News for October 19, 2022

Google Passkey
by Artie Kaye

Google is starting the migration from password-based login to passkey-based login.  A passkey is a means of logging in without using a password, SMS, or other currently employed measures.  Passkeys are stored on personal devices, such as tablets or smartphones.  Passkeys are seen as more secure than passwords because of the need for a physical device to authenticate.  Other tech companies are also making the switch to a passkey for secure login.

Zimbra Urgent Patch
by Artie Kaye

An update has been released to fix a bug in Zimbra Collaboration that allows remote code execution.  The company had previously stated workarounds for this problem.  This flaw is actively being exploited.  Patch as soon as you are able.

The flaw is listed as CVE-2022-41352.

Zoom for Macs Exploited
by Artie Kaye

The video conferencing program has been updated this week on Macs to address two bugs.  The flaws could allow a local user to gain access to and control other instances it is currently connected to or prevent audio and video from being received by other users in the call.  Version 5.12.0 and later are free of this bug.

The flaws are listed as CVE-2022-28761 and CVE-2022-28762.

Fortinet Devices Still Vulnerable (Update)
by Artie Kaye

Recently the proof of concept for exploiting the bug on Fortinet devices was made public, and there has been an increase in attacks targeting them.  The company has released patches and workarounds for the more serious vulnerabilities.  While some devices have been updated, more than 15000 web-facing units are still vulnerable.  The flaw in question can allow an attacker to bypass authentication and gain complete control of the device.  This is a critical update.

The flaw is listed as CVE-2022-40684.

VMware Software and End of Life
by Artie Kaye

When a program or device no longer receives security or functional updates it has reached its end of life.  This means that any flaws which are found will not be fixed, and bugs in the software will remain.  October 15 was the end-of-life date for VMware EXSi 6.5 and 6.7.  When software has reached this point, it needs to be replaced with a newer version or replaced with different software, depending on costs and circumstances.  Hardware that reaches end-of-life status also needs to be replaced.  VMware offers a 7.0 in the EXSi line, which lists 2025 as that version’s end of life.  Knowing when these events are going to happen and staying current with devices and software will better protect your business.

Windows 11 Introduces New and Old Features
by Artie Kaye

Being released as an optional update in October, Windows 11 22H2 is making Windows Terminal the default for command line input and interface.  This function will be turned on by default but can be turned off under the Settings Menu.

Accessing the task manager by right-clicking on the taskbar is a feature that was available in previous versions of Windows, and is now being added to 11.

Windows applications will be able to take advantage of suggested actions.  Highlighting text in a program will give options on what to do with the highlighted section.  Addresses, dates, telephone numbers, etc. are examples of the types of interactive highlights.

Tabbed file explorer is a new feature introduced in 22H2.  Much like internet browsers which allow you to open new tabs instead of new windows, this can save on taskbar and screen clutter for some users.

Users will be able to load more programs onto the taskbar for one-click launching with the taskbar overflow function being added.

These functions are not all rolling out at the same time but will be arriving to Windows 11 in the near future.