VMSA-2021-0027 updates for VMware vCenter Server 6.5 and 6.7 address two vSphere Web Client vulnerabilities (CVE-2021-21980 and CVE-2021-22049)

Earlier this week, VMware released an update that addresses an arbitrary file read vulnerability in the vSphere Web Client (CVE-2021-21980) and an SSRF vulnerability in the vSphere Web Client (CVE-2021-22049). These two vulnerabilities can be used to compromise virtual Domain Controllers running on VMware vSphere ESXi 6.5 and vSphere ESXi 6.7. About the vulnerabilities arbitrary … Continue reading "VMSA-2021-0027 updates for VMware vCenter Server 6.5 and 6.7 address two vSphere Web Client vulnerabilities (CVE-2021-21980 and CVE-2021-22049)"

VMware has recalled all released versions of vSphere 7.0 Update 3

VMware’s vSphere ESXi 7.0 U3, U3a, and U3b and VMware vCenter 7.0 U3b are no longer available for download due to several critical issues identified in them. Issues experienced in the field Organizations running vSphere 7.0 Update 3 have reported the following critical issues: ESXi 7.0 Update 3 hosts can experience a PSOD when virtual … Continue reading "VMware has recalled all released versions of vSphere 7.0 Update 3"

TODO: Mitigate the Information Disclosure vulnerability caused by improperly configured Azure Migrate applications

Last week, Microsoft issued security guidance on a security issue within Azure Active Directory. In this guidance, Microsoft instructs Azure AD admins to rotate the password for Azure Migrate applications, when these applications have been created prior to November 2, 2021. About the vulnerability CVE-2021-42306 is a vulnerability in the way Azure AD stores the … Continue reading "TODO: Mitigate the Information Disclosure vulnerability caused by improperly configured Azure Migrate applications"

TODO: Change the credentials for Azure Automation Run-As accounts

Last week, Microsoft issued security guidance on a security issue within Azure Active Directory. In this guidance, Microsoft instructs Azure AD admins to rotate the password for Azure Automation Run-As accounts, when these accounts have been created between October 15, 2020 and October 15, 2021. About the vulnerability CVE-2021-42306 is a vulnerability in the way … Continue reading "TODO: Change the credentials for Azure Automation Run-As accounts"

I’m speaking at the 2021 Hybrid Identity Protection Conference

This December, I’m joining many of my technical friends at the Hybrid Identity Protection Conference. About the Hybrid Identity Protection Conference The Hybrid Identity Protection Conference is Semperis Inc.’s event to bring together the leading experts in the field of Identity and Access Management. The event offers a unique opportunity to spend time with peers, … Continue reading "I’m speaking at the 2021 Hybrid Identity Protection Conference"

I'm presenting a webinar with the Petri IT Knowledgebase and StealthBits

On December 2 at 7 PM CEST, I'm presenting a webinar with Petri IT Knowledgebase and StealthBits on securing Active Directory. About Petri.com The Petri IT Knowledgebase has served as one of the world’s leading content and community resources for IT professionals and system administrators for more than 15 years. First launched by fellow Microsoft … Continue reading "I'm presenting a webinar with the Petri IT Knowledgebase and StealthBits"

You may encounter authentication issues after installing the November 2021 Cumulative updates

While installing updates is one of the basic information security measures, many organizations hold off on installing updates for Windows Server within 48 hours. This month, we saw another reason why it’s a smart idea to test updates in pre-production environments before deploying them to production domain controllers. After installing the November 2021 cumulative and/or … Continue reading "You may encounter authentication issues after installing the November 2021 Cumulative updates"

VMWare fixes an important privilege escalation vulnerability in vCenter Server (VMSA-2021-0025)

This week, VMware released an update that addresses a vulnerability in vCenter Server. This vulnerability can be used to compromise vCenter Server installations and the ESXi host they manage. Note:The vulnerability exists in VMware Cloud Foundation, too. About vCenter Server VMware vCenter Server, formerly known as VirtualCenter, is the centralized management tool for the vSphere … Continue reading "VMWare fixes an important privilege escalation vulnerability in vCenter Server (VMSA-2021-0025)"

KnowledgeBase: You receive EventID 16990 or 16991 when users create or modify computer objects

One of the more recent issues you might encounter, when you create or modify computer objects and/or (group) managed service accounts in Active Directory is errors on your domain controllers with event ID 16990 or 16991 with source Directory-Services-SAM in the System event log. The situation You run an Active Directory forest with Domain Controllers … Continue reading "KnowledgeBase: You receive EventID 16990 or 16991 when users create or modify computer objects"

Four Active Directory Elevation of Privilege vulnerabilities were addressed in the November 2021 Updates

When looking at the November 9th, 2021 updates today, I noticed four updates that specifically address vulnerabilities in Active Directory Domain Services. These vulnerabilities affect domain controllers at the heart of many networking infrastructure environments.   About the vulnerabilities Four vulnerabilities were addressed: CVE-2021-42278 Active Directory Domain Services Elevation of Privilege Vulnerability CVE-2021-42278 is a … Continue reading "Four Active Directory Elevation of Privilege vulnerabilities were addressed in the November 2021 Updates"