All posts in category AD CS

Always On VPN Security Updates October 2024

Microsoft has released the October 2024 security updates, and numerous issues may impact Always On VPN administrators. Although many CVEs affect Always On VPN-related services that are Remote Code Execution (RCE) vulnerabilities, none are critical this cycle.

RRAS Updates

This month, Microsoft has provided 12 updates for the Windows Server Routing and Remote Access Service (RRAS), commonly deployed to support Always On VPN deployments. Most of these CVEs involve overflow vulnerabilities (heap and stack), input validation weaknesses, and buffer over-read and overflow vulnerabilities. All are rated important, and there are no known exploits currently.

CVE-2024-38212

CVE-2024-38261

CVE-2024-38265

CVE-2024-43453

CVE-2024-43549

CVE-2024-43564

CVE-2024-43589

CVE-2024-43592

CVE-2024-43593

CVE-2024-43607

CVE-2024-43608

CVE-2024-43611

Related Updates

In addition to the updates above, Microsoft also released fixes for security vulnerabilities in various related services that are important to Always On VPN administrators.

Windows Network Address Translation (NAT)

The following CVEs address denial of service vulnerabilities in the Network Address Translation (NAT) service.

CVE-2024-43562

CVE-2024-43565

Certificate Services

Always On VPN administrators will also find updates for CVEs affecting various certificate services-related components.

CVE-2024-43545OCSP Denial of Service Vulnerability

CVE-2024-43541Simple Certificate Enrollment Protocol (SCEP) Denial of Service Vulnerability

CVE-2024-43544Simple Certificate Enrollment Protocol (SCEP) Denial of Service Vulnerability

Recommendations

Always On VPN administrators are encouraged to update systems as soon as possible. However, since none of the CVEs is rated Critical, updates can be applied during standard update windows.

Additional Information

Microsoft October 2024 Security Updates

Leave a comment
by Richard M. Hicks on October 8, 2024  •  Permalink
Posted in Active Directory Certificate Services, AD CS, Always On VPN, AOVPN, Certificate Authentication, Certificate Authority, Certificate Services, certificates, CVE, Enterprise, enterprise mobility, Hotfix, Mobility, NDES, Network Device Enrollment Service, Network Device Enrollment Services, PKI, Remote Access, routing and remote access service, RRAS, SCEP, Security, Simple Certificate Enrollment Protocol, Update, Vulnerability, Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025
Tagged , , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on October 8, 2024

https://directaccess.richardhicks.com/2024/10/08/always-on-vpn-security-updates-october-2024/

Workplace Ninja Summit Switzerland 2024

I’m excited to announce that I’ll be presenting at the upcoming Workplace Ninja Summit in beautiful Lucerne, Switzerland. The event takes place from September 16-19, 2024, and covers topics such as Microsoft Intune, System Center Configuration Manager (SCCM), Entra, PowerShell, Azure Virtual Desktop (AVD), Windows 365, and more.

My Sessions

I will be delivering two talks at this year’s conference.

  • Simplified Certificate Management with Cloud PKI for Microsoft Intune
  • Strong Authentication with Entra Certificate-Based Authentication

I will provide links to the sessions with dates and times when they are available.

Let’s Connect!

Will you be attending the conference? Let’s get together! Drop me a note on X or LinkedIn, or fill out the form below, and we’ll discuss anything you’d like. Hope to see you there!

Contact Me

Leave a comment
by Richard M. Hicks on August 1, 2024  •  Permalink
Posted in Active Directory Certificate Services, AD CS, authentication, Azure, Azure Active Directory, Azure AD, Certificate Authentication, Certificate Authority, Certificate Connector for Intune, Certificate Services, certificates, cloud, Cloud PKI, Cloud Service, Endpoint Manager, Enterprise, Entra, Entra ID, InTune, Intune Certificate Connector, Intune PFX Connector, MDM, MEM, Microsoft, Microsoft Endpoint Manager, Microsoft Entra, Microsoft Entra ID, Microsoft Intune, Mobile Device Management, PFX Connector, PKCS, PKI, public cloud, public key infrastructure, SCCM, SCEP, Security, Simple Certificate Enrollment Protocol, System Center Configuration Manager, systems management, Windows 10, Windows 11
Tagged , , , , , , , , , , , , ,

Posted by Richard M. Hicks on August 1, 2024

https://directaccess.richardhicks.com/2024/08/01/workplace-ninja-summit-switzerland-2024/

Cloud PKI for Microsoft Intune on RunAs Radio

Recently, I joined my good friend Richard Campbell on his popular RunAs Radio podcast. In this episode, we discussed Microsoft’s new Cloud PKI for Intune service. Cloud PKI for Intune is a PKI-as-a-service solution that allows organizations to issue and manage digital certificates without deploying on-premises infrastructure. Optionally, Cloud PKI for Intune supports integration with an existing on-premises PKI. Cloud PKI for Intune isn’t without a few drawbacks, though. We discuss all the benefits and limitations during this podcast, so be sure to listen!

Additional Information

Cloud PKI for Microsoft Intune on RunAs Radio Episode 943

Overview of Cloud PKI for Microsoft Intune

Cloud PKI for Microsoft Intune and Active Directory

Cloud PKI for Microsoft Intune SCEP URL

Cloud PKI for Microsoft Intune and Certificate Templates

2 Comments
by Richard M. Hicks on July 31, 2024  •  Permalink
Posted in Active Directory Certificate Services, AD CS, ADCS, administration, authentication, Azure Active Directory, Azure AD, Certificate Authentication, Certificate Authority, Certificate Connector for Intune, Certificate Services, certificates, cloud, Cloud PKI, Cloud Service, Cryptography, Device Management, Encryption, Endpoint Manager, Enterprise, Entra, Entra ID, Infrastructure, InTune, Intune Certificate Connector, Intune PFX Connector, MDM, MEM, Microsoft, Microsoft Endpoint Manager, Microsoft Entra, Microsoft Entra ID, Microsoft Intune, Mobile Device Management, Multifactor Authentiction, PFX Connector, PKCS, PKI, public cloud, public key infrastructure, SCEP, Security, Simple Certificate Enrollment Protocol, Windows 10, Windows 11
Tagged , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on July 31, 2024

https://directaccess.richardhicks.com/2024/07/31/cloud-pki-for-microsoft-intune-on-runas-radio/

« Older Posts