fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Fixes New Windows Kerberos Security Bug In Staged Rollout

Microsoft Fixes New Windows Kerberos Security Bug In Staged Rollout

Microsoft has issued security updates to address a Kerberos security feature bypass vulnerability impacting multiple Windows Server versions in a two-phase staged rollout.

The vulnerability tracked as CVE-2020-16996 is exploitable remotely by attackers with low privileges as part of low complexity attacks where user interaction is not required.

Affects Active Directory DCs and RODCs

CVE-2020-16996 exists on Active Directory DCs (Domain Controllers) and RODCs (Read-Only Domain Controllers) only on servers where the Protected Users global security group is available and the Resource-Based Constrained Delegation (RBCD) is enabled.

The vulnerability impacts only Windows server platforms from Windows Server 2012 up to the latest version Windows Server, version 20H2 (Server Core Installation).

Microsoft’s security advisory says that there is no evidence of active exploitation of this security bug in the wild or of publicly available CVE-2020-16996 exploit code.

Kerberos is the default authentication protocol for domain connected devices running Windows 2000 and later and it enables authentication of users, computers, and services so that authorized services and users can securely access resources.

Also Read: 5 Self Assessment Tools To Find The Right Professional Fit

CVE-2020-16996 mitigation

Admins have to take the following measures for full CVE-2020-16996 mitigation to protect their enterprise environment from attacks:

  1. Update all devices that host the Active Directory domain controller role by installing the December 8, 2020 Windows update or a later Windows update. Be aware that installing the Windows update does not fully mitigate the security vulnerability. You must perform Step 2.
  2. Enable Enforcement mode on all Active Directory domain controllers. Starting with the February 9, 2021 update, Enforcement mode can be enabled on all Windows domain controllers.

“Mitigation consists of the installation of the Windows updates on all devices that host the Active Directory domain controller role and read-only domain controllers (RODCs), and then enabling Enforcement mode,” Microsoft says.

Additional information on how to deploy these security updates including details on the updates required to be installed before installation, the installation procedure, and potential issues that may arise is available in this advisory.

The security updates addressing this Kerberos security bypass bug are released in two phases:

  • The initial deployment phase for Windows updates released on or after December 8, 2020.
  • The enforcement phase for Windows updates released on or after February 9, 2021.

Issues with previous Kerberos security bypass bug fixes

Microsoft also fixed a similar vulnerability (tracked as CVE-2020-17049) during November 2020’s Patch Tuesday.

Unlike CVE-2020-16996, that bug was much harder to exploit since it required attackers to have high administrative privileges to successfully exploit it in high complexity attacks.

The CVE-2020-17049 security updates caused Kerberos authentication problems on patched enterprise domain controllers including authentication issues when using S4U scenarios and cross-realm referrals failures on Windows and non-Windows devices for Kerberos referral tickets.

One week after the release of the security updates, Microsoft released out-of-band optional updates to fix the Kerberos authentication issues on all impacted Windows versions.

Also Read: Computer Misuse Act Singapore: The Truth And Its Offenses

Microsoft also published patching guidance with additional details on how to fully mitigate the CVE-2020-17049 Kerberos security bug.

To comprehensively address CVE-2020-17049, Microsoft has released new CVE-2020-17048 security updates on December 2020 Patch Tuesday with “fixes for all known issues originally introduced by the November 10, 2020 security updates.”

” Microsoft strongly recommends that customers running any of these versions of Windows Server install the updates and then follow the steps outlined in https://support.microsoft.com/help/4598347 to enable full protection on domain controller servers,” the company adds in an update to the CVE-2020-17049 security advisory.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us