Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Tag Archives: Windows
Windows MSDT 0-day vulnerability "DogWalk" receives 0patch fix
[German]In addition to the Follina vulnerability (CVE-2022-30190) in the Windows ms-msdt protocol, there is another DogWalk-named vulnerability in connection with the Microsoft Diagnostic Tool (MSDT). This vulnerability was reported to Microsoft two years ago, but is unlikely to be patched. … Continue reading
Windows Vulnerability Follina (CVE-2022-30190): New findings, new risks (June 9, 2022)
[German]The unpatched Windows vulnerability CVE-2022-30190 (Follina) which has been known since late May 2022, is slowly becoming a problem. The countermeasures described by Microsoft (and here in my blogs) do not seem sufficient. And the vulnerability is now also exploited … Continue reading
Follina (CVE-2022-30190): No major attack wave, but campaigns on EU/US and other targets
[German]A 0-day vulnerability CVE-2022-30190 (Follina) in Windows has been known since the end of May 2022. Yesterday, a tip from a security researcher came to my attention, who has not yet found any active exploitation via manipulated Office documents. On … Continue reading
Microsoft account lockout due to bug when redeeming Microsoft Rewards Points (June 3, 2022)
[German]Another small addendum (almost a warning) to owners of Microsoft accounts. It seems that there was a bug in the account management that caused the account in question to be locked when its owner tried to read in so-called Reward … Continue reading
Large collection of Windows exploits on GitHub
[German]Microsoft patches numerous vulnerabilities in Windows (and other products) every month. Often known vulnerabilities, but not closed by updates, are used in attacks. The other day I came across a large collection of Windows vulnerabilities that can be exploited by … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
SearchNightmare: Windows 10 search-ms: URI Handler 0-day Exploit with Office 2019
[German]Following the discovery of the Follina vulnerability exploit (CVE-2022-30190) via the Windows ms-msdt protocol, this bastion is being "stormed". A hacker looked at the search-ms: URI handler in Windows 10 and developed an exploit similar to Follina. With the help … Continue reading
0Patch Micro patch against Follina vulnerability (CVE-2022-30190) in Windows
[German]The ACROS Security team around founder Mitja Kolsek has released a micro-patch to close the 0-click Microsoft Diagnostic Tool remote code vulnerability (CVE-2022-30190, Follina). The micro-patch is available for all customers with Windows and the 0patch agent free license. Here … Continue reading
Follina vulnerabilitiy (CVE-2022-30190): Status, Findings, Warnings & Attacks
[German]Since the weekend, a new Windows vulnerability CVE-2022-30190 in combination with Microsoft Office has been knows under the name Follina. In the meantime, the US CISA and also the BSI have warned about this vulnerability – while security researchers have … Continue reading
Microsoft 365: Activation issues with Windows Pro Enterprise (May 31, 2022)
[German]Quick question for administrators in the enterprise environment who manage Microsoft 365 licenses (volume licenses, E3/E5). Are you currently experiencing problems with Windows Pro systems no longer activating or losing activation? I have received indications from the readership regarding this … Continue reading
Follina: Attack via Word documents and ms-msdt protocol (CVE-2022-30190)
[German]A new attack vector has been known since the weekend that abuses the Microsoft Support Diagnostics Utility via the ms-msdt: protocol to download and abuse malicious Word documents (or Excel spreadsheets) from the web. Microsoft has since issued a support … Continue reading