With the November 2013 security bulletin release, Microsoft advises that DirectAccess includes a vulnerability that could allow security feature bypass. This update affects all supported versions of Microsoft Windows and addresses an issue with how the DirectAccess server authenticates connections with DirectAccess clients. The vulnerability could be leveraged by an attacker to pose as a man-in-the-middle and intercept their communication. For more details, please review Microsoft Security Advisory 2862152.
Awards
Consulting
Pluralsight
Newsletter
- 6to4
- AADJ
- Absolute
- Absolute Secure Access
- Absolute Software
- Active Directory
- Active Directory Certificate Services
- AD CS
- ADC
- ADCS
- Admin Center
- administration
- Always On VPN
- Always On VPN Book
- Always On VPN DPC
- AMA
- Amazon EC2
- Amazon Web Services
- AOVPN
- AOVPN Book
- AovpnDPC
- application delivery controller
- Application Filter
- authentication
- AWS
- Azure
- Azure Active Directory
- Azure AD
- Azure AD Join
- Azure App Proxy
- Azure Application Gateway
- Azure Application Proxy
- Azure Conditional Access
- Azure Load Balancer
- Azure MF
- Azure MFA
- Azure Traffic Manager
- Azure Virtual WAN
- Azure VPN
- Azure VPN Gateway
- BIG-IP
- CBA
- Certificate Authentication
- Certificate Authority
- Certificate Connector for Intune
- Certificate Services
- Certificate-Based Authentication
- certificates
- Cisco
- Cisco Umbrella
- Cisco Umbrella Roaming Client
- Citrix ADC
- cloud
- Cloud PKI
- Cloud Service
- Cloudflare
- Community
- Compliance
- Conditional Access
- Conference
- Consulting Services
- Cryptography
- CVE
- Deployment
- Device Management
- device tunnel
- DirectAccess
- DirectAccess Book
- DirectAccess Deprecated
- DirectAccess End of Life
- DirectAccess EOL
- Discord
- DNS
- DNS Policies
- DPC
- Dynamic Profile Configurator
- EAP
- EC2
- ECC
- education
- Elliptic Curve Cryptography
- encapsulation
- Encryption
- end of life
- Endpoint Manager
- Enterprise
- enterprise mobility
- Entra
- Entra CBA
- Entra Certificate-Based Authentication
- Entra Conditional Access
- Entra Global Secure Access
- Entra ID
- Entra Internet Access
- Entra Private Access
- Entra Private Network Connector
- EOL
- Event
- extensible authentication protocol
- F5
- force tunnel
- force tunneling
- Forefront TMG 2010
- Forefront UAG 2010
- Forum
- General
- Geographic Redundnacy
- GitHub
- Global Secure Access
- global server load balancer
- Group Policy
- GSA
- GSLB
- HAADJ
- High Availability
- Hotfix
- Hybrid Azure AD Join
- Hybrid Entra ID Join
- Hybrid Entra Join
- IKEv2
- iManage
- Important Links
- Infrastructure
- InTune
- Intune Certificate Connector
- Intune PFX Connector
- IP-HTTPS
- IPv6
- IPv6 Transition
- ISATAP
- KDC Proxy
- Kemp
- Kerberos
- L2TP
- learning
- Load Balancing
- LoadMaster
- local traffic manager
- LTM
- Manage Out
- MDM
- MEM
- MEMCM
- MFA
- Microsoft
- Microsoft Endpoint Manager
- Microsoft Entra
- Microsoft Entra Global Secure Access
- Microsoft Entra ID
- Microsoft Entra Internet Access
- Microsoft Entra Private Access
- Microsoft Ignite
- Microsoft Intune
- Mobile Device Management
- Mobility
- Multifactor Authentiction
- multisite
- MVP
- NAC
- Name Resolution
- name resolution policy table
- NAP
- NCA
- NCSI
- NDES
- NetMotion
- NetMotion Mobility
- NetMotion Software
- Netscaler
- Network Access Control
- network connectivity assistant
- network connectivity status indicator
- Network Device Enrollment Service
- Network Device Enrollment Services
- network policy server
- nmap
- NPS
- NRPT
- Offline Domain Join
- OMA-DM
- OMA-URI
- Open Source
- OpenDNS
- OpenSSL
- OpenVPN
- Operational Support
- OTP
- PEAP
- PFX Connector
- PKCS
- PKI
- Pluralsight
- PointSharp
- PowerShell
- PPTP
- Private Network Connector
- Professional Services
- ProfileXML
- Protected EAP
- Proxy
- Proxy Server
- public cloud
- public key infrastructure
- Quad9
- RasMan
- RDP
- Recommended Reading
- Remote Access
- Remote Administration
- Remote Desktop Protocol
- reporting
- routing
- routing and remote access service
- RRAS
- RSAT
- SASE
- SCCM
- SCEP
- Secure Access Service Edge
- Secure Service Edge
- Secure Socket Tunneling Protocol
- Secure Web Gateway
- Security
- Security Service Edge
- Security Update
- Server Core
- Simple Certificate Enrollment Protocol
- SMSS
- Split DNS
- split tunnel
- split tunneling
- SQL
- SQL Server
- SQL Server 2022
- SQL Server Management Studio
- SSE
- SSL
- SSL and TLS
- SSMS
- SSTP
- Surface Pro
- Surface Pro 4
- SWG
- System Center 2012
- System Center Configuration Manager
- systems management
- Teredo
- TLS
- TLS 1.3
- TND
- TPM
- Traffic Filter
- Training
- transition technology
- Transport Layer Security
- troubleshooting
- Trusted Network Detection
- Trusted Platform Module
- Uncategorized
- Update
- user tunnel
- video
- Visual Studio
- Visual Studio Code
- VPN
- VPN Proxy
- VS Code
- Vulnerability
- Web Application Proxy
- Web Proxy
- Web Proxy Server
- webinar
- Windows 10
- Windows 11
- Windows 7
- Windows 8
- Windows 8.1
- Windows Admin Center
