Born's Tech and Windows World

Exchange Server: Microsoft updates it's mitigation for the 0-day ProxyNotShell vulnerability (October 5, 2022)

Posted on 2022-10-05 by guenni

Exchange Logo [German]It's becoming somewhat like a never-ending story. Two 0-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) in Microsoft's on-premises Exchange Servers (2013, 2016, and 2019) have been known since late September 2022. The vulnerabilities, known as ProxyNotShell, are already being exploited in the wild. Since the vulnerabilities became known, Microsoft has been trying to publish workarounds for protection. During the night (on October 5, 2022), the URI rewrite rules were updated to protect against attacks because the original rules could be circumvented. But that's not sufficient, the new rule can be bypassed too. Here's an overview of the latest developments, and administrators should respond. Continue reading →

Posted in Security, Software | Tagged Exchange | Leave a comment

Microsoft Office Updates (Oktober 4, 2022)

Posted on 2022-10-05 by guenni

[German]As of October 4, 2022 (first Tuesday of the month), Microsoft has released non-security updates for versions of Microsoft Office that are still supported. This month, there are updates for Microsoft Office 2013 and 2016, fixing an Excel issue that has been nagging for weeks. Here's a brief overview.

Continue reading →

Posted in Office, Update | Tagged Office, Update | Leave a comment

Microsoft's 0-day protection bypassed, new assessments (Oct. 3, 2022)

Posted on 2022-10-04 by guenni

Exchange Logo [German]A 0-day vulnerability (ZDI-CAN-18333) in Microsoft's on-premises Exchange Servers (2013, 2016, and 2019) has been known since late September 2022. The vulnerabilities (CVE-2022-41040, CVE-2022-41082) are already being exploited in the wild. Microsoft did respond and published a workaround as well as rolled out URI rewrite rules via EMS for protection. But the URI rewrite expressions can be bypassed. In addition, the first (so far fake) exploits are being offered on the Internet. Here is an overview of the latest developments. Continue reading →

Posted in Security, Software, Windows | Tagged Exchange, Security | Leave a comment

High CPU load, fan on full speed; Windows Defender struggles with Dell SupportAssist

Posted on 2022-10-03 by guenni

Windows [German]Brief information, which I'll cover in this post. Last week a tweet came to my attention in which a Microsoft MVP complained that the fan on his Windows system was running at full speed. A quick look showed that Microsoft Defender was really pulling CPU power on the machine. Could possibly affect one or the other user from the readership. Because the culprits: Windows Defender and Dell SupportAssist might well be in use more often.

Continue reading →

Posted in issue, Windows | Tagged Defender, Problem, Windows 10, Windows 11 | Leave a comment

Windows 10/11: Microsoft installs Spotify app without user consent (Sept. 2022)

Posted on 2022-10-02 by guenni

Windows [German]Last week users running Windows 10 or Windows 11 went into trouble. Microsoft decided to install Spotify on many user systems, regardless of whether users wanted it or not. In addition, Spotify starts automatically when Windows is subsequently booted – and annoyed the users with popups. Didn't really go down well for many users.

Continue reading →

Posted in issue, Windows | Tagged App, Problem, Windows 10, Windows 11 | 1 Comment

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

Chrome 106.0.5249.91 released

Posted on 2022-10-01 by guenni

Chrome [German]Google has released the Google Chrome 106.0.5249.91 update for Mac and Windows on September 30, 2022. Both the Stable Channel and the Extended Stable Channel will receive this security update. It is a bug fix update that addresses vulnerabilities.

Continue reading →

Posted in browser, macOS, Security, Software, Update, Windows | Tagged Chrome | Leave a comment

Update on Exchange Server 0-day Vulnerability ZDI-CAN-18333: Fixes, Scripts and EMS Solution

Posted on 2022-10-01 by guenni

Exchange Logo [German]The 0-day vulnerability ZDI-CAN-18333 in Microsoft's on-premises Exchange Servers (2013, 2016 and 2019) became public at the end of September. The vulnerabilities (CVE-2022-41040, CVE-2022-41082) are already being exploited in the wild. Now Microsoft is rolling out URI rewrite rules via EMS for protection. Furthermore, wrong suggestions in the Microsoft support articles published in the meantime have been amended, and there are scripts for checking and securing Exchange installations. Here is an overview of the latest developments.

Continue reading →

Posted in Security, Software | Tagged Exchange, Security | Leave a comment

Serious vulnerabilities in Cisco networking hardware (Sept. 2022)

Posted on 2022-10-01 by guenni

Sicherheit (Pexels, allgemeine Nutzung) [German]Short addendum from this week. The manufacturer Cisco has published extensive security advisories and updates for its network hardware as of September 28, 2022. The updates affect switches and wireless controllers from this manufacturer, among others. Attackers could disrupt the devices or services, or take control. The vulnerabilities are largely classified with the threat level high.

Continue reading →

Posted in Security | Tagged Security | Leave a comment

Windows 11: Printer driver confirmed as upgrade stopper (Sep 29, 2022)

Posted on 2022-10-01 by guenni

Windows [German]Microsoft has acknowledged compatibility problems with the drivers of certain printers under Windows 11 21H2 and 22H2. This can result in the printers only being able to be used with standard printing options. Microsoft has blocked the feature update to Windows 11 version 22H2 on the affected systems.

Continue reading →

Posted in issue, Windows | Tagged Problemlösung, Windows 11 | Leave a comment

Windows 11: Preview-Update KB5017389 (Sept. 30, 2022)

Posted on 2022-10-01 by guenni

Windows [German]Microsoft has released optional cumulative (preview) update KB5017389 for Windows 11 version 22H2 (i.e. not the 21H2) on September 30, 2022. It is the first "servicing" preview update for Windows 11 22H2. Below I provide an overview regarding these updates for Windows 11.

Continue reading →

Posted in Update, Windows | Tagged Update, Windows 11 | Leave a comment

Exchange Server: Microsoft updates it's mitigation for the 0-day ProxyNotShell vulnerability (October 5, 2022)

Microsoft Office Updates (Oktober 4, 2022)

Microsoft's 0-day protection bypassed, new assessments (Oct. 3, 2022)

High CPU load, fan on full speed; Windows Defender struggles with Dell SupportAssist

Windows 10/11: Microsoft installs Spotify app without user consent (Sept. 2022)

Why ISL Online: Critical factors when choosing a remote desktop solution

Chrome 106.0.5249.91 released

Update on Exchange Server 0-day Vulnerability ZDI-CAN-18333: Fixes, Scripts and EMS Solution

Serious vulnerabilities in Cisco networking hardware (Sept. 2022)

Windows 11: Printer driver confirmed as upgrade stopper (Sep 29, 2022)

Windows 11: Preview-Update KB5017389 (Sept. 30, 2022)

Blogs

Links

Social networks

Awards

Sponsors