All posts tagged CVE

Always On VPN Security Updates February 2025

After a few months without any security updates directly affecting Microsoft Always On VPN administrators, the February 2025 security updates include fixes for two vulnerabilities in Windows Server Routing and Remote Access Service (RRAS) servers, commonly deployed to support Always On VPN.

RRAS Updates

This month’s updates for Windows Server RRAS cover the following publicly announced CVEs.

Importance

Both updates are for heap-based buffer overflow Remote Code Execution (RCE) vulnerabilities. These vulnerabilities are rated as important and require user interaction to execute, making exploitation less likely.

KB5014754

Importantly, this month’s release enables full enforcement of strong certificate mapping on Windows domain controllers by default. Full enforcement for strong certificate mapping was first introduced with Microsoft security update KB5014754. I’ve written about this recently, so hopefully, everyone is prepared! If your Always On VPN connections begin to fail after applying the February 2025 security updates to your domain controllers, your certificates may not be strongly mapped. Fortunately, there’s a workaround. You can learn more here.

Additional Information

Microsoft February 2025 Security Updates

Strong Certificate Mapping Enforcement February 2025

KB5014754 Certificate-based Authentication Changes on Windows Domain Controllers

Leave a comment
by Richard M. Hicks on February 11, 2025  •  Permalink
Posted in Always On VPN, AOVPN, Microsoft, routing and remote access service, RRAS, Security, Security Update, Update, VPN, Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025
Tagged , , , , , , , , , ,

Posted by Richard M. Hicks on February 11, 2025

https://directaccess.richardhicks.com/2025/02/11/always-on-vpn-security-updates-february-2025/

Always On VPN Security Updates December 2024

Microsoft released the December 2024 security updates earlier today, and there are a few important items that Windows Always On VPN administrators should take note of. Specifically, the December 2024 security update includes six CVEs affecting the Windows Server Routing and Remote Access Service (RRAS), commonly used for Always On VPN deployments.

RRAS Updates

This month’s updates for Windows Server RRAS cover the following publicly announced CVEs.

Importance

All of the security vulnerabilities outlined above are Remote Code Execution (RCE) and are rated Important. However, they all require local administrative rights for an attacker to leverage, reducing the risk of compromise. However, administrators are encouraged to update their systems as soon as possible.

Additional Information

Microsoft December 2024 Security Updates

Leave a comment
by Richard M. Hicks on December 10, 2024  •  Permalink
Posted in Always On VPN, AOVPN, Microsoft, Security Update, Update, VPN, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025
Tagged , , , , , , , , , , ,

Posted by Richard M. Hicks on December 10, 2024

https://directaccess.richardhicks.com/2024/12/10/always-on-vpn-security-updates-december-2024/

November 2024 Microsoft Security Updates and DirectAccess

With the November 2024 security updates, Microsoft disclosed a vulnerability (CVE-2024-43639) in the Windows Server KDC Proxy service. This is a Remote Code Execution (RCE) vulnerability with a max severity rating of Critical. If you still use Microsoft DirectAccess for remote access, you’ll want to pay close attention to this bulletin.

KDC Proxy and DirectAccess

When DirectAccess is installed and configured, the KDC Proxy Service is enabled automatically and by default. By design, DirectAccess servers are exposed to the Internet, which significantly increases the risk of this vulnerability. Organizations that have deployed DirectAccess are encouraged to update their systems immediately.

Workaround

There is no known workaround available at this time. Apply the latest security updates to mitigate this risk.

Additional Information

Windows KDC Proxy Remote Code Execution Vulnerability

Microsoft DirectAccess Formally Deprecated

Leave a comment
by Richard M. Hicks on November 14, 2024  •  Permalink
Posted in Active Directory, authentication, CVE, DirectAccess, Enterprise, Infrastructure, KDC Proxy, Microsoft, Operational Support, Remote Access, Security, Security Update, Update, Vulnerability
Tagged , , , , , , , , , , , ,

Posted by Richard M. Hicks on November 14, 2024

https://directaccess.richardhicks.com/2024/11/14/november-2024-microsoft-security-updates-and-directaccess/

« Older Posts