Security

February 2019 .NET Update Contains Security Fixes for Domain Spoofing and Remote Code Execution

Many customers try hard not to have to update the .NET code for Windows. These days, some consider every Windows update as a potential timebomb, but the .NET updates have a long history of being a difficult problem child. Microsoft delivered .NET updates for February 2019 and these updates come with some fixes that may cause some to do a double-take. These may warrant some heightened attention. Here is what’s up… CVE-2019-0613 – Remote Code Execution Vulnerability This security update resolves a vulnerability in .NET Framework software if the software does not check the source markup of a file. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on by using administrative user rights,...

Shared Calendar Workarounds for CUs for Exchange 2016 and 2019

According to Microsoft a bug exists in Cumulative Update 1 for Exchange Server 2019 and Cumulative Update 12 for Exchange Server 2016 where users can no longer accept Share Calendars through an email invitation. Microsoft has supplied the following workarounds. Use one of these until a final resolution is available. > Open the invitation from the Notifications pane in Outlook on the web. > Add the shared calendar manually in Outlook on the web. > Open the invitation in Outlook, and then add the shared calendar.