Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures. It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory, AD FS, and Certification Authority … Continue reading "What's New in Microsoft Defender for Identity in December 2023"
This week, new Proof of Concept code was publicly published to coerce a Certificate Authority (CA) to authenticate the domain controller using NTLM. This vulnerability was named DFSCoerce and has been published by Filip Dragovic. It is another vulnerability in the PetitPotam (or PrintNightmare) family of vulnerabilities, and is as difficult to mitigate as former … Continue reading "Another Critical Active Directory Certificate Services NTLM Relay Vulnerability allows for Domain Takeover (DFSCoerce, Critical)"
Today, for its February 2021 Patch Tuesday, Microsoft released an important security update for certificates in Windows and Windows Server. This vulnerability is known as CVE-2021-1731 and rated with CVSSv3.0 scores of 5.5/4.8. When glancing over the vulnerability, it might not be a particularly important vulnerability, but its implications are wide and deep; This PFX … Continue reading "PFX Encryption Security Feature Bypass Vulnerability (CVE-2021-1731, Important)"
Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for February 2020: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4537764 February 11, 2020 The February … Continue reading "On-premises Identity updates & fixes for February 2020"
Windows Hello for Business is awesome technology, that allows for multi-factor authenticated sign-in on Windows 10 devices. About Windows Hello for Business In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to … Continue reading "Requirements per Windows Hello for Business Deployment Type"
There is a good and free way to prepare for Microsoft exam 70-742: Identity with Windows Server 2016. In the past years, I conducted webinars that can serve as a primer on Active Directory in terms of forests, domains, trusts, security and on Group Policy. They are not and were never intended as the sole … Continue reading "Passing Microsoft Exam 70-742: Identity with Windows Server 2016"
Windows Server 2016’s January 2018’s Cumulative Quality Update, bringing the OS version to 14393.2034, offers several fixes for Certification Authorities (CAs) running Active Directory Certificate Services (AD CS). About Windows Server 2016 Updates Microsoft issues two major updates each month for Windows Server 2016, as outlined in the Patching with Windows Server 2016 blogpost. … Continue reading "Windows Server 2016’s January 2018 Quality Update fixes several AD CS issues"
An issue has been identified in situations where you would configure a Windows Server installation as an Offline Root Certification Authority (CA). The Install-ADCSCertificationAuthority Windows PowerShell Cmdlet would error out, while you could achieve the scenario without problems using the Graphical User Interface (GUI). The situation In multi-tier Public Key Infrastructure (PKI) implementations, you … Continue reading "KnowledgeBase: Install-ADCSCertificationAuthority fails without a network adapter present"
Last month, Microsoft released a KnowledgeBase article for Active Directory Certificate Services running on Windows Server 2008 R2 with Service Pack 1 and Windows Server 2012. Note: This KnowledgeBase article doesn’t apply to Windows Server 2012 R2, although the same issue exists as in Windows Server 2008 R2 and Windows Server 2012. The situation … Continue reading "KnowledgeBase: A hotfix is available that records more information in event ID 5125 for an OCSP response"