0

Microsoft Defender for Identity–Replaced Domain Controller

The below environment was migrated from one hosting provider to another.  Unfortunately one DC did not survive, and it was removed from the domain.  This was done by using dsa.msc as it can now clean up the AD metadata rather than using NTDSUtil.  That was a welcome change in Windows Server 2008.

A replacement server with the same name was built, joined to the domain and then promoted to be a DC.  T… Read the rest “Microsoft Defender for Identity–Replaced Domain Controller”

1

April 2021 Exchange Security Updates

Today is patch Tuesday for April 2021 and there are critical Exchange server security updates in the release.  You can review all of the affected products on the MSRC blog or on the Security Update Guide (SUG).

Updates have been released for supported versions of Exchange 2013, 2016 and 2019.  Details can be found in KB 5001779.

Update 5-5-2021.  Two articles with known issues relating to this securitRead the rest “April 2021 Exchange Security Updates”

0

Exchange & TCP/IP Port Range

The below is an interesting result after installing Exchange.  The act of installing Exchange will change how TCP/IP operates on the server with respect to ephemeral connections.

This may manifest itself in a few ways.

For example:

  • Security or Network are "surprised" with different network behaviour on an Exchange server when reviewing captures
  • Network team sets a very restrictive firewall ACL which is
Read the rest “Exchange & TCP/IP Port Range”
0

Installing Microsoft Defender For Identity – February 2021

Installing Microsoft Defender for Identity

Microsoft Defender for Identity (MDI) is a critical component in the Defender security stack, designed to protect on-premises Active Directory (AD) environments from advanced attacks such as credential theft, lateral movement, and domain dominance. Before it carried the Defender name, this product had a long and interesting evolution.  One that mirrors Microsoft’s broader journey into identity sec… Read the rest “Installing Microsoft Defender For Identity – February 2021”

0

Install March 2021 Security Update–Exchange 2013 Net Framework 4.7.2

You will have seen the multiple posts and communications around the Hafnium Exchange security issue.  One of the most disconcerting issues has been the number of Exchange installs that have not been patched in several years.  Once the storm has abated, I'll put down some thoughts and talk through some of the most problematic issues, but for now let's focus on the task in hand.  Security updates ar… Read the rest “Install March 2021 Security Update–Exchange 2013 Net Framework 4.7.2”

11

Collected Links For Hafnium – March 2021 Exchange Security Issue

The below are a series of links, tips and some very brief thoughts on Hafnium.  I will purposefully not include the content of the other locations as it is changing so rapidly, and there is no way to ensure that it would be updated here in a timely fashion.

 

 

If you read nothing else, please ensure that you install the update from an elevated CMD prompt if you are manually installing. 

FaiRead the rest “Collected Links For Hafnium – March 2021 Exchange Security Issue”

0

TLS Musings

TLS Options In Browser

Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are protocols that provide secure communications.  Today several versions of these protocols exist, and not all of them are considered secure by Microsoft or other security companies.

Schannel is a Security Support Provider (SSP) that implements the SSL, TLS and Datagram Transport Layer Security (DTLS) Internet standard authentication pro… Read the rest “TLS Musings”

0

Exchange 2010 SP3 RU32 Released

Today is an out of band security release for Exchange.  Due to the way that Exchange 2010 is serviced, security updates are released as a new update rollup (RU).

You can visit the Microsoft Security  Response Center to read the details about this and the other released security updates.

Download Exchange 2010 SP3 RU32

Note – The image does not show RU 32, and I'll update it once the download site is corrected. 

This is build 14.03.Read the rest “Exchange 2010 SP3 RU32 Released”

2

Out of Band Critical Exchange Security Updates–March 2021

Security updates were released today for Exchange 2010, 2013, 2016 and 2019.  Attacks were detected which leveraged these vulnerabilities, so an out of band set of updates was released

This a remote code execution on TCP 443 and is already being exploited as a 0-Day attacks against on-premises Exchange servers.

Microsoft strongly recommends installing this update immediately.  Internet facing serverRead the rest “Out of Band Critical Exchange Security Updates–March 2021”

0

Initial Defender for Endpoint Setup

Installing MDE

Endpoint security has always been a cornerstone of enterprise protection. Microsoft Defender for Endpoint (MDE) is the enterprise offering from Microsoft in this space.  MDE is a leading solution for advanced threat detection and response.  MDE is not a new product, it has already been in market for several years.  You would have recognised it by the previous names  Microsoft Advanced Threat ProteRead the rest “Initial Defender for Endpoint Setup”