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
- Windows Server 2025
- Workshop
- WorkSite
- XML
- Zero Trust
- Zero Trust Network Access
- Zscaler
- ZTNA
Vulnerability in DirectAccess Could Allow Security Feature Bypass
Posted by Richard M. Hicks on November 12, 2013
https://directaccess.richardhicks.com/2013/11/12/vulnerability-in-directaccess-could-allow-security-feature-bypass/
Always On VPN Book
DirectAccess Book
-
Recent Posts
Resources
- About Me
- Absolute Secure Access
- Absolute Secure Access Enterprise VPN
- Absolute Secure Access Purpose-Built Enterprise VPN Advanced Features In Depth
- Absolute Secure Access Zero Trust Network Access
- Absolute Secure Access ZTNA
- Always On VPN
- Always On VPN and Multifactor Authentication
- Always On VPN Book
- Always On VPN DPC
- Always On VPN DPC
- Always On VPN DPC Advanced Features
- Always On VPN DPC with Intune
- Always On VPN Training
- Choosing an Enterprise VPN
- Citrix NetScaler ADC Load Balancing
- Consulting
- Consulting Services
- Contact
- Digital Certificates and TPM
- Digital Certificates for Strong Authentication
- DirectAccess
- DirectAccess Consulting and Troubleshooting Services
- DirectAccess Consulting Services
- DirectAccess End of Life (EOL)
- DirectAccess is now Always On VPN
- DirectAccess Training
- Drawbacks of Multifactor Authentication
- Enterprise Mobility
- Enterprise PKI
- Enterprise VPN
- Entra Global Secure Access
- Entra Private Access
- F5-BIG-IP Load Balancing
- How Do VPNs Protect You From Cyber Threats?
- Implementing Always On VPN
- Implementing DirectAccess with Windows Server 2016
- Intune and Certificates Training
- IPv6
- Kemp LoadMaster Load Balancing
- Microsoft Entra Global Secure Access
- Multifactor Authentication (MFA)
- NetMotion Mobility
- NetMotion Mobility Enterprise VPN
- NetMotion Mobility Purpose-Built Enterprise VPN
- NetMotion Mobility Purpose-Built Enterprise VPN Advanced Features In Depth
- Network Security and Virtual Private Networks (VPNs)
- Newsletter
- PKI
- Richard M. Hicks Consulting Named in Enterprise Networking Magazine’s Top 10 VPN Consulting Services for 2020
- Secure Access Service Edge (SASE)
- Secure Service Edge (SSE)
- Secure Web Gateway
- Security Service Edge (SSE)
- SSE vs. SASE
- Training
- Virtual Private Network (VPN)
- Virtual Private Networking (VPN) and the Cloud
- What Is a Secure Web Gateway?
- What is a VPN?
- What Is Always On VPN
- What's The Difference Between SSE and SASE?
- Zero Trust
- Zero Trust Network Access (ZTNA)
- ZTNA
Always On VPN Resources
DirectAccess Resources
Active Directory ADC AD CS Always On VPN AOVPN application delivery controller authentication Azure CA certificate certificates Certification Authority cloud configuration device tunnel DirectAccess DNS EAP education encryption endpoint manager enterprise mobility error F5 firewall Forefront UAG GPO group policy high availability hotfix IKEv2 Important Links InTune IP-HTTPS IPsec IPv6 IPv6 transition technology Kemp learning load balancer load balancing LoadMaster management Manage Out MDM MEM Microsoft Microsoft Endpoint Manager Microsoft Intune Mobility multisite NetMotion Mobility Networking network location server network policy server NLB NLS NPS NRPT performance PKI PowerShell ProfileXML public cloud public key infrastructure RADIUS RAS RasClient redundancy Remote Access routing routing and remote access service RRAS SCCM SCEP security SSL SSTP System Center Configuration Manager TLS training troubleshooting UAG update user tunnel VPN vulnerability warning Windows Windows 7 Windows 8 Windows 10 Windows 11 Windows Server Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server 2022 XML
vgbestVafran
/ November 22, 2013Hi Richard,
I’m confused about this update. We are using DirectAccess scenario in our network.
I understood I have to apply the security update on the DA client (IPSec initiator) but not entirely got clear about registry editing and how. My questions are –
What certificate type that KB article referring? We have Computer Certificate which has EKU configured for client and server authentication issued by our internal enterprise root CA and IP-HTTPS certificate for external publishing which has EKU configured for server authentication.
So, if I’m not wrong I have to add registry value on UAG server side only?
I see two type of configuration for certificate authentication for Directaccess -certification authentication by using AuthIP and Certification authentication by using IKEv1 .What type of authentication by default DirectAccess client do in basic scenario?
In Registry edit, what IPv4/IPv6 or DNS should add as DATA value of the new registry key?
Sorry for multiple questions. I have read the KB article over and over but not got clear. your explanation would be much helpful to me.
Thanks 🙂
Richard Hicks
/ November 23, 2013You are not the only one who is confused about this update. 🙂 I’m working on a blog post to add some clarification for it. Stay tuned…
vgbest
/ November 24, 2013That’s a great news. waiting for the post .. 🙂