CVE-2021-36942: Windows LSA Spoofing Vulnerability Windows LSA Spoofing Vulnerability

CVE-2016-5128 [HIGH] 2022 0-day In-the-Wild Exploitation…so far - Project Zero Posted by Maddie Stone, Google Project Zero This blog post is an overview of a talk, “ 0-day In-the-Wild Exploitation in 2022…so far”, that I gave at the FIRST conference in June 2022. The slides are available here. For the last three years, we’ve published annual year-in-review reports of 0-days found exploited in the wild. The most recent of these reports is the 2021 Year in Review report, which we published just a few months ago in April. While we plan to stick with that annual cadence, we’re publishing a little bonus report today looking at the in-the-wild 0-days detected and disclosed in the first half of 2022. As of June 15, 2022, there have been 18 0-days detected and disclosed as exploited in-the-wild in 2022. When we analyzed those 0-days, we found that at least nin

CVE-2021-36942 Using Kerberos for Authentication Relay Attacks - Project Zero Posted by James Forshaw, Project Zero This blog post is a summary of some research I've been doing into relaying Kerberos authentication in Windows domain environments. To keep this blog shorter I am going to assume you have a working knowledge of Windows network authentication, and specifically Kerberos and NTLM. For a quick primer on Kerberos see this page which is part of Microsoft's Kerberos extension documentation or you can always read RFC4120. ## Background Windows based enterprise networks rely on network authentication protocols, such as NT Lan Manager (NTLM) and Kerberos to implement single sign on. These protocols allow domain users to seamlessly connect to corporate resources without having to repeatedly enter their passwords. This works by the computer's Local Security

CVE-2021-36942 [HIGH] Windows LSA Spoofing Vulnerability Windows LSA Spoofing Vulnerability Windows LSA Spoofing Vulnerability

CVE-2021-36942 [HIGH] CWE-749 Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. Affected: Microsoft Windows Required Action: Apply updates per vendor instructions. Known Ransomware Campaign Use: Known Exploitation References: https://cisa.gov/news-events/alerts/2021/08/10/microsoft-releases-august-2021-security-updates; https://www.cybereason.com/blog/threat-alert-microsoft-exchange-proxyshell-exploits-and-lockfile-ransomware; https://www.securin.io/microsoft-exchange-proxyshell-and-windows-petitpotam-vulnerabilities-chained-in-new-attack/; https://blo

CVE-2021-36942 [HIGH] CWE-749 Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability Vulnerability: Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability Affected: Microsoft Windows Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. Required Action: Apply updates per vendor instructions. Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-36942 Remediation Due Date: 2021-11-17

CVE-2021-36942 [HIGH] Windows LSA Spoofing Vulnerability Windows LSA Spoofing Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. This security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through LSARPC interface. Is there more information available on how to protect my system? Yes. Please see ADV210003 Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS). Are there further actions I need to take to protect my system after I have applied the security update? Yes. Please see KB5005413 for more information on the steps that you need to take to protect your system. Please note that the combined CVSS score would

PetitPotam PetitPotam Coerce an authentication attempt over SMB to other machines via MS-EFSRPC methods.

[HIGH] You Thought It Was Over? Authentication Coercion Keeps Evolving ## Executive Summary Imagine a scenario where malicious actors don’t need to trick you into giving up your password. They have no need to perform sophisticated social engineering attacks or exploit vulnerabilities in your operating system. Instead, they can simply force your computer to authenticate to an attacker-controlled system, effectively commanding your machine to hand over valuable credentials. This attack method is called authentication coercion. While authentication coercion attacks such as PrintNightmare became well-known in the past few years, we have recently observed a growing trend of a new type of authentication coercion attack. These attacks focus on exploiting rarely used protocols, and they may pass through defenses written specifically for the existing known exploits.

