Category Archives: Security Updates

An Out-of-Band Update addresses Azure AD sign-in problems on Windows ARM-based devices

After installing the June 2022 Cumulative update on a Windows ARM-based device, people might be unable to sign in using Azure Active Directory (Azure AD). Now there is an update available to address this issue, without having to resort to uninstalling the June 2022 Cumulative update or without having to rely on the web-based versions […]

0  

On-premises Identity-related updates and fixes for May 2022

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates. This is the list of Identity-related updates and fixes we saw for May 2022:   Windows Server 2016 We observed the following update for Windows Server […]

0  

An Out of Band Update resolves the Authentication issues introduced by the May 10 2022 Windows Updates

Ever since the news broke that the May 2022 Windows Updates cause Active Directory Authentication Failures in environments where certificate-based authentication is in use, many organizations have held off on installing these updates on their domain controllers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) even went as far as advising against installing the updates […]

0  

The May 2022 Windows Updates may cause Active Directory Authentication Failures

The May 2022 updates for all supported versions of Windows Server may cause Active Directory authentication failures. Microsoft is investigating the issue. A workaround is available for organizations experiencing issues. The situation The Windows updates of May 10th, 2022, address several vulnerabilities on Domain Controllers, including several of the ten LDAP Remote Code Execution vulnerabilities […]

1  

The May 2022 Patch Tuesday addresses an LSA Spoofing vulnerability (Important, CVE-2022-26925, CVSSv3 8.1-9.8)

When looking at the May 2022 Patch Tuesday today, I noticed an update that specifically addresses an LSA Spoofing vulnerability. This vulnerability is specific to Domain Controllers (in the default configuration), so this sparked my interest in the update. About the vulnerability A spoofing vulnerability exists in the Windows Local Security Authority (LSA). This vulnerability […]

0  

The May 2022 Patch Tuesday addresses 10 LDAP Remote Code Execution vulnerabilities (Critical, CVSSv3 9.8)

When looking at the May 2022 Patch Tuesday today, I noticed ten updates that specifically address Remote Code Execution (RCE) vulnerabilities in Windows LDAP. These vulnerabilities are specific to Domain Controllers (in the default configuration), so this sparked my interest in these updates. Ten Windows LDAP RCE vulnerabilities Ten Windows LDAP remote code execution vulnerabilities […]

0  

The April 2022 Patch Tuesday addresses 18 vulnerabilities for Domain Controllers running as DNS Servers

When looking at the April 2022 Patch Tuesday today, I noticed eighteen updates that specifically address vulnerabilities in DNS Server. These vulnerabilities are specific to Domain Controllers running DNS Server (in the default configuration), so this sparked my interest in these updates.   Eighteen DNS Server vulnerabilities Seventeen Remote Code Execution vulnerabilities Seventeen DNS Server […]

0  

Veeam addressed three remote code execution vulnerabilities in Veeam Backup & Replication (CVE-2022-26500, CVE-2022-26501, CVE-2022-26504)

Last week, Veeam released two new versions of Veeam Backup & Replication (VBR) to address three vulnerabilities in the product. Two of these vulnerabilities exist in the Veeam Distribution Service and are classified as critical with CVSS v3 scores of 9.8. Another one exists in an optional component and is rated as important with a […]

0  

A Windows SMBv3 Remote Code Execution Vulnerability affects your Windows Server 2022-based Domain Controllers (CVE-2022-24508)

Today, for its March 2022 Patch Tuesday, Microsoft released an important security update for domain controllers running Windows Server. This vulnerability is known as CVE-2022-24508 and rated with CVSSv3.1 scores of 8.8/7.7. A remote code execution exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who […]

0  

Windows Server 2022 suffers a Windows DNS Server Remote Code Execution Vulnerability (CVE-2022-21984)

Today, for its February 2022 Patch Tuesday, Microsoft released an important security update for DNS Servers running Windows Server. This vulnerability is known as CVE-2022-21984 and rated with CVSSv3.1 scores of 8.8/7.7. A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers. An attacker who successfully exploited the vulnerability could run arbitrary […]

0