[German]Security researchers have just revealed four unpatched vulnerabilities in IBM Data Risk Manager. The vulnerabilities were reported to IBM, but IBM rejected the report due to lack of formal requirements. Three vulnerabilities are considered critical.
[German]Google released the update to Chrome 81.0.4044.122 on April 21, 2020. This is an unscheduled security update which closes several (critical) vulnerabilities.
[German]Microsoft has published Security Advisories for a critical RCE vulnerability (CVE-2020-0905) in Microsofts Dynamics Business Central. And there are security advisories for an update to the Autodesk FBX Library and for an OpenSSL Remote Denial of Service vulnerability.
Brief information for users of Sophos UTM. In mid-April 2020, in the article Stop: Don't install Sophos UTM 9.703 Firmware, I reported that the firmware update was pulled due to issues. Users should not install this update. Sophos has updated now it's advisory and acknowledged the errors. A revised firmware is now in tests – if that shows no problems, a revised version of the firmware will be available this week. I have added details in the linked article. Thanks to Thorsten for pointing this out.
[German]On April 21, 2020, Microsoft released a monthly preview rollup for Windows 8.1 as well as optional updates for various Windows 10 versions. Here is an overview about these optional updates.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]A remote code execution vulnerability exists in the two PDF programs Foxit PDF Reader and PhantomPDF. However, the vendor has already released updates to close the critical vulnerability – I had pointed this out. Now some more details have become known.
[German]Security researchers from Rack911 Labs describe a technique that can be used to leverage and disable almost any antivirus software on Windows or macOS. Although some AV vendors has improved their products, it's not a good news for fans of antivirus software.
[German]In all versions of Windows, there is a vulnerability in the Microsoft Graphics component that could allow an attacker to escalate privileges. Details are now available.
[German]On April 14, 2020 a series of security updates for Windows, Office etc. were released. These partially close 0-day vulnerabilities, but there is also collateral damage. For example, VBA code signing no longer works after installing the Office security updates. Here is an overview of what I have seen so far.
[German]Microsoft has published an overview of various privacy settings for the new Edge Browser. There the settings accessible via edge://settings/ are documented.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
