Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Windows Local Administrator Password Solution ( Windows LAPS) is a built-in Windows feature designed to seamlessly handle and safeguard the password for a local administrator account on devices joined to either Microsoft Enterprise or Windows Server Active Directory domains. Additionally, Windows LAPS can be utilized to automatically manage and secure the Directory Services Restore Mode (DSRM) account password on Windows Server Active Directory domain controllers.

Windows administrators have cautioned that after applying the KB5035855 and KB5035857 updates, released as part of March 2024 Patch Tuesday for Windows Server 2016 and Windows Server 2022, domain controllers running the updated versions of Windows Server may experience crashes and reboots. Affected servers are freezing and rebooting stemming from a memory leak in the Local Security Authority Subsystem Service (LSASS), leading to continually increasing memory usage over time.

This policy enables users on the network to establish connections with the computer, and it’s necessary for several network protocols such as Server Message Block (SMB), NetBIOS, Common Internet File System (CIFS), and Component Object Model Plus (COM+).

When I want to explain Windows Storage Spaces (formerly known as Windows Storage Pools), I always refer to RAID (Redundant Array of Independent Disks). Almost every IT Admin is familiar with the concept of RAID technology. Let’s take a moment to refresh our memory.

LAN Manager (LM) authentication level is a security setting that determines how Windows systems authenticate network connections. It is a legacy authentication protocol developed by Microsoft for use in older versions of Windows network operations. There are three main protocols involved in LAN Manager Authentication: The LAN Manager Authentication Level setting allows you to choose which protocols your system will use or accept for authentication.

In the previous article, we covered some fundamental information you should know before installing WSUS in your infrastructure. Just to refresh your memory, WSUS stands for Windows Server Update Service, and it is used for the centralized update and reporting of Microsoft-based products. This includes Windows, Windows Servers, Exchange, SQL, SharePoint, and others.

SDDL, or Security Descriptor Definition Language, defines the string format that the ConvertSecurityDescriptorToStringSecurityDescriptor and ConvertStringSecurityDescriptorToSecurityDescriptor functions use to describe the security settings of an object in Windows as a text string. Think of it like a simple language for defining who can access an object (like a file, folder, or registry key) and what they can do with it.

Like most organizations, your company likely invested in various Microsoft products. The Microsoft ecosystem provides businesses with nearly every kind of technology necessary, from workstation operating systems to Azure to Windows 365 that includes cloud-native versions of their traditional Office tools and the communication platform Teams. However, attackers are just as invested in the Microsoft ecosystem.

The cybersecurity landscape is undergoing a significant shift, moving from security tools monitoring applications running within userspace to advanced, real-time approaches that monitor system activity directly and safely within the kernel by using eBPF. This evolution in kernel introspection is particularly evident in the adoption of projects like Falco, Tetragon, and Tracee in Linux environments.