On-premises Identity-related updates and fixes for June 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for June 2021: Windows Server 2016 We observed the following updates for Windows Server 2016: KB5003638 June 8, 2021 The … Continue reading "On-premises Identity-related updates and fixes for June 2021"

TODO: Disable the Print Spooler service on Domain Controllers

Today, the news reached me that CVE-2021-1675 is weaponized to compromise Domain Controllers. This is actually already happening in the real world, leading to a ‘zero day’ vulnerability event. Luckily, the vulnerability can be easily thwarted with a simple configuration change on Domain Controllers; disabling the Print Spooler service. Not a big change, but there … Continue reading "TODO: Disable the Print Spooler service on Domain Controllers"

VMware Tools v 11.3 fixes a Denial of Service vulnerability (VMSA-2021-0011, CVE-2021-21997, CVSv3 3.3)

This week, VMware introduced a new version of its VMware Tools. The reason for this release is a Denial of Service (DoS) vulnerability. About VMware Tools VMware Tools is a set of services and modules that enable several features in VMware products for better management of, and seamless user interactions with, guest Operating Systems. Although … Continue reading "VMware Tools v 11.3 fixes a Denial of Service vulnerability (VMSA-2021-0011, CVE-2021-21997, CVSv3 3.3)"

Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962, CVSSv3 9.4/8.2)

This month’s Patch Tuesday, Microsoft addresses a vulnerability that exists in the Windows Kerberos implementation for AppContainers. With a CVS v3 score of 9.4/8.2 this is a critical update that should be remediated with the highest priority. About AppContainers Isolation is the primary goal of an AppContainer execution environment. By isolating an application from unneeded … Continue reading "Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962, CVSSv3 9.4/8.2)"

SAML Authentication Hijack Vulnerability on Citrix ADC and Citrix Gateway Appliances (CVE-2020-8300)

Today, I was notified that certain Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway appliances are vulnerable to a SAML authentication hijack through a phishing attack to steal a valid user session.   About the vulnerability If Citrix ADC or Citrix Gateway appliances are not upgraded to the recommended versions and if the … Continue reading "SAML Authentication Hijack Vulnerability on Citrix ADC and Citrix Gateway Appliances (CVE-2020-8300)"

On-premises Identity-related updates and fixes for May 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for May 2021: Windows Server 2016 We observed the following updates for Windows Server 2016: KB5003197, May 11, 2021 The … Continue reading "On-premises Identity-related updates and fixes for May 2021"

VMSA-2021-0010 updates for vCenter Server addresses two security vulnerabilities (CVE-2021-21985, CVE-2021-21986)

Today, VMware released an update that addresses two vulnerabilities in its vCenter Server and Cloud Foundation products:: A remote code execution vulnerability in the vSphere Client  (CVE-2021-21985) Authentication mechanism issue in vCenter Server Plug-ins (CVE-2021-21986) About the vulnerabilities remote code execution vulnerability in the vSphere Client (CVE-2021-21985) The vSphere Client (HTML5) contains a remote code … Continue reading "VMSA-2021-0010 updates for vCenter Server addresses two security vulnerabilities (CVE-2021-21985, CVE-2021-21986)"

Wormable critical vulnerability in http.sys could lead to Remote Code Execution on AD FS Servers running SAC versions of Windows Server (CVE-2021-31166, CVSSv3 9.8/8.5)

This week, on its Patch Tuesday for May 2021, Microsoft released a patch that addresses a highly critical vulnerability (CVE-2021-31166) in http.sys. About http.sys Http.sys is a web server for ASP.NET Core that only runs on Windows. HTTP.sys is an alternative to Kestrel server and offers some features that Kestrel doesn't provide. Http.sys can run … Continue reading "Wormable critical vulnerability in http.sys could lead to Remote Code Execution on AD FS Servers running SAC versions of Windows Server (CVE-2021-31166, CVSSv3 9.8/8.5)"

KnowledgeBase: You experience ‘You can't access this shared folder because your organization's security policies block unauthenticated guest access’ errors after applying the May 2021 Cumulative Update

Troubleshooting IT problems is hard. Troubleshooting problems that arise on end-user devices around the  same time as these devices automatically update should be simpler, but can be just as hard. Today, let’s talk about some behavior we’re seeing at some organizations surrounding the May 2021 Cumulative Update for Windows 10. The situation Within the organization, … Continue reading "KnowledgeBase: You experience ‘You can't access this shared folder because your organization's security policies block unauthenticated guest access’ errors after applying the May 2021 Cumulative Update"

The May Cumulative update fixes several Azure AD Join issues on Windows 10

Just like every month, Microsoft released cumulative quality updates to its supported Operating Systems in June 2021. This month’s updates, however, show a particular focus on several fixes for Azure AD-joined and Hybrid Azure AD-joined Windows 10 devices running Windows 10 version 1809 and beyond. Let’s take a look: Note: Windows 10 version 1809 has … Continue reading "The May Cumulative update fixes several Azure AD Join issues on Windows 10"