An Out of Band Update resolves the Authentication issues introduced by the May 10 2022 Windows Updates

Ever since the news broke that the May 2022 Windows Updates cause Active Directory Authentication Failures in environments where certificate-based authentication is in use, many organizations have held off on installing these updates on their domain controllers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) even went as far as advising against installing the updates … Continue reading "An Out of Band Update resolves the Authentication issues introduced by the May 10 2022 Windows Updates"

The May 2022 Windows Updates may cause Active Directory Authentication Failures

The May 2022 updates for all supported versions of Windows Server may cause Active Directory authentication failures. Microsoft is investigating the issue. A workaround is available for organizations experiencing issues. The situation The Windows updates of May 10th, 2022, address several vulnerabilities on Domain Controllers, including several of the ten LDAP Remote Code Execution vulnerabilities … Continue reading "The May 2022 Windows Updates may cause Active Directory Authentication Failures"

The May 2022 Patch Tuesday addresses an LSA Spoofing vulnerability (Important, CVE-2022-26925, CVSSv3 8.1-9.8)

When looking at the May 2022 Patch Tuesday today, I noticed an update that specifically addresses an LSA Spoofing vulnerability. This vulnerability is specific to Domain Controllers (in the default configuration), so this sparked my interest in the update. About the vulnerability A spoofing vulnerability exists in the Windows Local Security Authority (LSA). This vulnerability … Continue reading "The May 2022 Patch Tuesday addresses an LSA Spoofing vulnerability (Important, CVE-2022-26925, CVSSv3 8.1-9.8)"

The May 2022 Patch Tuesday addresses 10 LDAP Remote Code Execution vulnerabilities (Critical, CVSSv3 9.8)

When looking at the May 2022 Patch Tuesday today, I noticed ten updates that specifically address Remote Code Execution (RCE) vulnerabilities in Windows LDAP. These vulnerabilities are specific to Domain Controllers (in the default configuration), so this sparked my interest in these updates. Ten Windows LDAP RCE vulnerabilities Ten Windows LDAP remote code execution vulnerabilities … Continue reading "The May 2022 Patch Tuesday addresses 10 LDAP Remote Code Execution vulnerabilities (Critical, CVSSv3 9.8)"

On-premises Identity-related updates and fixes for April 2022

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates. This is the list of Identity-related updates and fixes we saw for April 2022: Windows Server 2016 We observed the following update for Windows Server 2016: … Continue reading "On-premises Identity-related updates and fixes for April 2022"

The April 2022 Patch Tuesday addresses 18 vulnerabilities for Domain Controllers running as DNS Servers

When looking at the April 2022 Patch Tuesday today, I noticed eighteen updates that specifically address vulnerabilities in DNS Server. These vulnerabilities are specific to Domain Controllers running DNS Server (in the default configuration), so this sparked my interest in these updates.   Eighteen DNS Server vulnerabilities Seventeen Remote Code Execution vulnerabilities Seventeen DNS Server … Continue reading "The April 2022 Patch Tuesday addresses 18 vulnerabilities for Domain Controllers running as DNS Servers"

A Windows SMBv3 Remote Code Execution Vulnerability affects your Windows Server 2022-based Domain Controllers (CVE-2022-24508)

Today, for its March 2022 Patch Tuesday, Microsoft released an important security update for domain controllers running Windows Server. This vulnerability is known as CVE-2022-24508 and rated with CVSSv3.1 scores of 8.8/7.7. A remote code execution exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who … Continue reading "A Windows SMBv3 Remote Code Execution Vulnerability affects your Windows Server 2022-based Domain Controllers (CVE-2022-24508)"

Microsoft has released out-of-band updates to address Domain Controller boot loops

Last week, we mentioned that the January 11th, 2022 updates caused some Domain Controllers to restart unexpectedly. Our advice, then, was to uninstall the updates when encountering this problem. However, uninstalling these updates also rolled back other fixes that address critical vulnerabilities in Windows Server. It results in a situation where you don’t want to … Continue reading "Microsoft has released out-of-band updates to address Domain Controller boot loops"

Some Domain Controllers may restart unexpectedly after applying the January 11, 2022 Updates

When installing updates, there is always the risk of rogue updates; updates that break functionality, unannounced, unexpected and unsettling. Microsoft is currently researching such a possible side-effect with the January 11, 2022 updates on Active Directory Domain Controllers. About the issue Domain Controllers may reboot unexpectedly and keep rebooting. Event ID 1000 is triggered right … Continue reading "Some Domain Controllers may restart unexpectedly after applying the January 11, 2022 Updates"

Three Active Directory vulnerabilities were addressed during Microsoft’s January 2022 Patch Tuesday

During its Patch Tuesday on January 11th, 2022, Microsoft addressed three Elevation of Privilege (EoP) security vulnerabilities in Active Directory components and protocols that can be attacked over the network. About the vulnerabilities Three vulnerabilities were addressed: CVE-2022-21857 AD DS Elevation of Privilege Vulnerability CVE-2022-21857 is a vulnerability that could allow an attacker to elevate … Continue reading "Three Active Directory vulnerabilities were addressed during Microsoft’s January 2022 Patch Tuesday"