24 set 2021

New security feature for Exchange Server: Exchange Server Emergency Mitigation

Exchange Server Emergency Mitigation FAQ

Q: What is Exchange Server Emergency Mitigation?

A: Exchange Server Emergency Mitigation is a new feature in Exchange Server introduced in the September 2021 CUs. It detects Exchange Servers that are vulnerable to one or more known threats and applies temporary mitigations until the admin can install the available SU.


Q: What does Exchange Server Emergency Mitigation do?

A: This feature runs as a Windows service, and it checks the Office Config Service for available mitigations hourly. If a mitigation is available, the EM service downloads it and automatically applies it to the server.


Q: What is a Mitigation?

A: A mitigation is an action or set of actions used to secure an Exchange server from a known threat. If a security threat becomes known to Microsoft and we create a mitigation for the issue, that mitigation can downloaded to the Exchange server, which can automatically implement the pre-configured settings. Mitigations are sent in a signed XML file that contains configuration settings for mitigating a security threat.


Q: If I disable sending optional data to Microsoft, will the EM service still automatically apply mitigations?

A: Yes. Automatic mitigation by the EM service does not require the sending of data to Microsoft. If sending data to Microsoft is not enabled, the EM service will function normally.


Q: Will Microsoft release mitigations for every vulnerability that will be eventually fixed in an SU?

A: No. Our plan is to release mitigations only for the most severe security issues, such as issues that are being actively exploited in the wild. Because applying mitigations may reduce server functionality, we plan on releasing mitigations only when the highest impact or severity issues are found.


New security feature in September 2021 Cumulative Update for Exchange Server - Microsoft Tech Community

14 ago 2021

Microsoft 365 Certified: Security Administrator Associate

Earning Microsoft 365 Security Administrator Associate certification validates the skills and knowledge to proactively secure Microsoft 365 enterprise and hybrid environments, implement and manage security and compliance solutions, respond to threats, and enforce data governance.

13 ago 2021

Tracing DNS queries on Windows 10 with NirSoft DNSLookupView

DNSLookupView is a new DNS tracing tool for Windows 10, made by Nir Sofer, that allows you to view the details of every DNS query sent through the DNS Client service of Windows.

For every DNS query, the following information is displayed: Query Timestamp, Host Name, Query Type (A, AAAA, and so on), Query Status (Error or succeeded), Query Result, ID and name of the process that requested the DNS lookup.

You can use the DNSLookupView tool with GUI as well as you can run DNSLookupView without displaying any user interface for the specified number of milliseconds, and then export the captured DNS requests to csv/tab-delimited/xml/html file



Download:
DNSLookupView

4 lug 2021

WindowServer.it Honor Community Member

Ringrazio la Community WindowServer.it, con la quale collaboro ormai da tempo, per il badge ricevuto. 




Il badge di Honor Community Member viene assegnato a coloro che fanno parte della community WindowServer.it da molti anni e che continuano a diffondere i valori di WindowServer.it, che vanno oltre il concetto di articolo, video o sessione durante gli eventi. I membri di questo club sono colonne portanti di questo sito e dei valori che rappresenta.

1 lug 2021

Configurazione del server NTP attraverso w32tm

Eseguire il seguente comando nel PDC Emulator sostituendo NTPSERVER con il server ntp geograficamente più vicino, ad esempio:

ntp1.inrim.it 193.204.114.232 NTP (RFC 5905)

ntp2.inrim.it 193.204.114.233 NTP (RFC 5905)

time.inrim.it 193.204.114.105 NTP (RFC 5905), TIME (RFC 868), DAYTIME (RFC 867)


w32tm /config /manualpeerlist:NTPSERVER /syncfromflags:manual /reliable:yes /update

net stop w32time && net start w32time


Per verificare che effettivamente sia stato configurato correttamente possiamo usare i seguenti comandi:

Forzare la sincronizzazione
w32tm /resync /nowait

Controllare la configurazione
w32tm /query /configuration

Visualizzare la sorgente time
w32tm /query /source 

Visualizzare l'elenco di tutti i server NTP configurati e il loro stato
w32tm /query /peers 

Visualizzare lo stato del servizio, ad esempio se sta ricevendo l'ora dall'orologio cmos locale/server NTP esterno
w32tm /query /status 

Monitor
w32tm /monitor


Configurazione del server NTP attraverso le GPO

Creare un filtro WMI e specificare la query:

Select * from Win32_ComputerSystem where DomainRole = 5

Creare una GPO da linkare ai DC e collegare il filtro in modo che sarà applicata solo al PDC Emulator

Editare la gpo e posizionarsi in “Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers

Abilitare “Enable Windows NTP Client” e “Enable Windows NTP Server

Impostare “Configure Windows NTP Client”