All posts tagged security update

Always On VPN November 2023 Security Updates

Microsoft has released its security updates for November 2023. For Always On VPN administrators, it’s a light month, with just a single CVE affecting Always On VPN infrastructure.

PEAP

CVE-2023-36028 addresses a remote code execution (RCE) vulnerability in the Microsoft Protected Extensible Authentication Protocol (PEAP). An attacker could exploit this vulnerability by sending a specially crafted PEAP packet to a Windows Network Policy Server (NPS). This attack does not require authentication or user interaction.

Affected Systems

This PEAP vulnerability affects only NPS servers configured to support PEAP authentication explicitly. PEAP authentication is a best practice configuration for Always On VPN deployments and is widely deployed. NPS servers deployed to support other services, such as Wi-Fi or router and switch access that are configured to allow PEAP authentication, are also affected.

Exposure

NPS servers are not (or should not be!) exposed directly to the public Internet. This limits the attack surface to adversaries already on the internal network.

Mitigation

Microsoft suggests disabling PEAP authentication support on NPS servers until the update is applied. However, this would break the majority of Always On VPN deployments today. Since disabling PEAP isn’t a viable option, administrators can reduce their attack surface by updating the NPS firewall rules to restrict access only to authorized VPN servers or other network devices until their systems are fully updated.

Additional Information

November 2023 Security Updates

CVE-2023-36028 PEAP Remote Code Execution Vulnerability

4 Comments
by Richard M. Hicks on November 14, 2023  •  Permalink
Posted in Active Directory, administration, Always On VPN, AOVPN, authentication, CVE, EAP, Enterprise, enterprise mobility, Infrastructure, Microsoft, Mobility, network policy server, NPS, Operational Support, PEAP, Protected EAP, Remote Access, Security, Security Update, Update, user tunnel, VPN, Windows Server 2016, Windows Server 2019, Windows Server 2022
Tagged , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on November 14, 2023

https://directaccess.richardhicks.com/2023/11/14/always-on-vpn-november-2023-security-updates/

Always On VPN October 2023 Security Updates

Once again, it’s time to patch! After several quiet months, there are a few crucial updates Always On VPN administrators will want to get deployed soon. Thankfully, the impact of the security updates related to Always On VPN is low this time, as there is only one Remote Code Execution (RCE) vulnerability, and it’s for a legacy protocol that should be in limited use today.

IKEv2

CVE-2023-36726 addresses a security vulnerability in Windows Internet Key Exchange (IKE) that can lead to privilege escalation. An attacker who successfully exploits this vulnerability can elevate privileges to that of the local SYSTEM.

L2TP

This month’s update discloses several Layer Two Tunneling Protocol (L2TP) vulnerabilities. The following CVEs all address a vulnerability where an attacker can send a specially crafted protocol message to a Windows Routing and Remote Access Service (RRAS) server, which could lead to remote code execution on the server.

Mitigation

The impact of the L2TP security vulnerabilities should be minimal in most organizations. L2TP is a legacy VPN protocol not commonly used for Always On VPN. However, misconfiguration can leave vulnerable RRAS servers exposed. Administrators must ensure that inbound UDP port 1723 is not open from the Internet. In addition, L2TP should be disabled on the RRAS server if not in use. See the article on the May 2023 security updates for details.

Additional Information

October 2023 Security Updates

Leave a comment
by Richard M. Hicks on October 10, 2023  •  Permalink
Posted in Always On VPN, AOVPN, Enterprise, enterprise mobility, Hotfix, IKEv2, Infrastructure, Microsoft, Mobility, Operational Support, Remote Access, routing and remote access service, RRAS, Security, Security Update, user tunnel, VPN, Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022
Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on October 10, 2023

https://directaccess.richardhicks.com/2023/10/10/always-on-vpn-october-2023-security-updates/

Always On VPN Windows 11 Status Indicator

Viewing the status of an Always On VPN connection has been challenging since the introduction of this technology. To see if an Always On VPN connection is active, users must proactively click on the network status icon in the system tray to view the current connection status. Optionally, users can use the Settings application in Windows and select the Network & Internet tab to view the Always On VPN connection status. Further, there were no options to see VPN status in the system tray natively if the user is using a consumer VPN such as Proton VPN.

New Status Indicator

Always On VPN administrators will be happy to hear that Microsoft recently introduced a new VPN status indicator for Windows 11. Beginning with the July 2023 cumulative update (KB5028185), users will begin to see a new network status icon (a small shield) on the network connectivity indicator on the system tray in Windows. Microsoft calls this new feature “glanceable VPN“.

Source: https://blogs.windows.com/windowsexperience/2023/05/23/announcing-new-windows-11-innovation-with-features-for-secure-efficient-it-management-and-intuitive-user-experience/

Consumer VPN

While this new VPN status indicator is helpful for Always On VPN deployments, it is not limited to Always On VPN. The VPN status indicator will also display the lock icon in the system tray when the device is connected to any recognized VPN. The new VPN status indicator will include third-party enterprise VPN clients as well as some consumer VPNs.

Additional Information

Windows 11 July 2023 Update KB5028185

Always On VPN Device Tunnel Status Indicator

2 Comments
by Richard M. Hicks on July 20, 2023  •  Permalink
Posted in administration, Always On VPN, AOVPN, Enterprise, enterprise mobility, Microsoft, Mobility, NCSI, network connectivity status indicator, Operational Support, Remote Access, Security, Security Update, Update, user tunnel, VPN, Windows 11
Tagged , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on July 20, 2023

https://directaccess.richardhicks.com/2023/07/20/always-on-vpn-windows-11-status-indicator/

« Older Posts