Category Archives: Active Directory
ENow Software provides the ideal basis for your Active Directory Zero Trust Journey
The world is different from five years ago. After the successful SolarWinds attack in 2020, where attackers gained access to Microsoft’s systems, Microsoft aligned itself with NIST’s approach towards a zero-trust architecture. This changes everything. In contrast to previous security models, in Microsoft’s defense in depth approach Identity and Access is the first layer of […]
HOWTO: Detect NTLMv1 Authentication
Active Directory Domain Services (AD DS) offers many ways to integrate applications and services. Before Windows 2000 Server and Active Directory, in the Windows NT era when servers were beige and server racks from wood, authentication on networks was NTLM-based. Windows 2000 Server introduced Microsoft’s Kerberos implementation, but even today NTLM continues to be used. […]
HOWTO: Detect Apps and Services using LDAP instead of LDAPS
Active Directory Domain Services (AD DS) offers many ways to integrate applications and services. Traditionally, the Lightweight Directory Access Protocol (LDAP) was used by software developers to integrate. While Kerberos-based Integrated Windows Authentication (IWA) can also be used, LDAP has kept a certain foothold for software solutions, as it is also available on non-Windows and […]
An Out of Band Update resolves the Authentication issues introduced by the May 10 2022 Windows Updates
Ever since the news broke that the May 2022 Windows Updates cause Active Directory Authentication Failures in environments where certificate-based authentication is in use, many organizations have held off on installing these updates on their domain controllers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) even went as far as advising against installing the updates […]
The May 2022 Windows Updates may cause Active Directory Authentication Failures
The May 2022 updates for all supported versions of Windows Server may cause Active Directory authentication failures. Microsoft is investigating the issue. A workaround is available for organizations experiencing issues. The situation The Windows updates of May 10th, 2022, address several vulnerabilities on Domain Controllers, including several of the ten LDAP Remote Code Execution vulnerabilities […]
The May 2022 Patch Tuesday addresses an LSA Spoofing vulnerability (Important, CVE-2022-26925, CVSSv3 8.1-9.8)
When looking at the May 2022 Patch Tuesday today, I noticed an update that specifically addresses an LSA Spoofing vulnerability. This vulnerability is specific to Domain Controllers (in the default configuration), so this sparked my interest in the update. About the vulnerability A spoofing vulnerability exists in the Windows Local Security Authority (LSA). This vulnerability […]
The May 2022 Patch Tuesday addresses 10 LDAP Remote Code Execution vulnerabilities (Critical, CVSSv3 9.8)
When looking at the May 2022 Patch Tuesday today, I noticed ten updates that specifically address Remote Code Execution (RCE) vulnerabilities in Windows LDAP. These vulnerabilities are specific to Domain Controllers (in the default configuration), so this sparked my interest in these updates. Ten Windows LDAP RCE vulnerabilities Ten Windows LDAP remote code execution vulnerabilities […]
On-premises Identity-related updates and fixes for April 2022
Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates. This is the list of Identity-related updates and fixes we saw for April 2022: Windows Server 2016 We observed the following update for Windows Server 2016: […]
The April 2022 Patch Tuesday addresses 18 vulnerabilities for Domain Controllers running as DNS Servers
When looking at the April 2022 Patch Tuesday today, I noticed eighteen updates that specifically address vulnerabilities in DNS Server. These vulnerabilities are specific to Domain Controllers running DNS Server (in the default configuration), so this sparked my interest in these updates. Eighteen DNS Server vulnerabilities Seventeen Remote Code Execution vulnerabilities Seventeen DNS Server […]
A Windows SMBv3 Remote Code Execution Vulnerability affects your Windows Server 2022-based Domain Controllers (CVE-2022-24508)
Today, for its March 2022 Patch Tuesday, Microsoft released an important security update for domain controllers running Windows Server. This vulnerability is known as CVE-2022-24508 and rated with CVSSv3.1 scores of 8.8/7.7. A remote code execution exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who […]
Login