Tag Archives: Vulnerability

Microsoft Teams: Remote Code Execution (RCE) vulnerability

Posted on 2023-01-28 by guenni

A little note about security on Microsoft Teams. Two security researchers @adm1nkyj1 and @jinmo123 participated in pwn2own 2022 in Vancouver. There they tried to hack Microsoft Teams, but failed due to time allocation. Both discovered a bug that allowed an … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Trend Micro Apex One and Office Scan XG vulnerable

Posted on 2020-09-04 by guenni

[German]Administrators using Trend Micro's Apex One, Apex One as a Service (SaaS) and Office Scan XG products as a protection solution on Windows and macOS need to act. The products are vulnerable through four vulnerabilities, but an update is available.

Posted in macOS, Security, Software, Windows | Tagged , , , | Leave a comment

Windows 10: Critical codec vulnerabilities patched

Posted on 2020-07-01 by guenni

[German]Microsoft has patched vulnerabilities CVE-2020-1425 and CVE-2020-1457 in the Windows Codecs Library in an emergency update on 30 June 2020. This affects Windows 10 and its Windows Server counterparts.

Posted in Security, Software, Update, Windows | Tagged , , , | Leave a comment

Kr00k: Wi-Fi vulnerability puts millions of devices at risk

Posted on 2020-02-27 by guenni

[German]Security researchers at ESET have discovered a vulnerability in Broadcom and Cypress WLAN chips that could compromise the WPA2 encryption of millions of devices (routers). Here is some information on the subject.

Posted in devices, Security | Tagged , , , , | Leave a comment

Does PayPal fail with security? Vulnerabilities unfixed

Posted on 2020-02-18 by guenni

[German]Disturbing story just came to me from security analysts. The provider PayPal has had (and still has) vulnerabilities in its system for a month, which were reported in January 2020, but have not yet been fixed. Hackers can abuse them … Continue reading

Posted in Security | Tagged , , , | Leave a comment

Security: Avira Optimizer allows privilege escalation

Posted on 2019-08-31 by guenni

[German]Users of the virus protection solution receive the Avira Optimizer installed in newer versions. Up to the version before 1.2.0.367, this contains a vulnerability that allows privileges escalation. The Avira developers have now fixed this vulnerability with the version mentioned … Continue reading

Posted in Security, Windows | Tagged , , , , | Leave a comment

.SettingContent-ms files put Windows 10 at risk

Posted on 2018-06-28 by guenni

[German]Microsoft has introduced a new file format (.SettingContent-ms) for Windows 10 in 2015. However, this file format proves to be a weak point, as any commands and applications can be defined for execution via the underlying XML structures.

Posted in Security, Windows | Tagged , | Leave a comment

Critical vulnerabilities in Microsoft’s Malware Protection Engine (CVE-2017-11937 and CVE-2017-11940)

Posted on 2017-12-07 by guenni

[German]Microsoft's Malware Protection Engine has a critical memory corruption vulnerability that allows remote code execution. Microsoft released a security advisory on December 6, 2017 and says corresponding security updates are available. Here are what I found out till now. [Update: … Continue reading

Posted in Security, Update, Windows | Tagged , , , | 2 Comments

Critical vulnerability in HPE Integrated Lights-out 4 (iLO 4)

Posted on 2017-08-25 by guenni

[German]The management software Integrated Lights-out 4 (iLO 4) for HP-Proliant Server has a critical vulnerability, allowing remote code execution on a system without login.

Posted in devices, issue, Security, Update | Tagged , , | Leave a comment

US-CERT warns: Microsoft Windows LNK vulnerability

Posted on 2017-08-07 by guenni

[German]US-CERT issued a warning: Microsoft Windows automatically executes code specified in shortcut (LNK) files. This allows attackers to execute malware during viewing a lnk file. A public exploit is available.

Posted in Security, Windows | Tagged , , | Leave a comment