Windows 8.1 and Windows Server 2012 R2 introduced an awesome new feature, called Include command line in process creation events, a Group Policy setting that expands the Audit Process Creation policy so events in Event Viewer (eventvwr.msc) include the actual commands issued. Last week, Microsoft introduced an update to Windows 7, Windows 8, Windows Server … Continue reading "Security Thoughts: Include command line in process creation events"
For its February 2015 Patch Tuesday on Tuesday February 10, Microsoft has released two security bulletin to address issues in Group Policy that would allow an attacker using a Man-in-the-middle (MitM) approach to bypass security policies, by forging packets sent by Domain Controllers. The situation In many organizations, Group Policies are used to centrally … Continue reading "Vulnerabilities in Group Policy could allow security policy bypassing (MS15-011, MS15-014, CVE-2015-0008, CVE-2015-0009)"
Previously, we’ve looked at the WorkPlace Join functionality in Active Directory Federation Services (AD FS) in Windows Server 2012 R2 (and up) and the accompanying Registered Device objects in Active Directory Domain Services (AD DS). When WorkPlace Join is enabled for a networking environment, by default anyone has the right to WorkPlace Join devices, by … Continue reading "Granularly permitting or denying the right to WorkPlace Join devices based on group membership"
Last week, Microsoft released Security Bulletin MS04-025, including guidance and an update that resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Active Directory Group Policy preferences are used to distribute passwords across the domain – a practice that could allow an attacker to retrieve and decrypt the … Continue reading "Security Thoughts: Passwords in Group Policy Preferences (CVE-2014-1812)"
This week, the Internet was abuzz with HeartBleed,a vulnerability in OpenSSL. This meant many secure websites and webservices, protected by OpenSSL, suddenly became a security risk and OpenSSL (and open source software, in general) suddenly became a lot less trustworthy. About HeartBleed The HeartBleed bug is a serious vulnerability in the popular OpenSSL cryptographic software … Continue reading "Implications of the HeartBleed vulnerability on Single Sign-On and Federation implementations"
It’s not often, that Active Directory Domain Controllers get security updates. The Active Directory Domain Services Server Role is one of the most robustly written code, as I pointed out in an earlier blogpost on Statistics on Active Directory-related Security Bulletins. Since 2001, Microsoft has issued 18 Security Bulletins with patches to address issues in … Continue reading "MS13-032 Vulnerability in Active Directory Could Allow Remote Code Execution (Important)"
Windows 8 offers many new features, compared to Windows XP, Windows Vista and even Windows 7. Some of these features are fantastic, but come with a top of the bill hardware price tag. In this blogpost I’ll explain why you’ll need to scour the specifications of your hardware components for these five acronyms