![]() Monitor the events that are stored in audit mode to secure your environment.Put the Windows domain controller into audit mode by using the registry entries here.Update the Windows domain controllers with a Windows update that was released on or after November 8, 2022.Microsoft suggests the following procedure: Only then may you switch to enforced mode via update. It is important to note that all domain controllers in a domain must be updated first. Microsoft writes that the affected Windows updates must be installed on all devices, including Windows domain controllers, to protect your environment. Which Windows versions are affected by which CVE can be found in the KB articles linked above. KB5021131: How to manage the Kerberos protocol changes related to CVE-2022-37966.KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023.KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967.Microsoft has published various support articles on this. ![]() Where the above CVEs refer partly to Windows clients and servers, and partly to Windows servers only. Windows Server 2022 Azure Stack HCI Version 22H2.The following Windows versions are affected: The security updates in question address Kerberos vulnerabilities where an attacker can digitally alter PAC signatures to elevate privileges. ![]() The NovemWindows updates also address vulnerabilities related to security bypass and elevation of privilege through Privilege Attribute Certificate (PAC) signatures. German blog reader Oli mentioned (thanks) within within this comment the topic, that has been also summarized within this German forum post. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |