Archive for the ‘Windows Server 2012’ Category

Microsoft Windows Print Spooler – remote code execution vulnerability

Freitag, Juli 2nd, 2021

   Microsoft Windows Print Spooler – remote code execution vulnerability

Determine if the Print Spooler service is running (run as a Domain Admin)

Run the following as a Domain Admin:

Get-Service -Name Spooler

If the Print Spooler is running or if the service is not set to disabled, select one of the following options to either disable the Print Spooler service, or to Disable inbound remote printing through Group Policy:

Option 1 – Disable the Print Spooler service

If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:

Stop-Service -Name Spooler -Force

Set-Service -Name Spooler -StartupType Disabled

Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely.

Option 2 – Disable inbound remote printing through Group Policy

You can also configure the settings via Group Policy as follows:

Computer Configuration / Administrative Templates / Printers

Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.

Impact of workaround This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.

Microsoft Windows Server 2008 R2 – how to in-place upgrade to Windows Server 2019

Donnerstag, Juni 17th, 2021

Microsoft Windows – ein Lösungsweg für den Windows Fehlercode ‚0xc0000005‘

Mittwoch, April 14th, 2021

   Fehlercode ‚0xc0000005‘ – zählt zu den bekannteren Windows Fehlern und er betrifft nicht nur Nutzer von Windows 10 sondern auch Nutzer älterer Versionen wie Windows 8 und Windows 7 plus deren Windows Server Versionen. Mit der Data Execution Prevention (oder „Datenausführungsverhinderung“) hat Windows eine Funktion zum Schutz des Arbeitsspeichers integriert die unfreiwillig für Zugriffsprobleme wie 0xc0000005 verantwortlich sein kann. Einige Programme sind mit diesem Sicherheitsfeature nämlich nicht kompatibel sodass bestimmte Aktionen zwangsläufig zu dem Fehler führen. Die einfachste Lösung besteht in diesem Fall darin den Schutzmechanismus für die jeweilige Anwendung zu deaktivieren

Microsoft Windows Server 2008 R2 and above – released a patch for the ZeroLogon vulnerability that needs to be applied to your domain controllers if you haven’t done this already do this asap

Mittwoch, Oktober 21st, 2020

Download the patch here …

Microsoft Windows Server 2008 R2 and above – ‚Zerologon‘ unauthenticated domain controller compromise by subverting Netlogon cryptography (CVE-2020-1472)

Montag, September 28th, 2020

ZeroLogon – testing script

Microsoft Windows 8.1 / Windows Server 2012 R2 – wichtige Sicherheitsupdates gerade veröffentlicht

Freitag, August 21st, 2020

Microsoft Windows Server 2012 R2 – support lifecycle

Mittwoch, Juli 22nd, 2020

Microsoft Windows Server 2012 (nicht R2) – geht in eine Update Schleife „Configuring Updates: Stage 2 of 4“

Samstag, November 30th, 2019

So lässt sich die Update Schleife vermeiden – mit der Installationsreihenfolge zwischen Servicing Stack Updates (SSU) und anderen Updates läßt sich das Problem vermeiden denn ist das neueste SSU installiert werden zumindest bekannte Microsoft Probleme die eine erfolgreiche Update Installation verhindern behoben. In der Microsoft Update Catalog-Beschreibung des Servicing Stack Update KB4523208 für November 2019 gibt Microsoft an dass dieses exklusiv installiert werden muss. Ist man in einer Update Schleife bereits gefangen helfen gegebenenfalls diese Lösungen

Microsoft Windows Update Reset via Powershell Script ‚Reset-WindowsUpdate.ps1‘ – will completely reset the Windows Update client settings

Sonntag, Oktober 13th, 2019

This Powershell Script ‚Reset-WindowsUpdate.ps1‘ – will completely reset the Windows Update client settings it has been tested on Windows 7, 8, 10, and Server 2012 R2 and it will configure the services and registry keys related to Windows Update for default settings

Microsoft Windows Client / Microsoft Windows Server – how to determine which .NET Framework versions are installed

Freitag, Oktober 11th, 2019

Users can install and run multiple versions of the .NET Framework on their computers. When you develop or deploy your app, you might need to know which .NET Framework versions are installed on the user’s computer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full

Microsoft Windows Server 2008 R2 & 2012 R2 – applications may crash or become unresponsive if another user logs off Remote Desktop session

Montag, Oktober 7th, 2019

To resolve this issue upgrade to Windows Server 2016 the issue is fixed in this version of Windows Server

Microsoft Windows 7/8 & Windows Server W2k8/W2k12/W2k16/W2k19 – CVE-2019-1182 | Remote Desktop Services Remote Code Execution Vulnerability Security Vulnerability

Mittwoch, August 14th, 2019

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights

Microsoft Windows 7 & Windows Server 2008 R2 – CVE-2019-1132 | Win32k Elevation of Privilege Vulnerability

Donnerstag, Juli 11th, 2019

CVE-2019-1132 | Win32k Elevation of Privilege Vulnerability

Disk Defragmentation best practice – are you looking for information on defragmentation of your vmsf datastores or defragmentation within the guest os

Sonntag, Juni 9th, 2019

vmware_logo.jpg   The answer is NO defragmentation for both – defragmentation also generates more I/O to the disk. This could be more of a concern to customers than any possible performance improvement that might be gained from the defrag. I should point out that I have read that, internally at VMware, we have not observed any noticeable improvement in performance after a defragmentation of Guest OSes residing on SAN or NAS based datastores. I also want to highlight an additional scenario that uses an array based technology rather than a vSphere technology. If your storage array is capable of moving blocks of data between different storage tiers (SSD/SAS/SATA), e.g. EMC FAST, then defragmentation of the Guest OS doesn’t really make much sense. If your VM has been running for some time on tiered storage, then in all likelihood the array has already learnt where the hot-blocks are, and has relocated these onto the SSD. If you now go ahead and defrag, and move all of the VM’s blocks around again, the array is going to have to relearn where the hot-spots are

Microsoft Windows Server 2008 R2 / 2012 R2 / 2016 – Leistungsprobleme bei Verwendung des Energiesparplan „Ausbalanciert“

Montag, Dezember 3rd, 2018

Microsoft Windows Server 2008 R2 / 2012 R2 / 2016 – Leistungsprobleme bei Verwendung des Energiesparplan „Ausbalanciert“