Category Archives: Microsoft Windows 7

Security Thoughts: Update for Windows Authentication Methods (KB3178465, MS16-101, CVE-2016-3237, CVE-2016-3300, Important)

Yesterday, during its August Patch Tuesday, Microsoft released security update KB3178465 for Windows Authentication Methods, among other security-related updates. This update addresses two vulnerabilities in Microsofts implementation of its authentication methods in Active Directory scenarios: CVE-2016-3237 and CVE-2016-3300.   About the vulnerabilities Microsoft Kerberos Elevation of Privilege Vulnerability (CVE-2016-3237) A security feature bypass vulnerability exists […]


Security Thoughts: Vulnerability in Group Policy could allow elevation of privilege(MS61-072, KB3163622, CVE-2016-3223)

Yesterday, Microsoft released update 3163622 as part of its June 2016 Patch Tuesday to address an important vulnerability that affects Group Policy on Windows 10.   About the vulnerability The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target […]


Using the new Active Directory PowerShell Cmdlets on down-level and module-less systems

Last week, we discussed the new Active Directory Domain Services-related PowerShell Cmdlets in Windows Server 2012 R2. In the requirements I mentioned that you needed at least one system with the Windows Server 2012 R2 or Windows 8.1 version of the Active Directory Module for Windows PowerShell feature installed. However, as Aleksandar Nikolic (PowerShell MVP) […]


Top 5 myths on Offline Domain Join

A lot of people have an opinion on the Offline Domain Join (ODJ) functionality in Windows Server 2008 R2 and Windows Server 2012 Active Directory, Windows 7 and Windows 8. Of course, everyone is entitled to an opinion, but sometimes fact checking is useful for a discussion. To this point, I have captured the top […]


Blocking Internet Explorer 10 Automatic Delivery

Microsoft is getting ready to release Internet Explorer 10 for Windows 7 and Windows Server 2008 R2. Internet Explorer 10 is built into Windows 8 and Windows Server 2012 by default and Microsoft vowed to bring it to Windows 7 and Windows Server 2008 R2 too. The latest available version of Internet Explorer will be […]


KnowledgeBase: You can only log on as "Other user" when the "Do not display last user name" Group Policy setting is enabled in Windows 8 or Windows Server 2012

Many Active Directory admins consider it unsafe to display the last users logon name on the Logon Screen, since it provides information on naming conventions, etc. to possible malicious people. Others change the default Logon Screen to accommodate for presentation PCs, flexworker desktops and other commonly shared IT equipment.


Windows Gadgets and Windows Sidebar to Go

The Microsoft marketing department has decided to label a few of the incredible Windows features in Windows 7 and Windows 8 as ‘To Go’. Prime examples, of course, are ‘BitLocker-To-Go’ (encryption of removable drives) and ‘Windows-To-Go’ (running Windows from a removable drive). This week, I’m labeling the Windows Sidebar (Windows Vista) and Windows Desktop Gadgets […]


How to effectively defend against Morto.A in the enterprise

Whenever a worm utilizes the normal access and daily tools systems admins use, there is a significant problem. After all, shutting down the attack vector suddenly isn’t that easy. So, without making dramatic changes to your environment, how can you rest assured?


Windows 7 and SSDs, Part 3 (Security Best Practices)

Solid State Disks (SSDs) offer great performance enhancements, especially when you follow the guidelines in Part 1 and Part 2 of this series. From an information security point of view, however, these devices are nightmare in terms of data confidentiality. Recent studies from the University of California in San Diego (UCSD) show securely wiping SSDs […]


Getting your Active Directory ready for Windows 7, Part 5

Change is upon us. Where many Active Directory administrators have stuck with Windows XP, because no valid alternatives (Windows Vista, *nix) were available, now the business wants to upgrade to Windows 7. Whatever the business reasons behind Windows 7, as an Active Directory administrator a couple of key elements should stand out. We’ve already covered […]