1

Remediate SWEET32 — Disable TLS_RSA_WITH_3DES_EDE_CBC_SHA For Windows Server 2012 R2

Remediate Sweet32

Admins have become very aware of the need to adjust the Schannel protocol settings for TLS to enable TLS 1.2 and to disable older versions.  However, the cipher suites do not always receive the same amount of attention and may be left at their default values.

If you are reading this post there is a good chance that your security auditors have flagged a weak cipher is enabled on your server, and the… Read the rest “Remediate SWEET32 — Disable TLS_RSA_WITH_3DES_EDE_CBC_SHA For Windows Server 2012 R2”

0

Defender Portal Enable Audit – Is That The Unified Audit Log?

Defender Portal Enable Audit - Unified Audit Log

This was a question from a recent customer engagement:  Why is the Microsoft Defender portal asking me to turn on the Unified Audit Log when I already have that enabled?

In the Defender portal https://security.microsoft.com this banner message was present: "To use this feature, turn on auditing so we can start recording user and admin activity in your organisation"

You can see that in the example scr… Read the rest “Defender Portal Enable Audit – Is That The Unified Audit Log?”

0

Microsoft Defender for Office 365 Blog Compiled links

Microsoft Defender for Office 365 Blog Compiled links

Below are a series of links to the main Microsoft Defender for Office 365 blog.  Shortcuts added here as this is one of my shared bookmarks.

Note that some links have KQL queries and IOCs related to that specific attack.

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

12-July-2022

 

 

Evolved phishing: Device registration trick adds to phis

Read the rest “Microsoft Defender for Office 365 Blog Compiled links”
0

HealthChecker Script & Schannel TLS Registry Issues

Health Checker Issue With TLS Registry Keys

Unfortunately issues can arise when third-party tools are used to modify TLS settings on a Windows Server. While these utilities are often intended to simplify the process of hardening or tuning protocols, they can introduce serious side effects.  Especially in environments running applications like Exchange Server, IIS or other components that depend on schannel. Misapplied registry changes, unsu… Read the rest “HealthChecker Script & Schannel TLS Registry Issues”

2

Out of Band Critical Exchange Security Updates–March 2021

Security updates were released today for Exchange 2010, 2013, 2016 and 2019.  Attacks were detected which leveraged these vulnerabilities, so an out of band set of updates was released

This a remote code execution on TCP 443 and is already being exploited as a 0-Day attacks against on-premises Exchange servers.

Microsoft strongly recommends installing this update immediately.  Internet facing serverRead the rest “Out of Band Critical Exchange Security Updates–March 2021”

0

Exchange Managed Availability Broken With TLS 1.2 Changes

In most enterprise customers there is a segregation of duties between multiple teams.  This could be networking and desktop.  Or Windows Server platform and messaging.  It was the split in these roles, and especially a dearth of communication which led to this tale of woe with TLS 1.2 and Exchange.

The reasons for moving to TLS 1.2 and avoiding SSL2, SSL3, TLS 1.0 and TLS 1.1 should be well underst… Read the rest “Exchange Managed Availability Broken With TLS 1.2 Changes”

0

Critical Schannel Vulnerability – MS14-066

Not So Happy Security WidgetIn the November 2014 security bulletin there were 14 updates released.  The updates resolved security issues in IE, OLE and Schannel.  It is the latter that is worth calling out for attention since this is the basis of the Microsoft implementation of SSL. Exchange makes heavy use of SSL, and is typically connected to the Internet.

You can read about the other security details in the security bulletRead the rest “Critical Schannel Vulnerability – MS14-066”

0

Important Upcoming Certificate Changes

Please be aware that there is a pending change for the minimum key length for certificates with RSA keys.  The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

 

 

The update is available on the Download Center as well as… Read the rest “Important Upcoming Certificate Changes”