VMware Tools v 12.5.1 fixes an authentication bypass vulnerability (VMSA-2025-0005, CVE-2025-22230, CVSv3 7.8)

This week, VMware introduced a new version of its VMware Tools for Windows. The reason for this release is an authentication bypass vulnerability.   About VMware Tools VMware Tools is a set of services and modules that enable several features in VMware products for better management of, and seamless user interactions with, guest Operating Systems. … Continue reading "VMware Tools v 12.5.1 fixes an authentication bypass vulnerability (VMSA-2025-0005, CVE-2025-22230, CVSv3 7.8)"

Entra Connect Sync v2.4.27.0 addresses a remote code execution vulnerability (CVE-2024-37334)

Microsoft Entra Connect Sync version 2.4.27.0 uses OLE DB version 18.7.4 that further hardens the service. Upgrade to this latest version of connect sync to improve your security.   What’s New Entra Connect Sync v2.4.27.0 offers one update and two bug fixes: SQL-related drivers updated to OLE DB v18.7.4 Starting with Entra Connect Sync v2.4.27.0, … Continue reading "Entra Connect Sync v2.4.27.0 addresses a remote code execution vulnerability (CVE-2024-37334)"

A Denial of Service vulnerability threatens the availability of virtual Domain Controllers on VMware ESXi (VMSA-2024-0011, Important, CVE-2024-22273)

This week, Broadcom VMware released an update that addresses a vulnerability in ESXi. This vulnerability could be abused to negatively impact the availability of virtual Domain Controllers running on ESXi hosts. Note:  The vulnerability exists in VMware Cloud Foundation, too. The vulnerability was responsibly disclosed to Broadcom VMware.   About the DoS vulnerability The vulnerability … Continue reading "A Denial of Service vulnerability threatens the availability of virtual Domain Controllers on VMware ESXi (VMSA-2024-0011, Important, CVE-2024-22273)"

Some Domain Controllers may restart unexpectedly after applying the March 12, 2024 Updates

When installing updates, there is always the risk of rogue updates; updates that break functionality, unannounced, unexpected and unsettling. Microsoft is currently researching such a possible side-effect with the March 12, 2024 updates on Active Directory Domain Controllers.   About the issue Domain Controllers may reboot unexpectedly and keep rebooting. Admins are reporting ballooning memory … Continue reading "Some Domain Controllers may restart unexpectedly after applying the March 12, 2024 Updates"

On-premises Identity-related updates and fixes for September 2023

Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses. This is the list of Identity-related updates and fixes we saw for September 2023:   Windows Server 2016 We observed the following update … Continue reading "On-premises Identity-related updates and fixes for September 2023"

On-premises Identity-related updates and fixes for August 2023

Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses. This is the list of Identity-related updates and fixes we saw for August 2023:   Windows Server 2016 We observed the following update … Continue reading "On-premises Identity-related updates and fixes for August 2023"

On-premises Identity-related updates and fixes for May 2023

Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses. This is the list of Identity-related updates and fixes we saw for May 2023:   Windows Server 2016 We observed the following update … Continue reading "On-premises Identity-related updates and fixes for May 2023"

An LDAP Remote Code Execution Vulnerability affects your Domain Controllers (CVE-2023-28283, Critical CVSSv3 8.1/7.1)

Yesterday, for its May 2023 Patch Tuesday, Microsoft released a critical security update for Domain Controllers and Windows Server installations offering Active Directory Lightweight Directory Services. This vulnerability is known as CVE-2023-28283 and rated with CVSSv3.1 scores of 8.1/7.1. A remote code execution vulnerability exists in the Windows Lightweight Directory Access Protocol (LDAP). An adversary … Continue reading "An LDAP Remote Code Execution Vulnerability affects your Domain Controllers (CVE-2023-28283, Critical CVSSv3 8.1/7.1)"

On-premises Identity-related updates and fixes for April 2023

Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses. This is the list of Identity-related updates and fixes we saw for April 2023:   Windows Server 2016 We observed the following update … Continue reading "On-premises Identity-related updates and fixes for April 2023"

The April 2023 Updates provide further urgency to Netlogon RPC Sealing

With the November 2022 Updates for Windows Server, Microsoft implemented Netlogon protocol changes as part of mitigating the vulnerability associated with CVE-2022-38023. With the April 2023 Updates for Windows Server, another vulnerability is addressed in the same context.   About CVE-2022-38023 (November 2022) Through this vulnerability, an authenticated adversary could leverage cryptographic protocol vulnerabilities in … Continue reading "The April 2023 Updates provide further urgency to Netlogon RPC Sealing"