[German]On January 20, 2022, the EU Parliament adopted the so-called Digital Service Act in its first reading. This will make online platforms and online marketplaces more accountable and more stringent in combating illegal content, goods and services, and disinformation. The issue of cookies is also addressed in this bill. Negotiations are now beginning on implementation by the member states.
[German]The year 2021 has already hit some administrators with security incidents. The log4j issue may not be off the table yet, and 2022 started with violent tremors for administrators (key words are the year 2022 bug in Exchange, as well as the January 11, 2022 patchday issues with Microsoft Windows). Jen Easterly, head of the U.S. federal government's Cybersecurity and Infrastructure Security Agency (CISA), called the log4j vulnerability the most serious bug she has seen in her decade-long career. The effects of log4j will be felt by IT, business and society in the coming months and possibly years. So security will continue to be an issue in 2022.
[German]McAfee Agent for Windows is vulnerable to privilege escalation due to a serious vulnerability, allowing program code to execute with Windows SYSTEM privileges. The vendor has since corrected the CVE-2022-0166 vulnerability, which was introduced into products such as McAfee Endpoint Security via an OpenSSL component. The same is true for the second code injection vulnerability, CVE-2021-31854.
[German]Good news in terms of security and Office, because Microsoft finally plugs a gateway for malware by disabling the default support for Excel 4.0 macros. This mitigates an announced and long overdue vulnerability.
[German]WordPress users beware, there are again massive vulnerabilities in WordPress plugins and themes due to a supply chain attack on the provider AccessPress. In dozens of plugins and themes of this provider hackers have built backdoors to hack the sites and possibly take over data. And there is a WordPress HTML mail plugin with a vulnerability. Here is a brief overview.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Microsoft has adjusted its machine learning programs so that machines running Windows 10 version 20H2 are now updated more broadly and automatically to Windows version 21H2. This is Microsoft's response to the fact that support for version 20H2 is about to expire, and it wants to ensure that the machines in question run on newer builds. Here is some information on this topic.
[Geman]The January 11, 2022 security updates for Windows Server 2012/R2 resulted in the Hyper-V host subsequently failing to start. As of January 17, 2022, Microsoft then released special updates to correct this issue. Here is a follow-up on this issue.
[German]Installing Windows 10 or Windows 11 in virtual environments can present some challenges. Depending on the hypervisor, the installation may even fail completely. Blog reader Thomas S. emailed me back in December 2021 with his experiences installing Windows 10 as well as Windows 11 under Microsoft's Hyper-V 2nd generation. I publsih his information here in the blog – maybe other readers can benefit from it.
[German]Microsoft has updated the Chromium Edge browser to version Edge 97.0.1072.69 as of January 20, 2022 (thanks to the reader for pointing this out). This is a security update that addresses security vulnerabilities. Microsoft lists the release notes for Microsoft Edge and its security updates on this page – but it doesn't give much details. The browser should be updated automatically, but can also be downloaded here.
[German]Currently, it seems like the SonicWall Gen7 Firewalls have been causing an issue since January 20, 2022. There are reports that access is no longer possible or the Gen7 firewall falls into a reboot loop. There is already a support post from SonicWall about this with a workaround. I'll pick it up here in the blog.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
