Last week, Microsoft released Security Bulletin MS04-025, including guidance and an update that resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Active Directory Group Policy preferences are used to distribute passwords across the domain – a practice that could allow an attacker to retrieve and decrypt the … Continue reading "Security Thoughts: Passwords in Group Policy Preferences (CVE-2014-1812)"
This week, the Internet was abuzz with HeartBleed,a vulnerability in OpenSSL. This meant many secure websites and webservices, protected by OpenSSL, suddenly became a security risk and OpenSSL (and open source software, in general) suddenly became a lot less trustworthy. About HeartBleed The HeartBleed bug is a serious vulnerability in the popular OpenSSL cryptographic software … Continue reading "Implications of the HeartBleed vulnerability on Single Sign-On and Federation implementations"
It’s not often, that Active Directory Domain Controllers get security updates. The Active Directory Domain Services Server Role is one of the most robustly written code, as I pointed out in an earlier blogpost on Statistics on Active Directory-related Security Bulletins. Since 2001, Microsoft has issued 18 Security Bulletins with patches to address issues in … Continue reading "MS13-032 Vulnerability in Active Directory Could Allow Remote Code Execution (Important)"
Windows 8 offers many new features, compared to Windows XP, Windows Vista and even Windows 7. Some of these features are fantastic, but come with a top of the bill hardware price tag. In this blogpost I’ll explain why you’ll need to scour the specifications of your hardware components for these five acronyms