Fixing a Security Vulnerability in Active Directory with Steve Syfuhs
Failed to add items
Add to basket failed.
Add to wishlist failed.
Remove from wishlist failed.
Adding to library failed
Follow podcast failed
Unfollow podcast failed
Fixing a Security Vulnerability in Active Directory with Steve Syfuhs
-
Narrated by:
-
By:
About this listen
Why would a security vulnerability take more than two years to fix? Richard chats with Steve Syfuhs about the evolution of the response to KB5015754. Originally published in 2022, the issue involved vulnerabilities in the on-premises certificate authority for Active Directory. Pushing a fix to force the immediate replacement of the certificates could have left users unable to log into Active Directory entirely. Steve explains how the gradual rollout of the fix allowed folks concerned (and paying attention!) to fix it immediately. At the same time, for everyone else, the fix happened as the existing certificates expired. But not every scenario is automatic - some require sysadmin intervention. So, how do you get their attention? The story leads to the February 11, 2025 update that could knock some users off Active Directory, but had an easy and quick fix. The final phase should be September 2025; hopefully, the last stragglers will be ready!
Links
- KB5014754
- Microsoft Security Response Center
- Create and Assign SCEP Certificate Profiles in Intune
Recorded April 10, 2025