CISA Warning: Windows Print-Spooler Vulnerability CVE-2022-22718 actively exploited

Posted on 2022-04-21 by guenni

Windows[German]The US Cyber in Infrastructure Security Agency (CISA) has recently added three more entries to its list of actively exploited vulnerabilities. Among them is the vulnerability CVE-2022-22718 in the Windows print spooler, which affects virtually all Windows versions that are still in support. Microsoft released a security update in February 2022 to close the Elevation of Privilege vulnerability in the Windows Print Spooler.

Continue reading

Posted in Security, Update, Windows | Tagged , , , | Leave a comment

Microsofts Defender flags Google Chrome Updates falsely as malicious (April 20, 2022)

Posted on 2022-04-21 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Microsoft's Defender for Endpoint (an enterprise security platform, see Got lost in Defender? There is something like a Defender Cheat Sheet available) seems to have run a bit amok once again. Administrators reported that since April 20, 2022, Defender has suddenly deemed updates for the Google Chrome browser as malicious and quarantined them.

Continue reading

Posted in Security | Tagged , | Leave a comment

VirtualBox 6.1.34 released

Posted on 2022-04-21 by guenni

Virtualbox[German]Oracle's developers have released Virtualbox version 6.1.34 as of April 19, 2022 (while the changelog claims the release was on March 22, 2022, that's probably a typo). It is a maintenance update that is supposed to fix bugs of previous versions.

Continue reading

Posted in Software, Update | Tagged , | Leave a comment

VLC 3.0.17.4 released

Posted on 2022-04-20 by guenni

Sicherheit[German]Due to a bug in the UPNP function, the developers of the VLC Player had to add version 3.0.17.4. There is no changelog yet. The update is not yet offered in the VLC player. But the download is already available on the FTP server. (via)

Posted in Software, Update | Tagged | Leave a comment

Thunderbird Version 91.8.1

Posted on 2022-04-20 by guenni

[German]The developers of the Thunderbird email client released Thunderbird 91.8.0 (see Firefox 99.0 and 91.8.0esr released) on April 5, 2022, and then released 91.8.1 as a bug fix update on April 18, 2022. These are maintenance updates for the 91 development branch that contain various fixes.

Continue reading

Posted in Software, Update | Tagged | Leave a comment

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

Windows 11 Home: SMB1 will be disabled and removed in the future

Posted on 2022-04-20 by guenni

Windows[German]Microsoft has just announced that they are disabling support for the SMB1 protocol by default in the Windows 11 Home Insider builds. This is the final phase to finally put SMB1 support in Windows to bed and let it expire. The background is security considerations, and SMB2 as well as SMB3 are available. However, the problem will be that certain network connections are dependent on SMB1.

Continue reading

Posted in Windows | Tagged | Leave a comment

Microsoft Security Update Revisions (April 19, 2022)

Posted on 2022-04-20 by guenni

Brief addendum from last week. Microsoft has released some Microsoft Security Update revisions for April 19, 2022, which are changes to the documentation of various security updates. Here is an uncommented overview.

Continue reading

Posted in Security, Update | Tagged , | Leave a comment

ESET finds 3 critical vulnerabilities in UEFI of Lenovo consumer notebooks

Posted on 2022-04-19 by guenni

[German]Users of Lenovo notebooks should react. Security vendor ESET has just announced that it has discovered three vulnerabilities (CVE-2021-3970, CVE-2021-3971, CVE-2021-3972) in the UEFI of Lenovo consumer notebooks that are rated as highly problematic from a security perspective. The exploit allows attackers to deploy and successfully execute UEFI malware such as LoJax or ESPecter on the affected devices.

Continue reading

Posted in Security | Tagged , , | Leave a comment

Free Decryptor for Yanlouwang Ransomware

Posted on 2022-04-19 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Security vendor Kaspersky has discovered a vulnerability in the encryption of the Yanlouwang ransomware. As a result of this vulnerability, the encryption of files can be cracked under certain circumstances. Anyway, a free decryptor for Yanlouwang ransomware is available. However, samples of encrypted files and their unencrypted originals are needed for decryption.

Continue reading

Posted in Security | Tagged | Leave a comment

7-Zip vulnerability CVE-2022-29072 *doesn't* allows system privileges

Posted on 2022-04-19 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]A vulnerability CVE-2022-29072 (heap overflow) exists in the 7-Zip application up to version 21.07, which allows privilege escalation on Windows. This could allow an attacker to gain system privileges and then compromise the system at will. Here is some information about it. Addendum: Seems it was a hoax or a mistake. An extension of privileges, as originally stated by the finder, is (probably) not possible.

Continue reading

Posted in Security, Software | Tagged , | 1 Comment