You Thought It Was Over? Authentication Coercion Keeps Evolving Threat Research Center Threat Research Vulnerabilities ## You Thought It Was Over? Authentication Coercion Keeps Evolving Bar Maor Hila Cohen Published: November 10, 2025 Threat Research Vulnerabilities Mimikatz PrintNightmare Privilege escalation Windows ## Executive Summary Imagine a scenario where malicious actors don’t need to trick you into giving up your password. They have no need to perform sophisticated social engineering attacks or exploit vulnerabilities in your operating system. Instead, they can simply force your computer to authenticate to an attacker-controlled system, effectively commanding your machine to hand over valuable credentials. This attack method is called authentication coercion. While authentication coercion attacks such as PrintNightmare beca

CVE-2025-53770 [HIGH] Sharepoint ToolShell attacks targeted orgs across four continents ## Sharepoint ToolShell attacks targeted orgs across four continents ## Bill Toulas Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations. The security flaw affects on-premise SharePoint servers and was disclosed as an actively exploited zero-day on July 20, after multiple hacking groups tied to China leveraged it in widespread attacks. Microsoft released emergency updates the following day. The issue is a bypass for CVE-2025-49706 and CVE-2025-49704, two flaws that Viettel Cyber Security researchers had demonstrated at the Pwn2Own Berlin hacking competition in May, and can be leveraged remotely

Inside LockBit: Defense Lessons from the Leaked LockBit Negotiations ## Table of Contents Who is LockBit? How it Evolved and Operates Monero: The Coin of the Realm Patch or Mitigate Now: Critical CVEs Exploited by LockBit Beyond Traditional Endpoints: Other Compromised Systems Initial Access and Deployment Conclusion The LockBit ransomware gang recently suffered a significant data breach. Their dark web affiliate panels were defaced with the message “Don’t do crime CRIME IS BAD xoxo from Prague,” linking to a MySQL database dump. This archive contains a SQL file from LockBit’s affiliate panel database that includes twenty tables, notably including a ‘btc_addresses’ table with 59,975 unique bitcoin addresses and a ‘chats’ table containing over 4,400 victim negotiation messages from December 2024 to the end of April 2025. This blog post will leverage

From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25 ## Cloud Exposure Tenable Cloud Security (CNAPP) Request a demo Tenable Cloud Vulnerability Management Request a demo Tenable CIEM Request a demo Secure your cloud ## Vulnerability Exposure Tenable Vulnerability Management Try for free Tenable Security Center Request a demo Tenable Web App Scanning Try for free Tenable Patch Management Request a demo Tenable Enclave Security Request a demo Tenable Attack Surface Management Request a demo Tenable Nessus Try for free ## AI Exposure Tenable AI Exposure Request a demo ## OT/IoT Exposure Tenable OT Security Request a demo ## Identity Exposure Tenable Identity Exposure Request a demo ## Business needs Active Directory AI Security Posture Management (AI-SPM) AWS security Azure security Cloud Security Posture Man

Meet LockBit: The Most Prevalent Ransomware in 2022 | FortiGuard Labs FORTIGUARD LABS THREAT RESEARCH Meet LockBit: The Most Prevalent Ransomware in 2022 By Shunichi Imano and James Slaughter | July 10, 2023 Affected platforms: Microsoft Windows, Linux, ESXi, MacOS Impacted parties: Microsoft Windows, Linux, ESXi, and MacOS Users Impact: Encrypts and exfiltrates victims’ files and demands ransom for file decryption and not to leak stolen files Severity level: High On June 14th, 2023, the CISA, FBI, MS-ISAC, and multiple international cyber security organizations released a joint advisory for the LockBit ransomware. This ransomware group has been active since early 2020, targeting organizations across numerous industries, including energy and government sectors. According to the advisory, LockBit was the most active ransomware in 2022. This blog provides

