Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Top 5 Security Tasks to Automate with PowerShell
Dissecting Avaddon: From the Initial Malspam and Loader through Secondary Binary and Exploring their CnC to Find Additional Attacks
Maze Ransomware Deep Dive: Using Threat Research Reports and MITRE ATT&CK to Turn Analysis into Action with Maze as an Example
Ethical Hacking 101: Perform Your Own Privilege Elevation and Lateral Movements with Metasploit

Webinar Library

Latest Blogs

Recent Security Features in Active Directory You Probably Aren't Using

Active Directory security features you probably aren’t using and more in my sessions at The Experts Conference 2019

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Top Resources

Security Log

Additional Resources

September, 2020: Patch Tuesday: Critical Browser and Exchange Vulnerabilities

Welcome to this September Tuesday Bulletin. This was another huge month of updates for Microsoft with 129 unique CVE’s, 8 technologies with critical updates, but no actively attacked or disclosed vulnerabilities. Even though there were no vulnerabilities attacked in the wild it is important to pay attention to the critical browser and Exchange vulnerabilities. Test, deploy, and verify updates for IE, Edge, Exchange. The Exchange vulnerability could be particularly nasty given that MS states “Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server”. The impact would be very high if an adversary were to develop an exploit to execute this attack. Make sure that updates for Windows and Office vulnerabilities are a high priority since these platforms are always enticing targets for adversaries.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited	Vulnerability Info
Windows	Windows 8.1, RT 8.1, 10 Server 2012, 2016, 2019	Critical	CVE-2020-1471 CVE-2020-1507 CVE-2020-1532 CVE-2020-1590 CVE-2020-1592 CVE-2020-0648 CVE-2020-0664 CVE-2020-0718 CVE-2020-0790 CVE-2020-0805 CVE-2020-0837 CVE-2020-0839 CVE-2020-0914 CVE-2020-0922 CVE-2020-0928 CVE-2020-0941 CVE-2020-0951 CVE-2020-1013 CVE-2020-1034 CVE-2020-1038 CVE-2020-1039 CVE-2020-1122 CVE-2020-1130 CVE-2020-1146 CVE-2020-1169 CVE-2020-1285 CVE-2020-0997 CVE-2020-1376 CVE-2020-1491 CVE-2020-1508 CVE-2020-1559 CVE-2020-1589 CVE-2020-1593 CVE-2020-1596 CVE-2020-1598 CVE-2020-0761 CVE-2020-0766 CVE-2020-0782 CVE-2020-0836 CVE-2020-0838 CVE-2020-0856 CVE-2020-0870 CVE-2020-0875 CVE-2020-0886 CVE-2020-0890 CVE-2020-0904 CVE-2020-0908 CVE-2020-0911 CVE-2020-0912 CVE-2020-0921 CVE-2020-0989 CVE-2020-0998 CVE-2020-1030 CVE-2020-1031 CVE-2020-1033 CVE-2020-1052 CVE-2020-1053 CVE-2020-1074 CVE-2020-1083 CVE-2020-1091 CVE-2020-1097 CVE-2020-1098 CVE-2020-1115 CVE-2020-1119 CVE-2020-1129 CVE-2020-1133 CVE-2020-1152 CVE-2020-1159 CVE-2020-1228 CVE-2020-1245 CVE-2020-1250 CVE-2020-1252 CVE-2020-1256 CVE-2020-1303 CVE-2020-1308 CVE-2020-1319 CVE-2020-16854 CVE-2020-16879	Workaround: No *Public: No Exploited: No	Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing Denial of Service
Edge	HTML-based (Legacy)	Critical	CVE-2020-0878 CVE-2020-1057 CVE-2020-1172 CVE-2020-1180	Workaround: No *Public: No Exploited: No	Remote Code Execution
Edge	Chromium-Based	Important	CVE-2020-16884	Workaround: No *Public: No Exploited: No	Remote Code Execution
ChakraCore	ALL	Critical	CVE-2020-0878 CVE-2020-1057 CVE-2020-1172 CVE-2020-1180	Workaround: No *Public: No Exploited: No	Remote Code Execution
Internet Explorer	IE 11	Critical	CVE-2020-0878 CVE-2020-1506 CVE-2020-1012	Workaround: No *Public: No Exploited: No	Remote Code Execution Elevation of Privilege
SQL Server	SQL Server Reporting Services 2017, 2019	Moderate	CVE-2020-1044	Workaround: No *Public: No Exploited: No	Security Feature Bypass
Office, Office Services and Web Apps	Excel 2010, 2013, 2016 Office 2010, 2013, 2016, 2016 for Mac, 2019, 2019 for Mac Online Server Web Apps 2010, 2013 SharePoint Enterprise server 2013, 2016 SharePoint Foundation 2010, 2013 SharePoint 2010, 2019 Word 2010, 2013, 2016 OneDrive for Windows 365 Apps for Enterprise	Critical	CVE-2020-1193 CVE-2020-1198 CVE-2020-1200 CVE-2020-1205 CVE-2020-1210 CVE-2020-1218 CVE-2020-1224 CVE-2020-1227 CVE-2020-1332 CVE-2020-1335 CVE-2020-1338 CVE-2020-1345 CVE-2020-1440 CVE-2020-1452 CVE-2020-1453 CVE-2020-1460 CVE-2020-1482 CVE-2020-1514 CVE-2020-1523 CVE-2020-1575 CVE-2020-1576 CVE-2020-1594 CVE-2020-1595 CVE-2020-16851 CVE-2020-16852 CVE-2020-16853 CVE-2020-16855	Workaround: No *Public: No Exploited: No	Elevation of Privilege Information Disclosure Remote Code Execution Spoofing Tampering
Dynamics	Dynamics 365 Dynamics Dynamics 365 for Finance and Operations	Critical	CVE-2020-1182 CVE-2020-16857 CVE-2020-16858 CVE-2020-16859 CVE-2020-16860 CVE-2020-16861 CVE-2020-16862 CVE-2020-16864 CVE-2020-16871 CVE-2020-16872 CVE-2020-16878	Workaround: No *Public: No Exploited: No	Remote Code Execution Spoofing
Visual Studio	Visual Studio 2012, 2013, 2015, 2017, 2019 Visual Studio Code	Critical	CVE-2020-1130 CVE-2020-1133 CVE-2020-16856 CVE-2020-16874 CVE-2020-16881	Workaround: No *Public: No Exploited: No	Elevation of Privilege Remote Code Execution
Exchange Server	Server 2016, 2019	Critical	CVE-2020-16875	Workaround: No *Public: No Exploited: No	Remote Code Execution
ASP.NET	ASP.NET 2.1, 3.1	Important	CVE-2020-1045	Workaround: No *Public: No Exploited: No	Security Feature Bypass
OneDrive	OneDrive for Windows	Important	CVE-2020-16851 CVE-2020-16852 CVE-2020-16853	Workaround: No *Public: No Exploited: No	Elevation of Privilege