Sign up to save your podcasts
Or
Share Fixing a Security Vulnerability in Active Directory with Steve Syfuhs
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Fixing a Security Vulnerability in Active Directory with Steve Syfuhs
Why would a security vulnerability take more than two years to fix? Richard chats with Steve Syfuhs about the evolution of the response to KB5015754. Originally published in 2022, the issue involved vulnerabilities in the on-premises certificate authority for Active Directory. Pushing a fix to force the immediate replacement of the certificates could have left users unable to log into Active Directory entirely. Steve explains how the gradual rollout of the fix allowed folks concerned (and paying attention!) to fix it immediately. At the same time, for everyone else, the fix happened as the existing certificates expired. But not every scenario is automatic - some require sysadmin intervention. So, how do you get their attention? The story leads to the February 11, 2025 update that could knock some users off Active Directory, but had an easy and quick fix. The final phase should be September 2025; hopefully, the last stragglers will be ready!
Links
- KB5014754
- Microsoft Security Response Center
- Create and Assign SCEP Certificate Profiles in Intune
Recorded April 10, 2025
View all episodes
By Richard Campbell
4.6
8080 ratings
Why would a security vulnerability take more than two years to fix? Richard chats with Steve Syfuhs about the evolution of the response to KB5015754. Originally published in 2022, the issue involved vulnerabilities in the on-premises certificate authority for Active Directory. Pushing a fix to force the immediate replacement of the certificates could have left users unable to log into Active Directory entirely. Steve explains how the gradual rollout of the fix allowed folks concerned (and paying attention!) to fix it immediately. At the same time, for everyone else, the fix happened as the existing certificates expired. But not every scenario is automatic - some require sysadmin intervention. So, how do you get their attention? The story leads to the February 11, 2025 update that could knock some users off Active Directory, but had an easy and quick fix. The final phase should be September 2025; hopefully, the last stragglers will be ready!
Links
- KB5014754
- Microsoft Security Response Center
- Create and Assign SCEP Certificate Profiles in Intune
Recorded April 10, 2025
More shows like RunAs Radio
View all
This Week in Tech (Audio)
3,019 Listeners
Security Now (Audio)
1,979 Listeners
Hanselminutes with Scott Hanselman
377 Listeners
Software Engineering Radio - the podcast for professional software developers
272 Listeners
.NET Rocks!
37 Listeners
.NET Rocks!
244 Listeners
MacBreak Weekly (Audio)
2,013 Listeners
Windows Weekly (Audio)
870 Listeners
Risky Business
365 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
Intelligent Machines (Audio)
734 Listeners
The Changelog: Software Development, Open Source
284 Listeners
Tech News Weekly (Audio)
1,075 Listeners
The Cloudcast
152 Listeners
The Stack Overflow Podcast
62 Listeners
2.5 Admins
92 Listeners