Exchange Pwn2Own Vulnerability April 2021 (Yes, a new one – it’s not Hafnium anymore!)

Let’s mention the important things first: Please patch you vulnerable Exchange 2013, 2016 and 2019 immediately! The page msxfaq has published an infosite to this vulnerability including the instructions how to fix your Exchange. Some security researchers have demonstrated three high risk vulnerabilities for exchange server systems. Microsoft has published…

read more

Exchange Hafnium Vulnerability March 2021

Let’s mention the important things first: Please patch you vulnerable Exchange 2013, 2016 and 2019 immediately! The page msxfaq has published an infosite to this vulnerability including the instructions how to fix your Exchange. Even though we, as Boll Engineering AG, are not associated in any way with the affected…

read more

Upgrade your FortiMail now!

There seems to be a vulnerarbility in some FortiMail versions, that allow an unauthenticated remote attacker to access the system by requesting a password change. Please refer to the FortiGuard PSIRT article. The problem here is not only the unauthorized access to the system, but also the change of the…

 2,443 total views

read more

FortiOS 6.2: Upgrade Notes

Due to several known issues, we did not recommend the use of FortiOS 6.2 in productive environments for the first couple of months. As per FortiOS 6.2.5, we noticed that most of the issues have been resolved. Please have a look into our FortiOS upgrade guide for the upgrade procedure.

read more

FortiGate GUI “Addresses” Seite wird nicht angezeigt

Wir haben vermehrt die Meldung bekommen, dass unter FortiOS 5.2 und 5.4 im WebUI die Seite “Addresses” unter “Policy & Objects” nicht mehr angezeigt werden kann. Der Header der Seite wird angezeigt, mehr allerdings nicht: Nach Abklärungen mit Fortinet handelt es sich dabei um einen Bug in verschiedenen Releases. Das…

read more

OpenSSL Heartbleed Bug Informationen

Hier finden Sie Informationen zu der OpenSSL Schwachstelle und Herstellerinformationen. “Offizielle” Webseiten http://heartbleed.com/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 Testseiten http://filippo.io/Heartbleed/ https://www.ssllabs.com Betroffene OpenSSL Versionen OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT vulnerable OpenSSL 1.0.0 branch is NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable

read more