Windows

Patch Tuesday, June 2018 | Pushing 11 Critical Security Updates

Are you ready for the latest in security patch updates?  I’m not, but it’s that time again.

Ref: https://www.catalog.update.microsoft.com/Search.aspx?q=windows+security+update+2018

 

Microsoft today released security patch updates for more than 50 vulnerabilities, affecting Windows, Internet Explorer, Edge, MS Office, MS Office Exchange Server, ChakraCore, and Adobe Flash Player—11 of which are rated critical and 39 as important in severity.

Only one of these vulnerabilities: CVE-2018-8267 | Scripting Engine Memory Corruption Vulnerability is a remote code execution flaw (CVE-2018-8267) in the scripting engine, is listed as being publicly known at the time of release. The flaw exists within the IE rendering engine and triggers when it fails to properly handle the error objects, allowing an attacker to execute arbitrary code in the context of the currently logged-in user.

There are a few others included are:

CVE-2018-8225 | Windows DNSAPI Remote Code Execution Vulnerability

The most critical bug Microsoft patched this month is a remote code execution vulnerability (CVE-2018-8225) exists in Windows Domain Name System (DNS) DNSAPI.dll, affecting all versions of Windows starting from 7 to 10, as well as Windows Server editions.

The vulnerability resides in the way Windows parses DNS responses, which could be exploited by sending corrupted DNS responses to a targeted system from an attacker-controlled malicious DNS server.

CVE-2018-8231 | HTTP Protocol Stack Remote Code Execution Vulnerability

The critical bug is a remote code execution flaw (CVE-2018-8231) in the HTTP protocol stack (HTTP.sys) of Windows 10 and Windows Server 2016, which could allow remote attackers to execute arbitrary code and take control of the affected systems.

CVE-2018-8213 | Windows Remote Code Execution Vulnerability

Critical remote code execution vulnerability (CVE-2018-8213) affecting Windows 10 and Windows Server exist in the way the operating system handles objects in memory. Successful exploitation could allow an attacker to take control of an affected Windows PC.

CVE-2018-0886 – CredSSP Remote Code Execution Vulnerability

Description

A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system. CredSSP is an authentication provider which processes authentication requests for other applications; any application which depends on CredSSP for authentication may be vulnerable to this type of attack. As an example of how an attacker could exploit this vulnerability against Remote Desktop Protocol, the attacker would need to run a specially crafted application and perform a man-in-the-middle attack against a Remote Desktop Protocol session. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting how Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process.

The vulnerability impacts Windows 7, Windows 8.1, and Windows 10 systems, as well as Windows Server 2008, Windows Server 2012, and Windows Server 2016.

Download patches here

To address the issue, Microsoft released an update to correct the manner in which CredSSP validates requests during the authentication process. The update patches the CredSSP authentication protocol and the Remote Desktop clients for all affected platforms.

“Mitigation consists of installing the update on all client and server operating systems and then using included Group Policy settings or registry-based equivalents to manage the setting options on the client and server computers. We recommend that administrators apply the policy and set it to “Force updated clients” or “Mitigated” on client and server computers as soon as possible,” Microsoft says.

I have noticed that this patch has been disruptive to system owners who use remote desktop to access and manage servers.  Installing the patch on a client host w/o having it installed on the remote endpoint will end in an error preventing you from accessing them.

 

Its best to upgrade endpoints (servers) before client systems

Ref: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0886

 

Windows Server 2016 Core: Active Directory Domain Services

To lower my memory footprint in my home lab I decided to move from into Windows Server 2016 Core.  That said running Active Directory Domain Service seems to be the perfect candidate to start with my new architectured lab environment.

There are several prerequisites required for enabling ADDS, but I am not going to get into those here as if your reading this, there is a good chance you already know what those are.

We will be installing what is commonly referred to as a new forest/domain.

Step 1: Validate your hostname, IP address, and DNS settings

  1. Log into the console of your Windows Server 2016 Core System
    You need to log in as an administrator and should arrive at a command prompt
  2. Enter the command Sconfig and press enter
    The Server Configuration tool interface should be displayed
  3. Use the setting options to validate your host’s configuration

 

Step 2:  Installing Domain Services 

  1. From the Windows Server 2016 Core command prompt type: powershell then press enter.
    This will change your shell mode to PowerShell allowing you to use additional commands.
  2. Type Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
    This will install the ADDS roles on the Windows Server 2016 Core System
  3. When completed type: Install-ADDSForest -DomainName yourdomain.tld
    Here is where you choose the name of your domain to be installed.
  4. You will be required to provide a recovery password, please enter one and take note of it
  5. Next, you will be asked to confirm the pending changes and allow the server host to be restarted
    Click yes to continue
  6. Your server will be restarted and return as a Domain Controller

 

Step 3: Validate DC Services

  1. From the Windows Server 2016 Core command prompt type: powershell then press enter.
    This will change your shell mode to PowerShell allowing you to use additional commands.
  2. Issue the following command line: Get-Service adws,kdc,netlogon,dns
    This will return details on the installed services 
  3. Issue the command Get-SmbShare
    This returns details about available shares, specifically the systvol and netlogon shares
  4. Use the get-eventlog command to review logs
    Example: get-eventlog “Directory Service” | select entrytype, source, eventid, message

 

Windows Server 2016 Core: Apply Windows Updates, with SCONFIG

In my previous post ‘Windows Server 2016 Core Configuration, with SCONFIG‘ I stepped through how to use the sconfig tool to modify settings on Windows Server 2016 Core.  In this post, I will introduce you to how to go about running Windows Updates and applying them to your server.

Here are the steps I used:

  1. Log into the console of your Windows Server 2016 Core System
    You need to log in as an administrator and should arrive at a command prompt
  2. Enter the command Sconfig and press enter
    The Server Configuration tool interface should be displayed
  3. Select 6 from the Server Configuration List
    This opens the Windows update software, allowing you to search for updatable software
  4. Select from the list of results the software update that you would like to download and install.
    You can choose a single update or update them all
  5. Depending on the update you may be required to reboot your system, select yes to restart

That’s it – Congrats you have updated your Windows Server 2016 Core Server

Windows Server 2016 Core Configuration, with SCONFIG

Windows Server 2016 Core has a built-in configuration tool named Sconfig.  This tool is used to configure and manage several aspects of Server Core installations. This simplifies tasks such as changing settings such as network, remote desktop, hostname and domain memberships, etc.

To use the Server Configuration Tool

  1. Log into the console of your Windows Server 2016 Core System
    You need to log in as an administrator and should arrive at a command prompt
  2. Enter the command Sconfig and press enter
    The Server Configuration tool interface should be displayed

 

Note: You can use Server Configuration Tool in 2016 Server Core and 2016 Server with Desktop Experience installations.