Skip to Content

Category Archives: Microsoft Windows Server 2008 R2

Microsoft Windows Server 2008 R2

Hybrid Identity features per Active Directory Domain Services Domain Controller Operating System, Domain Functional Level, Forest Functional Level and Schema version

Written on February 12, 2018 at 1:54 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. These components have requirements of Active Directory Domain Services (AD DS) in terms of the schema, the Windows Server versions on the Domain Controllers an organization runs, the Domain Functional Level (DFL) and the […]

Important Update for Active Directory Federation Services (MS17-019, KB4010320, CVE-2017-0043)

Written on March 14, 2017 at 11:43 PM, by

Today, for its March 2017 Patch Tuesday, Microsoft released an important security update for Active Directory Federation Services (AD FS). The security update addresses a vulnerability that could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system..   […]

Critical Flaw in SMB1 could allow remote code execution on Active Directory Domain Controllers (MS17-010, KB4013389)

Written on March 14, 2017 at 11:27 PM, by

Today, for its March 2017 Patch Tuesday, Microsoft released a security update for supported versions of Windows Server offering File Sharing services using the Server Message Block (SMB) version 1.0 protocol. The security update addresses the vulnerabilities by correcting how SMBv1 handles specially crafted requests.   About the vulnerabilities The vulnerabilities that are fixed with […]

Security Thoughts: Update for Windows Authentication Methods (KB3178465, MS16-101, CVE-2016-3237, CVE-2016-3300, Important)

Written on August 10, 2016 at 8:54 PM, by

Yesterday, during its August Patch Tuesday, Microsoft released security update KB3178465 for Windows Authentication Methods, among other security-related updates. This update addresses two vulnerabilities in Microsofts implementation of its authentication methods in Active Directory scenarios: CVE-2016-3237 and CVE-2016-3300.   About the vulnerabilities Microsoft Kerberos Elevation of Privilege Vulnerability (CVE-2016-3237) A security feature bypass vulnerability exists […]

Security Thoughts: Vulnerability in Active Directory could allow denial of service (MS16-081, KB3160352, CVE-2016-3226)

Written on June 15, 2016 at 8:39 AM, by

Yesterday, Microsoft released update 3160352 as part of its June 2016 Patch Tuesday to address an important vulnerability in Active Directory, allowing denial of service. This security update is rated Important for all supported editions of Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 About the vulnerability A vulnerability has been […]

Security Thoughts: Vulnerability in Netlogon could allow remote code execution (MS16-076, KB3167691, CVE-2016-3228)

Written on June 15, 2016 at 8:38 AM, by

Yesterday, Microsoft released update 3167691 as part of its June 2016 Patch Tuesday to address an important vulnerability in Windows Server’s Netlogon functionality, allowing remote code execution on all supported Windows Server versions. About the vulnerability A vulnerability has been detected, that could allow remote code execution if an attacker with access to a Windows […]

Security Thoughts: Vulnerability in Group Policy could allow elevation of privilege(MS61-072, KB3163622, CVE-2016-3223)

Written on June 15, 2016 at 8:38 AM, by

Yesterday, Microsoft released update 3163622 as part of its June 2016 Patch Tuesday to address an important vulnerability that affects Group Policy on Windows 10.   About the vulnerability The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target […]

Advances in Active Directory since Windows Server 2003

Written on January 12, 2015 at 10:25 AM, by

In six months time, on July 14 2015, Microsoft ends the extended support for Windows Server 2003. After 11 years and 6 months (Windows Server 2003 became generally available on May 28th, 2003) the plug is pulled on updates to the product and the support information on TechNet, MSDN and its KnowledgeBase. Running Active Directory on Operating […]

Active Directory Services and their System Center Management Packs

Written on May 13, 2013 at 6:06 AM, by

As you might be aware, every Microsoft technology has the requirement to be manageable through PowerShell and System Center. Manageability through System Center is done through Management Packs. (MPs). While I discussed the PowerShell manageability stories for the five Active Directory services last Saturday, below is the overview of the availability and functionality of the […]

MS13-032 Vulnerability in Active Directory Could Allow Remote Code Execution (Important)

Written on April 10, 2013 at 8:25 AM, by

It’s not often, that Active Directory Domain Controllers get security updates. The Active Directory Domain Services Server Role is one of the most robustly written code, as I pointed out in an earlier blogpost on Statistics on Active Directory-related Security Bulletins. Since 2001, Microsoft has issued 18 Security Bulletins with patches to address issues in […]