All posts in category Windows Server 2022

Always On VPN Security Updates February 2025

After a few months without any security updates directly affecting Microsoft Always On VPN administrators, the February 2025 security updates include fixes for two vulnerabilities in Windows Server Routing and Remote Access Service (RRAS) servers, commonly deployed to support Always On VPN.

RRAS Updates

This month’s updates for Windows Server RRAS cover the following publicly announced CVEs.

Importance

Both updates are for heap-based buffer overflow Remote Code Execution (RCE) vulnerabilities. These vulnerabilities are rated as important and require user interaction to execute, making exploitation less likely.

KB5014754

Importantly, this month’s release enables full enforcement of strong certificate mapping on Windows domain controllers by default. Full enforcement for strong certificate mapping was first introduced with Microsoft security update KB5014754. I’ve written about this recently, so hopefully, everyone is prepared! If your Always On VPN connections begin to fail after applying the February 2025 security updates to your domain controllers, your certificates may not be strongly mapped. Fortunately, there’s a workaround. You can learn more here.

Additional Information

Microsoft February 2025 Security Updates

Strong Certificate Mapping Enforcement February 2025

KB5014754 Certificate-based Authentication Changes on Windows Domain Controllers

Leave a comment
by Richard M. Hicks on February 11, 2025  •  Permalink
Posted in Always On VPN, AOVPN, Microsoft, routing and remote access service, RRAS, Security, Security Update, Update, VPN, Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025
Tagged , , , , , , , , , ,

Posted by Richard M. Hicks on February 11, 2025

https://directaccess.richardhicks.com/2025/02/11/always-on-vpn-security-updates-february-2025/

Always On VPN Security Updates December 2024

Microsoft released the December 2024 security updates earlier today, and there are a few important items that Windows Always On VPN administrators should take note of. Specifically, the December 2024 security update includes six CVEs affecting the Windows Server Routing and Remote Access Service (RRAS), commonly used for Always On VPN deployments.

RRAS Updates

This month’s updates for Windows Server RRAS cover the following publicly announced CVEs.

Importance

All of the security vulnerabilities outlined above are Remote Code Execution (RCE) and are rated Important. However, they all require local administrative rights for an attacker to leverage, reducing the risk of compromise. However, administrators are encouraged to update their systems as soon as possible.

Additional Information

Microsoft December 2024 Security Updates

Leave a comment
by Richard M. Hicks on December 10, 2024  •  Permalink
Posted in Always On VPN, AOVPN, Microsoft, Security Update, Update, VPN, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025
Tagged , , , , , , , , , , ,

Posted by Richard M. Hicks on December 10, 2024

https://directaccess.richardhicks.com/2024/12/10/always-on-vpn-security-updates-december-2024/

Strong Certificate Mapping Error with PKCS

Microsoft recently announced support for strong certificate mapping for certificates Intune PKCS and SCEP certificates. Administrators are encouraged to update their Intune Certificate Connector servers and SCEP device configuration policies to support this capability as soon as possible.

PKCS

Organizations that use PKCS device configuration policies to deploy certificates to Intune-managed endpoints may have encountered the following error message in the event log on the Intune Certificate Connector server.

System.NullReferenceException: CertEnroll::CX509Extension::Initialize: Invalid pointer 0x80004003 (-2147467261 E_POINTER) at CERTENROLLLib.IX509Extension.Initialize(CObjectId pObjectId, EncodingType Encoding, String strEncodedData)

Known Issue

The above error is a known issue that has been resolved with the November security updates. If you encounter this error, install the latest Microsoft security update from November 2024.

Additional Information

Strong Certificate Mapping for Intune PKCS and SCEP Certificates

Intune Strong Certificate Mapping Error

Leave a comment
by Richard M. Hicks on November 18, 2024  •  Permalink
Posted in Active Directory Certificate Services, Certificate Authentication, Certificate Authority, Certificate Connector for Intune, Certificate Services, Certificate-Based Authentication, certificates, Intune, Intune Certificate Connector, Intune PFX Connector, Microsoft, Microsoft Endpoint Manager, Microsoft Intune, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025
Tagged , , , , , , , , ,

Posted by Richard M. Hicks on November 18, 2024

https://directaccess.richardhicks.com/2024/11/18/strong-certificate-mapping-error-with-pkcs/

« Older Posts
Newer Posts »