Tag Archives: Vulnerability

Windows 10: Critical codec vulnerabilities patched

[German]Microsoft has patched vulnerabilities CVE-2020-1425 and CVE-2020-1457 in the Windows Codecs Library in an emergency update on 30 June 2020. This affects Windows 10 and its Windows Server counterparts. Advertising

Posted in Security, Software, Update, Windows | Tagged , , , | Leave a comment

Advertising

Kr00k: Wi-Fi vulnerability puts millions of devices at risk

[German]Security researchers at ESET have discovered a vulnerability in Broadcom and Cypress WLAN chips that could compromise the WPA2 encryption of millions of devices (routers). Here is some information on the subject. Advertising

Posted in devices, Security | Tagged , , , , | Leave a comment

Does PayPal fail with security? Vulnerabilities unfixed

[German]Disturbing story just came to me from security analysts. The provider PayPal has had (and still has) vulnerabilities in its system for a month, which were reported in January 2020, but have not yet been fixed. Hackers can abuse them … Continue reading

Posted in Security | Tagged , , , | Leave a comment

Security: Avira Optimizer allows privilege escalation

[German]Users of the virus protection solution receive the Avira Optimizer installed in newer versions. Up to the version before 1.2.0.367, this contains a vulnerability that allows privileges escalation. The Avira developers have now fixed this vulnerability with the version mentioned … Continue reading

Posted in Security, Windows | Tagged , , , , | Leave a comment

.SettingContent-ms files put Windows 10 at risk

[German]Microsoft has introduced a new file format (.SettingContent-ms) for Windows 10 in 2015. However, this file format proves to be a weak point, as any commands and applications can be defined for execution via the underlying XML structures. Advertising

Posted in Security, Windows | Tagged , | Leave a comment

Advertising

Critical vulnerabilities in Microsoft’s Malware Protection Engine (CVE-2017-11937 and CVE-2017-11940)

[German]Microsoft’s Malware Protection Engine has a critical memory corruption vulnerability that allows remote code execution. Microsoft released a security advisory on December 6, 2017 and says corresponding security updates are available. Here are what I found out till now. [Update: … Continue reading

Posted in Security, Update, Windows | Tagged , , , | 2 Comments

Critical vulnerability in HPE Integrated Lights-out 4 (iLO 4)

[German]The management software Integrated Lights-out 4 (iLO 4) for HP-Proliant Server has a critical vulnerability, allowing remote code execution on a system without login. Advertising

Posted in devices, issue, Security, Update | Tagged , , | Leave a comment

US-CERT warns: Microsoft Windows LNK vulnerability

[German]US-CERT issued a warning: Microsoft Windows automatically executes code specified in shortcut (LNK) files. This allows attackers to execute malware during viewing a lnk file. A public exploit is available. Advertising

Posted in Security, Windows | Tagged , , | Leave a comment
Advertising

WINS is legacy and vulnerable, use DNS instead

[German]Today just a short note for Windows Administrators in enterprises. Windows Internet Name Service (WINS) is legacy and contains a vulnerability. Therefore WINS should not be deployed anymore. Switch to DNS instead. Advertising

Posted in Security, Windows | Tagged , , , , , | Leave a comment

New details to Intel’s AMT vulnerability

On Mai 1, 2017 Intel disclosed the AMT vulnerability (INTEL-SA-00075), without publishing details. Security Researcher from Tenable has analyzed this vulnerability. Advertising

Posted in computer, Security | Tagged , , , , , | Leave a comment