In February 2022, Center for Internet Security (CIS) released the Microsoft Windows Server 2022 Benchmark v1.0.0 that provides prescriptive guidance for establishing a secure configuration posture for Microsoft Windows. CIS have said about the benchmark, “This secure configuration guide is based on Microsoft Windows Server 2022 (Release 21H2) and is intended for all versions of Microsoft Windows Server 2022 operating system, including older versions.

For decades, Microsoft’s Windows Server has been a mainstay for businesses of all sizes, most notably as a file server. However, as companies adapt to remote work, increasing cyber threats, and growing data privacy regulation, many are considering shifting their Windows file server to the cloud—or replacing it altogether. Egnyte is a great fit for companies looking to migrate their Windows file server to a modern platform designed for the new way of work.

In July 2022, Microsoft disclosed a vulnerability in the Windows Server Service that allows an authenticated user to remotely access a local API call on a domain controller, which triggers an NTLM request. This results in a leak of credentials that allows an attacker to authenticate to Active Directory Certification Services (ADCS) and to generate a client certificate that enables remote code execution on a domain controller.

The Security Accounts Manager (SAM) is a database file in Windows operating system that comprises of usernames and passwords. The main aim behind SAM is to make our system more secure and reliable by protecting credentials in case of a data breach. Configuring SAM gives users the ability to authenticate themselves to the local machine if an account has been created for them in security accounts manager.

Adversaries often exploit legacy protocols like Windows NTLM that unfortunately remain widely deployed despite known vulnerabilities. Previous CrowdStrike blog posts have covered critical vulnerabilities in NTLM that allow remote code execution and other NTLM attacks where attackers could exploit vulnerabilities to bypass MIC (Message Integrity Code) protection, session signing and EPA (Enhanced Protection for Authentication).

Controlling your Windows PC remotely can open a world of possibilities; remote work, remote assistance, remote system diagnosis and network troubleshooting are just some of the advantages of using Remote Desktop Protocol or RDP. Developed by Microsoft, RDP allows you to remotely connect to another computer over a network, giving you full access to and control over the computer’s software, data and resources.

On Friday, May 27, Security vendor nao_sec identified a malicious document leveraging a zero-day RCE vulnerability (CVE-2022-30190) in Microsoft Windows Support Diagnostic Tool (MSDT). The actively exploited vulnerability exists when MSDT is called using the URL protocol from a calling application, such as Microsoft Word.

Monday, May 30th, 2022, Microsoft issued CVE-2022-30190 for a Remote Code Execution vulnerability with the Microsoft Support Diagnostic Tool (MSDT) in Windows: “A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.

On Friday, May 27, 2022, Security vendor nao_sec identified a malicious document leveraging a zero-day remote code execution RCE vulnerability (CVE-2022-30190) in Microsoft Windows Support Diagnostic Tool (MSDT). The actively exploited vulnerability exists when MSDT is called using the URL protocol from a calling application, such as Microsoft Word.

This month, Microsoft announced a vulnerability in PPTP, a part of the VPN remote access services on Windows systems that runs on port 1723/tcp. Through Microsoft’s MAPP program, Corelight Labs reviewed a proof of concept exploit for this vulnerability and wrote a Zeek®-based detection for it.