On-premises Identity-related updates and fixes for August 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for August 2021:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB5005043 August 10, 2021 … Continue reading "On-premises Identity-related updates and fixes for August 2021"

KnowledgeBase: You receive a 'Object reference not set to an instance of an object.' error when backing up Teams with Veeam Backup for Microsoft Office 365

For years, we’ve been advising organizations using Microsoft 365 services (formerly known as Office 365 services) like Exchange Online to create backups of their data stored in these services and/or to define their exit scenario. Now, organizations using Veeam Backup for Microsoft Office 365 to this purpose are seeing errors with this product… The situation … Continue reading "KnowledgeBase: You receive a 'Object reference not set to an instance of an object.' error when backing up Teams with Veeam Backup for Microsoft Office 365"

Version 1.1.582.0 of the Azure AD Connect Provisioning Agent prevents MitM attacks towards Domain Controllers (CVE-2021-36949)

This weekend, Microsoft released a new version of the Azure AD Connect Provisioning Agent. Version 1.1.582.0 addresses an authentication bypass vulnerability that is present in all previous versions of the agent. About the vulnerability An attacker can successfully perform a Meddle-in-the-Middle (MitM) attack between Windows Server installations running Azure AD Connect Provisioning Agents and Active … Continue reading "Version 1.1.582.0 of the Azure AD Connect Provisioning Agent prevents MitM attacks towards Domain Controllers (CVE-2021-36949)"

Two new Azure AD Connect versions were released to prevent MitM attacks towards Domain Controllers (CVE-2021-36949)

Today, Microsoft released two new Azure AD Connect version to address an authentication bypass vulnerability in Azure AD Connect.   About the vulnerability An attacker can successfully perform a Meddle-in-the-Middle (MitM) attack between Azure AD Connect server(s) and Active Directory Domain Controller(s). The attacker would merely need to possess domain user credentials to be able … Continue reading "Two new Azure AD Connect versions were released to prevent MitM attacks towards Domain Controllers (CVE-2021-36949)"

On-premises Identity-related updates and fixes for July 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for July 2021: Windows Server 2016 We observed the following updates for Windows Server 2016: KB5004948 July 7, 2021 Out … Continue reading "On-premises Identity-related updates and fixes for July 2021"

A Windows KDC Information Disclosure Vulnerability exists when you use non-RFC4556-compliant devices

Two weeks ago, for its July 2021 Patch Tuesday, Microsoft released an important security update for the Windows Key Distribution Center, found on Active Directory Domain Controllers. Today, an update to that original update was issued to relieve some of the pain points. About the vulnerability An information disclosure vulnerability exists in the way the … Continue reading "A Windows KDC Information Disclosure Vulnerability exists when you use non-RFC4556-compliant devices"

VMSA-2021-0014 updates for VMware ESXi and vCenter address two security vulnerabilities (CVE-2021-21994, CVE-2021-21995)

Today, VMware released an update that addresses an SFCB improper authentication vulnerability (CVE-2021-21994) and an OpenSLP denial-of-service vulnerability (CVE-2021-21995). These two vulnerabilities can be used to compromise virtual Domain Controllers running on ESXi. Note: The vulnerabilities exist in VMware Cloud Foundation, too. The two vulnerabilities were responsibly disclosed to VMware.   About the vulnerabilities SFCB … Continue reading "VMSA-2021-0014 updates for VMware ESXi and vCenter address two security vulnerabilities (CVE-2021-21994, CVE-2021-21995)"

The July 2021 Patch Tuesday addresses twelve vulnerabilities for Domain Controllers running as DNS Servers

When looking at the July 2021 Patch Tuesday today, I noticed three updates that specifically address vulnerabilities in the DNS snap-in and nine vulnerabilities in DNS Server. These vulnerabilities are specific to Domain Controllers running DNS Server (in the default configuration), so this sparked my interest in these updates. Three DNS Snap-in vulnerabilities There are … Continue reading "The July 2021 Patch Tuesday addresses twelve vulnerabilities for Domain Controllers running as DNS Servers"

On-premises Identity-related updates and fixes for June 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for June 2021: Windows Server 2016 We observed the following updates for Windows Server 2016: KB5003638 June 8, 2021 The … Continue reading "On-premises Identity-related updates and fixes for June 2021"

TODO: Disable the Print Spooler service on Domain Controllers

Today, the news reached me that CVE-2021-1675 is weaponized to compromise Domain Controllers. This is actually already happening in the real world, leading to a ‘zero day’ vulnerability event. Luckily, the vulnerability can be easily thwarted with a simple configuration change on Domain Controllers; disabling the Print Spooler service. Not a big change, but there … Continue reading "TODO: Disable the Print Spooler service on Domain Controllers"