One policy to rule them all

Windows group policies are a powerful management tool that allows administrators to define and control user and computer settings within a domain environment in a centralized manner. While group policies offer functionality and utility, they are unfortunately a prime target for attackers. In...

Living off the land, GPO style

TL;DR The ability to edit Group Policy Object GPOs from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog post takes a deep dive into what steps were taken to find out why domain joined machines are needed in the first place and what...

Unable to import GPO into Workspace Environment Management service - Invalid Zip file

When trying to import a GPO into WEM console in Citrix Cloud Web console, users get an error stating "Invalid ZIP file. Replace your file and try again"...

How to Customize App Shortcuts with Receiver for Windows

As a Receiver administrator, you can configure Receiver for Windows 4.2.100 to automatically place application and desktop shortcuts directly in the Start menu or on the desktop in a similar way that Receiver for Windows 3.4 Enterprise places them. The new shortcut only mode provides a seamless...

Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)

Summary Last week Microsoft warned Windows users about vulnerabilities in the Windows Print Spooler service – CVE-2021-1675 and CVE-2021-34527 also known as PrintNightmare. Both vulnerabilities can be used by an attacker with a regular user account to take control of a vulnerable server or client...

Citrix Workspace App - Duplicate published app icons showing up in the endpoints

The customer recently deployed CWA through all company’s workstations and created a GPO to push the Store to CWA in the machines He noticed after the deployment that the endpoints and CWA show a duplicate of each published app Also, CWA shows two stores of the same name...

SharpGPOAbuse - Tool To Take Advantage Of A User'S Edit Rights On A Group Policy Object (GPO) In Order To Compromise The Objects That Are Controlled By That GPO

SharpGPOAbuse is a .NET application written in C that can be used to take advantage of a user's edit rights on a Group Policy Object GPO in order to compromise the objects that are controlled by that GPO. More details can be found at the following blog post:...

The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the first post of our new Voice of the Community blog series, Microsoft Product Marketing Manager Natalia Godyla talks with Jake Williams, Founder of...

April 14, 2020—KB4549951 (OS Builds 18362.778 and 18363.778) - EXPIRED

April 14, 2020—KB4549951 OS Builds 18362.778 and 18363.778 - EXPIRED NEW 8/5/21 EXPIRATION NOTICEIMPORTANT As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security...

April 14, 2020—KB4550939 (OS Build 15063.2346)

April 14, 2020—KB4550939 OS Build 15063.2346 Current status of Windows 10, version 1703 Windows 10, version 1703 has reached end of service for all editions. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10 . Surface Hub devices...

April 14, 2020—KB4550917 (Monthly Rollup)

April 14, 2020—KB4550917 Monthly Rollup NEW IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional...

April 14, 2020—KB4550951 (Monthly Rollup)

April 14, 2020—KB4550951 Monthly Rollup IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update. IMPORTANT WSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of device...

March 10, 2020—KB4540689 (OS Build 17134.1365)

March 10, 2020—KB4540689 OS Build 17134.1365 Windows 10, version 1803 the April 2018 Update Home and Pro editions have reached end of service. For Windows 10 devices that are at, or within several months of reaching end of service, Windows Update will automatically initiate a feature update with...

March 10, 2020—KB4541510 (Monthly Rollup)

March 10, 2020—KB4541510 Monthly Rollup NEW As of February 11, 2020, Internet Explorer 10 is no longer in support. To get Internet Explorer 11 for Windows Server 2012 or Windows 8 Embedded Standard, see KB4492872. Install one of the following applicable updates to stay updated with the latest...

March 12, 2019—KB4489891 (Monthly Rollup)

March 12, 2019—KB4489891 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4487024 released February 19, 2019 and addresses the following issues: Addresses an issue that may prevent the Event Viewer from showing some event...

Cromos - Download and Inject code into Google Chrome extensions

Cromos is a tool for downloading legitimate extensions of the Chrome Web Store and inject codes in the background of the application and more cromos create executable files to force installation via PowerShell for example, and also upload files to dropbox to host the malicious files. Download...

MS16-072: Description of the security update for Group Policy: June 14, 2016

MS16-072: Description of the security update for Group Policy: June 14, 2016 Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle MiTM attack against the traffic passing between...