[German]VMware has published information on a total of 19 vulnerabilities in the products VMware vCenter Server (vCenter Server) and VMware Cloud Foundation (Cloud Foundation) [VMW2021a] as of September 21, 2021. Some of these are critical vulnerabilities – specifically, the CVE-2021-22005 vulnerability was rated "critical" with a score of 9.8. VMware has released corresponding security updates.
[German]After a design error in the Autodiscover protocol used by Microsoft Exchange became public, Microsoft is now rushing to register all Autodiscover domains. This is because clients may leak access data from Exchange accounts to such Autodiscover domains via the Autodiscover protocol, if the actual domain is not accessible. Here is some information about the issue.
[German]Google has surprisingly released the stable version of Google Chrome 94.0.4606.61 for Windows, Mac and Linux on September 24, 2021. It is a security update that closes a 0-day vulnerability. Here is a brief overview of what problem has been fixed.
[German]On September 23, 2021, Mozilla developers released version 92.0.1 as a maintenance update of the Firefox browser. According to the release notes, there are only two bug fixes. It fixes an issue where audio playback didn't work on some Linux systems (bug 1730499). And the problem with the button to close the search bar on different operating systems (bug 1728368) has been fixed. The new Firefox can be updated via update in the browser or downloaded from this website for various platforms (the variant is to be selected via the displayed list boxes). (via)
[German]Microsoft Office Apps (Office 365) and especially Teams occasionally cause the problem that the login fails with the error 0xC0070057 since about July 2021. The application in question, such as Microsoft Teams, can then no longer be used. Now there is at least a corresponding workaround that administrators can use to mitigate the problem.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Small addendum from this week, as Microsoft has released two preview updates (KB500562, KB5005625) for Windows 10 (Enterprise/Education and Server variants of 1809 and 1909) as of Sept. 21, 2021. The preview updates are optional and are intended to fix various issues. Here is an overview of this update.
[German]The European Commission has announced a legislative proposal by September 23, 2021 to tackle the problem of e-waste caused by different charging interfaces on electronic devices. The move seems necessary after the industry worked for years on a voluntary approach but could only reduce the number of charging interfaces from 30 to 3 variants. The unified charging interface is likely to come.
[German]A command injection vulnerability exists in the web server of some Hikvision products due to insufficient input validation. Unauthorized persons could send messages with malicious commands to the web server via this vulnerability. The manufacturer has provided a firmware update to close this vulnerability. OEMs such as ABUS and TRENDnet are also affected.
[German]Security researchers at Guardicore have discovered a design flaw in Microsoft Exchange autodiscover protocol that allows attackers to use external autodiscover domains to harvest domain credentials. This is possible because autodiscover domains outside the user's domain (but still in the same TLD) can be abused. Here are some details about this flaw.
[German]Since the patchday of September 14, 2021, when further security updates to close the PrintNightmare vulnerabilities are delivered, there are massive problems with network printers in some environments. The background is that Microsoft implemented certain security measures in August and September 2021. This post reflects the status as of September 22, 2021 and summarizes solutions as well as workarounds to resolve printing issues from various posts here on the blog.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
