[German]Another small addendum about Windows 10 and the integration of the Servicing Stack Updates (SSUs) into current Cumulative Updates (LCUs). Due to massive problems with the installation of the cumulative updates from June and July 2021, Microsoft has released a separate SSU for August. And it seems that they have started to integrate that SSU into the cumulative updates for Windows 10 version 1909 as well.
[German]Another brief information for administrators in the enterprises. Microsoft enables SMB signing for the relevant network protocol. This is to ensure the security of the communication. However, the whole thing is probably a bit complex, if I interpret this correctly. Now there is a Techcommunity contribution, where one takes up the topic from Microsoft and treats the trustworthy configuration of a SMB signing.
[German](US) mobile carrier T-Mobile is investigating whether there was a data leak or hack. This is because 100 million customer records, some of which reveal very detailed information, were offered in an underground forum, allegedly from this provider. The provider is investigating this possible data protection incident, but is keeping a low profile.
[German]Lenovo had disabled the GPU-supported H.264 encoding in Nvidia GeForce graphics units on its notebooks due to patent disputes. The suspected cause was a patent dispute with Nokia. Now, however, things are moving again. After a firmware update of the BIOS, functions for GPU-supported decoding and encoding of H.264 video material can be used on the affected notebooks again.
[German]Short addendum from this week. Microsoft has also released an update for the .NET Framework. The Security and Quality Rollup Update KB5004757 for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 is available for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2. The update can also be downloaded from the Microsoft Update Catalog and includes quality and reliability improvements.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Microsoft only introduced its Windows 365, which runs Windows 10 on Azure, at the beginning of August 2021 and also released it for customers. There is also a test version that interested parties can take a look at. Now, security researchers have discovered that the credentials (username and password) for a Windows 365 instance can be read in plain text. A deadly story, as attackers could take over corresponding installations in this way.
[German]In my blog post Ransomware gang uses PrintNightmare to attack Windows servers, I had reported about the first case where the PrintNightmare vulnerability was used to attack Windows. Now Talos Security has already come across the second case, reporting that the Vice Society ransomware gang is also attacking systems using the Windows PrintNightmare vulnerability.
[German]Small article at the end of the week, concerning the US vendor Kaseya. After the supply chain attack on Kaseya RMI software and encryption of numerous customer systems, a decryption key has surfaced in an underground forum. In addition, a blog reader alerted me to an update that closes various security holes in a Kaseya product.
[German]I'm bringing this up again before the weekend, even though the readership of this blog is probably well informed and keeps the Exchange servers up to date with the latest patches. It's Friday the 13th and we're about to hit the weekend. And it looks like the wave of attacks on Microsoft Exchange Servers via the ProxyShell vulnerability is rolling in now. All Exchange Servers still running on the March 2021 patch level and accessible via the Internet are vulnerable to these attacks and can be taken over.
[German]Microsoft has closed a number of vulnerabilities with updates on patchday (August 10, 2021). I have an overview that I am posting for the sake of completeness. In addition, Microsoft has distributed two security update revisions in the days in mails, which I also publish here. Maybe this is of interest for someone.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
