[German]Microsoft has published Security Advisories for a critical RCE vulnerability (CVE-2020-0905) in Microsofts Dynamics Business Central. And there are security advisories for an update to the Autodesk FBX Library and for an OpenSSL Remote Denial of Service vulnerability.
Brief information for users of Sophos UTM. In mid-April 2020, in the article Stop: Don't install Sophos UTM 9.703 Firmware, I reported that the firmware update was pulled due to issues. Users should not install this update. Sophos has updated now it's advisory and acknowledged the errors. A revised firmware is now in tests – if that shows no problems, a revised version of the firmware will be available this week. I have added details in the linked article. Thanks to Thorsten for pointing this out.
[German]On April 21, 2020, Microsoft released a monthly preview rollup for Windows 8.1 as well as optional updates for various Windows 10 versions. Here is an overview about these optional updates.
[German]A remote code execution vulnerability exists in the two PDF programs Foxit PDF Reader and PhantomPDF. However, the vendor has already released updates to close the critical vulnerability – I had pointed this out. Now some more details have become known.
[German]Security researchers from Rack911 Labs describe a technique that can be used to leverage and disable almost any antivirus software on Windows or macOS. Although some AV vendors has improved their products, it's not a good news for fans of antivirus software.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]In all versions of Windows, there is a vulnerability in the Microsoft Graphics component that could allow an attacker to escalate privileges. Details are now available.
[German]On April 14, 2020 a series of security updates for Windows, Office etc. were released. These partially close 0-day vulnerabilities, but there is also collateral damage. For example, VBA code signing no longer works after installing the Office security updates. Here is an overview of what I have seen so far.
[German]Microsoft has published an overview of various privacy settings for the new Edge Browser. There the settings accessible via edge://settings/ are documented.
[German]According to reports, PayPal has probably secretly closed the vulnerability that allowed unauthorized debits via Google Pay some weeks ago. However, there are new unauthorized debits from Russia.
As of April 17, 2020, Microsoft has released update KB4557426 for Insider in the Fast Ring for the Windows 10 Insider Preview Build 19608 (20H2 development branch). The addendum to the post on the Windows Blog states that the build will increase to 19608.1006. The update contains an unspecified improvement to increase stability.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
