Connect with us

Cyber Security

Microsoft Released an Out-of-Band Update for Windows to Address Authentication Issues

Avatar

Published

on

MICROSOFT

In order to fix authentication problems relating to a newly patched Kerberos flaw, Microsoft issued an out-of-band update for Windows last week.

The problem is linked to the subkey value of the Perform Ticket Signature register in CVE-2020-17049, a bypass security function flaw in Kerberos Key Distribution Center (KDC) patched by Microsoft on November 2020 Patch Tuesday.

CVE-2020-17049, clarified in an advisory by the tech firm, exists in the way in which KDC decides whether tickets through Kerberos Constrained Delegation (KCD) are eligible for delegation.

A compromised server designed to use KCD could leverage a service ticket that is not legitimate for delegation to compel the KDC to allow it in order to exploit the vulnerability. The upgrade fixes this vulnerability by modifying how Microsoft states that the KDC validates service tickets used for KCD.

Last week the company disclosed that a variety of problems could arise on writable and read-only domain controllers (DC), including tickets that are not renewed for non-Windows Kerberos clients and S4UProxy delegation fail when PerformTicketSignature is set to 1 (default), and services fail when PerformTicketSignature is set to 0.0 for all clients.

To fix a documented problem concerning Kerberos authentication, an optional out-of-band upgrade is now available on the Microsoft Update List. Ticket renewal and other tasks, such as scheduled tasks and clustering, may fail as part of this problem. Microsoft states that this phenomenon only concerns Windows Servers and Windows 10 computers and apps in business environments.

The business advises that only affected organisations instal their domain controllers with the out-of-band update. In addition, Microsoft advises that after downloading the update, there are several problems that businesses should be aware of about the Microsoft Input System Editor (IME) for Japanese or Chinese languages.

In a post last week in addition to applying the upgrade to all of the DCs and RODCs (Read-Only Domain Controllers) in the environment, Microsoft Japan issued a set of guidelines on the steps administrators could take to resolve certain issues.

Source: https://cybersguards.com/microsoft-released-an-out-of-band-update-for-windows-to-address-authentication-issues/

Cyber Security

Microsoft Edge, Google Chrome Roll Out Password Protection Tools

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/microsoft-edge-google-chrome-roll-out-password-protection-tools/163272/

Continue Reading

Cyber Security

Amazon Kindle RCE Attack Starts with an Email

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/amazon-kindle-attack-email/163282/

Continue Reading

Cyber Security

ADT Tech Hacks Home-Security Cameras to Spy on Women

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/adt-hacks-home-security-cameras/163271/

Continue Reading

Cyber Security

Discord-Stealing Malware Invades npm Packages

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/discord-stealing-malware-npm-packages/163265/

Continue Reading
Automotive1 hour ago

Boring Company eyes Vegas tunnel grand opening with video game themed party

Amb Crypto1 hour ago

Litecoin Price Analysis: 24 January

Amb Crypto3 hours ago

Chainlink, Monero, BitTorrent Price Analysis: 24 January

Amb Crypto3 hours ago

XRP, VeChain, Ethereum Classic Price Analysis: 24 January

having-registered-a-new-ath-whats-next-for-chainlink.gif
Amb Crypto4 hours ago

Having registered a new ATH, what’s next for Chainlink?

Amb Crypto4 hours ago

Tezos Price Analysis: 24 January

Amb Crypto4 hours ago

Is MicroStrategy’s Bitcoin bet the highlight of 2021?

Automotive5 hours ago

Tesla Model S “Refresh” spied track testing

Amb Crypto5 hours ago

How long will institutions pull the weight of Bitcoin’s price rally?

Automotive6 hours ago

SpaceX Falcon 9 rocket snags world record for most satellites launched at once

Amb Crypto6 hours ago

Cardano, Qtum, Ontology Price Analysis: 24 January

Amb Crypto6 hours ago

SushiSwap’s whales may push the price even higher, here’s why

AI7 hours ago

No Trees Harmed: MIT Aims to One Day Grow Your Kitchen Table in a Lab

AI8 hours ago

Plato had Big Data and AI firmly on his radar

Amb Crypto8 hours ago

Polkadot, Dash, Uniswap Price Analysis: 24 January

Amb Crypto8 hours ago

Will range-bound Bitcoin fuel an altcoin rally?

Automotive8 hours ago

Tesla FSD’s vision-based approach critiqued by Waymo CEO: ‘Our sensors are orders of magnitude better’

Amb Crypto9 hours ago

Bitcoin Price Analysis: 24 January

Amb Crypto9 hours ago

China’s DCEP to be tested in Beijing and Shanghai

Amb Crypto12 hours ago

Stellar Lumens Price Analysis: 24 January

Amb Crypto14 hours ago

Ethereum, Aave, Algorand Price Analysis: 24 January

Amb Crypto1 day ago

Stellar Lumens, Cosmos, Zcash Price Analysis: 23 January

Automotive1 day ago

Tesla Powerwalls selected for first 100% solar and battery neighborhood in Australia

Amb Crypto1 day ago

Why has Bitcoin’s brief recovery not been enough

Amb Crypto1 day ago

Bitcoin Cash, Synthetix, Dash Price Analysis: 23 January

Amb Crypto1 day ago

XRP Price Analysis: 23 January

Amb Crypto1 day ago

Binance Coin, Augur, Compound Price Analysis: 23 January

Automotive1 day ago

Tesla ruins David Einhorn’s near-perfect Q4 at Greenlight Capital

Amb Crypto1 day ago

Who pulls the trigger on Bitcoin’s volatility?

Amb Crypto1 day ago

Why now is the best time to buy Bitcoin, Ethereum

Trending