[German]Microsoft has released some optional, cumulative (preview) updates on January 25, 2022 (D-Week). These are intended to fix various bugs in Windows 10, Windows 11 and in the corresponding Windows Server versions. Below, I provide an overview regarding these updates for Windows 10 and the Windows Server versions in question.
[German]We are in the so-called D-Week, regarding updates by Microsoft for products like Windows or Office. Whether there are (preview) updates today that anticipate the patches for February 2022, I don't know. But after there were massive problems with the security updates of January 11, 2022, which should be fixed by correction updates, I put together the status as of Jan. 25, 2022.
[German]Security vendor Trend Micro has released a critical update 2380 for its Worry Free Business Security (WFBS). The patch is intended to fix a security issue in a component that makes the antivirus solution vulnerable to attack. What it doesn't reveal, however: To install this critical patch, there must be at least 13 gigabytes of hard drive space on the system drive.
[German]It seems, that the January 2022 security updates like KB5009557 bricks Active Directory Federation Services ADFS-Farm-Servers. I receive a report, where update KB5009557 breaks LDAP queries to domain controllers from a ADFS Farm Server. Here are a few details about that issue.
[German]A critical vulnerability CVE-2021-44738 has been found in the PostScript interpreter of various Lexmark printers. The manufacturer warns about this vulnerability, which allows remote code execution, in a security advisory and provides a firmware update to close the vulnerability. Here is an overview of this vulnerability.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Today another topic for administrators of Windows systems (Windows 10 and Windows 11) to which Microsoft has commented the days. It is about group policies that can be used in these clients to manage restrictions. At one point it looks like the group policies diverge between Windows 10 and Windows 11. Also, Microsoft recently explained which Group Policies should no longer be used for updates because the conditions have changed since Windows 10 version 1507.
[German]On January 20, 2022, the EU Parliament adopted the so-called Digital Service Act in its first reading. This will make online platforms and online marketplaces more accountable and more stringent in combating illegal content, goods and services, and disinformation. The issue of cookies is also addressed in this bill. Negotiations are now beginning on implementation by the member states.
[German]The year 2021 has already hit some administrators with security incidents. The log4j issue may not be off the table yet, and 2022 started with violent tremors for administrators (key words are the year 2022 bug in Exchange, as well as the January 11, 2022 patchday issues with Microsoft Windows). Jen Easterly, head of the U.S. federal government's Cybersecurity and Infrastructure Security Agency (CISA), called the log4j vulnerability the most serious bug she has seen in her decade-long career. The effects of log4j will be felt by IT, business and society in the coming months and possibly years. So security will continue to be an issue in 2022.
[German]McAfee Agent for Windows is vulnerable to privilege escalation due to a serious vulnerability, allowing program code to execute with Windows SYSTEM privileges. The vendor has since corrected the CVE-2022-0166 vulnerability, which was introduced into products such as McAfee Endpoint Security via an OpenSSL component. The same is true for the second code injection vulnerability, CVE-2021-31854.
[German]Good news in terms of security and Office, because Microsoft finally plugs a gateway for malware by disabling the default support for Excel 4.0 macros. This mitigates an announced and long overdue vulnerability.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
