A process in Windows is a program which runs on the system, this can be anything from document editing software to games. The Windows security setting act as part of the operating system grants the capability to a process to assume the identity of any user and then gain access to the resources that the user is authorized to access.

In February 2022, the Center for Internet Security (CIS) released the CIS Microsoft Windows Server 2022 Benchmark v1.0.0, providing security best practices for establishing a secure configuration and hardening guide for Microsoft Windows. For automation of CIS benchmarks, Get in Touch. Following this release, CIS updated their recommendations for older operating systems, extending back to Windows Server 2008 where applicable. Below we discuss CIS Windows server 2022 hardening script we feel are critical.

Researchers at Trustwave warn that a phishing campaign is distributing malware via HTML attachments disguised as invoices. Notably, the HTML files abuse the Windows Search protocol to launch Windows Explorer and trick users into installing the malware. “Trustwave SpiderLabs has detected a sophisticated malware campaign that leverages the Windows search functionality embedded in HTML code to deploy malware,” the researchers state.

Trustwave SpiderLabs has detected a sophisticated malware campaign that leverages the Windows search functionality embedded in HTML code to deploy malware. We found the threat actors utilizing a sophisticated understanding of system vulnerabilities and user behaviors. Let’s break down the HTML and the Windows search code to better understand their roles in the attack chain.

On June 7, 2024, a new critical PHP vulnerability CVE-2024-4577 was revealed, mainly impacting XAMPP on Windows. It happens when PHP runs in CGI mode with specific language settings, like Chinese or Japanese. The problem comes from how PHP handles certain characters, allowing attackers to inject code through web requests and take control of servers. This vulnerability, if exploited, could lead to the execution of arbitrary code, a scenario with severe consequences for system integrity and data security.

Windows credential manager securely stores and manages user credentials such as usernames, passwords, and certificates. These credentials are often used to access various resources, including network shares, websites, and applications, facilitating access to information and managing digital identities.

The distribution of component object models across different computers is called Distributed Component Object Model (DCOM). DCOM in Windows means an object of the client program can request services from objects on the server program on other computers within the same network. DCOM can also be implemented on a majority of UNIX platforms and aids communication among software components across different computers within a wide area network, local area network(LAN), or over the internet.

Best practices for mitigating various attack vectors are changing depending on the environment and server functionality. CIS baselines cover most of the relevant scenarios by addressing the first stage of your Hardening Windows Server project. CIS Benchmarks -What are They and How to Use Them Microsoft has been doing some work related to default security configuration, but there is still a big gap between security best practices (i.e. common benchmarks) and the default Windows configuration.