Two vulnerabilities in VMware ESXi may lead to virtual Domain Controller compromise (Critical, VMSA-2020-0026, CVE-2020-4004, CVE-2020-4005)

Today, VMware released an update that addresses a use-after-free vulnerability in the XHCI USB controller (CVE-2020-4004) and a VMX elevation-of-privilege vulnerability CVE-2020-4005). Together these two vulnerabilities can be used to compromise virtual Domain Controllers running on ESXi. Note: The vulnerabilities exist in VMware Cloud Foundation, too. The two vulnerabilities were responsibly disclosed to VMware by … Continue reading "Two vulnerabilities in VMware ESXi may lead to virtual Domain Controller compromise (Critical, VMSA-2020-0026, CVE-2020-4004, CVE-2020-4005)"

Kerberos Security Feature Bypass Vulnerability (Important, CVE-2020-17049, CVSSv3 6.6)

Yesterday, for its November 2020 Patch Tuesday, Microsoft released an important security update for Active Directory Domain Services (AD DS).   About the vulnerability A Kerberos Security Feature Bypass vulnerability exists in Microsoft’s implementation of the Kerberos network authentication protocol. This vulnerability is described in detail in CVE-2020-17049. A security feature bypass vulnerability exists in … Continue reading "Kerberos Security Feature Bypass Vulnerability (Important, CVE-2020-17049, CVSSv3 6.6)"

On-premises Identity-related updates and fixes for October 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for October 2020:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4580346 October 13, 2020 … Continue reading "On-premises Identity-related updates and fixes for October 2020"

Group Policy Elevation of Privilege Vulnerability (CVE-2020-16939, Important)

On Tuesday October 13th 2020, Microsoft released updates for all supported versions of Windows and Windows Server to address an elevation of privilege vulnerability in Group Policy, marked as important. Its official common vulnerabilities and exposures (CVE) id is CVE-2020-16939. Yesterday, the Zero Day Initiative (ZDI) shared more details and a Proof of Concept (PoC). … Continue reading "Group Policy Elevation of Privilege Vulnerability (CVE-2020-16939, Important)"

On-premises Identity-related updates and fixes for September 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. Note: Although much attention was given this month to Secura’s ZeroLogon attack and the advice to update Windows Servers acting as Domain Controller immediately,, the underlying vulnerability was actually … Continue reading "On-premises Identity-related updates and fixes for September 2020"

An important update addresses a Spoofing Vulnerability in AD FS

Yesterday, for its September 2020 Patch Tuesday, Microsoft released an important security update for Active Directory Federation Services (AD FS). About the vulnerability A spoofing vulnerability exists when Active Directory Federation Services (AD FS) on Windows Server 2016 and Windows Server 2019 improperly handles multi-factor authentication requests. This vulnerability is described in detail in CVE-2020-0837. … Continue reading "An important update addresses a Spoofing Vulnerability in AD FS"

The September 2020 Patch Tuesday addresses five important vulnerabilities for Domain Controllers running as DNS Servers

When looking at the September 2020 Patch Tuesday today, I noticed five updates that specifically address vulnerabilities in DNS. Two of these vulnerabilities are specific to Domain Controllers running DNS Server, so this sparked my interest in these updates. DNS Server-related updates For Active Directory Domain Controllers acting as DNS Servers, the following vulnerabilities are … Continue reading "The September 2020 Patch Tuesday addresses five important vulnerabilities for Domain Controllers running as DNS Servers"

On-premises Identity updates & fixes for August 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for August 2020:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4571694 August 11, 2020 The … Continue reading "On-premises Identity updates & fixes for August 2020"

Knowledgebase: You experience Warnings with EventID 5829 on Domain Controllers

In Microsoft-oriented networking infrastructures, your Active Directory Domain Controllers may suddenly experience high number of Warning events in the System log in Event Viewer (eventvwr.exe) with EventID 5829.   The cause Microsoft has added this event by design to warn Active Directory administrators of vulnerable Netlogon connections, in terms of CVE-2020-1472. The eventID was added … Continue reading "Knowledgebase: You experience Warnings with EventID 5829 on Domain Controllers"

On-premises Identity updates & fixes for July 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for July 2020: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4565511 July 14, 2020 The July … Continue reading "On-premises Identity updates & fixes for July 2020"