Categorized Directory

Main Menu

  • Home
  • Search directory
  • Web crawlers
  • Collect data
  • Indexation
  • Bankroll

Categorized Directory

Header Banner

Categorized Directory

  • Home
  • Search directory
  • Web crawlers
  • Collect data
  • Indexation
  • Bankroll
Search directory
Home›Search directory›Microsoft fixes bugs in .NET framework that acquires or sets Active Directory information

Microsoft fixes bugs in .NET framework that acquires or sets Active Directory information

By Ed Robertson
February 7, 2022
0
0
The Microsoft logo is displayed outside the Microsoft Technology Center near Times Square, June 4, 2018, in New York City. (Photo by Drew Angerer/Getty Images)

Microsoft released an out-of-band update on Friday to fix bugs in the software maker’s .NET Framework that acquires or sets Active Directory (AD) forest trust information.

In a blog post, Microsoft said it made the update after realizing that once users installed updates released on January 11 or later, AD information could fail, shut down, or administrators system could receive an error from an application or from Windows. It was also possible to receive an access violation error (0xc0000005).

These out-of-band updates are not available from Windows Update and will not install automatically. Microsoft said security professionals interested in the standalone package should find the Knowledge Base (KB) number for their version of Windows and .NET Framework in the Microsoft Update Catalog. They can then manually import updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.

Sometimes patches cause collateral damage, said John Bambenek, principal threat hunter at Netenrich. Bambenek said it’s often difficult to test all possible impacts of a patch, especially when it involves an API where custom code may be running and Microsoft may have very little visibility into how it is. used. “Releasing it as an out-of-band patch means that developers and IT admins will have to do whatever they can to find out the patch exists and deploy it,” Bambenek said.

Johnny Martinelli, director of cybersecurity training at GRIMM, said that while this bugfix update is only indirectly related to a more security-focused patch, the cybersecurity implications of Patch Tuesday recently buggy are real. Martinelli said cybersecurity experts who have been waging the battle between IT and cybersecurity long enough know one of many truths: System administrators prioritize availability over security.

“The regular release of patches (security or otherwise) that have not been thoroughly tested for stability, as we saw in January, will very quickly erode system administrators’ confidence in those patches, forcing them to wait for other companies have tried them in the field and reported any issues,” Martinelli said. The proof-of-concept exploit will be made public, but system administrators will choose not to patch due to fears of instability. This time of uncertainty can quickly become a playground of close at hand and exploitable fruit, and companies that are discovered to subscribe to this “n-1″ security patching practice may even find themselves labeled as easy targets. which are prioritized for an attack each month on Patch Tuesday.”

Tyler Shields, CMO at JupiterOne, said security professionals commonly refer to Active Directory as the “keys to the realm.”

“Targeting the system that holds account authorization and authentication data can result in a massive compromise of an organization,” Shields said. “It’s one of the most commonly deployed account management systems and it needs to be secure and up to date at all times.”

Related posts:

  1. Google warns against manual actions for UGC spam
  2. Expecting a baby? Doulas supports your comfort, safety and health
  3. New names debut on BizWest’s list of public companies – Loveland Reporter-Herald
  4. Update of the Madison Canadian Sawmills Registration Directory * coming soon *

Categories

  • Bankroll
  • Collect data
  • Indexation
  • Search directory
  • Web crawlers

Recent Posts

  • Live-Action TV Spider-Mans Who Didn’t Appear in No Way Home
  • Bennet bill would create federal definition of school shooting, direct incident data collection
  • The 10 Most In-Demand Entry-Level Remote Jobs Landing Right Now
  • Face-Scanner Clearview accepts the limits of the legal settlement | Economic news
  • Ex-minister embroiled in Hellenic row over staff cuts

Archives

  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • Privacy Policy
  • Terms and Conditions