Today, Microsoft released MS16-020, a Security Bulletin addressing an issue with Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2. The vulnerability could allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS server, causing the server to become nonresponsive. About Active Directory Federation … Continue reading "Security Thoughts: Update for Active Directory Federation Services to Address Denial of Service (Important, MS16-020, KB3134222, CVE-2016-0037)"
Category: Security Updates
Security Updates
Security Thoughts: Security Update for DNS Server to Address Remote Code Execution (MS15-127, KB3100465, CVE-2015-6125, Critical)
Today, during this December Patch Tuesday, Microsoft released a security update for Windows Server DNS among other security-related updates. While I’d normally only draw your attention to Active Directory security updates, I’ve chosen to blog on this update, because the vast majority of Active Directory Domain Controllers I come across function as DNS Servers serving … Continue reading "Security Thoughts: Security Update for DNS Server to Address Remote Code Execution (MS15-127, KB3100465, CVE-2015-6125, Critical)"
Security Thoughts: Security Update for Kerberos to Address Security Feature Bypass (KB3105256, MS15-122, CVE-2015-6095, Important)
During BlackHat Europe 2015 in Amsterdam, last week, Ian Haken, a security researcher at Synopsis, presented a session titled Bypassing Local Windows Authentication to Defeat Full Disk Encryption. The accompanying Research paper (PDF) detailed an ‘evil maid’ attack vector specifically targeting BitLocker Drive Encryption. The most interesting part of the session was the way Ian … Continue reading "Security Thoughts: Security Update for Kerberos to Address Security Feature Bypass (KB3105256, MS15-122, CVE-2015-6095, Important)"
Vulnerability in Active Directory Federation Services could allow elevation of privilege (Important, CVE-2015-1757, MS15-062)
Today, Microsoft released update 3062577 as part of its June 2015 Patch Tuesday to address a cross-site scripting vulnerability that affects Active Directory Federation Services (AD FS) 2.0 and Active Directory Federation Services (AD FS) 2.1 installations. Note: This means Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 are affected, but Windows … Continue reading "Vulnerability in Active Directory Federation Services could allow elevation of privilege (Important, CVE-2015-1757, MS15-062)"
Security Thoughts: Microsoft Local Administrator Password Solution (LAPS, KB3062591)
As you might recall, Microsoft offered a solution to systems administrators to set the local administrator password on domain-joined devices using Group Policy Preferences, but ended the solution, almost a year ago, when the encoding mechanism was decoded and an attack was created towards this vulnerability (CVE-2014-1812). Introducing LAPS Yesterday, Microsoft introduced version 6 … Continue reading "Security Thoughts: Microsoft Local Administrator Password Solution (LAPS, KB3062591)"
Security Thoughts: Vulnerability in NETLOGON cloud allow spoofing (MS15-027, CVE-2015-0005)
While this has proven to be n interesting month with the Factoring RSA Export Keys (FREAK) technique affecting a plethora of Operating Systems, Microsoft has also issued an update to address a privately reported vulnerability in NETLOGON. About the vulnerability A spoofing vulnerability exists in NETLOGON that is caused when the NETLOGON service improperly … Continue reading "Security Thoughts: Vulnerability in NETLOGON cloud allow spoofing (MS15-027, CVE-2015-0005)"
Security Thoughts: Vulnerability in SChannel allows security bypassing (Important, FREAK, MS15-031, CVE-2015-1637)
In recent days, a new attack vector, called the FREAK technique, that facilitates SSL/TLS Man-in-the-Middle (MitM) attacks was in the news. Microsoft has confirmed that its implementations of SChannel in Windows and Windows Server are also vulnerable to this attack method and has released updates for all its supported Operating Systems. About FREAK On … Continue reading "Security Thoughts: Vulnerability in SChannel allows security bypassing (Important, FREAK, MS15-031, CVE-2015-1637)"
Vulnerabilities in Group Policy could allow security policy bypassing (MS15-011, MS15-014, CVE-2015-0008, CVE-2015-0009)
For its February 2015 Patch Tuesday on Tuesday February 10, Microsoft has released two security bulletin to address issues in Group Policy that would allow an attacker using a Man-in-the-middle (MitM) approach to bypass security policies, by forging packets sent by Domain Controllers. The situation In many organizations, Group Policies are used to centrally … Continue reading "Vulnerabilities in Group Policy could allow security policy bypassing (MS15-011, MS15-014, CVE-2015-0008, CVE-2015-0009)"
Update your Federation Servers with MS14-077 to patch CVE-2014-6331 (Important)
During the November 2014 Patch Tuesday, Microsoft has released Security Bulletin MS114-077, that describes how a vulnerability in Active Directory Federation Services (AD FS) could allow unintentional information disclosure and how you can fix this by installing the security update that is part of KB3003381 on your Active Directory Federation Servers, including proxies. About MS14-077 … Continue reading "Update your Federation Servers with MS14-077 to patch CVE-2014-6331 (Important)"
Security Thoughts: Passwords in Group Policy Preferences (CVE-2014-1812)
Last week, Microsoft released Security Bulletin MS04-025, including guidance and an update that resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Active Directory Group Policy preferences are used to distribute passwords across the domain – a practice that could allow an attacker to retrieve and decrypt the … Continue reading "Security Thoughts: Passwords in Group Policy Preferences (CVE-2014-1812)"