In-Depth Look Into Data-Driven Science Behind Qualys TruRisk ## Table of Contents Key Takeaways Vulnerabilities Are on the Rise Vulnerability Threat Landscape Challenges With CVSS Based Prioritization Exploit Prediction Scoring System Qualys Severity Levels Qualys TruRisk, a Data-Driven Way To Prioritize Risks CVSS Base Score CISA Known Exploited Vulnerability (KEV) Real-Time Threat Indicators (RTIs) Exploit Code Maturity Malware Threat Actors / Ransomware Groups Trending Risk Applied Mitigation Controls EPSS Score (from First.org) How Does Qualys TruRisk Compare Against CVSS and EPSS? Qualys Vulnerability Score (QVS) vs CVSS Qualys TruRisk vs EPSS Qualys TruRisk (QVS) vs CISA KEV How to Interpret Qualys TruRisk Scores Asset Risk Score (ARS) Asset Risk Score Formula Conclusion Additional Contributors Vulnerability Managemen

Qualys TruRisk: QDS vs CVSS & EPSS Vulnerability Scoring | Qualys #### Table of Contents - Key Takeaways - Vulnerabilities Are on the Rise - Vulnerability Threat Landscape - Challenges With CVSS Based Prioritization - Exploit Prediction Scoring System - Qualys Severity Levels - Qualys TruRisk, a Data-Driven Way To Prioritize Risks - CVSS Base Score - CISA Known Exploited Vulnerability (KEV) - Real-Time Threat Indicators (RTIs) - Exploit Code Maturity - Malware - Threat Actors / Ransomware Groups - Trending Risk - Applied Mitigation Controls - EPSS Score (from First.org) - How Does Qualys TruRisk Compare Against CVSS and EPSS? - Qualys Vulnerability Score (QVS) vs CVSS - Qualys TruRisk vs EPSS - Qualys TruRisk (QVS) vs CISA KEV - How to Interpret Qualys TruRisk Scores - Asset Risk Score (ARS) - Asset Risk Score Formula - Conclusion - Additional Contribut

[CRITICAL] A Deep Dive into VMDR 2.0 with Qualys TruRisk™ ## Table of Contents Qualys TruRiskTM Weighs Multiple Risk Factors About Qualys Detection Score (QDS) Powered by a Comprehensive Exploit & Threat Intelligence Database About TruRisk Score TruRisk Score Formula How Qualys TruRisk Visualizes Risk for an Organization How to Prioritize Remediation using Qualys TruRisk scores Qualys VMDR Reporting Now Includes TruRisk Qualys TruRisk API Support Qualys TruRisk Frequently Asset Questions (FAQs) Whats Next? The old way of ranking vulnerabilities doesn’t work anymore. Instead, enterprise security teams need to rate the true risks to their business. In this blog, we examine each of the risk scores delivered by Qualys TruRisk, the criteria used to compute them, and how they can be used to prioritize remediation. Cybersecurity and IT team

[CRITICAL] A Deep Dive into VMDR 2.0 with Qualys TruRisk™ | Qualys #### Table of Contents - Qualys TruRiskTM Weighs Multiple Risk Factors - About Qualys Detection Score (QDS) - Powered by a Comprehensive Exploit & Threat Intelligence Database - About TruRisk Score - TruRisk Score Formula - How Qualys TruRisk Visualizes Risk for an Organization - How to Prioritize Remediation using Qualys TruRisk scores - Qualys VMDR Reporting Now Includes TruRisk - Qualys TruRisk API Support - Qualys TruRisk Frequently Asset Questions (FAQs) - Whats Next? The old way of ranking vulnerabilities doesn’t work anymore. Instead, enterprise security teams need to rate the true risks to their business. In this blog, we examine each of the risk scores delivered by Qualys TruRisk, the criteria used to compute them, and how they can be used to prioritize remediation. Cybersecuri

