[German]There are reports that a new zero-day exists in Microsoft Exchange that is being actively exploited in the wild. Security researchers confirm that some installations – including a honeypot – are already infected. Details about the zero-day are not yet available. Here's an overview of what I know so far and what, if anything, can be done to detect attacks.
[German]Microsoft offers the Exchange Health Checker, a PowerShell script to check on-premises Exchange installations for problems. The script is continuously developed by Microsoft. Frank Zöchling has now extended the Exchange Health Checker with a script to automatically make important settings when checking an Exchange installation.
[German]The developers of Thunderbird have released another update of the email client to version 102.3.1 on September 28, 2022. It is a bug-fix update, which should fix a number of problems and vulnerabilities.
[German]Brief notification for administrators who use a mail protection / security solution from Barracuda Networks in an enterprise environment. Since tonight (September 29, 2022) there seems to be a problem that emails get stuck in their spam filters (Email Security Gateway or Barracuda Email Protection) and are not forwarded. The whole thing seems to be a global problem – although there is almost no information available.
[German]Google has released the update of Google Chrome 106.0.5249.61 for Mac/Linux and Chrome 106.0.5249.61/62 for Windows on September 28, 2022. It is a new development branch, with the update fixing 20 vulnerabilities.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]CheckPoint has released its Global Threat Index for August 2022, a top list of malware infections. Surprisingly for me, the previously frequently mentioned Emotet ransomware has been displaced from the top spot it held in previous months. Now, a malware called FormBook is in the No. 1 spot, followed by AgentTesla, the latter being no stranger either. Here is some information on the threat landscape provided to me by CheckPoint.
[German]Microsoft has released an out-of-band update KB5019311 on September 27, 2022, for Windows 11, version 22H2. This update is supposed to fix localization issues in the setup files. Thouse issues have been detected in non English versions of Windows 11 22H2.
[German]HP has published a warning about a buffer overflow vulnerability in the firmware of various printer models (Inkjet, Laserjet Pro and HP PageWide Pro printers) on September 21, 2022. One vulnerability even potentially allows remote code execution (RCE). Firmware updates for the affected printer models are now available.
[German]German blog reader Frank contacted me about a problem on Windows that I don't really have an explanation for. Originally it was about the IF command in batch files returning wrong values when comparing. So Frank tested the whole thing with PowerShell and found something similar there. Only a test program written with VB .NET delivered the expected results. Since the batch program also delivers the same, incorrect, results under Windows 7, I assume that Frank and I have overlooked something. I'll post the problem here in the blog – maybe a reader will notice something.
[German]Vendor Sophos warns about a remote code execution vulnerability in its firewall. There is a code injection vulnerability in the Sophos XG Firewall user portal and web admin (UTM products not affected). This vulnerability is already being exploited in a limited number of cases in Asia. An update is available to close the vulnerability.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
