Category Archives: Security Updates

On-premises Identity-related updates and fixes for September 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. Note: Although much attention was given this month to Secura’s ZeroLogon attack and the advice to update Windows Servers acting as Domain Controller immediately,, the underlying vulnerability was actually […]

0  

An important update addresses a Spoofing Vulnerability in AD FS

Yesterday, for its September 2020 Patch Tuesday, Microsoft released an important security update for Active Directory Federation Services (AD FS). About the vulnerability A spoofing vulnerability exists when Active Directory Federation Services (AD FS) on Windows Server 2016 and Windows Server 2019 improperly handles multi-factor authentication requests. This vulnerability is described in detail in CVE-2020-0837. […]

0  

The September 2020 Patch Tuesday addresses five important vulnerabilities for Domain Controllers running as DNS Servers

When looking at the September 2020 Patch Tuesday today, I noticed five updates that specifically address vulnerabilities in DNS. Two of these vulnerabilities are specific to Domain Controllers running DNS Server, so this sparked my interest in these updates. DNS Server-related updates For Active Directory Domain Controllers acting as DNS Servers, the following vulnerabilities are […]

0  

On-premises Identity updates & fixes for August 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for August 2020:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4571694 August 11, 2020 The […]

0  

Knowledgebase: You experience Warnings with EventID 5829 on Domain Controllers

In Microsoft-oriented networking infrastructures, your Active Directory Domain Controllers may suddenly experience high number of Warning events in the System log in Event Viewer (eventvwr.exe) with EventID 5829.   The cause Microsoft has added this event by design to warn Active Directory administrators of vulnerable Netlogon connections, in terms of CVE-2020-1472. The eventID was added […]

4  

On-premises Identity updates & fixes for July 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for July 2020: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4565511 July 14, 2020 The July […]

0  

Windows DNS Server Remote Code Execution Vulnerability (SIGred, Wormable, Critical, CVE-2020-1350)

Yesterday, Microsoft released updates for all supported versions of Windows and Windows Server to address a remote code execution vulnerability in DNS Server, marked as critical. Its official common vulnerabilities and exposures (CVE) id is CVE-2020-1350.                                                                                                                                     About the vulnerability A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they […]

3  

On-premises Microsoft Identity-related updates and fixes for June 2020

Even though Microsoft's Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for June 2020:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4561616 June 9, 2020 The […]

0  

Group Policy Elevation of Privilege Vulnerability (CVE-2020-1317, Important)

This Tuesday, Microsoft released updates for all supported versions of Windows and Windows Server to address an elevation of privilege vulnerability in Group Policy, marked as important. Its official common vulnerabilities and exposures (CVE) id is CVE-2020-1317.   About the vulnerability An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker […]

0  

On-premises Microsoft Identity-related updates and fixes for May 2020

Even though Microsoft's Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for May 2020: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4556813 May 12, 2020 The May […]

0