Tag Archives: Vulnerability

Trend Micro Apex One and Office Scan XG vulnerable

[German]Administrators using Trend Micro's Apex One, Apex One as a Service (SaaS) and Office Scan XG products as a protection solution on Windows and macOS need to act. The products are vulnerable through four vulnerabilities, but an update is available. … Continue reading

Posted in macOS, Security, Software, Windows | Tagged , , , | Leave a comment

Advertising

Windows 10: Critical codec vulnerabilities patched

[German]Microsoft has patched vulnerabilities CVE-2020-1425 and CVE-2020-1457 in the Windows Codecs Library in an emergency update on 30 June 2020. This affects Windows 10 and its Windows Server counterparts. Advertising

Posted in Security, Software, Update, Windows | Tagged , , , | Leave a comment

How to find weak passwords in Active Directory and eliminate them with PowerShell

[Sponsored Post]Weak or compromised passwords are a known gateway for attackers. If you are able to identify which users in Active Directory (AD) are threatened by this, then PowerShell can help to remedy it. However, PowerShell scripts cannot eliminate basic AD deficits, other tools are needed for this. More ...

Kr00k: Wi-Fi vulnerability puts millions of devices at risk

[German]Security researchers at ESET have discovered a vulnerability in Broadcom and Cypress WLAN chips that could compromise the WPA2 encryption of millions of devices (routers). Here is some information on the subject. Advertising

Posted in devices, Security | Tagged , , , , | Leave a comment

Advertising

Does PayPal fail with security? Vulnerabilities unfixed

[German]Disturbing story just came to me from security analysts. The provider PayPal has had (and still has) vulnerabilities in its system for a month, which were reported in January 2020, but have not yet been fixed. Hackers can abuse them … Continue reading

Posted in Security | Tagged , , , | Leave a comment

Security: Avira Optimizer allows privilege escalation

[German]Users of the virus protection solution receive the Avira Optimizer installed in newer versions. Up to the version before 1.2.0.367, this contains a vulnerability that allows privileges escalation. The Avira developers have now fixed this vulnerability with the version mentioned … Continue reading

Posted in Security, Windows | Tagged , , , , | Leave a comment

Advertising

.SettingContent-ms files put Windows 10 at risk

[German]Microsoft has introduced a new file format (.SettingContent-ms) for Windows 10 in 2015. However, this file format proves to be a weak point, as any commands and applications can be defined for execution via the underlying XML structures. Advertising

Posted in Security, Windows | Tagged , | Leave a comment

Critical vulnerabilities in Microsoft’s Malware Protection Engine (CVE-2017-11937 and CVE-2017-11940)

[German]Microsoft's Malware Protection Engine has a critical memory corruption vulnerability that allows remote code execution. Microsoft released a security advisory on December 6, 2017 and says corresponding security updates are available. Here are what I found out till now. [Update: … Continue reading

Posted in Security, Update, Windows | Tagged , , , | 2 Comments

Critical vulnerability in HPE Integrated Lights-out 4 (iLO 4)

[German]The management software Integrated Lights-out 4 (iLO 4) for HP-Proliant Server has a critical vulnerability, allowing remote code execution on a system without login. Advertising

Posted in devices, issue, Security, Update | Tagged , , | Leave a comment

Advertising

US-CERT warns: Microsoft Windows LNK vulnerability

[German]US-CERT issued a warning: Microsoft Windows automatically executes code specified in shortcut (LNK) files. This allows attackers to execute malware during viewing a lnk file. A public exploit is available. Advertising

Posted in Security, Windows | Tagged , , | Leave a comment

WINS is legacy and vulnerable, use DNS instead

[German]Today just a short note for Windows Administrators in enterprises. Windows Internet Name Service (WINS) is legacy and contains a vulnerability. Therefore WINS should not be deployed anymore. Switch to DNS instead. Advertising

Posted in Security, Windows | Tagged , , , , , | Leave a comment