Tag: Security

New MVA learning paths for IT pros

Learn about the new paths for IT pros:

  • PowerShell: Beginner. Step up your IT pro game with foundational knowledge of PowerShell. Learn to use the command line to solve an issue, automate your infrastructure, and more.
  • PowerShell: Advanced. Go beyond the basics with scripting, reusable tools, and cmdlets—all taught by the architect and inventor of PowerShell, Jeffrey Snover.
  • Security for IT Pros. Beef up your security know-how with practical tips and tricks from the Microsoft security team.
  • DevOps for IT Pros. Your devs need you! Learn more about application performance and support monitoring with Microsoft Azure.
  • Introduction to Windows Server 2012 R2. Command this leading-edge server with tutorials on installation, roles, Microsoft Active Directory, storage, performance management, and maintenance.
  • Windows Server 2012 R2 Security and Identity. Build upon your security knowledge with Windows Server 2016 fundamentals, like Active Directory, basic PKI, and BYOD concepts.
  • Windows Server 2012 R2 Compute. Discover everything you need to know about virtualization and storage with courses on IP address management, server networking, Microsoft Hyper-V, and more.

Exchange 2007 reaches end of life on April 11

On April 11, 2017, Exchange Server 2007 will reach End of Life. If you haven’t already begun your migration from Exchange 2007 to Office 365 or Exchange 2016, you need to start planning now.

End of life means that Microsoft will no longer provide the following for Exchange 2007:

  • Free or paid assisted support (including custom support agreements)
  • Bug fixes for issues that are discovered and that may impact the stability and usability of the server
  • Security fixes for vulnerabilities that are discovered and that may make the server vulnerable to security breaches
  • Time zone updates

Your installation of Exchange 2007 will continue to run after this date. However, because of the changes listed above, we strongly recommend that you migrate from Exchange 2007 as soon as possible.

To learn about your options for migrating from Exchange 2007 to Office 365 or a newer version of Exchange Server, check out Exchange 2007 End of Life Roadmap.

Fix “Already Used” status VMware Horizon View

When linked-clone desktops are not cleanly logged off and the “Refresh on logoff” policy is used, VMware Horizon View marks the desktop as “Already used” and blocks other users from accessing the machine.

This “Already Used” state is a default VMware security feature which prevents other users from accessing the previous user’s data and allows a VMware Horizon View administrator to investigate potential problems with the desktop.

The VMware Horizon View desktop can also go into the “Already Used” state if a virtual machine is powered on on another ESXi host in the cluster in response to an HA event, or if it was shut down without reporting to the broker that the user had logged out.

The problem with this “Already Used” state is that the default within VMware Horizon View waits until a View Administrator actually does something to resolve the issue.

To resolve the “Already Used” issue, you can

  • Refresh or delete the desktop through teh VMware Horizon View Administrator console (this is a manual action)
  • Set an LDAP attribute pae-DirtyVMPolicy in the VMware Horizon View ADAM database under OU=Server Groups,DC=vdi, DC=vmware, DC=int
    • pae-DirtyVMPolicy=0 – This is the default behavior of leaving the desktop in the error state and not available for use.
    • pae-DirtyVMPolicy=1 – This allows desktops that were not cleanly logged off to be available without being refreshed. The desktop is available in the pool for another user.
    • pae-DirtyVMPolicy=2 – This setting will automatically refresh a desktop in the “already used” state and make it available again in the pool.

I prefer to set the pae-DirtyVMPolicy to 2 so “Already Used” situations will be automatically resolved by VMware Horizon View.

Changing the pae-DirtyVMPolicy needs to be done for each pool.

