Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Tag Archives: Windows
Windows Terminal Emulator: DoS and "White Screen of Death" via Escape Characters to Change the Title
[German]Windows offers the possibility to change the window title of windows of a terminal emulator via control characters (ANSI Escape Characters). Some blog readers still know this, was used to adjust colors of a DOS window for example. A security … Continue reading
Strange: Norton 360 installs crypto miner
[German]The security and antivirus solution Norton 360 installing a crypto miner on the user's Windows system. Although this can be controlled by the user, it is (in a time we are facing climate change) still questionable. I have become aware … Continue reading
Security: Windows Format command allows DLL loading abuse
[German]It is almost unbelievable what can be hidden behind Windows functions and commands. The format command for formatting disks, which has been available in the command prompt for ages, has a side effect. With a parameter the call of an … Continue reading
Sophos: Thread actors test CAB-less 40444 (MSHTL vulnerability) attacks in Windows
[German]Security vendor Sophos published information about a new attack scenario in a series of tweets just before Christmas. Attackers are currently testing a new attack vector via RAR attachments with Word documents and scripts in mails. However, this involves distributing … Continue reading
0patch fixes ms-officecmd RCE vulnerability in Windows
[German]The security team of ACROS Security around founder Mitja Kolsek has just developed a micro patch to close a remote code execution vulnerability in the ms-officecmd handler of Windows and released it for customers with a 0patch PRO or Enterprise … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Microsoft warns against Active Directory domain takeover due to unpatched vulnerabilities
[German]Microsoft warned of a new threat in a Techcommunity post on December 20, 2021. In November 2021 patchday, vulnerabilities CVE-2021-42287 and CVE-2021-42278 were fixed by Windows updates. Since December 2021, a proof of concept (PoC) has been available that abuses … Continue reading
Dell Windows drivers still vulnerable to kernel attacks
[German]Users of Dell systems are still at risk of having their Windows systems compromised via Dell drivers through kernel attacks. The problem was supposed to be fixed by updates as early as May 2021. However, security researchers from Rapid7 are … Continue reading
Update fixes Windows AppX installer 0-day vulnerability CVE-2021-43890 (used by Emotet)
[German]Another addendum from the December 2021 patchday regarding the AppX installer used in Windows. Microsoft has closed the Windows AppX Installer spoofing vulnerability CVE-2021-43890 with an update. The Emotet gang has been trying to exploit this vulnerability to infect systems … Continue reading
Posted in Security, Update, Windows
Tagged Patchday 12.2021, Security, Update, Windows
Leave a comment
0patch fixes InstallerTakeOver LPE 0-day vulnerability in Windows
[German]The ACROS Security team around founder Mitja Kolsek has now developed and released the third micro-patch within two weeks for a vulnerability discovered by security researchers. The current micro-patch is about a 0-day InstallerTakeOver Local Privilege Escalation (LPE) vulnerability in … Continue reading
Windows 10/11: The risky "trusted" Apps-Installer – abused by Emotot gang
[German]Hoh hoh, folks, today we can open the second door in the Advent calendar and see what Microsoft has put in as a surprise for us. Today we find the AppX installer, which is used in Windows 10 and Windows … Continue reading