Sign up to save your podcasts
Or
Share Fixing a Security Vulnerability in Active Directory with Steve Syfuhs
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Fixing a Security Vulnerability in Active Directory with Steve Syfuhs
Why would a security vulnerability take more than two years to fix? Richard chats with Steve Syfuhs about the evolution of the response to KB5015754. Originally published in 2022, the issue involved vulnerabilities in the on-premises certificate authority for Active Directory. Pushing a fix to force the immediate replacement of the certificates could have left users unable to log into Active Directory entirely. Steve explains how the gradual rollout of the fix allowed folks concerned (and paying attention!) to fix it immediately. At the same time, for everyone else, the fix happened as the existing certificates expired. But not every scenario is automatic - some require sysadmin intervention. So, how do you get their attention? The story leads to the February 11, 2025 update that could knock some users off Active Directory, but had an easy and quick fix. The final phase should be September 2025; hopefully, the last stragglers will be ready!
Links
- KB5014754
- Microsoft Security Response Center
- Create and Assign SCEP Certificate Profiles in Intune
Recorded April 10, 2025
View all episodes
By Richard Campbell
4.6
8080 ratings
Why would a security vulnerability take more than two years to fix? Richard chats with Steve Syfuhs about the evolution of the response to KB5015754. Originally published in 2022, the issue involved vulnerabilities in the on-premises certificate authority for Active Directory. Pushing a fix to force the immediate replacement of the certificates could have left users unable to log into Active Directory entirely. Steve explains how the gradual rollout of the fix allowed folks concerned (and paying attention!) to fix it immediately. At the same time, for everyone else, the fix happened as the existing certificates expired. But not every scenario is automatic - some require sysadmin intervention. So, how do you get their attention? The story leads to the February 11, 2025 update that could knock some users off Active Directory, but had an easy and quick fix. The final phase should be September 2025; hopefully, the last stragglers will be ready!
Links
- KB5014754
- Microsoft Security Response Center
- Create and Assign SCEP Certificate Profiles in Intune
Recorded April 10, 2025
More shows like RunAs Radio
View all
This Week in Tech (Audio)
3,015 Listeners
Security Now (Audio)
1,970 Listeners
Hanselminutes with Scott Hanselman
377 Listeners
Software Engineering Radio - the podcast for professional software developers
273 Listeners
.NET Rocks!
37 Listeners
.NET Rocks!
246 Listeners
MacBreak Weekly (Audio)
2,013 Listeners
Windows Weekly (Audio)
869 Listeners
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Intelligent Machines (Audio)
735 Listeners
Tech News Weekly (Audio)
1,064 Listeners
The Cloudcast
152 Listeners
CyberWire Daily
1,008 Listeners
Smashing Security
311 Listeners
Self-Hosted
135 Listeners