Home windows computer systems and servers replace on a month-to-month foundation. Most of those updates are self-installing and wish no different interplay. Generally, although, you’ll want to add registry keys to allow or disable extra safety settings. I mentioned the extra registry keys needed for Spectre and Meltdown safety earlier, however different updates typically want extra settings.
One method to find out about these wanted registry settings is to learn the safety bulletin. Your vulnerability scanner may point out lacking protections after it scans your community, too. At occasions the brand new registry keys are usually not a part of a safety bulletin however a part of a safety advisory. An advisory is distributed when there isn’t a patch launched. Advisories typically give details about extra protections you want or an upcoming change in updates that can affect your techniques.
Blocking unsafe ticket-granting tickets in Home windows
Within the February updates, for instance, advisory ADV190006 identified an upcoming change that can affect Lively Listing implementations. The advisory notes a change outlined in Information Base article KB4490425 in how Microsoft handles ticket-granting tickets (TGTs). At present the default configuration once you belief identities from one other Lively Listing forest lets an attacker within the trusting forest request delegation of a TGT for an identification from the trusted forest.
This unsafe situation impacts Server 2019, Server 2016, Server 2012 R2 and Server 2012. In July 2019, Microsoft will launch an replace to harden Server 2008 R2 and Server 2008. Within the meantime, the advisory offers steering on learn how to block unsafe TGT delegation throughout an incoming belief by setting the netdom flag EnableTGTDelegation to “no” utilizing the next command.
