[German]Microsoft has also released security updates for Windows 7 and 8.1 as well as for the Windows Server counterparts 2008 R2 and 2012/R2 on Patchday. Here is an overview of these updates for Windows 7/8.1 and the corresponding Windows Server versions 2008 R2 and 2012/R2.
[German]On October 11 (second Tuesday of the month, Patchday at Microsoft), Microsoft also released cumulative updates for Windows 11. In addition, Windows Server 2022 received an update. Here are some details about these updates, which are supposed to fix vulnerabilities as well as problems.
[German]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019, effective October 11, 2022. These updates are intended to address vulnerabilities reported by external security partners or found by Microsoft. However, the 0-day vulnerabilities (ProxyNotShell) that have been known since late September 2022 will not be fixed.
[German]I'm posting a first warning about the October 2022 security updates for Windows here on the blog because a reader from the business environment pointed it out to me. The domain join hardening changes made with the updates to close the vulnerability (CVE-2022-38042) have powerful collateral damage. With this update, AD join of Windows clients may no longer be possible if certain conditions cannot be met – this affects all versions of Windows.
[German]On October 11, 2022 (second Tuesday of the month, patchday at Microsoft), several cumulative updates were released for the supported Windows 10 builds (from RTM version to current version) as well as for the Windows Server counterparts. Here are some details on the respective security updates.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]On October 11, 2022, Microsoft released security updates for Windows clients and servers, for Office, etc. – as well as for other products – were released. The security updates fix 84 vulnerabilities, 13 of which are critical and one 0-day vulnerability. Among other things, a printer vulnerability in Windows, and an Active Directory Certificate Services vulnerability are corrected – both rated critical. Below is a compact overview of these updates released on Patchday.
[German]We're likely to get security updates for on-premises Exchange Server (2016-2019) in a few hours that will hopefully close the two 0-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) known since late September 2022. But there is likely another 0-day vulnerability in Exchange Server that is being actively exploited in the wild to infect installations with the LockBit 3.0 ransomware. Here is some information on what I am aware of.
[German]Adobe has released its (planned) update of Adobe Acrobat (Reader) DC to version 2022.003.20258 (Windows) and (Mac) on October 11, 2022. This update includes some new features and fixes some bugs. However, the installation ends with the error "2251.Database: Transform" for some users.
[German]Today, October 11, 2022 is Microsoft's patchday, and Windows 10 will also receive its monthly security update. As a precaution, I draw your attention to an issue that could possibly cause trouble in a few hours under Windows 10 20H2 to 21H2: Microsoft is expected to disable TLS 1.0 and 1.1 with the security update for these Windows 10 versions. On the other hand, it looks like the TLS 1.3 implementation is causing problems on Windows 10. So, there could be problems with remote desktop applications and all applications that rely on TLS 1.0/1.1.
[German]One more addendum regarding On-Premises Exchange Server (2016-2019) and the two 0-Day vulnerabilities (CVE-2022-41040, CVE-2022-41082) known since the end of September 2022. As of the weekend (October 8, 2022), Microsoft had again tweaked its articles to mitigate these vulnerabilities. In addition, a blog reader came forward to point out errors in the fixed PowerShell script. I'm just getting around to writing an addendum on the state of affairs today. With any luck, there will be a patch in a few hours.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
