Category Archives: Enterprise Security
Security Thoughts: Vulnerability in SChannel allows security bypassing (Important, FREAK, MS15-031, CVE-2015-1637)
In recent days, a new attack vector, called the FREAK technique, that facilitates SSL/TLS Man-in-the-Middle (MitM) attacks was in the news. Microsoft has confirmed that its implementations of SChannel in Windows and Windows Server are also vulnerable to this attack method and has released updates for all its supported Operating Systems. About FREAK On […]
Security Thoughts: Include command line in process creation events
Windows 8.1 and Windows Server 2012 R2 introduced an awesome new feature, called Include command line in process creation events, a Group Policy setting that expands the Audit Process Creation policy so events in Event Viewer (eventvwr.msc) include the actual commands issued. Last week, Microsoft introduced an update to Windows 7, Windows 8, Windows Server […]
Vulnerabilities in Group Policy could allow security policy bypassing (MS15-011, MS15-014, CVE-2015-0008, CVE-2015-0009)
For its February 2015 Patch Tuesday on Tuesday February 10, Microsoft has released two security bulletin to address issues in Group Policy that would allow an attacker using a Man-in-the-middle (MitM) approach to bypass security policies, by forging packets sent by Domain Controllers. The situation In many organizations, Group Policies are used to centrally […]
Granularly permitting or denying the right to WorkPlace Join devices based on group membership
Previously, we’ve looked at the WorkPlace Join functionality in Active Directory Federation Services (AD FS) in Windows Server 2012 R2 (and up) and the accompanying Registered Device objects in Active Directory Domain Services (AD DS). When WorkPlace Join is enabled for a networking environment, by default anyone has the right to WorkPlace Join devices, by […]
Security Thoughts: Leveraging NTLM Hashes using Kerberos RC4-HMAC encryption (AKA Aorato’s Active Directory Vulnerability)
In a blogpost today, Tal Be'ery, Vice President Research at Aorato, an Israeli security company consisting of veterans of the Israeli Defense Forces specializing in Active Directory, published how weak encryption enables an attacker to change a victim’s password without being logged. Labeled as a vulnerability in Active Directory, this information sparked some controversy, so […]
I’ll be speaking at the Datacenter Group’s Partner Event
Working at a Systems Integrator (SI) has its perks. I get to discuss interesting technologies with interesting customers and interesting partners. Sometimes, my playing field feels like an ecosystem where manufacturers, partners and customers think and act like one. One of the partners we’re working closely these days and gives me that special feeling is […]
I’ll be speaking at Ngi-NGNs ‘Systems Management: Beyond Control’ event
I’ve been associated with the Dutch Networking User Group (NGN) for almost five years now. I’ve been speaking at their events and have helped others achieve the same goal. NGN has recently joined forces with the Dutch Platform for IT Professionals (Ngi), and an old tradition has been dusted off: We’re organizing a Windows Server-themed […]
Security Thoughts: Internet Explorer 8 Woes (CVE-2014-1770)
Last week, the Zero Day Initiative (ZDI) decided that Microsoft has had enough time within its coordinated vulnerability disclosure program to fix a vulnerability in Internet Explorer 8. This use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call […]
Security Thoughts: Passwords in Group Policy Preferences (CVE-2014-1812)
Last week, Microsoft released Security Bulletin MS04-025, including guidance and an update that resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Active Directory Group Policy preferences are used to distribute passwords across the domain – a practice that could allow an attacker to retrieve and decrypt the […]
Implications of the HeartBleed vulnerability on Single Sign-On and Federation implementations
This week, the Internet was abuzz with HeartBleed,a vulnerability in OpenSSL. This meant many secure websites and webservices, protected by OpenSSL, suddenly became a security risk and OpenSSL (and open source software, in general) suddenly became a lot less trustworthy. About HeartBleed The HeartBleed bug is a serious vulnerability in the popular OpenSSL cryptographic software […]
Login