[German]ACROS Security has discovered a vulnerability in Windows that has not yet been closed by an update and allows the disclosure of NTLM hash values via URL. ACROS Security has released an opatch micropatch to fix this vulnerability. Until Microsoft provides an update, the opatch micropatch is available free of charge.
[German]Microsoft has begun rolling out Windows 11 24H2 (referred to as Windows 11 2024 Update), which will be generally released in October 2024, to more devices. Microsoft has also confirmed that TPM 2.0 is mandatory for Windows 11. On the other hand, there are people who experience that Windows 11 24H2 can be installed on hardware that is not compatible without any tricks. Here is a summary article with an overview of these topics.
[German]Since November 2024, the PST import into a Microsoft 365 tenant using a SAS URL was broken. The import process was aborted with an error 500. Microsoft seems to have fixed the problem as of December 3, 2024.
Cybernews research found out, that a safe linking service accidentally leaked millions of links that were meant to be private and exposed who created them. Researchers discovered that Safelinking.net, a platform designed to protect and manage links, had publicly leaked a tremendous amount of user data that was supposed to be protected. Apart from making 30 million private links public, the platform also exposed the account data of over 156,000 users.
[German]Another addendum from November 2024: On November 19, 2024, Microsoft fixed a problem caused by the security update KB5002653 from November 12, 2024 in Microsoft Excel 2016 (MSI version). Add-ins could no longer be loaded there.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]It seems that Medion, a German Lenovo subsidary, who offers electronic devices – for discounter like Aldi -has becom victim of a cyber attack. There are customers complaining about "delivery problems" with orders. And I have found information from Medion, that they are victim of a cyber incident, that affects their IT systems and the Medion shop.
[German]The company STIGA, active as a supplier in the field of robotic lawnmowers, gardening equipment and sporting goods, has suffered a data protection incident. A reader had made enquiries and received confirmation from the provider. Customer data has been leaked and is now being offered on the Darknet.
Continue reading
[German]A blog reader pointed me to an issue with the new Outlook app. The app could no longer create new calendar entries for his Gmail account. However, there is a workaround, and a new version with bug fixes should be available by now.
[German]ESET Research has discovered the first Linux UEFI boot kit and named it Bootkitty. This Linux UEFI boot kit was uploaded to Virustotal in early November 2024 and came to the attention of the security researchers.
[German]Microsoft is not really having a good run with its security updates for Exchange Server 2016 and Exchange Server 2019. The version of the security updates released on November 12, 2024 had to be withdrawn due to a bug. Version 2, released on November 27, 2024, contains a time zone bug that Microsoft has already acknowledged.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
