[German]Microsoft will change some design elements of the user interface in Windows 11. In addition to rounded window corners, the Start menu will also be seriously revised. Among other things, it is centered on the taskbar. Why they decided on something like this, and what other considerations there are, Microsoft has made public in a video.
[German]Yesterday, July 24, 2021, I had reported about a new attack vector called PetitPotam that can be used to take over Windows domain controllers by means of an NTLM relay attack (see my post PetitPotam attack allows Windows domain takeover). In the meantime, Microsoft has reacted and published a security advisory about this security issue. At the same time, Microsoft makes suggestions on how this vulnerability can be mitigated by administrators. Let me summarize the most important information.
[German]The curiosity about Windows 11 tempts some users to install pre-release versions on their computers. This is not a problem, as there are corresponding installation images directly from Microsoft for Windows Insiders as regular updates for Windows 10 machines. However, some users get installers from obscure sources and catch malware in the process.
[German]LemonDuck and LemonCat is malware that both acts as a bot and mines crypto-money. LemonDuck can run on different platforms (Linux, Windows), threatening machines on corporate networks. According to Microsoft, this malware has been poorly documented so far, which is why they want to address and change that in two blog posts. I'll just include it as a Sunday reading topic.
[German]A report from security vendor Sophos indicates that cyber criminals are increasingly abusing the successful chat service Discord to host, spread and control malware. Most notably, the malware aims to grab data from Discord users. During the investigation period, it was noticeable that four percent of the total TLS-protected malware downloads occurred through the Discord service. The growing popularity of the gaming-focused text and voice chat platform has attracted the attention of malware operators.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]There is a new attack vector called PetitPotam. This enables a threat actor to launch an NTLM relay attack on domain controllers. Ultimately, this can be used to take over entire domains. Since many organizations run domain controllers with Microsoft Active Directory Certificate Services, a correspondingly large number of systems are likely to be at risk. Here is a short overview of what I know in the meantime.
[German]Microsoft has revised the security advisory for the HiveNightmare vulnerability in Windows 10 (from version 1809) this week. I also have an analysis of the vulnerability from Sophos. And security researcher Kevin Beaumont had posted a proof-of-concept including description on GitHub, but was then briefly banned from the GitHub site by ex-employer Microsoft. A brief overview of these issues.
[German]Google made a serious mistake when updating to Chrome OS 91.0.4772.165: A typo in the code meant that users could no longer log in. Google then removed the update from its servers. Android Police had reported here. Now Google is rolling out a fix for the Chromebork bug in Chrome OS, as e.g. The Register reports here.
[German]Following the Chrome update, Microsoft has also updated the Edge browser and raised it to version 92.0.902.55 on July 22, 2021. The update fixes various vulnerabilities that have already been fixed in Google Chrome. Addendum: This Edge version causes a freeze when opening PDF files, see Inside.
The information available on this page names CVE-2021-36928, CVE-2021-36929 and CVE-2021-36931, and the browser should be updated automatically. The browser should be updated automatically. Here is an excerpt from Microsoft's security advisories on the subject:
************************************************************************
Title: Microsoft Security Update Releases
Issued: July 22, 2021
************************************************************************
Summary
=======
The following Chrome CVEs have been released on July 22, 2021.
* CVE-2021-36928
* CVE-2021-36929
* CVE-2021-36931
– CVE-2021-36928 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
– Version 1.0
– Reason for Revision: Information published.
– Originally posted: July 22, 2021
– Updated: N/A
– Aggregate CVE Severity Rating: Important
– CVE-2021-36929 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
– Version 1.0
– Reason for Revision: Information published.
– Originally posted: July 22, 2021
– Updated: N/A
– Aggregate CVE Severity Rating: Important
– CVE-2021-36931 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
– Version 1.0
– Reason for Revision: Information published.
– Originally posted: July 22, 2021
– Updated: N/A
– Aggregate CVE Severity Rating: Important
The following CVEs were assigned by Chrome. Microsoft Edge
(Chromium-based) ingests Chromium, which addresses these vulnerabilities. Please see
Google Chrome Releases (https://chromereleases.googleblog.com/2021) for more information.
See Link for more information about third-party CVEs in the Security Update Guide.
* CVE-2021-30565
* CVE-2021-30566
* CVE-2021-30567
* CVE-2021-30568
* CVE-2021-30569
* CVE-2021-30571
* CVE-2021-30572
* CVE-2021-30573
* CVE-2021-30574
* CVE-2021-30575
* CVE-2021-30576
* CVE-2021-30577
* CVE-2021-30578
* CVE-2021-30579
* CVE-2021-30580
* CVE-2021-30581
* CVE-2021-30582
* CVE-2021-30583
* CVE-2021-30584
* CVE-2021-30585
* CVE-2021-30586
* CVE-2021-30587
* CVE-2021-30588
* CVE-2021-30589
Revision Information:
=====================
– Version 1.0
– Reason for Revision: Information published.
– Originally posted: July 22, 2021
The feature updates for Edge 92.0.902.55 are described here.
However, it looks like this Edge update is causing the browser to freeze when users try to open PDF files. German blog reader Stefan left a comment regarding this issue.
We are experiencing a sudden increase in problems with the browser freezing for some users when they want to open PDF files in some web portals.
On reddit.com I have found another people who have the same problems. The thread starter wrote:
Microsoft Edge crash/freeze on opening PDF's
Came back to work after a wonderful weekend. Phone is ringing continuesly. Multiple people calling for help, that Microsoft Edge is crashing on opening PDF's.
Everything was working perfectly on friday! (We are on 20H2, Build 19042.1110)
It seems like Microsoft released an update 92 (92.0.902.55) this weekend. That's the only difference between now and last friday in my environment.
It doesn't make a difference, if PDF's are opened from a website, local storage or from an email. Does anyone have similar problems, opening PDF's directly in the browser?
In the reddit.com thread, more users confirm the problem.
[German]Hope for victims of the supply chain attack on the US software manufacturer Kaseya, as a result of which the systems of around 1,500 customers worldwide were infected with ransomware and the stored data was encrypted. The manufacturer Kaseya has now probably received a master key for decryption and hopes to be able to rescue the customers' data. Addendum: It looks like Kaseya requires victims to sign a non-disclosure agreement (NDA) before there is a decryption solution.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