Introducing Qualys VMDR 2.0 ## Table of Contents Defining the Future of Qualys VMDR About Qualys VMDR 2.0 Prioritize the Unprioritized Turbo Charge VMDR 2.0 with Qualys Cloud Platform Watch VMDR 2.0 LIVE Event Ready to learn more? Over the last five years, the number of vulnerabilities disclosed has doubled. The speed at which vulnerabilities are weaponized and leveraged for mass exploitation is down to mere days (from weeks). For example, mass exploitation of the Log4Shell vulnerability at the end of 2021 occurred <48 hours after initial disclosure. Yet organizations take more than 30 days on average to patch critical vulnerabilities, leaving organizations exposed to unnecessary risk. Qualys pioneered cloud-based vulnerability management software more than two decades ago. When we announced Qualys VMDR in 20

Introducing Qualys VMDR 2.0 | Qualys #### Table of Contents - Defining the Future of Qualys VMDR - About Qualys VMDR 2.0 - Prioritize the Unprioritized - Turbo Charge VMDR 2.0 with Qualys Cloud Platform - Watch VMDR 2.0 LIVE Event - Ready to learn more? Over the last five years, the number of vulnerabilities disclosed has doubled. The speed at which vulnerabilities are weaponized and leveraged for mass exploitation is down to mere days (from weeks). For example, mass exploitation of the Log4Shell vulnerability at the end of 2021 occurred <48 hours after initial disclosure. Yet organizations take more than 30 days on average to patch critical vulnerabilities, leaving organizations exposed to unnecessary risk. Qualys pioneered cloud-based vulnerability management software more than two decades ago. When we announced Qualys V

CVE-2022-26925 [HIGH] Microsoft Patch Tuesday, May 2022 Edition Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925 , a weakness in a central component of Windows security (the “ Local Security Authority ” process within Windows). CVE-2022-26925 was publicly disclosed prior to today, and Microsoft says it is now actively being exploited in the wild. The flaw affects Windows 7 through 10 and Windows Server 2008 through 2022. Greg Wiseman , product manager for Rapid7 , said Microsoft has rated this vulnerability as important and assigned

CVE-2022-26925 [HIGH] Microsoft Patch Tuesday, May 2022 Edition Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925, a weakness in a central component of Windows security (the “Local Security Authority” process within Windows). CVE-2022-26925 was publicly disclosed prior to today, and Microsoft says it is now actively being exploited in the wild. The flaw affects Windows 7 through 10 and Windows Server 2008 through 2022. Greg Wiseman, product manager for Rapid7, said Microsoft has rated this vulnerability as important and assigned it a

[HIGH] Microsoft’s May 2022 Patch Tuesday Addresses 73 CVEs (CVE-2022-26925) ## Cloud Exposure Tenable Cloud Security (CNAPP) Request a demo Tenable Cloud Vulnerability Management Request a demo Tenable CIEM Request a demo Secure your cloud ## Vulnerability Exposure Tenable Vulnerability Management Try for free Tenable Security Center Request a demo Tenable Web App Scanning Try for free Tenable Patch Management Request a demo Tenable Enclave Security Request a demo Tenable Attack Surface Management Request a demo Tenable Nessus Try for free ## AI Exposure Tenable AI Exposure Request a demo ## OT/IoT Exposure Tenable OT Security Request a demo ## Identity Exposure Tenable Identity Exposure Request a demo ## Business needs Active Directory AI Security Posture Management (AI-SPM) AWS security Azure security Cloud Security Posture Man

Behind the Scenes: How We Picked 2021’s Top Vulnerabilities – and What We Left Out ## Cloud Exposure Tenable Cloud Security (CNAPP) Request a demo Tenable Cloud Vulnerability Management Request a demo Tenable CIEM Request a demo Secure your cloud ## Vulnerability Exposure Tenable Vulnerability Management Try for free Tenable Security Center Request a demo Tenable Web App Scanning Try for free Tenable Patch Management Request a demo Tenable Enclave Security Request a demo Tenable Attack Surface Management Request a demo Tenable Nessus Try for free ## AI Exposure Tenable AI Exposure Request a demo ## OT/IoT Exposure Tenable OT Security Request a demo ## Identity Exposure Tenable Identity Exposure Request a demo ## Business needs Active Directory AI Security Posture Management (AI-SPM) AWS security Azure security Cloud Security Posture Man

