microsoft offers the Exchange Health Checker, a PowerShell script to check on-premises Exchange installations for problems. The script is continuously developed by Microsoft. Frank Zöchling has now extended the Exchange Health Checker with a script to automatically make important settings when checking an Exchange installation.

Continue reading

Posted in Software | Tagged | Leave a comment

Thunderbird 102.3.1 released

Posted on 2022-09-29 by guenni

[German]The developers of Thunderbird have released another update of the email client to version 102.3.1 on September 28, 2022. It is a bug-fix update, which should fix a number of problems and vulnerabilities.

Continue reading

Posted in Security, Software, Update | Tagged | Leave a comment

Barracuda Networks: Spam filter/virus scan blocks mails globally (September 29, 2022)

Posted on 2022-09-29 by guenni

Stop - Pixabay[German]Brief notification for administrators who use a mail protection / security solution from Barracuda Networks in an enterprise environment. Since tonight (September 29, 2022) there seems to be a problem that emails get stuck in their spam filters (Email Security Gateway or Barracuda Email Protection) and are not forwarded. The whole thing seems to be a global problem – although there is almost no information available.

Continue reading

Posted in issue, Security, Software | Tagged , , | 10 Comments