Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962, CVSSv3 9.4/8.2)

This month’s Patch Tuesday, Microsoft addresses a vulnerability that exists in the Windows Kerberos implementation for AppContainers. With a CVS v3 score of 9.4/8.2 this is a critical update that should be remediated with the highest priority. About AppContainers Isolation is the primary goal of an AppContainer execution environment. By isolating an application from unneeded … Continue reading "Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962, CVSSv3 9.4/8.2)"

SAML Authentication Hijack Vulnerability on Citrix ADC and Citrix Gateway Appliances (CVE-2020-8300)

Today, I was notified that certain Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway appliances are vulnerable to a SAML authentication hijack through a phishing attack to steal a valid user session.   About the vulnerability If Citrix ADC or Citrix Gateway appliances are not upgraded to the recommended versions and if the … Continue reading "SAML Authentication Hijack Vulnerability on Citrix ADC and Citrix Gateway Appliances (CVE-2020-8300)"

On-premises Identity-related updates and fixes for May 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for May 2021: Windows Server 2016 We observed the following updates for Windows Server 2016: KB5003197, May 11, 2021 The … Continue reading "On-premises Identity-related updates and fixes for May 2021"

VMSA-2021-0010 updates for vCenter Server addresses two security vulnerabilities (CVE-2021-21985, CVE-2021-21986)

Today, VMware released an update that addresses two vulnerabilities in its vCenter Server and Cloud Foundation products:: A remote code execution vulnerability in the vSphere Client  (CVE-2021-21985) Authentication mechanism issue in vCenter Server Plug-ins (CVE-2021-21986) About the vulnerabilities remote code execution vulnerability in the vSphere Client (CVE-2021-21985) The vSphere Client (HTML5) contains a remote code … Continue reading "VMSA-2021-0010 updates for vCenter Server addresses two security vulnerabilities (CVE-2021-21985, CVE-2021-21986)"

Wormable critical vulnerability in http.sys could lead to Remote Code Execution on AD FS Servers running SAC versions of Windows Server (CVE-2021-31166, CVSSv3 9.8/8.5)

This week, on its Patch Tuesday for May 2021, Microsoft released a patch that addresses a highly critical vulnerability (CVE-2021-31166) in http.sys. About http.sys Http.sys is a web server for ASP.NET Core that only runs on Windows. HTTP.sys is an alternative to Kestrel server and offers some features that Kestrel doesn't provide. Http.sys can run … Continue reading "Wormable critical vulnerability in http.sys could lead to Remote Code Execution on AD FS Servers running SAC versions of Windows Server (CVE-2021-31166, CVSSv3 9.8/8.5)"

KnowledgeBase: You experience ‘You can't access this shared folder because your organization's security policies block unauthenticated guest access’ errors after applying the May 2021 Cumulative Update

Troubleshooting IT problems is hard. Troubleshooting problems that arise on end-user devices around the  same time as these devices automatically update should be simpler, but can be just as hard. Today, let’s talk about some behavior we’re seeing at some organizations surrounding the May 2021 Cumulative Update for Windows 10. The situation Within the organization, … Continue reading "KnowledgeBase: You experience ‘You can't access this shared folder because your organization's security policies block unauthenticated guest access’ errors after applying the May 2021 Cumulative Update"

The May Cumulative update fixes several Azure AD Join issues on Windows 10

Just like every month, Microsoft released cumulative quality updates to its supported Operating Systems in June 2021. This month’s updates, however, show a particular focus on several fixes for Azure AD-joined and Hybrid Azure AD-joined Windows 10 devices running Windows 10 version 1809 and beyond. Let’s take a look: Note: Windows 10 version 1809 has … Continue reading "The May Cumulative update fixes several Azure AD Join issues on Windows 10"

On-premises Identity-related updates and fixes for April 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for April 2021: Windows Server 2016 We observed the following update for Windows Server 2016: KB5001347 April 13, 2021 The … Continue reading "On-premises Identity-related updates and fixes for April 2021"

Azure AD Web Sign-in Security Feature Bypass Vulnerability (CVE-2021-27092, Important)

Today, for its April 2021 Patch Tuesday, Microsoft released an important security update for the Azure AD web sign-in feature in Windows and Windows Server. This vulnerability is known as CVE-2021-27092 and rated with CVSSv3.0 scores of 6.8/5.9. About Azure AD Web Sign-in Web Sign-in is a new way of signing into a Windows system. … Continue reading "Azure AD Web Sign-in Security Feature Bypass Vulnerability (CVE-2021-27092, Important)"

On-premises Identity-related updates and fixes for March 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for March 2021:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB45000803 March 9, 2021 … Continue reading "On-premises Identity-related updates and fixes for March 2021"