Category Archives: Security Updates

VMSA-2021-0014 updates for VMware ESXi and vCenter address two security vulnerabilities (CVE-2021-21994, CVE-2021-21995)

Today, VMware released an update that addresses an SFCB improper authentication vulnerability (CVE-2021-21994) and an OpenSLP denial-of-service vulnerability (CVE-2021-21995). These two vulnerabilities can be used to compromise virtual Domain Controllers running on ESXi. Note: The vulnerabilities exist in VMware Cloud Foundation, too. The two vulnerabilities were responsibly disclosed to VMware.   About the vulnerabilities SFCB […]

0  

The July 2021 Patch Tuesday addresses twelve vulnerabilities for Domain Controllers running as DNS Servers

When looking at the July 2021 Patch Tuesday today, I noticed three updates that specifically address vulnerabilities in the DNS snap-in and nine vulnerabilities in DNS Server. These vulnerabilities are specific to Domain Controllers running DNS Server (in the default configuration), so this sparked my interest in these updates. Three DNS Snap-in vulnerabilities There are […]

0  

On-premises Identity-related updates and fixes for June 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for June 2021: Windows Server 2016 We observed the following updates for Windows Server 2016: KB5003638 June 8, 2021 The […]

0  

TODO: Disable the Print Spooler service on Domain Controllers

Today, the news reached me that CVE-2021-1675 is weaponized to compromise Domain Controllers. This is actually already happening in the real world, leading to a ‘zero day’ vulnerability event. Luckily, the vulnerability can be easily thwarted with a simple configuration change on Domain Controllers; disabling the Print Spooler service. Not a big change, but there […]

3  

VMware Tools v 11.3 fixes a Denial of Service vulnerability (VMSA-2021-0011, CVE-2021-21997, CVSv3 3.3)

This week, VMware introduced a new version of its VMware Tools. The reason for this release is a Denial of Service (DoS) vulnerability. About VMware Tools VMware Tools is a set of services and modules that enable several features in VMware products for better management of, and seamless user interactions with, guest Operating Systems. Although […]

0  

Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962, CVSSv3 9.4/8.2)

This month’s Patch Tuesday, Microsoft addresses a vulnerability that exists in the Windows Kerberos implementation for AppContainers. With a CVS v3 score of 9.4/8.2 this is a critical update that should be remediated with the highest priority. About AppContainers Isolation is the primary goal of an AppContainer execution environment. By isolating an application from unneeded […]

0  

SAML Authentication Hijack Vulnerability on Citrix ADC and Citrix Gateway Appliances (CVE-2020-8300)

Today, I was notified that certain Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway appliances are vulnerable to a SAML authentication hijack through a phishing attack to steal a valid user session.   About the vulnerability If Citrix ADC or Citrix Gateway appliances are not upgraded to the recommended versions and if the […]

0  

On-premises Identity-related updates and fixes for May 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for May 2021: Windows Server 2016 We observed the following updates for Windows Server 2016: KB5003197, May 11, 2021 The […]

0  

VMSA-2021-0010 updates for vCenter Server addresses two security vulnerabilities (CVE-2021-21985, CVE-2021-21986)

Today, VMware released an update that addresses two vulnerabilities in its vCenter Server and Cloud Foundation products:: A remote code execution vulnerability in the vSphere Client  (CVE-2021-21985) Authentication mechanism issue in vCenter Server Plug-ins (CVE-2021-21986) About the vulnerabilities remote code execution vulnerability in the vSphere Client (CVE-2021-21985) The vSphere Client (HTML5) contains a remote code […]

0  

Wormable critical vulnerability in http.sys could lead to Remote Code Execution on AD FS Servers running SAC versions of Windows Server (CVE-2021-31166, CVSSv3 9.8/8.5)

This week, on its Patch Tuesday for May 2021, Microsoft released a patch that addresses a highly critical vulnerability (CVE-2021-31166) in http.sys. About http.sys Http.sys is a web server for ASP.NET Core that only runs on Windows. HTTP.sys is an alternative to Kestrel server and offers some features that Kestrel doesn't provide. Http.sys can run […]

0