[German]In addition to the vulnerabilities in F5 BIG-IP network devices mentioned in the blog post Destructive attacks via critical F5 BIG-IP vulnerability, Zyxel is also dealing with an Unauthenticated Remote Command Injection vulnerability CVE-2022-30525 in its firewalls. Operators of corresponding Zyxel firewalls should immediately install the provided updates to close the serious vulnerability.
[German]Brief message at the end of the week – after the "very successful" patchday on May 10, 2022 with numerous collateral damages, Microsoft is on its way to new shores. On May 12, 2022, they released the preview update KB5014023 for Windows Insiders. I haven't found details about the update yet (it's not listed on the Windows 10 update history page, of course) – it's just mentioned here and here.
[German]Hewlett Packard (HP) has recently published a security advisory. This warning addresses two vulnerabilities in the firmware of over 200 HP models (business and consumer variants) that allow the firmware to be overwritten. The vulnerabilities have been given a security score of 8.8 – updates are available. Furthermore, Intel has issued a security advisory for a vulnerability in the BIOS of Intel systems, which also have a score of 8.2 and allow privilege escalation.
[German]In F5 BIG-IP, vulnerability CVE-2022-1388 became public last week. The vulnerability allows attackers to execute commands on BIG-IP network devices as "root" without requiring authentication. The manufacturer F5 had strongly recommended administrators of the network devices to close this critical vulnerability through updates. Exploits have become public on Twitter and GitHub. Now there are first destructive attacks that attempted to delete the file system of a device and render the server unusable.
[German]There seems to be a bug in Microsoft Access 365 (with update status 2022 in the current channel). When closing forms, the error message "The search key was not found in any…" is issued. Following a reader suggestion, I summarize the relevant information below – in case anyone encounters the effect.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]The May 10, 2022 security updates for Windows cause several issues. One concerns authentication on domain controllers. This seems to fail for various machines (client and server) due to certificate errors. All clients are affected, from Windows 7 SP1 (with ESU) up to Windows 11 and the relevant server counterparts. Microsoft has since confirmed the problem.
[German]On May 10, 2022 (second Tuesday of the month, Microsoft Patchday), Microsoft released several security-related updates for still-supported Microsoft Office versions and other products. Here is an overview of the available updates.
[German]Microsoft has released various security updates for Windows, Office, Net etc. on May 10, 2022. While relatively few problems were fixed by these updates, some users seem to have problems with the update installation or afterwards. Affected is for example Windows 11, where the error 0xc0000135 occurs. Here is a collective article, which may be extended, what I have noticed.
[German]Since March 2022 there are issues with remote services in Windows Server 2022, caused by security update KB5011497 from March 8, 2022. That's because certain roles become unavailable after installing that update – and that wasn't fixed in April an May 2022 with patchday updates. Here is a brief inventory along with information on what I am aware of.
[German]Microsoft released the cumulative update KB5013943 for Windows 11 (build 22000.675) on May 10, 2022. In the meantime, there are increasing reports of users who subsequently receive error 0xc0000135. This can occur with various applications, PowerShell, Event Viewer, services, etc. It is probably crystallizing into a problem with the .NET framework. Here is a brief overview of what I have found out so far.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
