[German]Brief information for Windows admins in the corporate environment. Microsoft has released the night of 7/29/2021 revised security updates to mitigate NTLM Relay attacks on Active Directory certificates and vulnerability CVE-2021-36934 (Windows Elevation of Privilege Vulnerability, HiveNightmare). I'll post it here uncommented for your information.
**********************************************************************
Title: Microsoft Security Update Revisions
Issued: July 28, 2021
**********************************************************************
Summary
=======
The following advisory and CVE have undergone major revision increments.
=======================================================================
* ADV210003
– ADV210003 | Mitigating NTLM Relay Attacks on Active Directory Certificate
Services (AD CS)
– Version: 1.1
– Reason for Revision: Executive Summary text has been revised, and a statement has been added to inform customers that KB5005413 has been revised. These are informational changes only.
– Originally posted: July 24, 2021
– Updated: July 28, 2021
– Aggregate CVE Severity Rating: N/A
* CVE-2021-36934
– CVE-2021-36934 | Windows Elevation of Privilege Vulnerability (HiveNightmare)
– Version: 4.0
– Reason for Revision: The following revisions have been made: 1) Removed Windows
Server versions from the Security Updates table as they are not affected by this
vulnerability. 2) Updated the Workaround information with a Caution regarding
restoring a system from backup.
– Originally posted: July 20, 2021
– Updated: July 27, 2021
– Aggregate CVE Severity Rating: N/A
Similar articles:
PetitPotam attack allows Windows domain takeover
HiveNightmare: New details about Windows vulnerability CVE-2021-36934
News about Windows 10 vulnerability HiveNightmare
PrintNightmare: Point-and-Print allows installation of arbitrary files
Microsoft's mitigations of Windows PetitPotam NTLM relay attacks
PrintNightmare: Point-and-Print allows installation of arbitrary files
RemotePotato0: Privilege Escalation Vulnerability in Windows RPC Protocol