Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CalCom

TrustedInstaller - with great power comes great responsibility

TrustedInstaller is a Windows system account with special high-level permissions allowing it to modify certain system files, folders, and registry settings. It also prevents any account including administrator accounts from modifying these files and folders. Trustedinstaller.exe is a Windows Module Installer service, a part of Windows Resource Protection (WRP), which restricts access to core system files and folders preventing them from being modified or replaced.

OpenSCAP Hardening Guide in 2024

The OpenSCAP (Security Content Automation Protocol) project offers an extensive range of hardening guides, configuration baselines, and tools for assessing vulnerabilities and configuration issues, utilizing SCAP as the protocol for storing the foundational data. Created by the open-source community, OpenSCAP hardening allows a selection of a security policy that aligns with an organization’s needs, irrespective of its size.

Block Microsoft accounts : When to block and when not

The block Microsoft accounts security setting in Windows is designed to restrict or disable the use of Microsoft accounts on a device or network. This setting can be important for companies looking to have a higher security posture through the use of local accounts only. A Microsoft account is an account created through Microsoft that enables access to a variety of Microsoft services and products, all with a single set of credentials.

How Best to Configure Audit Detailed File Share

When enabled, the Windows security setting audit detailed file share keeps a detailed record of every time someone tries to access a shared file or folder on either the user’s computer or network. When a regular audit is configured, it logs only a singular event – which user or client is establishing a connection to which shared file or folder. A detailed audit records additional information about who is accessing the shared files and folders.

Beware of Auto-Install of Windows update KB5041571

The article released on August 13, 2024 regarding the security update for Windows 11 for hot fix KB5041571 discusses the new features and improvements to the operating system. The security update includes changes to the lock screen, NetJoinLegacyAccountReuse, Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI), and Domain Name System (DNS). The article also includes a servicing stack update to improve the reliability of the Windows update process.

CCRI renamed Cyber Operational Readiness Assessment (CORA)

The Command Cyber Readiness Inspection(CCRI) is a comprehensive cybersecurity evaluation and assessment conducted by the United States Department of Defense (DoD). A CCRI serves as a formal inspection aimed at enhancing accountability and bolstering the security posture of DoD Information Networks in alignment with DoD standards, with a specific focus on Command, Mission, Threat, and Vulnerability.

MadLicense CVE-2024-38077 RCE Threatens All Windows Servers

The latest CVE-2024-38077 Remote Code Execution vulnerability (RCE) and coined MadLicense has been rated as absolutely critical with a CVSS 3.1 score of 9.8. The Windows Remote Desktop Licensing (RDL) service has a vulnerability that enables network attacks with low complexity, affecting all versions of Windows Server from 2000 to 2025 (all Windows Servers).

Enable Computer and User Accounts to be Trusted for Delegation

The policy setting ‘Enable computer and user accounts to be trusted for delegation’ for Administrators and No One allows users to change the Trusted for Delegation setting on a computer object in Active Directory. Abuse of this privilege could allow unauthorized users to impersonate other users on the network. The Windows security setting enable computer and user accounts to be trusted for delegation is a powerful security feature primarily used in enterprise environments.

Impersonate a Client After Authentication Configuration in Windows

The Impersonate a client after authentication Windows security setting allows a program or service to act on behalf of a user after the user has logged in. This is essential to the running of many applications, from printing and accessing user files in web applications, to the systems service control manager. This ability to temporarily act as another user is also known as impersonation and the application must have the correct security configuration in order to do so.

Point and print: printing made easy

Point and Print is a Windows feature that simplifies the process of connecting to a network printer by letting a user automatically discover and connect to printers on a network. It also facilitates the automatic downloading and installation of necessary drivers to use these printers from the print server, without the need for administrative rights.