MS13-066 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (Important)

On Tuesday, August 13, 2013 Microsoft, in its monthly Patch Tuesday, released MS13-066, a Security Bulletin addressing an issue with Active Directory Federation Services. This security update resolves a privately reported vulnerability in Active Directory Federation Services (AD FS). reveal information pertaining to the service account used by AD FS. An attacker could then attempt … Continue reading "MS13-066 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (Important)"

Security Thoughts: Are you still running XML Core Services (MSXML) 4.0 with Service Pack 2 in your environment?

Security and practicality often clash, especially with legacy software in the mix. Legacy software is painful from a security point of view. If you want to know how painful, keep on reading this blogpost. It features legacy functionality, unsupported software and security holes the size of Jupiter.

So you want to continue using Windows XP?

One year of Windows XP support remains. After twelve years, now is the time to migrate off this 2001 Operating System or to take your security measures to assure your colleagues experience the least impact of the End of Support (EoS) situation. Of course, migrating to a later version of Windows or to another (supported) … Continue reading "So you want to continue using Windows XP?"

Windows Gadgets and Windows Sidebar to Go

The Microsoft marketing department has decided to label a few of the incredible Windows features in Windows 7 and Windows 8 as ‘To Go’. Prime examples, of course, are ‘BitLocker-To-Go’ (encryption of removable drives) and ‘Windows-To-Go’ (running Windows from a removable drive). This week, I’m labeling the Windows Sidebar (Windows Vista) and Windows Desktop Gadgets … Continue reading "Windows Gadgets and Windows Sidebar to Go"

Active Directory-related KnowledgeBase articles for December 2011

Most people spend the short days and long nights of December with loved ones. At Microsoft, December is a vacation month for a lot of employees as the end of December marks the first half of the fiscal year and targets have mostly been met. For the Active Directory team, however, December marked the fourth … Continue reading "Active Directory-related KnowledgeBase articles for December 2011"

MS11-095 Vulnerability in Active Directory could allow Remote Code Execution (Important)

On Tuesday November 13, 2011 Microsoft, in its monthly Patch Tuesday, released a Security Bulleting addressing an issue with Active Directory. To exploit this vulnerability, an attacker would first need to acquire credentials to log on to an Active Directory domain. An attacker could then run a specially crafted application that could exploit the vulnerability … Continue reading "MS11-095 Vulnerability in Active Directory could allow Remote Code Execution (Important)"

Active Directory-related KnowledgeBase articles for November 2011

While days are getting shorter in my part of the world, Microsoft relentlessly continues to address issues in Active Directory. Between November 1, 2011 and November 30, 2011 Microsoft introduced one Active Directory-related KnowledgeBase article with information, seven Active Directory-related KnowledgeBase articles with hotfixes, one KnowledgeBase article linked to a Active Directory-related Security Bulletin and … Continue reading "Active Directory-related KnowledgeBase articles for November 2011"

The Server Core Updates Estimation, Revisited

Microsoft touts the smaller attack surface as one of the biggest benefits of using Server Core, compared to a Full installation of Windows Server 2008. Because a Server Core installation is optimized, it doesn’t include most of the vulnerabilities found in Full installations. A consequence of these optimizations is a Server Core installation might need … Continue reading "The Server Core Updates Estimation, Revisited"