At the end of October I switched my gaming machine from Win10 to Linux.1 Not without some 2nd thoughts how the games would perform. This weekend it was finally time to tackle the supposedly toughest one: The Microsoft Flight Simulator. It is likely Microsoft’s flagship product, significantly older than Windows.2 After 43 years, it remains one of Microsoft’s oldest continuously supported software products. That definitely won’t run on Linux I thought. How wrong I was. The images speak for themselves: Read more

Since October 14th, 2025, Microsoft has disabled previews in Windows File Explorer, for at least all downloaded files from the Internet and stored on network shares.1 Attackers could capture NTLM hashes simply by viewing the preview. I had to smile. It’s as if Microsoft had read my blog post “Why Every Windows AD Should Be Kept Offline” earlier this month,2 where I discussed exactly this kind of NTLM leakage. Read more

It was the early 2000s and I was sitting there with a massive brick from Microsoft Press.1 The proud price back then: 129 Deutsche Mark. I flipped through it and felt a déjà vu: I knew these pages! Not in terms of content, but the layout, the structure, the examples, even the icons in the side notes: These were the lost manuals of the 1990s! Okay, for the younger generation, I’ll have to explain: Once software used to come in boxes. Big ones with printed books inside. At first, thick ring binders. Later, massive volumes printed on thin and razor-sharp bible-like paper. Overnight, these vanished. First to CD-ROMs, then into the still young internet. Read more

Security through obscurity1 is not working. This is not an allegation, it is a proven fact. Today’s proof has a particularly large impact on worldwide Microsoft Windows installations. The Windows Security Centre (WSC) API2 has been made to accept any program as an anti-virus solution. The WSC works as follows: If a manufacturer of an AV security solution wants to install his snakeoil, he/she first has to be able to switch off the anti-tempering mechanisms so that it is not identified as malware. Hence the extremely strict non-disclosure of this API until now. Read more

In a developer forum today I came across a Netcraft statistic that shows how meaningless Mirosoft has become with its IIS server, .aspx and .NET webservices.1 The largest loss in sites for a major vendor this month comes from Microsoft, which is down 2,866,173 sites (-9.59%) and 74,094 domains (-0.98%). Since the peak in 2017/2018 with over 50% share of web servers, the statistics show only one direction. All this in the face of steadily growing server sales2 and more VMs or containers per unit. Read more

Even measured by Microsoft’s own standards, the half-life of promises is astonishing. Since 2015 it has been said that Windows no longer follows the classic licensing and version scheme. Windows 10 is the “last Windows”1. Six years later, everything has changed. That roughly corresponds to the lifespan of a PC office desktop. Compared to the much longer product cycles in SMEs, e.g. enterprise resource planning software, Microsoft appears erratic and unpredictable in its actions. Why bother with it, when you can’t trust their promises obviously? Read more

Wednesday afternoon is designated for live-events on topics, software and technologies on my bucketlist, but not yet taken. So why not fire up screen-recording and make this an established part of this blog? Everything live and with the potential for being pin-tailed like a donkey when something’s going south? Event finished, join the next one on upcoming Wednesday!

Benjamin Delpy did it again. This time his attention was focused on the aged SCCM1. Once developed in the late 90s, it looks back on a turbulent history with some twists and turns. Unfortunately the security behind it looks exactly the same what you would expect and at best can be considered as “rotten” when still using 3DES2 to communicate with clients3. The video of a current Windows 2019 server with RDS/RDP terminal services clearly stand for itself. No prior code injection, no previously installed tools or libraries - just mimikatz4 on any connected AD machine and all passwords of current logged in users become visible in plain text5. Read more

Everybody with an Internet-faced Microsoft Exchange server, Outlook Web Access (OWA) or Exchange Active Sync (EAS) can consider his or her system as compromised since January. This is reported by security experts like Chris Krebs1 and news magazines like Golem2 or Heise3. In Germany, the BSI has contacted more than 9,000 companies4. The scope of the current security vulnerabilities are comparable to the previous Microsoft major Incidents regarding Eternal-Blue5 and Wannacry6 4 years ago. Read more

This picture is for all the people I have had discussions with in recent years about Digitisation in general or, more specifically, about the integration of tablets or notebooks within a corporate network. My recommendation then and now: Zero Trust! Isolate and segment potentially insecure, closed-source AD infrastructures! Keep smartphones, tablets or laptops out! This also applies to unknown, untrusted applications. " jumper laptops" are the better places for them. Put business applications on RDP/RDS terminal servers1 and create uniform, web-based, open interfaces that can be monitored and controlled. Nextcloud2 is suitable for accessing SMB files, Apache Guacamole3 for RDP access via HTTPS. Use RFC-standardised4 multi-factor authentications! Technologies like Keycloak5 or PrivacyIDEA6 make this possible throughout the enterprise. Read more