[German]Often, the details of a ransomware infection remain obscure to outsiders. This week, I received a briefing from security services provider Varonis, whose security team has unraveled the course of an attack using the Hive ransomware. The Hive group operates as a ransomware-as-a-service provider and has been responsible for numerous attacks. In the current case, vulnerabilities in Exchange servers were exploited.
[German]Today another piece of information for administrators of Microsoft Exchange servers who this week suddenly receive an Error 1008 on Exchange 2016 or 2019 in the event logs, which is triggered by the Mitigation Service. A blog reader brought this to my attention the other day because he suddenly experienced the issue on Microsoft Exchange Server 2019. The background is a Microsoft "Microsoft Exchange XML Signing" certificate that expired on June 9, 2022. The problem should have been fixed by Microsoft in the meantime.
[German]Internet fraud through social engineering has now reached massive proportions and is having a negative impact on some societies. As a result, Interpol and national police agencies have been cracking down on Internet fraudsters in an international operation called "First Light 2022." In the process, thousands of social engineering fraudsters were identified and arrested. The operation was carried out in 76 countries and included the seizure of criminal assets.
Adobe has released an update to Adobe Acrobat (Reader) DC to version 22.001.20142 (Windows) and (Mac) as of June 14. This update fixes some bugs according to this description. Download links are provided on the relevant Release Notes page for the Windows and Mac versions. (via)
[German]On June 14, 2022 (second Tuesday of the month, Microsoft Patchday), Microsoft has released several security-related updates for still supported Microsoft Office versions and other products. Here is an overview of the available updates.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]The security updates released on June 14, 2022, closes numerous vulnerabilities. But there are also issues, for example with VMs and when using ESET security solutions. I've noticed also that Microsoft is becoming more and more sparse with details in its KB articles – you have to hunt down the information. Also, vulnerabilities have been quietly patched in Microsoft Azure after pressure from security researchers. Below is a summary of miscellaneous information, observations, and notices of issues for the June 2022 patch day.
[German]The security updates for Windows released on June 14, 2022, also closed the vulnerability in the ms-msdt: protocol that allowed the misuse of the Microsoft Support Diagnostics Utility. The vulnerability known as Follina, CVE-2022-30190, is already being exploited in attacks. Microsoft does not write anything about this fix in the support articles for the individual updates. Therefore, I summarize the relevant information in the following post.
[German]Microsoft has also released security updates for Windows 7 and 8.1 as well as for the Windows Server counterparts 2008 R2 and 2012/R2 on Patchday. Here is an overview of these updates for Windows 7/8.1 and the corresponding Windows Server versions 2008 R2 and 2012/R2.
[German]On June 14 (second Tuesday of the month, Patchday at Microsoft), Microsoft also released a cumulative update for Windows 11, which will be released on October 5, 2021. The update is supposed to fix various problems. In addition, Windows Server 2022 received an update. Here are some details about these updates.
[German]On June 14, 2022 (second Tuesday of the month, patchday at Microsoft), various cumulative updates for the supported Windows 10 builds (from the RTM version to the current version) were released. In the process, the vulnerability in MSDT called Follina was also closed. Here are some details about the respective security updates.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
