[German]The Log4Shell vulnerability in the Log4j library, which can be exploited in Java, is presumably present in many systems and software packages. The problem is likely to affect us for years to come, experts estimate, and it has not yet reached SMEs. The Department of Homeland Security (DHS) also addressed the Log4j issue again this week in a recommendation.
[German]Google has announced this week that its "Chrome OS Flex" operating system for PCs and Macs is ready and released it broadly for the said devices. The OS is meant to promote sustainability by allowing existing devices to be upgraded to an easy-to-manage, fast and secure Chrome OS operating system.
[German]Cyber criminals are promoting a tool on social networks that can be used to crack passwords in industrial control systems (ICS, PLCs). This is certainly useful for technicians who need to access PLCs (Programmable Logic Controllers) or ICSs (Industrial Control Systems) but no longer know the access data. The problem: The advertised password cracking tool is contaminated with the Sality malware, and the attackers use it to infect the PLCs or ICS.
[German]Quick note for administrators in enterprise environments. If you experience print and scan errors on your networks over the next few days, this may be related to changes in smartcard authentication that Microsoft made in July 2022.
Microsoft has updated the Edge browser in the stable channel to version 103.0.1264.62 as of July 14, 2022. It is a maintenance update. Thanks to the user for pointing this out. The release notes don't give more details about the update, but the Edge 103.0.1264.62 has issues with the July 2022 updates for Windows 10 1809. The browser should update automatically, but it can also be downloaded from the Edge page. The download bug has not been fixed (see Microsoft Edge 103.0.1264.44 download bug: .crdownload files remains).
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]As of July 12, 2022 (second Tuesday of the month, patchday at Microsoft), a number of security updates for Office and Windows have been released. The security updates also eliminate 84 vulnerabilities, one of which is 0-day. Unfortunately, there is some collateral damage to report as a result of these updates. I pull together some information in this post, what came under my eyes, or what may be open problems from previous patchdays and may have been fixed.
ordPress users who have Kaswara Modern WPBakery Page Builder in use should act quickly. Older versions contain vulnerability CVE-2021-24284 , which allows WordPress installation takeover. The vulnerability is under attack. Details can be found at Bleeping Computer in this article.
[German]The semi-annual feature updates cycle (I call them feature upgrades) introduced by Microsoft in 2015 for Windows 10 is proving to be a (foreseeable) "mess". It caused a lot of problems, the criticism from companies does not stop, and last year they have switched to annual feature updates. Now there is a rumor that Microsoft will only release a new main Windows version as an upgrade every three years.
[German]Microsoft has released a security update (KB5015805) for Internet Explorer on July 12, 2022. However, this is only available separately for selected Windows versions as a cumulative update. Here's an overview of this patch, which is intended to close vulnerabilities in the browser.
[German]Note for blog readers who use Lenovo (and IBM) notebooks. Security researchers from ESET have found serious vulnerabilities in the UEFI firmware of Lenovo notebooks that allow the operating system to be hijacked in the early boot phase. Lenovo has issued a security advisory listing over 70 notebook models (including ThinkBook) as affected.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
