[German]On November 22, 2021, Mozilla developers released version 94.0.2 as a maintenance update of the Firefox browser. According to the release notes, there are only two bug fixes.
[German]On November 22, 2021, Microsoft released several optional cumulative updates for Windows 10 version 1809 (LTSC, Server) as well as version 2004 to 21H2 (and Server) that are supposed to fix various bugs. These include bugs in network printing as well as in the Windows Installer. Here are some details about the respective updates.
[German]Microsoft has released the update KB5007262 for Windows 11 on November 22, 2021. It is an optional update that is supposed to fix a long list of fat bugs in this best of all Windows operating systems. I've seen in various blogs that they are celebrating the new icons. But the beef for me is in the fix for printer errors 0x000006e4, 0x0000007c and 0x00000709 on the network and other fixes in search or USB printing via Internet Printing Protocol.
[German]Currently, I warn about running unpatched Exchange vulnerabilities and ProxyShell attacks almost on a daily basis. A few days ago, Trend Micro issued a warning about attacks against ProxyShell vulnerabilities via the Squirrelwaffle exploit and the takeover of Exchange email mailboxes. As of a few hours ago, another exploit is public as a proof of concept, and exploitation against unpatched Exchange servers is likely. So patch the systems!
[German]A security researcher has found a 0-day vulnerability in Windows Installer that allows a local attacker to gain administrative privileges. The 'Windows Installer Elevation of Privilege' vulnerability CVE-2021-41379 has been patched in November 2021. But there is a workaround, the patch is ineffective. All Windows versions are affected, including Windows 10, that brand new Windows 11, and all Windows Server versions.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]This is a heavy stroke for many people with web presences. The US hoster GoDaddy has become a victim of a cyberattack. The attackers managed to gain access to the Managed WordPress hosting environment of this provider.
[German]NAS system vendor QNAP has released security updates for its firmware. In addition, an app is disabled for security reasons, because remote attackers can inject code into the firmware of the NAS storage. It seems that there is no security update for this vulnerability yet and the app has been disabled. Additionally, it seems that users are reporting issues after upgrading to QTS 5.0. Here is a collective post on these issues.
[German]Last week Friday, November 19, 2021 there seems to have been a cyber attack on the Danish wind turbine manufacturer Vestas. The company had to shut down its IT systems as a result and is currently trying to bring IT back up.
[German]Microsoft released the Windows 10 November 2021 Update (21H2) last week (see Windows 10 November 2021 Update (21H2) released). Now, as of November 19, 2021, they have also updated the Windows administrative templates to cover Windows 10 version 21H2.
[German]Banking Trojan Mekotio returns in Latin AmericaCheck Point reports that the sophisticated banking Trojan Mekotio has returned in Latin America. In July this year, Spanish police had caught 16 suspects for money laundering related to the malware. Now the malware is attacking Spanish-speaking countries. The originator of the new version seems to be a Brazilian criminal gang, according to Check Point. I'm surprised, since Portuguese is spoken in Brazil, not Spanish. Anyway, Check Point already blocked over 100 attacks.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
