[German]Security vendor Trend Micro has released a critical update 2380 for its Worry Free Business Security (WFBS). The patch is intended to fix a security issue in a component that makes the antivirus solution vulnerable to attack. What it doesn't reveal, however: To install this critical patch, there must be at least 13 gigabytes of hard drive space on the system drive.
[German]It seems, that the January 2022 security updates like KB5009557 bricks Active Directory Federation Services ADFS-Farm-Servers. I receive a report, where update KB5009557 breaks LDAP queries to domain controllers from a ADFS Farm Server. Here are a few details about that issue.
[German]A critical vulnerability CVE-2021-44738 has been found in the PostScript interpreter of various Lexmark printers. The manufacturer warns about this vulnerability, which allows remote code execution, in a security advisory and provides a firmware update to close the vulnerability. Here is an overview of this vulnerability.
[German]Today another topic for administrators of Windows systems (Windows 10 and Windows 11) to which Microsoft has commented the days. It is about group policies that can be used in these clients to manage restrictions. At one point it looks like the group policies diverge between Windows 10 and Windows 11. Also, Microsoft recently explained which Group Policies should no longer be used for updates because the conditions have changed since Windows 10 version 1507.
[German]On January 20, 2022, the EU Parliament adopted the so-called Digital Service Act in its first reading. This will make online platforms and online marketplaces more accountable and more stringent in combating illegal content, goods and services, and disinformation. The issue of cookies is also addressed in this bill. Negotiations are now beginning on implementation by the member states.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]The year 2021 has already hit some administrators with security incidents. The log4j issue may not be off the table yet, and 2022 started with violent tremors for administrators (key words are the year 2022 bug in Exchange, as well as the January 11, 2022 patchday issues with Microsoft Windows). Jen Easterly, head of the U.S. federal government's Cybersecurity and Infrastructure Security Agency (CISA), called the log4j vulnerability the most serious bug she has seen in her decade-long career. The effects of log4j will be felt by IT, business and society in the coming months and possibly years. So security will continue to be an issue in 2022.
[German]McAfee Agent for Windows is vulnerable to privilege escalation due to a serious vulnerability, allowing program code to execute with Windows SYSTEM privileges. The vendor has since corrected the CVE-2022-0166 vulnerability, which was introduced into products such as McAfee Endpoint Security via an OpenSSL component. The same is true for the second code injection vulnerability, CVE-2021-31854.
[German]Good news in terms of security and Office, because Microsoft finally plugs a gateway for malware by disabling the default support for Excel 4.0 macros. This mitigates an announced and long overdue vulnerability.
[German]WordPress users beware, there are again massive vulnerabilities in WordPress plugins and themes due to a supply chain attack on the provider AccessPress. In dozens of plugins and themes of this provider hackers have built backdoors to hack the sites and possibly take over data. And there is a WordPress HTML mail plugin with a vulnerability. Here is a brief overview.
[German]Microsoft has adjusted its machine learning programs so that machines running Windows 10 version 20H2 are now updated more broadly and automatically to Windows version 21H2. This is Microsoft's response to the fact that support for version 20H2 is about to expire, and it wants to ensure that the machines in question run on newer builds. Here is some information on this topic.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
