UPDATE Microsoft add updates: The tech giant has revised the blocking rule in IIS Manager from “.*autodiscover\.json.*Powershell.*” to “(?=.*autodiscover\.json)(?=.*powershell).” Also , Change the Condition input from {URL} to {UrlDecode:{REQUEST_URI}} and then click OK On Thursday, September 29, a Vietnamese security firm called GTSC published information and IOCs on what they claim is a pair of unpatched Microsoft Exchange ServerContinue reading “New Microsoft Exchange zero-day actively (RCE+SSRF) exploited in attacks”
Tag Archives: microsoft
Microsoft May Patch Updates Cause Windows AD Authentication Errors
Some May 2022 Microsoft Security Updates Are Leading to Authentication Failures. Microsoft reported : “After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP),”.Continue reading “Microsoft May Patch Updates Cause Windows AD Authentication Errors”
Released: May 2022 Exchange Server Security Updates
Microsoft released an SU for exchange servers. Starting with this release of Security Updates, Microsoft are releasing updates in a self-extracting auto-elevating .exe package These SUs are available for the following specific builds of Exchange Server: Exchange Server 2013 CU23 Exchange Server 2016 CU22 and CU23 Exchange Server 2019 CU11 and CU12 Manual run of /PrepareAllDomains is required : Because of additionalContinue reading “Released: May 2022 Exchange Server Security Updates”
Exchange 2022 Cumulative Update
After almost an year Microsoft released new cu for exchange 2019 and exchange 2016. the update includes the latest SUs including the updates released in the March 2022 SUs. As published on The Exchange Team (https://techcommunity.microsoft.com/t5/exchange-team-blog/released-2022-h1-cumulative-updates-for-exchange-server/ba-p/3285026) the most update are : Servicing Model Changes Microsoft announcing changes to there update delivery model for Exchange Server. Microsoft areContinue reading “Exchange 2022 Cumulative Update”
Microsoft February 2022 Security Updates
Microsoft has fixed 48 vulnerabilities and with it comes fixes for one zero-day vulnerability CVE-2022-21989 – Windows Kernel Elevation of Privilege Vulnerability This release consists of security updates for the following products, features and roles. Azure Data Explorer Kestrel Web Server Microsoft Dynamics Microsoft Dynamics GP Microsoft Edge (Chromium-based) Microsoft Office Microsoft Office Excel Microsoft Office OutlookContinue reading “Microsoft February 2022 Security Updates”
Microsoft November 2021 Patch Tuesday fixes 55 flaws, 6 zero-days
Microsoft has fixed 55 vulnerabilities with today’s update (November 2021), with six classified as Critical and 49 as Important. The number of each type of vulnerability is listed below: 20 Elevation of Privilege vulnerabilities 2 Security Feature Bypass vulnerabilities 15 Remote Code Execution vulnerabilities 10 Information Disclosure vulnerabilities 3 Denial of Service vulnerabilities 4 Spoofing vulnerabilities The sixContinue reading “Microsoft November 2021 Patch Tuesday fixes 55 flaws, 6 zero-days”
Windows 365
Windows 365 is a new cloud service by Microsoft that takes the operating system to the Microsoft Cloud and securely streams the full Windows 10 or Window 11 experience – including all apps, data, and settings – to personal or corporate devices easily. The ability to access a virtualized Windows desktop through a web browserContinue reading “Windows 365”
Multiple ADFS farms in one AD Domain
Yes, Microsoft supports multiple ADFS farms in one domain in different sites. If the environment matches the below conditions then only it will work in multiple ADFS farm scenario: The service names for ADFS farms should be different for each site (location) i.e. Test.adfs.name.com , Prod.adfs.name.com. You cannot federate same application with two farms inContinue reading “Multiple ADFS farms in one AD Domain”
Released: December 2020 Quarterly Exchange Updates
Microsoft e announce the availability of quarterly servicing cumulative updates for Exchange Server 2016 and 2019. These updates include fixes for customer reported issues as well as all previously released security updates. Microsoft plan to release the final cumulative update for Exchange Server 2016 in March 2021, which will include all fixes made for customer reportedContinue reading “Released: December 2020 Quarterly Exchange Updates”