Manual method of setting the pae-DirtyVMPolicy value:

  • Start the ADSI Edit utility on your VMware Horizon View Connection Server host. Go to Start > Programs > ADAM > ADAM ADSI Edit.
  • Select or type a Distinguished Name or connect to DC=vdi, DC=vmware, DC=int.
  • Select or type a domain or server to localhost:389.
  • Locate the OU=Server Groups for editing.
  • Under the Server Groups OU, double-click CN=pool_name. This opens the properties of the CN.
  • Click the pae-DirtyVmPolicy attribute and click Edit.
  • Set the pae-DirtyVmPolicy attribute

PowerCLI method of setting the pae-DirtyVMPolicy value:

  • Create a function “Set-DirtyVMPolicy”

function Set-DirtyVmPolicy([string]$desktopid, [int]$policy) {
     $pool = [ADSI](“LDAP://localhost:389/cn=” + $desktopid + “,ou=server groups,dc=vdi,dc=vmware,dc=int”)
     $pool.put(“pae-DirtyVmPolicy”, $policy )
     $pool.setinfo()
     }

  • Run the function on the desktop pool

Set-DirtyVMPolicy -desktopid <yourdesktoppoolid> -policy 2

AlreadyUsed

References: Ituda & TheFinalByte

Mobile security is more important than ever!!!

The most used device these days is a mobile phone. Malware/Spyware/Hacking is everywhere, anytime,anywhere See: Update: Lookout re-airing on 60 Minutes

Some latest news about Mobile Security Alerts:

Hundreds of millions of devices potentially affected by first major iOS malware outbreak

Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire

Soo what can you do about it:

Install Security app on your device: So i installed the free version of lookout on my phone.

unnamed

It works great so far: Testing it.

MS16-108: Security update for Exchange Server 2007/2010/2013/2016

Summary

This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In Libraries that are built into Exchange Server. This issue might occur if an attacker sends an email message with a specially crafted attachment to a vulnerable Exchange Server computer. To learn more about this vulnerability, see Microsoft Security Bulletin MS16-108.

More information about this security update

The following articles contain more information about this security update as it relates to individual product versions.

  • 3184736 MS16-108: Description of the security update for Exchange Server 2016 and Exchange Server 2013: September 13, 2016
  • 3184728 MS16-108: Update Rollup 15 for Exchange Server 2010 Service Pack 3: September 13, 2016
  • 3184711 MS16-108: Update Rollup 21 for Exchange Server 2007 Service Pack 3: September 13, 2016

Security Bulletin: iOS “Pegasus” Malware and iOS 9.3.5 Security Update

On Aug. 25, 2016,  Apple announced updates to address security vulnerabilities in iOS version 9.3.4 and earlier. The affected components include the iOS kernel and WebKit.

The vulnerabilities can result in jailbreak, remote code execution, and memory corruption.  Security researchers at Lookout, Inc. have identified a high risk malware application, called “Pegasus”, that uses the vulnerabilities to compromise user devices.

MobileIron recommends that users update to iOS version 9.3.5 or later to obtain the necessary security patches. The security researchers have confirmed that the iOS patches prevent the vulnerabilities from being exploited.

Three vulnerabilities were patched in iOS 9.3.5.  The vulnerabilities are referred to collectively as “Trident”.  The reported CVE identifiers include:

  • CVE-2016-4655: An application may be able to disclose kernel memory.
  • CVE-2016-4656: An application may be able to execute arbitrary code with kernel privileges.
  • CVE-2016-4657: Visiting a maliciously crafted website may lead to arbitrary code execution.

Detection of Pegasus Jailbreak:

According to the security researchers at Lookout, EMM vendors cannot currently detect the Pegasus jailbreak. At this time, the only known method to detect Pegasus is to use products from Lookout.

Source: http://blaud.com/blog/pegasus-malware-ios-9-3-5-security-update_lookout_mobileiron

Very Important: Security update KB3159398 will break Group Policy

There is a known issue with the MS16-072/KB3163622 patch. This update will break GPO’s with faulty rights. Examples: Drives appear on domain systems that should be hidden, mapping drives don’t work, and other typical GPO settings aren’t getting applied.

To resolve this issue, use the Group Policy Management Console (GPMC.MSC) and follow one of the following steps:

1. Add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO).

2. If you are using security filtering (WMI), add the Domain Computers group with read permission.

Translate »