[German]Quick note for administrators who use the MBAM agent to escrow BitLocker recovery keys. This may result in excessive policy generation in Configuration Manager version 2103. Microsoft has now provided a hotfix to address this issue.
[German]Quick announcement for administrators in the corporate environment. As of July 26, 2021, Microsoft has announced the availability of the Security Baseline for Microsoft Edge version 92 (see the Techcommunity post Security baseline for Microsoft Edge v92). In the new version, 3 settings have been added to the policies and one setting has been removed. The package can be downloaded from the Download Center as Security Compliance Toolkit. (via)
[German]Apple released iOS 14.7.1 and macOS 11.5.1 on July 26, 2021. These are updates that fix bugs and especially security vulnerabilities. One vulnerability is already being exploited for attacks practically in the wild.
[German]Every Windows system is vulnerable to a specific NTLM relay attack that could allow attackers to escalate privileges from user to domain admin. This vulnerability has a status of "not being fixed" and was the subject of the PetitPotam approach I addressed over the weekend. Now Antonio Cocomazzi has pointed out the vulnerability called RemotePotato0. This uses the Windows RPC protocol for privilege escalation.
The update of the Edge browser to version 92.0.902.55 on July 22, 2021 does close various vulnerabilities. However, users report that this Edge version causes freezes when opening PDF files (see Microsoft Edge 92.0.902.55: Fixes vulnerabilities, causes freezes in PDFs).
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]The Windows 10 security updates released on July 13, 2021 for the regular patchday (see Patchday: Windows 10 Updates (July 13, 2021)) may cause printing issues in certain scenarios. Printing and scanning can fail if these devices use smart card authentication (PIV). Microsoft has since confirmed this bug and published a separate support post about it.
U.S. manufacturer Kaseya was the victim of a supply chain attack, and as a result, systems belonging to about 1,500 customers were encrypted with ransomware. Kaseya said this week that it has a universal decryptor to decrypt customer files. Affected parties may contact sales, it said. Now there are reports that Sales is not responding, and if contact is made, Kaseya is requiring victims to sign a confidentiality agreement before the data is decrypted. I've added the info in the post Kaseya received universal decryption tool after ransomware attack.
[German]Several vulnerabilities (CVE-2021-1600, CVE-2021-1601) exist in IPv4 and IPv6 forwarding in the Cisco Intersight Virtual Appliance. These vulnerabilities could allow an unauthenticated, adjacent attacker to access sensitive internal services through an external interface. However, Cisco has since provided security updates to address these vulnerabilities.
[German]Microsoft will change some design elements of the user interface in Windows 11. In addition to rounded window corners, the Start menu will also be seriously revised. Among other things, it is centered on the taskbar. Why they decided on something like this, and what other considerations there are, Microsoft has made public in a video.
[German]Yesterday, July 24, 2021, I had reported about a new attack vector called PetitPotam that can be used to take over Windows domain controllers by means of an NTLM relay attack (see my post PetitPotam attack allows Windows domain takeover). In the meantime, Microsoft has reacted and published a security advisory about this security issue. At the same time, Microsoft makes suggestions on how this vulnerability can be mitigated by administrators. Let me summarize the most important information.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
