Azure AD Web Sign-in Security Feature Bypass Vulnerability (CVE-2021-27092, Important)

Today, for its April 2021 Patch Tuesday, Microsoft released an important security update for the Azure AD web sign-in feature in Windows and Windows Server. This vulnerability is known as CVE-2021-27092 and rated with CVSSv3.0 scores of 6.8/5.9. About Azure AD Web Sign-in Web Sign-in is a new way of signing into a Windows system. … Continue reading "Azure AD Web Sign-in Security Feature Bypass Vulnerability (CVE-2021-27092, Important)"

On-premises Identity-related updates and fixes for March 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for March 2021:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB45000803 March 9, 2021 … Continue reading "On-premises Identity-related updates and fixes for March 2021"

On-premises Identity-related updates and fixes for February 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for February 2021: Windows Server 2016 We observed the following update for Windows Server 2016: KB4601318 February 9, 2021 The … Continue reading "On-premises Identity-related updates and fixes for February 2021"

PFX Encryption Security Feature Bypass Vulnerability (CVE-2021-1731, Important)

Today, for its February 2021 Patch Tuesday, Microsoft released an important security update for certificates in Windows and Windows Server. This vulnerability is known as CVE-2021-1731 and rated with CVSSv3.0 scores of 5.5/4.8. When glancing over the vulnerability, it might not be a particularly important vulnerability, but its implications are wide and deep; This PFX … Continue reading "PFX Encryption Security Feature Bypass Vulnerability (CVE-2021-1731, Important)"

On-premises Identity-related updates and fixes for January 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for January 2021:   Windows Server 2016 We observed the following update for Windows Server 2016: KB4598243 January 12, 2021 … Continue reading "On-premises Identity-related updates and fixes for January 2021"

Windows Lock Screen Security Feature Bypass Vulnerability (Important, CVE-2020-17099, CVSSv3 6.8/5.9)

Yesterday, for its December 2020 Patch Tuesday, Microsoft released an important security update addressing a Windows Lock Screen Security Feature Bypass Vulnerability .   About the vulnerability An authenticated user has signed into a device and locks his or her active session. An attacker with physical access could then perform actions that would allow them … Continue reading "Windows Lock Screen Security Feature Bypass Vulnerability (Important, CVE-2020-17099, CVSSv3 6.8/5.9)"

On-premises Identity-related updates and fixes for November 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for November 2020: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4586830 November 10, 2020 The … Continue reading "On-premises Identity-related updates and fixes for November 2020"

On-premises Identity-related updates and fixes for October 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for October 2020:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4580346 October 13, 2020 … Continue reading "On-premises Identity-related updates and fixes for October 2020"

On-premises Identity-related updates and fixes for September 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. Note: Although much attention was given this month to Secura’s ZeroLogon attack and the advice to update Windows Servers acting as Domain Controller immediately,, the underlying vulnerability was actually … Continue reading "On-premises Identity-related updates and fixes for September 2020"

An important update addresses a Spoofing Vulnerability in AD FS

Yesterday, for its September 2020 Patch Tuesday, Microsoft released an important security update for Active Directory Federation Services (AD FS). About the vulnerability A spoofing vulnerability exists when Active Directory Federation Services (AD FS) on Windows Server 2016 and Windows Server 2019 improperly handles multi-factor authentication requests. This vulnerability is described in detail in CVE-2020-0837. … Continue reading "An important update addresses a Spoofing Vulnerability in AD FS"