[English]Microsoft has updated the Edge browser to version 96.0.1054.57 as of December 14, 2021. The release notes refer to the fix for the vulnerability CVE-2021-4102 mentioned by the Chromium team. This is already being exploited. The browser should be updated automatically, but can also be downloaded here.
[German]On December 14, Microsoft released security updates for Windows clients and servers, for Office etc. – as well as for other products (but not for Exchange) – were released. Below is a compact overview of these updates released on Patchday.
Short message about Microsoft Exchange Online. Yesterday there seem to have been disturbances that affected users of Exchange Online. Mails that were supposed to be sent via Exchange Online are delayed or get stuck as draft or to be sent.
[German]I'm posting a short piece of information here on the blog because this topic will probably affect more and more administrators of Windows 10/11 systems in the coming months and years. We are securing the systems more and more, among other things with TPM. But what happens if a mainboard becomes defective and has to be replaced? That can result in the device no longer being recognized for Azure Active Directory, Windows AutoPilot, etc.
[German]Since the weekend a vulnerability CVE-2021-44228 contained in the JAVA library log4j keeps the IT scene in suspense. The log4j library is extremely widespread and is used in many products. In addition, the vulnerability is extremely easy to exploit remotely and attacks have also been observed for about 2 weeks. In the blog post I try to pick up the most important questions/answers in a kind of FAQ or as a repository and link to further pages.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]I had already seen it briefly on Twitter yesterday, the provider of software solutions "from the cloud" (accounting, workforce scheduling, time tracking, etc.), the company Kronos, has become a victim of a ransomware attack over the weekend (Dec. 11, 2021). UKG solutions using the "Kronos Private Cloud" have been unavailable since Dec. 11, 2021, due to this ransomware attack.
[German]Google has released an update to Google Chrome 96.0.4664.110 for Windows, Mac and Linux (and version 96.0.4664.104 for Android) as of December 13, 2021. It is a security update that closes a critical and exploited vulnerability. Here's a quick overview.
Apple has released the update to iOS 15.2 for compatible iPhones (from iPhone 6s) and iPads (from iPad Pro, iPad Air 2, iPad 5th Gen., iPad mini 4) on Dec. 13, 2021. Via the Apple page HT201222, one can access a list of fixes. But there is a caveat: The controversial nude photo filter for iMessage is now on board. Currently it can only be activated for iMessages. But what is much more serious is that it is now part of the system.
[German]The critical vulnerability CVE-2021-44228 in the JAVA library log4j, which became known a few days ago, threatens millions of software products. For many server products, users can do little. However, I would like to recommend a closer look to administrators of VMware products, because the manufacturer indicates some virtualization products as affected by the vulnerability.
[German]Users who use the Minecraft game, which belongs to Microsoft, urgently need to update its client, which is written in JAVA. The background is that the log4j vulnerability CVE-2021-44228 also makes Minecraft servers vulnerable via Minecraft clients. The developer of Minecraft, Mojang, already announced this in a blog post over the weekend.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