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys #### Table of Contents - Situation - Directive Scope - CISA Catalog of Known Exploited Vulnerabilities - Detect CISA Vulnerabilities Using Qualys VMDR - CISA Exploited RTI - Detailed Operational Dashboard - Remediation - Federal Enterprises and Agencies Can Act Now - Summary - Getting Started CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively. ## Situation Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv

Qualys Response to CISA Alert: Binding Operational Directive 22-01 ## Table of Contents Overview Directive Scope CISA Catalog of Known Exploited Vulnerabilities Detect CISAs Vulnerabilities Using Qualys VMDR Remediation Federal Enterprises and Agencies Can Act Now Summary Getting Started Start your VMDR 30-day, no-cost trial today ## Overview On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01 , “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate

Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys #### Table of Contents - Overview - Directive Scope - CISA Catalog of Known Exploited Vulnerabilities - Detect CISAs Vulnerabilities Using Qualys VMDR - Remediation - Federal Enterprises and Agencies Can Act Now - Summary - Getting Started Start your VMDR 30-day, no-cost trial today ## Overview On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01, “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to

Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk ## Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk By Chetan Raghuprasad and Vanja Svajcer , with contributions from Caitlin Huey . Cisco Talos recently discovered a malicious campaign deploying variants of the Babuk ransomware predominantly affecting users in the U.S. with smaller number of infections in U.K., Germany, Ukraine, Finland, Brazil, Honduras and Thailand. The actor of the campaign is sometimes referred to as Tortilla , based on the payload file names used in the campaign. This is a new actor operating since July 2021. Prior to this ransomware, Tortilla has been experimenting with other payloads, such as the PowerShell-based netcat clone Powercat, which is known to provide attackers with unauthorized access to Windows machines. W

Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk By Chetan Raghuprasad and Vanja Svajcer, with contributions from Caitlin Huey. - Cisco Talos recently discovered a malicious campaign deploying variants of the Babuk ransomware predominantly affecting users in the U.S. with smaller number of infections in U.K., Germany, Ukraine, Finland, Brazil, Honduras and Thailand. - The actor of the campaign is sometimes referred to as Tortilla, based on the payload file names used in the campaign. This is a new actor operating since July 2021. Prior to this ransomware, Tortilla has been experimenting with other payloads, such as the PowerShell-based netcat clone Powercat, which is known to provide attackers with unauthorized access to Windows machines. - We assess with moderate confidence that the initial infection vector is exploitation of ProxyShel

[HIGH] August Patch Tuesday: A Quiet Month for Microsoft Exploits & Vulnerabilities # August Patch Tuesday: A Quiet Month for Microsoft August proves to be a quieter month for Microsoft, after an eventful July. This month, there were only 44 security bulletins, part of which are three Print Spooler flaws and a further fix for PetitPotam. By: Trend Micro Research 2021/08/11 Read time: ( words) Save to Folio The August Patch Tuesday proves to be a calmer month for Microsoft, compared to the more eventful July security bulletin. This is evident in the short list of only 44 patched vulnerabilities published this month, of which seven are noted as critical and the rest as important. Eight were also submitted via the Trend Micro Zero Day Initiative. What is notable for this month is the inclusion of three vulnerabilities in Print Spooler, given

CVE-2021-26424 [CRITICAL] Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities By Jon Munshaw, with contributions from Martin Lee. Microsoft released its monthly security update Tuesday, disclosing 44 vulnerabilities in the company’s firmware and software. This is the fewest amount of vulnerabilities Microsoft has patched in a month in more than two years. There are only nine critical vulnerabilities included in this release, and the remainder is “important.” The most serious of the issues is CVE-2021-26424 a remote code executing vulnerability which exists in the Windows TCP/IP protocol implementation. An attacker could remotely trigger this vulnerability from a Hyper-V guest by sending a specially crafted TCP/IP packet to a host utilizing the TCP/IP protocol stack. This raises the possibility of a malicious program running in a virtual machine compromising the h

