In Hamburg on the M.A.D. Day (Modern Application Deployment) we could announce that App-V is no longer being deprecated – The Client and the Sequencer. But the Server will still go away.

With this Post I would like to clarify a few things which also was brought up by Tim Mangan in his Analysis of the M.A.D. Day 2024 and specific this announcement.

Read more here


Regards,
Dani

Support for Microsoft 365 Apps is defined by the Modern Lifecycle Policy, which requires customers to maintain an up-to-date configuration in order to stay in support. Support for non-subscription versions of Office is defined by the Fixed Lifecycle Policy, which offers a fixed term of support regardless of configuration.


Source: Link


Regards,
Daniel

Security researchers at Eset have discovered a serious threat that is currently being exploited in Germany and in US: A Russian hacker group is currently exploiting two new zero-day vulnerabilities in Windows to spread the "Romcom" malware.

"RomCom" (also known as Storm-0978, Tropical Scorpius, or UNC2596) is a dangerous piece of malware developed by Russian-Hackers that is attacking targets in Europe and North America. The malware can download additional malicious modules and execute commands on infected systems. It allows attackers to gain long-term access to compromised systems and exfiltrate data.

Affected are Firefox, the Tor browser, Thunderbird and Windows 11, Windows 10, Windows Server 2016, 2019, 2022, 2025.

Most critically, a simple visit to a compromised website is enough to infect. No user interaction (such as downloads or clicks) is required.

Recommendation

Since the attackers exploit two vulnerabilities in combination, I recommend that you fix at least one vulnerability immediately. The Romcom malware can only spread if both vulnerabilities are present. Updating your Firefox version is very quick and easy. With Windows Update you should plan your timing better.

Firefox, Tor Browser, Thunderbird (the internal browser for viewing email)

Mozilla has fixed the bug CVE-2024-9680: Use-after-free in animation timeline on 9 October 2024 and released an update.

This means that all versions of Windows Firefox that were last updated before 9 October 2024 are affected.

Firefox (and software that uses the browser internally) should therefore be at least at these versions:

• Firefox 131.0.2
• Firefox ESR 128.3.1
• Firefox ESR 115.16.1
• Tor Browser 13.5.7
• Tails 6.8.1 (a portable operating system that protects against surveillance and censorship)
• Thunderbird 115.16
• Thunderbird 128.3.1
• Thunderbird 131.0.1

See also: Behind the Scenes: Fixing an In-the-Wild Firefox Exploit

The Tor Browser and Thunderbird should also be updated to the latest version.

Windows 11, Windows 10, Windows Server 2016, 2019, 2022, 2025

Microsoft fixed the bug CVE-2024-49039 on 12 November 2024.

This bug is fixed in the following versions of Windows. It exists in all the versions below:

Windows 11:

• Version 24H2 (Build 10.0.26100) for x64 and ARM64
• Version 23H2 (Build 10.0.22631) for x64 and ARM64

Windows 10:

• Version 22H2 (Build 10.0.19045) for 32-bit, x64, and ARM64
• Version 1809 (Build 10.0.17763)
• Basic version (Build 10.0.10240) for 32-bit

Windows Server:

• Server 2025 (Build 10.0.26100)
• Server 2022, 23H2 Edition (Build 10.0.25398)
• Server 2019 (Build 10.0.17763)
• Server 2016 (Build 10.0.14393.7515)
• Server 2016 Crore (Build 10.0.14393.7515)

All updates fix the Elevation of Privilege vulnerability.

The appropriate security update for your version of Windows can be downloaded here.

Alternatively, you can use the automatic update feature.

I wish you good luck!

Regards
@firefly

Today we are re-releasing the November 2024 SUs for Exchange Server. The original release of these SUs (released on 11/12/2024) introduced an issue with Exchange Server transport rules stopping after a certain amount of time in some environments. The re-released SUs resolve this issue.

To help you understand how to move forward, in this post we use the following naming convention to distinguish between the original November 2024 SU and the re-release:
*Nov 2024 SUv1: original November 2024 SU (released on 11/12/2024 with article KB5044062)
*Nov 2024 SUv2: re-released November 2024 SU (released on 11/27/2024 with article KB5049233)

Read more: https://techcommunity.microsoft.com/blog/exchange/re-release-of-november ...

We are pleased to provide an update regarding Exchange Server ADFS Modern Authentication support.

As of today, ADFS Modern Authentication is supported across all channels in Outlook within Microsoft 365 Apps. Additionally, this support extends to Outlook 2021 (Retail) and Outlook 2024. Our team is actively working on extending this support to additional platforms and clients.

We are happy to announce that ADFS Modern Authentication can now be utilized with the native Apple Mail application on macOS Sequoia and iOS 17.6.1 (or later).

Please note that supplementary configurations may be required for supporting additional clients. We have revised the documentation to outline the steps necessary for upgrading an existing ADFS Modern Authentication configuration.

Additionally, we have enhanced the documentation to simplify configuration processes by utilizing PowerShell commands instead of the graphical user interface. We have also increased the robustness of ADFS Modern Authentication setups.

The documentation is available at https://aka.ms/ExchangeADFSModernAuth.

Source: https://techcommunity.microsoft.com/blog/exchange/update-on-exchange-ser ...

Hello,

I am working with freeradius and MYSQL. My goal is to authenticate users through the radius server with my users' database in mysql. I already have all the users created in mysql but when I try to establish an authentication I get the error that freeradius cannot establish the connection with the database.