Today, VMware released an update that addresses a use-after-free vulnerability in the XHCI USB controller (CVE-2020-4004) and a VMX elevation-of-privilege vulnerability CVE-2020-4005). Together these two vulnerabilities can be used to compromise virtual Domain Controllers running on ESXi. Note: The vulnerabilities exist in VMware Cloud Foundation, too. The two vulnerabilities were responsibly disclosed to VMware by … Continue reading "Two vulnerabilities in VMware ESXi may lead to virtual Domain Controller compromise (Critical, VMSA-2020-0026, CVE-2020-4004, CVE-2020-4005)"
Category: Active Directory
Active Directory
Kerberos Security Feature Bypass Vulnerability (Important, CVE-2020-17049, CVSSv3 6.6)
Yesterday, for its November 2020 Patch Tuesday, Microsoft released an important security update for Active Directory Domain Services (AD DS). About the vulnerability A Kerberos Security Feature Bypass vulnerability exists in Microsoft’s implementation of the Kerberos network authentication protocol. This vulnerability is described in detail in CVE-2020-17049. A security feature bypass vulnerability exists in … Continue reading "Kerberos Security Feature Bypass Vulnerability (Important, CVE-2020-17049, CVSSv3 6.6)"
The video of my talk at the European SharePoint Office 365 and Azure Conference is now available
The European SharePoint, Office 365 & Azure Conference (ESPC) is Europe’s leading online community, providing educational resources and encouraging collaboration. Therefore, I was more than happy to announce that I was returning as a speaker for the European SharePoint, Office 365 and Azure Conference (ESPC) 2020. On October 15th, while my pre-recorded presentation was playing, … Continue reading "The video of my talk at the European SharePoint Office 365 and Azure Conference is now available"
Azure AD Connect version 1.3.20.0 and older versions are no longer supported
As announced as part of the Azure AD Connect Version Release History page and shared here earlier, yesterday marked the end of Azure AD Connect version 1.3.20.0 and older versions of Azure AD Connect. This way, Microsoft starts enforcing its 18-month support policy for Azure AD Connect versions. For Azure AD Connect admins, running an … Continue reading "Azure AD Connect version 1.3.20.0 and older versions are no longer supported"
Group Policy Elevation of Privilege Vulnerability (CVE-2020-16939, Important)
On Tuesday October 13th 2020, Microsoft released updates for all supported versions of Windows and Windows Server to address an elevation of privilege vulnerability in Group Policy, marked as important. Its official common vulnerabilities and exposures (CVE) id is CVE-2020-16939. Yesterday, the Zero Day Initiative (ZDI) shared more details and a Proof of Concept (PoC). … Continue reading "Group Policy Elevation of Privilege Vulnerability (CVE-2020-16939, Important)"
From the Field: The case of the randomly rebooting Domain Controllers
Troubleshooting stories from the field are the best. That’s why I like writing them down. Although, sometimes they might appear as straight cases of schadenfreude, I feel there are lessons to be learned for anyone, if you’re willing to look closely and listen carefully. Last month, I experienced an issue with all four Domain Controllers … Continue reading "From the Field: The case of the randomly rebooting Domain Controllers"
Mainstream support for Microsoft Advanced Threat Analytics (ATA) ends in three months
We’ve helped organizations embrace Microsoft’s Advanced Threat Analytics (ATA) solution to protect their Active Directory environments from attacks. On January 12th, 2021, mainstream support for this product ends. ATA version 1.9.3, released on September 14th, 2020 is the final update as part of mainstream support. It’s time to move on to Microsoft Defender for Identity. … Continue reading "Mainstream support for Microsoft Advanced Threat Analytics (ATA) ends in three months"
Active Directory-related sessions at VMware VMworld 2020
VMware’s VMworld 2020 event kicks off in one week. For 2020, VMworld is organized differently to align with the new reality. Instead of multiple VMworld events, one virtual VMworld event is organized. This VMworld 2020 ‘Online Around the Globe’ event is held from September 29th to October 1st, 2020. The big advantage for you, is … Continue reading "Active Directory-related sessions at VMware VMworld 2020"
HOWTO: Attach a previously sync’ed Azure AD Tenant to a new AD Forest
This week, I was contacted by an organization who were in the process of starting anew with Active Directory Domain Services (AD DS). The old Active Directory forest was too … old, basically. It showed signs of problems around attribute integrity, schema extension bloat and delegation defaults from the 00’s. The challenge I assisted with, … Continue reading "HOWTO: Attach a previously sync’ed Azure AD Tenant to a new AD Forest"
Fun with Veeam’s Active Directory Explorer’s LDAP Filter
Being serious about Disaster Recovery means taking into account events like 9/11. Being serious about Active Directory means being serious about Backup and Restore. But… All work and no play makes Jack a dull boy. That’s why sometimes you need to have a little fun. For fun times’ sake, let’s look at the LDAP Filter … Continue reading "Fun with Veeam’s Active Directory Explorer’s LDAP Filter"