Unauthorized RCE CVE-2022-28219 in Zoho ManageEngine ADAudit Plus

Posted on 2022-07-01 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Security researcher Naveen Sunkavally of Horizon3.ai recently discovered vulnerability CVE-2022-28219. This allows remote code execution without further authentication by the attacker and affects Zoho ManageEngine ADAudit Plus. This is a compliance tool used by enterprises to monitor changes to Active Directory. The vulnerability involves several issues: untrusted Java deserialization, path traversal and a blind XML External Entities (XXE) injection. The vulnerabilities have since been fixed.

Continue reading

Posted in Security, Software, Windows | Tagged , , | Leave a comment

Kaspersky finds SessionManager backdoor left by malware in IIS/Exchange servers worldwide

Posted on 2022-06-30 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Security vendor Kaspersky has come across a little-known backdoor, undetected by antivirus solutions, that leaves malware on Microsoft Exchange servers in the IIS module. There are infections of the so-called SessionManager backdoor in Exchange systems worldwide. The SessionManager backdoor enables a wide range of malicious activities, from collecting emails to taking complete control over the victim's infrastructure. The newly discovered backdoor was first deployed in late March 2021 and has hit government and non-government organizations in Africa, South Asia, Europe and the Middle East. Most of the organizations attacked remain compromised to this day.

Continue reading

Posted in Security | Tagged , | Leave a comment

Azure: Container Escape Vulnerability (CVE-2022-30137) in Microsoft's Service Fabric Closed

Posted on 2022-06-30 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Security researchers from Palo Alto Networks have encountered a container escape vulnerability in Microsoft's Service Fabric, which they then named FabricScape. The vulnerability allowed container escapes in Microsoft's Service Fabric, which is commonly used with Azure. Palo Alto Networks has partnered with Microsoft to address this vulnerability. 

Continue reading

Posted in Security | Tagged , , , | Leave a comment

Building materials manufacturer Knauf affected by cyber attack worldwide (June 29, 2022)

Posted on 2022-06-30 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]The manufacturer Knauf (gypsum, Plaster, building materials) fell victim to a cyber attack on June 29, 2022. The company's IT systems are affected worldwide and had to be shut down. Too much information in terms of details is unfortunately not yet known – the company hopes to have isolated the incident after the security system struck, but is still engaged in analysis. Addendum: Black Basta gang claims responsibility and has leaked data.

Continue reading

Posted in Security | Tagged | Leave a comment

Edge Stable 103.0.1264.37 breaks group policies (Chrome bug)

Posted on 2022-06-30 by guenni

Edge[German]I'm going to pull out an issue that may be of concern to administrators among of my blog readers. Since the release of Microsoft Edge Stable 103.0.1264.37, I got reports, that group policies no longer work. This night I came across more reports at Microsoft. So I'll briefly summarize the state of affairs here for your information. A fix is in the work (at Chromium and Edge developer teams).

Continue reading

Posted in browser, issue, Software, Windows | Tagged , | 3 Comments

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

Thunderbird 102.0 and 91.11.0

Posted on 2022-06-30 by guenni

[German]In addition to Firefox developers who have provided updates to the Firefox browser (see Firefox 102.0 and ESR, as well as 91.11esr released), new versions of the Thunderbird email client were also released on June 28, 2022. At the same time, security vulnerabilities – also in the the version 91.11.0 were closed. Thanks to the reader for the tip.

Continue reading

Posted in Security, Software, Update | Tagged , , | Leave a comment

Microsoft Exchange Server: Remote Code Execution vulnerability CVE-2022-23277 exploitable despite patch?

Posted on 2022-06-30 by guenni

Exchange Logo[German]Are Microsoft Exchange servers on the current patch level still vulnerable via the remote code execution vulnerability CVE-2022-23277? Some fragments of information have just come to my attention that at least raise questions. In any case, the disclosure of the details that led to the vulnerability is interesting. I'll try to summarize the information as best as I can.

Continue reading

Posted in Security, Software | Tagged , | 4 Comments

Firefox 102.0 and esr, as well as 91.11esr released

Posted on 2022-06-29 by guenni

Mozilla[German]Mozilla's developers have released the versions 102.0 (also as ESR version) as well as the 91.11esr of the Firefox browser on June 28, 2022. Firefox 102 is a new development branch, while 91.11esr is a maintenance update that fixes critical vulnerabilities.

Continue reading

Posted in browser, Security, Software, Update | Tagged , , | Leave a comment

Revision to CVE-2021-26414 (Windows DCOM Server Security Feature Bypass) dated June 28, 2022

Posted on 2022-06-29 by guenni

Windows[German]Microsoft has revised its description of CVE-2021-26414 (Windows DCOM Server Security Feature Bypass) to June 28, 2022. It has added security updates for Windows 10 version 21H2, Windows 11 and Windows Server 2022, as these Windows versions are also affected by this vulnerability. Microsoft urges users to install the updates and notes that RPC_C_AUTHN_LEVEL_PKT_INTEGRITY on DCOM servers will be enabled by default as a result of the update.

Continue reading

Posted in Security, Update, Windows | Tagged , , | Leave a comment

Windows 10 Preview Update KB5014666 (June 28, 2022)

Posted on 2022-06-29 by guenni

Windows[German]Microsoft has released an optional cumulative (preview) update KB5014666 on June 28, 2022 (D-Week). This is supposed to fix numerous bugs in Windows Server version 20H2 as well as Windows 10 version 21H1 – 21H2. In addition it brings new print functions. Below I give an overview regarding these updates for Windows 10.

Continue reading

Posted in Update, Windows | Tagged , | 1 Comment