[German]On June 14, 2022, Microsoft released security updates for Windows clients and servers, for Office, etc. – as well as for other products – were released. Among other things, the Follina vulnerability in Windows was patched. The security updates also eliminate 55 vulnerabilities. Below is a compact overview of these updates that were released on Patchday.
[German]Microsoft Defender is in use at many companies. I read the other day that Microsoft Defender can now be used to isolate unmanaged Windows devices that have been hacked. Further, I got a report from a user about issues with Defender cauing issues like Word no longer starts. I summarize the two topics in this collective post.
[German]Another short information for the blog readers, who may still have the Internet Explorer 11 from Microsoft under Windows in use. On today's patchday, June 14, 2022, the browser will receive security updates for various Windows versions for the last time and will then be removed from support (on June 15, 2022).
[German]ESET has presented its Thread Report 2022 with various statistics and explains, for example, the drastic drop in RDP attacks at the beginning of 2022. Palo Alto Networks provides an overview of which ransomware groups have which share of infections. LockBit currently seems to be by far the most successful group. The "flop of the week" is about a USB security stick from Verbatim that is easy to hack.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]After the release of the June 2022 updates for Microsoft Office 2016, blog readers have left some reports about issues within my German blog. These problems occur when opening Office documents on SharePoint servers after installing the June 7, 2022 updates for Office 2016.
[German]Security researchers from CyberArk Labs have stumbled upon in Google's Chrome browser. It stores passwords and cookies in plain text in the RAM of its own process. This means a corresponding tool could read these plaintext passwords. I tested it on Google Chrome and on the Ungoogled Chromium clone – the problem should affect all Chromium browsers (so Edge too). Continue reading
[German]Short note to readers who have NAS drives from QNAP in use. There are serious vulnerabilities in the QTS 5.0.0 software in older versions, which were fixed on June 8, 2022 with an update of the firmware to QTS 5.0.0.2055 build 20220531. The installation of this update is strongly recommended. Older QTS versions (4.x etc.) should have been fixed long ago.
[German]Security researchers have had a closer look at smart scales offered by the Chinese manufacturer Yunmai. These smart scales can be coupled with an app on the smartphone via Bluetooth so that the personal data of several people may be stored in personal profiles. Unfortunately, there are vulnerabilities, that allows a mass account takeover or circumvention of manufacturer restrictions via the Yunmai API.
[German]In addition to the Follina vulnerability (CVE-2022-30190) in the Windows ms-msdt protocol, there is another DogWalk-named vulnerability in connection with the Microsoft Diagnostic Tool (MSDT). This vulnerability was reported to Microsoft two years ago, but is unlikely to be patched. The ACROS Security team has taken the Follina story as an opportunity to provide a micro-patch for DogWalk as well. I have prepared the information below.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
[