Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962, CVSSv3 9.4/8.2)

This month’s Patch Tuesday, Microsoft addresses a vulnerability that exists in the Windows Kerberos implementation for AppContainers. With a CVS v3 score of 9.4/8.2 this is a critical update that should be remediated with the highest priority. About AppContainers Isolation is the primary goal of an AppContainer execution environment. By isolating an application from unneeded … Continue reading "Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962, CVSSv3 9.4/8.2)"

SAML Authentication Hijack Vulnerability on Citrix ADC and Citrix Gateway Appliances (CVE-2020-8300)

Today, I was notified that certain Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway appliances are vulnerable to a SAML authentication hijack through a phishing attack to steal a valid user session.   About the vulnerability If Citrix ADC or Citrix Gateway appliances are not upgraded to the recommended versions and if the … Continue reading "SAML Authentication Hijack Vulnerability on Citrix ADC and Citrix Gateway Appliances (CVE-2020-8300)"

I’m presenting two more Active Directory and Azure AD Better Together webinars

After the huge success of my previously co-presented Active Directory and Azure AD Better Together webinars for their US audience, Netwrix and I have decided to organize these webinars again for people in Europe, Africa and the Middle-East. On June 23rd and June 25th, Netwrix’ Russel McDermott and I discuss how Active Directory and Azure … Continue reading "I’m presenting two more Active Directory and Azure AD Better Together webinars"

Preparing Active Directory for Windows 10 version 21H1

Microsoft has released a new version of Windows 10, dubbed version 21H1. This version brings new functionality that many organizations are eager to utilize. In many organizations, Windows-based devices are joined to Active Directory Domain Services (AD DS), so devices can be managed centrally and end-users can sign-in on any domain-joined device of their liking. … Continue reading "Preparing Active Directory for Windows 10 version 21H1"

On-premises Identity-related updates and fixes for May 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for May 2021: Windows Server 2016 We observed the following updates for Windows Server 2016: KB5003197, May 11, 2021 The … Continue reading "On-premises Identity-related updates and fixes for May 2021"

HOWTO: Create a Group Policy Central Store

The Group Policy Central Store in Active Directory’s System Volume (SYSVOL) share optimizes Group Policy authoring and replication. The group policy central store is a central location to store all the Group Policy template (*.admx) and Group Policy Language (*.adml) files. The Central Store eliminates the loading and opening of Group Policy template files on systems … Continue reading "HOWTO: Create a Group Policy Central Store"

What's New in Azure Active Directory for May 2021

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for May 2021: What’s New Azure AD verifiable credentials Public Preview Service … Continue reading "What's New in Azure Active Directory for May 2021"

A Recap of Identity-related Announcements from Microsoft Build 2021

Another Microsoft Build event comes to a close. Microsoft organized Microsoft Build as a free digital event between Tuesday May 25th 5 PM CEST and Thursday May 27th 5 PM CEST. Microsoft Build is Microsoft’s annual conference event, aimed at software engineers and web developers using Windows, Microsoft Azure and other Microsoft technologies. First held … Continue reading "A Recap of Identity-related Announcements from Microsoft Build 2021"

VMSA-2021-0010 updates for vCenter Server addresses two security vulnerabilities (CVE-2021-21985, CVE-2021-21986)

Today, VMware released an update that addresses two vulnerabilities in its vCenter Server and Cloud Foundation products:: A remote code execution vulnerability in the vSphere Client  (CVE-2021-21985) Authentication mechanism issue in vCenter Server Plug-ins (CVE-2021-21986) About the vulnerabilities remote code execution vulnerability in the vSphere Client (CVE-2021-21985) The vSphere Client (HTML5) contains a remote code … Continue reading "VMSA-2021-0010 updates for vCenter Server addresses two security vulnerabilities (CVE-2021-21985, CVE-2021-21986)"

Windows 10, version 21H1 build 19043 introduces Ten new Group Policy settings

On May 18th, 2021, Microsoft released Windows 10, version 21H1 build 19043. This Windows version introduces ten new Group Policy settings. New Group Policy Settings Windows 10, version 21H1, build 19043 introduces the following new Group Policy settings: Enable news and interests on the taskbar This computer Group Policy setting specifies whether news and interests … Continue reading "Windows 10, version 21H1 build 19043 introduces Ten new Group Policy settings"