[CRITICAL] Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities ## Microsoft Patch Tuesday for August 2021 — Snort rules and prominent vulnerabilities By Jon Munshaw, with contributions from Martin Lee. Microsoft released its monthly security update Tuesday, disclosing 44 vulnerabilities in the company’s firmware and software. This is the fewest amount of vulnerabilities Microsoft has patched in a month in more than two years. There are only nine critical vulnerabilities included in this release, and the remainder is “important.” The most serious of the issues is CVE-2021-26424 a remote code executing vulnerability which exists in the Windows TCP/IP protocol implementation. An attacker could remotely trigger this vulnerability from a Hyper-V guest by sending a specially crafted TCP/IP packet to a host utilizing the TCP/IP protocol stack. This raise

[CRITICAL] Microsoft’s August 2021 Patch Tuesday Addresses 44 CVEs (CVE-2021-26424, CVE-2021-36948) ## Cloud Exposure Tenable Cloud Security (CNAPP) Request a demo Tenable Cloud Vulnerability Management Request a demo Tenable CIEM Request a demo Secure your cloud ## Vulnerability Exposure Tenable Vulnerability Management Try for free Tenable Security Center Request a demo Tenable Web App Scanning Try for free Tenable Patch Management Request a demo Tenable Enclave Security Request a demo Tenable Attack Surface Management Request a demo Tenable Nessus Try for free ## AI Exposure Tenable AI Exposure Request a demo ## OT/IoT Exposure Tenable OT Security Request a demo ## Identity Exposure Tenable Identity Exposure Request a demo ## Business needs Active Directory AI Security Posture Management (AI-SPM) AWS security Azure security Cloud Security Posture Man

CVE-2021-36942 [HIGH] Microsoft and Adobe Patch Tuesday (August 2021) - Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities | Qualys ### Microsoft Patch Tuesday – August 2021 Microsoft patched 51 vulnerabilities in their August 2021 Patch Tuesday release, and 7 of them are rated as critical severity. Three 0-day vulnerability patches were included in the release. #### Critical Microsoft Vulnerabilities Patched CVE-2021-36942 – Windows LSA Spoofing Vulnerability An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. A malicious user can use this attack to take complete control over windows domain Per Microsoft, this vulnerability affects all servers, but domain controllers should be prioritized in terms of applying security updates. CVE-2021-34481 – Windows Print Spooler Remote Code Execution Vulnerability A remote

CVE-2021-36942 [HIGH] Microsoft and Adobe Patch Tuesday (August 2021) – Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities ## Microsoft Patch Tuesday – August 2021 Microsoft patched 51 vulnerabilities in their August 2021 Patch Tuesday release, and 7 of them are rated as critical severity. Three 0-day vulnerability patches were included in the release. ## Critical Microsoft Vulnerabilities Patched CVE-2021-36942 – Windows LSA Spoofing Vulnerability An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. A malicious user can use this attack to take complete control over windows domain Per Microsoft, this vulnerability affects all servers, but domain controllers should be prioritized in terms of applying security updates. CVE-2021-34481 – Windows Print Spooler Remote Code Execution Vulnerability A remote cod

CVE-2026-20929 [HIGH] August 2021 Patch Tuesday: Updates and Analysis How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026 STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026 STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019 Helping Non-Security Stakeholders Understand AT

CVE-2026-20929 [HIGH] NTLM Keeps Haunting Microsoft STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019 Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI

CVE-2026-20929 [HIGH] August 2021 Patch Tuesday: Updates and Analysis STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019 Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI