MalwareTech Posted November 8, 2022 Share Posted November 8, 2022 It's patch Tuesday again! Heard some rumors about some more MS Exchange vulnerabilities, but no big announcements like is typical with serious vulns. The patch usually goes live at 10 AM PST, and almost immediately you can find a summary of everything in it on the ZDI blog. URL for when patch goes live should be: https://www.zerodayinitiative.com/blog/2022/11/8/the-november-2022-security-update-review 3 Link to comment Share on other sites More sharing options...
MalwareTech Posted November 8, 2022 Author Share Posted November 8, 2022 Nothing too crazy this month. A patch for an ITW exploited EoP, mark of web bypass, and exchange RCE. Patched Exchange RCE is the ProxyNotLogon one which required authentication. 2 Link to comment Share on other sites More sharing options...
Dkleeman Posted November 11, 2022 Share Posted November 11, 2022 On 11/8/2022 at 6:35 PM, MalwareTech said: Nothing too crazy this month It's pretty crazy that the Windows Server patch is killing all kerberos authentication if you have followed advice to turn off RC4-HMAC in your domain using policies. Steve Syfuhs has posted on Twitter: "Not official guidance, but we're seeing reports where certain auths are failing when users have their msDS-SupportedEncryptionTypes attribute explicitly being set to AES only (decimal 24, hex 0x18)." We have this problem having applied the patches. The solution seems to be to set the attribute to hex 0x1c. The surprising thing (to me) is that this isn't causing a complete riot over the entire Windows Server customer-base. Maybe very few people have, in fact, turned off RC4-HMAC. One fun thing about this attribute is that to work out what is going on you need Myst-level skills to work out what encryption types you actually have approved: https://pbs.twimg.com/media/FhIv1KzXkAIRJZA?format=png&name=900x900 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now