Autodiscover password leak vulnerability known to Microsoft for 5 years

Posted on 2021-10-02 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Another brief post in which I revisit a topic from last week. I had reported that there is a vulnerability in the Autodiscover protocol, which is used by Microsoft Exchange, that reveals passwords. In the meantime, Microsoft is trying to get register the abusable Autodiscover domains, based on the reporting. However, it has now become known that this weakness has been known at Microsoft for at least 5 years without anything happening.

Continue reading

Posted in Security, Software | Tagged | Leave a comment

Windows 10 Update KB5005611, KB5005539, .NET Update KB4023057 (Sept. 30, 2021)

Posted on 2021-10-01 by guenni

Update[German]Microsoft has released preview update KB5005611 for Windows 10 version 2004 – 21H1 on Sept. 30, 2021. The preview update is optional and is intended to fix various issues (including with Outlook add-ins).In addition, updates KB5005539 (.NET) and KB4023057 (reliability update for update service components) were released. Here is an overview of this update.

Continue reading

Posted in Update, Windows | Tagged , , | Leave a comment

Critical security update to Chrome 94.0.4606.71 (2021/09/30)

Posted on 2021-10-01 by guenni

[German]Google has surprisingly released an update to Google Chrome 94.0.4606.71 for Windows, Mac and Linux on September 20, 2021. It is a security update that closes vulnerabilities rated as high. Some of the vulnerabilities are being exploited – here's a brief overview.

Continue reading

Posted in browser, Security, Software, Update | Tagged , , | Leave a comment

Anniversary 28 years as a freelance writer

Posted on 2021-10-01 by guenni

Today a little story beside the tech stuff, something personally. This morning I was awakening and realized, it was October the 1st in 2021 – so I'm now 28 years in business as a freelance book writer and now also tech blogger. It has a long journey since I've published the first articles about computer in a tech magazine, back in 1985.

Continue reading

Posted in General | Tagged | Leave a comment

Let's Encrypt certificate trouble with Windows, Sophos UTM, macOS/iOS (2021/09/30)

Posted on 2021-09-30 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]As of September 30, 2021, some root certificates that Let's-Encrypt used to sign user certificates expired. This meant that certain devices or applications could no longer access websites or mail servers. I have seen cases with iOS 14/15 and macOS, as well as problems with Internet Information Server (IIS) and Microsoft Exchange. In addition, the Sophos UTM Firewall Application is causing problems because it also uses an affected Let's Encrypt certificate. However, the problems can be solved easily – here is a short overview.

Continue reading

Posted in ios, issue, macOS, Software, Windows | Tagged , , , , | 5 Comments

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

Adobe Acrobat (Reader) DC 21.007.20095/21.007.20096 (fixes error 0xc0000142)

Posted on 2021-09-30 by guenni

[German]Adobe has released a hotfix for Adobe Acrobat (Reader) DC as of September 29, 2021, bringing the Windows version to 21.007.20095 and the macOS version to 21.007.20096. The hotfix is optional and is supposed to fix a number of bugs – even bug 0xc0000142 of version 21.007.20091 is supposed to be fixed on Windows.

Continue reading

Posted in Software, Update | Tagged , , | Leave a comment

Sept. 30, 2021: Will we see trouble with old Let's Encrypt certificates?

Posted on 2021-09-30 by guenni

[German]Do you run websites that are signed via Let's Encrypt certificates? Then there could possibly be problems on  September 30, 2021. This is because the root certificate used by Let's Encrypt to sign client certificates will lose its validity on this day (expiry of Intermediate R3 on 2021/09/29 at 19:21:40 GMT – the DST Root CA X3 expires on 2021/09/30 14:01:15 GMT). Clients that only know the old root certificates will not be able to verify Let's Encrypt server certificates after that. Addendum: We have seen issues.

Continue reading

Posted in Security | Tagged | 21 Comments

Amazon's newly introduced Astro Robot, a disaster?

Posted on 2021-09-29 by guenni

Amazon[German]As of September 28, 2021, Amzon has introduced a home robot that goes by the name of Astro. The aim of this device is to provide assistance in the home. Keywords are home monitoring and assistance in conjunction with a cloud service, AI and robotics. However, documents from the development have been leaked to people promptly, which show that the point of home monitoring is ridiculous, the Amazon Astro is the perfect bug to monitor people. Moreover, between the lines resonates that the quite expensive device is not fully developed, in the best case merely quickly broken, but in the worst case poses a risk to the residents of the house. Therefore, a short article that spans the arc between Amazon's marketing and the keywords security, reliability and privacy.

Continue reading

Posted in devices, Security | Tagged , , | 1 Comment

Exchange Server September 2021 CU (2021/09/28)

Posted on 2021-09-29 by guenni

Update[German]Microsoft has released the Exchange quarterly cumulative updates (CU) for September 2021, effective September 28. The quarterly cumulative updates (CUs) are available for Exchange Server 2016 and Exchange Server 2019. These CUs include fixes for customer-reported issues, all previously released security updates and a new security feature. Microsoft Exchange Emergency Mitigation Service is also introduced as a new feature.

Continue reading

Posted in Software, Update | Tagged , | Leave a comment

25 years of Sysinternals

Posted on 2021-09-29 by guenni

It's crazy: 25 years ago, Bryce Cogswell and Mark Russinovich started their Sysinternals tools. On October 14, 2021, there will therefore be a virtual anniversary event
25 Jahre Sysinternals

Posted in Software | Tagged | Leave a comment