Active Directory Certificate Services (ADCS) PKI Domain Admin Vulnerability

Microsoft have published a vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/ADV210003 which allows an attacker to use the NTLM authentications to begin an attack chain to make an unauthenticated NTLM connection that is then relayed to allow a connection to the Active Directory Certificate Services (ADCS), this assuming the auto-enrollment is enabled means that an attacker can make a request […]

More...

Dell Openmanage DNS Records for Server Initiated Discovery (with Microsoft DNS)

OpenManage Enterprise version 3.4 allows automatic discovery of servers that have iDRAC firmware version 4.00.00.00 or later. The appliance can be configured to allow these servers to automatically locate the console by querying the DNS and initiate their discovery. The instructions (and this) give the use of the TUI or manual creation for Dell Openmanage […]

More...

Leaky Print Spooler Vulnerability (CVE-2021-1675)

So it appears that there is a vulnerability identified in Microsoft Windows machines running Active Directory, this is covered on the Register: https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/ Until you patch this you can just disable the “Printer Spooler” service on your Domain Controllers and well to be honest you don’t need this running on the Domain Controller anyway. Edit: […]

More...

Kemp Load Master and Palo Alto Firewall – Random Packet Drops and Disconnections

We had a rather irritating issue whereby we were seeing intermittent packet drops and connection failures on our Kemp Load Master. The Kemp Load Master sat inbetween a Palo Alto Firewall within a DMZ zone. Client connections from the Internet would be directed to the Kemp Load Master in the DMZ, which would then make […]

More...