Always On VPN Security Updates December 2024

Microsoft released the December 2024 security updates earlier today, and there are a few important items that Windows Always On VPN administrators should take note of. Specifically, the December 2024 security update includes six CVEs affecting the Windows Server Routing and Remote Access Service (RRAS), commonly used for Always On VPN deployments.

RRAS Updates

This month’s updates for Windows Server RRAS cover the following publicly announced CVEs.

Importance

All of the security vulnerabilities outlined above are Remote Code Execution (RCE) and are rated Important. However, they all require local administrative rights for an attacker to leverage, reducing the risk of compromise. However, administrators are encouraged to update their systems as soon as possible.

Additional Information

Microsoft December 2024 Security Updates

Always On VPN DPC Open Source

Recently, I wrote about the demise of PowerON Platforms, the company behind the popular Always On VPN Dynamic Profile Configurator (DPC) software that allows administrators to deploy and manage Always On VPN client configuration settings using Active Directory Group Policy or Microsoft Intune with custom ADMX/ADML. Initially, the future of DPC was uncertain. However, I’m happy to announce that DPC will continue to be developed.

DPC Open Source

The lead developer of DPC and my good friend Leo D’Arcy retained the source code for the product and has been working diligently to decommercialize the software. That work has been completed, and Always On VPN DPC is now available via open source. You can find the source code for DPC on GitHub here.

DPC Features

This initial open-source release (version 5.0.0) contains no significant new features or functionality. Most of the development efforts focused on removing references to PowerON Platforms (registry paths, binary names, etc.).

Support

Today, DPC support is community-based. You can report issues on the GitHub issues page for DPC. In addition, you can ask questions about DPC on Discord in the Microsoft Remote Access UG. Leo and I will monitor the group closely and answer any questions you might have there.

Deployment

If you’re not a DPC user today, I encourage you to have a look at its impressive feature set. Not only does DPC make Always On VPN deployment and management easier, but it also includes many advanced capabilities that will make connections more stable and reliable. Here are some links to articles outlining some of those advanced features.

Migration

If you already have a previous commercial release of Always On VPN DPC deployed, migrating to the new open-source DPC is straightforward. You will find guidance for migrating your existing DPC configuration here.

Contribute

Now that DPC is open source, we encourage everyone to contribute. If you have development skills, feel free to help. If you have feedback or feature requests, don’t hesitate to submit them!

Learn More

Are you interested in learning more about Always On VPN DPC? Would you like a personal demonstration of DPC’s features and capabilities? Do you need help migrating from a previous release to the new open-source software? Fill out the form below and I’ll contact you with more information.

Additional Information

Always On VPN DPC Open Source on GitHub

PowerON Platforms Are No More

Microsoft Ignite 2024

The Microsoft Ignite conference will be held November 19-22, 2024, at the McCormick Place Conference Center in Chicago, IL. Ignite is the premier Microsoft event of the year and will be packed with many announcements about new products and technologies. Ignite is also a fantastic learning event with experts worldwide in attendance.

Meet Up

I’m excited to announce that Microsoft has invited me to participate in the event as part of their Expert Meet-Up program. I will spend time at the Windows Server station in the Azure Infrastructure section of the Hub. Below are the days and times I’ll be available.

  • Tuesday, November 19 – 3:30 PM to 7:30 PM CST
  • Wednesday, November 20 – 2:30 PM to 6:00 PM CST
  • Thursday, November 21 – 2:30 PM to 6:00 PM CST

Let’s Connect

Be sure to drop by and say hello! We can chat about Windows Server and Azure Infrastructure. Of course, we can also discuss all the technologies I usually work with, including Entra Private Access, Always On VPN, Intune and Cloud PKI, and certificates in general. I will also attend many social gatherings during the week, so look for me at those as well.

I look forward to seeing you at the event!

Additional Information

Microsoft Ignite 2024