When looking at the May 2022 Patch Tuesday today, I noticed an update that specifically addresses an LSA Spoofing vulnerability. This vulnerability is specific to Domain Controllers (in the default configuration), so this sparked my interest in the update. About the vulnerability A spoofing vulnerability exists in the Windows Local Security Authority (LSA). This vulnerability … Continue reading "The May 2022 Patch Tuesday addresses an LSA Spoofing vulnerability (Important, CVE-2022-26925, CVSSv3 8.1-9.8)"
When looking at the May 2022 Patch Tuesday today, I noticed ten updates that specifically address Remote Code Execution (RCE) vulnerabilities in Windows LDAP. These vulnerabilities are specific to Domain Controllers (in the default configuration), so this sparked my interest in these updates. Ten Windows LDAP RCE vulnerabilities Ten Windows LDAP remote code execution vulnerabilities … Continue reading "The May 2022 Patch Tuesday addresses 10 LDAP Remote Code Execution vulnerabilities (Critical, CVSSv3 9.8)"
When looking at the April 2022 Patch Tuesday today, I noticed eighteen updates that specifically address vulnerabilities in DNS Server. These vulnerabilities are specific to Domain Controllers running DNS Server (in the default configuration), so this sparked my interest in these updates. Eighteen DNS Server vulnerabilities Seventeen Remote Code Execution vulnerabilities Seventeen DNS Server … Continue reading "The April 2022 Patch Tuesday addresses 18 vulnerabilities for Domain Controllers running as DNS Servers"
Last week, Veeam released two new versions of Veeam Backup & Replication (VBR) to address three vulnerabilities in the product. Two of these vulnerabilities exist in the Veeam Distribution Service and are classified as critical with CVSS v3 scores of 9.8. Another one exists in an optional component and is rated as important with a … Continue reading "Veeam addressed three remote code execution vulnerabilities in Veeam Backup & Replication (CVE-2022-26500, CVE-2022-26501, CVE-2022-26504)"
Today, for its March 2022 Patch Tuesday, Microsoft released an important security update for domain controllers running Windows Server. This vulnerability is known as CVE-2022-24508 and rated with CVSSv3.1 scores of 8.8/7.7. A remote code execution exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who … Continue reading "A Windows SMBv3 Remote Code Execution Vulnerability affects your Windows Server 2022-based Domain Controllers (CVE-2022-24508)"
Today, for its February 2022 Patch Tuesday, Microsoft released an important security update for DNS Servers running Windows Server. This vulnerability is known as CVE-2022-21984 and rated with CVSSv3.1 scores of 8.8/7.7. A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers. An attacker who successfully exploited the vulnerability could run arbitrary … Continue reading "Windows Server 2022 suffers a Windows DNS Server Remote Code Execution Vulnerability (CVE-2022-21984)"
Last week, we mentioned that the January 11th, 2022 updates caused some Domain Controllers to restart unexpectedly. Our advice, then, was to uninstall the updates when encountering this problem. However, uninstalling these updates also rolled back other fixes that address critical vulnerabilities in Windows Server. It results in a situation where you don’t want to … Continue reading "Microsoft has released out-of-band updates to address Domain Controller boot loops"
When installing updates, there is always the risk of rogue updates; updates that break functionality, unannounced, unexpected and unsettling. Microsoft is currently researching such a possible side-effect with the January 11, 2022 updates on Active Directory Domain Controllers. About the issue Domain Controllers may reboot unexpectedly and keep rebooting. Event ID 1000 is triggered right … Continue reading "Some Domain Controllers may restart unexpectedly after applying the January 11, 2022 Updates"
During its Patch Tuesday on January 11th, 2022, Microsoft addressed a Remote Code Execution (RCE) security vulnerabilities that affects Windows Server 2019- and Windows Server 2022-based Active Directory Federation Services (AD FS) servers. About the vulnerability CVE-2022-21907 details a remote code execution vulnerability that can be used to attack AD FS servers over the internet. … Continue reading "Wormable Critical HTTP Protocol Stack Remote Code Execution Vulnerability affects Windows Server 2019- and 2022-based AD FS Servers (CVE-2022-21907)"
During its Patch Tuesday on January 11th, 2022, Microsoft addressed three Elevation of Privilege (EoP) security vulnerabilities in Active Directory components and protocols that can be attacked over the network. About the vulnerabilities Three vulnerabilities were addressed: CVE-2022-21857 AD DS Elevation of Privilege Vulnerability CVE-2022-21857 is a vulnerability that could allow an attacker to elevate … Continue reading "Three Active Directory vulnerabilities were addressed during Microsoft’s January 2022 Patch Tuesday"