As of yet, there is no official patch available from Microsoft that fixes the vulnerability, but we do know that it is being actively exploited. More details about this vulnerability can be found Here: CVE-2022-30190.
However, there is a temporary workaround available, which you here can consult.
- First of all, you need to disable the Diagnostics tool URL Protocol via the registry.
- Microsoft Defender Antivirus (MDAV) users should enable "cloud-delivered protection" & "automatic sample submission".
- Microsoft Defender for Endpoint (MDE) users can also enjoy additional protection with the following setting: "Block all Office applications from creating child processes".
Of course, we are monitoring this situation closely and will switch as soon as a patch would be available.
If you wish to engage our expertise to the workaround apply, do not hesitate to contact your Account Manager.
As of October 15, 2022, vSphere version 6.x will no longer be supported by VMware. To enjoy full support (including updates), we recommend upgrading your hardware as soon as possible. Since not all servers are compatible with vSphere 7.0 or higher, starting your migration process on time is the message! Especially with the current delivery times.
Whatever your situation, don't hesitate to contact our specialists with questions or uncertainties. We'll be happy to take a look at whether the ideal setup is on-prem, full cloud or hybrid.
Clients who are contacted by VanRoey.be via a Managed Services Contract are managed, have already been covered.
We would like to inform you of a necessary upgrade in N-Central, the tool responsible for monitoring your environment.
As a result, our Managed Services Portal from Friday evening 18h until Sunday evening drop out. Due to this downtime, no automatic monitoring will be possible during the coming weekend.
Furthermore, this upgrade has no impact on your environment. If you have any questions, don't hesitate to contact us:
Last weekend, a serious vulnerability was found in the widely used Java logging tool Log4j. This vulnerability makes it possible for unauthenticated persons to remotely inject and execute arbitrary code.
- Fortinet has already released signature updates (see source for more info);
- Your VCenters are checked and not open to the outside world;
- For certain other software (e.g. Ruckus Cloud) we are waiting for a patch from the vendor. In the meantime, additional security measures have been taken.
When we notice that your environment needs additional interventions or updates, we will inform you personally. If you have any doubts or questions, don't hesitate to contact our Support Department.
Check with your software vendors to see if there are any vulnerable factors in your environment