[German]Brief information for administrators and IT service providers who use PingCastle (now part of Netwrix) to analyze Active Directory security. Due to vulnerabilities in the code, older versions of the Enterprise and Pro editions of the tool should no longer be used for security reasons. Netwrix has updated PingCastle Enterprise and Pro to version 3.3.0.1 o to close the vulnerabilities.
[German]I would like to bring up another topic that is currently bothering me. We have had Windows 11 24H2 for a few weeks now and are experiencing a disaster with bugs, bugs, bugs. Now Windows Server 2025 was generally released a week ago and the first bugs are already known. Windows Server 2025 has been thrown out unfinished and then there was this week's auto-update bug.
[German]Quick note for administrators of Microsoft 365 tenants. As of February 3, 2025, Microsoft will begin enforcing multifactor authentication (MFA) for access to the Microsoft 365 Admin Center. The option to suspend this MFA for 14 days will then be removed for the tenants concerned.
Continue reading
[German]Brief information for IT supporters who use 3CX as a telephone system. The provider has probably significantly reduced the functionalities of 3CX version 18 in the NFR license as of 15 November 2024. Anyone wishing to use the full functionality must switch to version 20 or purchase a Pro version. However, 3CX V20 is still said to be quite buggy, as one reader pointed out.
[German]An unpatched vulnerability (0-day) exist in the firewalls of Palo Alto Networks. The management interface can be accessed via this vulnerability. This 0-day vulneability is already being exploited for attacks. Both the BSI and the US authority CISA have issued a warning: customers should secure their firewalls immediately.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Microsoft seems to have released security updates for Windows Server 2008 R2 on November 12, 2024. Anyone who had these updates installed subsequently found that the older browsers that could previously be used on these machines no longer work. However, there is now a workaround to get a browser working again. However, this is more of an exotic problem, as there are probably only a few Windows Server 2008 R2 machines still running.
Continue reading
[German]Microsoft's November 2024 security updates for Exchange, has added a new feature to its Exchange 2016 and Exchange 2019 servers. Microsoft Exchange now warns when receiving emails that exploit a spoofing vulnerability (Exchange Server non-RFC compliant P2 FROM header detection CVE-2024-49040). The only problem is that the security updates from November 2024 have currently been stopped.
[German]Brief addendum from this week. Microsoft has once again resorted to dirty tricks to force its users onto the Edge browser. The Edge browser is trying to take over the settings for tabs from the Chrome browser.
[German]Quick note to users who use CrushFTP. A blog reader has informed me that a serious vulnerability has been discovered ans has been made public on November 11, 2024. However, there are updates in which this vulnerability, for which no CVE seems to exist yet, is closed. Here are a few details what needed to know.
[German]The EU Commission has fined Meta €797.72 million for tying its online classifieds service Facebook Marketplace to its personal social network Facebook and imposing unfair trading conditions on other providers of online classifieds services.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
