Changes and ambiguities in driver updates via WSUS; is Windows 10 bypassing Updates via WSUS?

Posted on 2021-07-09 by guenni

Update[German]In today's blog post, I'll summarize two things that German blog reader Markus K. pointed out to me by mail. Possibly there are changes in driver updates via WSUS, at least there are and ambiguities. Once he suddenly appears on Dell systems password prompts to clients when a firmware is to be installed. But there are other oddities, such as missing reloading of drivers after an activation. And then there is the suspicion that Windows 10 gets the updates directly past WSUS, from the Microsoft update servers, no matter what the administrator has set in group policies.

Continue reading

Posted in Update, Windows | Tagged , , , | Leave a comment

The Chaos PrintNightmare Emergency Update (July 6/7, 2021)

Posted on 2021-07-08 by guenni

[German]Microsoft has released out-of-band security updates for the PrintNightmare vulnerability (CVE-2021-1675) in the Windows Print Spooler service. But these updates seem to end in chaos – it reminds me on the Printer-Gate in March 2021, where Microsoft had to release a series of update fixes to close a printer vulnerability but still allow printing. I'll summarize a few points outside of Microsoft's documentation in this blog post. These range from the fact that the updates don't close the vulnerabilities, to installation issues and problems with Zebra label printers subsequently refusing to print.

Continue reading

Posted in Security, Update, Windows | Tagged , , , , | 6 Comments

PrintNightmare out-of-band update also for Windows Server 2012 and 2016 (July 7, 2021)

Posted on 2021-07-08 by guenni

Update[German]As of July 7, 2021, Microsoft has now also released the emergency update to close the PrintNightmare vulnerability (CVE-2021-1675) in the Windows Print Spooler services for all Windows versions (the still missing updates for Windows Server versions 2012 and 2016 has been released. An immediate installation of this security-critical update is recommended by Microsoft – although administrators in server environments should first run a test.

Continue reading

Posted in Security, Update, Windows | Tagged , , , | 3 Comments

Microsoft Azure: Urgently update PowerShell because of RCE vulnerability

Posted on 2021-07-08 by guenni

Update[German]PowerShell versions 7.0 and 7.1 contain a remote code execution (RCE) vulnerability CVE-2021-26701, which has been assigned a CVSS score: 8.1. In a security alert, Microsoft is urging Azure customers to update PowerShell to version 7.0.6 or 7.1.3 in a timely manner. Windows PowerShell 5.1 is not affected by this vulnerability. Bleeping Computer has compiled some more info here. (via)

Posted in Cloud, Security, Update | Tagged , , , | Leave a comment

Out-of-Band Update closes Windows PrintNightmare Vulnerability (July 6, 2021)

Posted on 2021-07-07 by guenni

Update[German]As of July 6, 2021, in addition to the regular Office updates (see Microsoft Office Patchday (July 6, 2021), Fix for Outlook Crashes), Microsoft has also released an emergency update to close the PrintNightmare vulnerability in the Windows Print Spooler. Blog reader Harald L. pointed out this update in this comment. Prompt installation of this security-critical update is recommended – although administrators in server environments should first run a test.

Continue reading

Posted in Security, Update, Windows | Tagged , , , , , , | 6 Comments

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

Microsoft Office Patchday (July 6, 2021), Fix for Outlook Crashes

Posted on 2021-07-07 by guenni

[German]On July 6, 2021 (first Tuesday of the month, Office Patchday), Microsoft will release non-security updates for still-supported versions of Microsoft Office. Among other things, crashes in Outlook and performance issues are lifted. Here's a brief overview.

Continue reading

Posted in Office, Update | Tagged , | Leave a comment

Beta from SQL Server for Windows Container suspended

Posted on 2021-07-06 by guenni

[German]Microsoft has suspended the SQL Server on Windows beta program. In a July 5, 2021 announcement, Microsoft writes that the SQL Server on Windows Containers beta program began in 2017. The program remained in beta mode until now, intended only for test and development environments. Due to existing ecosystem challenges and usage patterns, Microsoft has decided to suspend the SQL Server on Windows Containers beta program for the foreseeable future. Should circumstances change, we will revise the decision and make an announcement in due course. This announcement only affects SQL Server on Windows Containers, SQL Server on Linux Containers will continue to be supported for the production environment.

Posted in Software | Tagged | Leave a comment

Bye, bye AudaCity after new privacy agreement

Posted on 2021-07-06 by guenni

[German]The Audacity saga continues – as of July 2, 2021, there was another change to the audio application's privacy agreement. There, the new owner's management is keeping some back doors open to be able to collect telemetry data from the application and possibly from the use of this program. After the back and forth of the new management on telemetry and user data collection over the last two months, the community is pretty pissed. It seems it's time to say goodbye to the application. Here's a brief overview of the state of affairs.

Continue reading

Posted in Software | Tagged , | Leave a comment

Kaseya hack affects 1,500 companies worldwide

Posted on 2021-07-06 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]The supply chain attack on Kaseya VSA affects approximately 1,500 companies worldwide, according to the manufacturer. This is according to a status update dated July 5, 2021. Meanwhile, the REvil group is demanding around $70 million in ransom to release the master key to decrypt the systems. Here is an overview of the latest developments.

Continue reading

Posted in Security | Tagged | Leave a comment

Cyber Polygon July 9, 2021

Posted on 2021-07-06 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Cyber Polygon  is an annual cybersecurity event dedicated to cybersecurity topics. Taking place on July 9, 2021, Cyber Polygon this time is about simulating a cyber attack on the digital data streams that have skyrocketed during the coronavirus pandemic. In the course of a fictional cyber attack, participants from numerous countries are asked to respond in real time "to a targeted attack on a company's supply chain."

Continue reading

Posted in Security | Tagged | Leave a comment