Tag: sharepoint

Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities

PCIS Support Team Leave a comment
microsoft cryptography encryption

Microsoft has published today 58 security fixes across 10+ products and services, as part of the company’s monthly batch of security updates, known as Patch Tuesday.

Windows 10 security: 'So good, it can block zero-days without being patched'

Windows 10 security: ‘So good, it can block zero-days without being patched’

Systems running the Windows 10 Anniversary Update were shielded from two exploits even before Microsoft had issued patches for them, its researchers have found.

Read More

There’s a smaller number of fixes this December compared with the regular 100+ fixes that Microsoft ships each month, but this doesn’t mean the bugs are less severe.

More than a third of this month’s patches (22) are classified as remote code execution (RCE) vulnerabilities. These are security bugs that need to be addressed right away as they are more easily exploitable, with no user interaction, either via the internet or from across a local network.

This month, we have RCEs in Microsoft products like Windows NTFS, Exchange Server, Microsoft Dynamics, Excel, PowerPoint, SharePoint, Visual Studio, and Hyper-V.

The highest-rated of these bugs, and the ones most likely to come under exploitation, are the RCE bugs impacting Exchange Server (CVE-2020-17143, CVE-2020-17144, CVE-2020-17141, CVE-2020-17117, CVE-2020-17132, and CVE-2020-17142) and SharePoint (CVE-2020-17118 and CVE-2020-17121).

Patching these first is advised, as, through their nature, Exchange and SharePoint systems are regularly connected to the internet and, as a result, are more easily attacked.

Another major bug fixed this month is also a bug in Hyper-V, Microsoft’s virtualization technology, used to host virtual machines. Exploitable via a malicious SMB packet, this bug could allow remote attackers to compromise virtualized sandboxed environments, something that Hyper-V was designed to protect.

Below are additional details about today’s Microsoft Patch Tuesday and security updates released by other tech companies:

  • Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
  • ZDNet has published this file listing all this month’s security advisories on one single page.
  • Adobe’s security updates are detailed here.
  • SAP security updates are available here.
  • Intel security updates are available here.
  • VMWare security updates are available here.
  • Chrome 87 security updates are detailed here.
  • Android security updates are available here.
Tag CVE ID CVE Title
Microsoft Windows DNS ADV200013 Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver
Azure DevOps CVE-2020-17145 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Azure DevOps CVE-2020-17135 Azure DevOps Server Spoofing Vulnerability
Azure SDK CVE-2020-17002 Azure SDK for C Security Feature Bypass Vulnerability
Azure SDK CVE-2020-16971 Azure SDK for Java Security Feature Bypass Vulnerability
Azure Sphere CVE-2020-17160 Azure Sphere Security Feature Bypass Vulnerability
Microsoft Dynamics CVE-2020-17147 Dynamics CRM Webclient Cross-site Scripting Vulnerability
Microsoft Dynamics CVE-2020-17133 Microsoft Dynamics Business Central/NAV Information Disclosure
Microsoft Dynamics CVE-2020-17158 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft Dynamics CVE-2020-17152 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft Edge CVE-2020-17153 Microsoft Edge for Android Spoofing Vulnerability
Microsoft Edge CVE-2020-17131 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Exchange Server CVE-2020-17143 Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange Server CVE-2020-17144 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17141 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17117 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17132 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17142 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-17137 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-17098 Windows GDI+ Information Disclosure Vulnerability
Microsoft Office CVE-2020-17130 Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Office CVE-2020-17128 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17129 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17124 Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17123 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17119 Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office CVE-2020-17125 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17127 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17126 Microsoft Excel Information Disclosure Vulnerability
Microsoft Office CVE-2020-17122 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-17115 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2020-17120 Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2020-17121 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-17118 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-17089 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17136 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-16996 Kerberos Security Feature Bypass Vulnerability
Microsoft Windows CVE-2020-17138 Windows Error Reporting Information Disclosure Vulnerability
Microsoft Windows CVE-2020-17092 Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17139 Windows Overlay Filter Security Feature Bypass Vulnerability
Microsoft Windows CVE-2020-17103 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17134 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Visual Studio CVE-2020-17148 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Visual Studio CVE-2020-17159 Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Visual Studio CVE-2020-17156 Visual Studio Remote Code Execution Vulnerability
Visual Studio CVE-2020-17150 Visual Studio Code Remote Code Execution Vulnerability
Windows Backup Engine CVE-2020-16960 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16958 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16959 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16961 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16964 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16963 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16962 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Error Reporting CVE-2020-17094 Windows Error Reporting Information Disclosure Vulnerability
Windows Hyper-V CVE-2020-17095 Hyper-V Remote Code Execution Vulnerability
Windows Lock Screen CVE-2020-17099 Windows Lock Screen Security Feature Bypass Vulnerability
Windows Media CVE-2020-17097 Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows SMB CVE-2020-17096 Windows NTFS Remote Code Execution Vulnerability
Windows SMB CVE-2020-17140 Windows SMB Information Disclosure Vulnerability

Citrix Files Authentication to Network Share and SharePoint Connectors

Citrix Leave a comment

Manual user login to Connectors

When a user browses to a Network Share or SharePoint connector, they must first log in if not using SSO. To login, the user must right-click on the Connector name and choose Sign in from the Windows / Mac context menu.

With Citrix Files for Windows v4.4 or later, if the user browses to a unauthenticated connector folder, they are automatically prompted for authentication.


User-added image

Once the user selects Sign in, they are presented with a Login dialog where the user is required to enter their domain username and password. Upon successful login, they are able to browse their connector folders.

User-added image

Single Sign-On to Connectors Using NTLM or Kerberos Authentication

Active Directory domain-joined endpoints can SSO into a Network Share or SharePoint connector allowing seamless access for users browsing their connector folders. Users must sign into their AD-joined desktop or virtual application using domain credentials. No additional configuration is required on the Citrix Files client.

Single Sign-On to Connectors using Workspace App

When accessed through Citrix Workspace, users are automatically signed into the connector without a need for user interaction to provide credentials. For SSO to Network Shares or SharePoint connectors using Workspace authentication, StorageZones Controller v5.4.1 or higher is required.

As a requirement, in addition to installing Citrix Files for Windows / Mac, Citrix Workspace App must be installed on their machine and configured for the Citrix Workspace account. For more information on logging onto Citrix Files with Workspace App, please see: https://docs.citrix.com/en-us/citrix-content-collaboration/files-authentication.html

Single Sign-On to Connectors using VDA Authentication

When accessing Connectors inside a VDA session through Workspace, users will be automatically signed into the connector without a need for user interaction to provide credentials. For SSO to Network Shares or SharePoint connectors using Workspace authentication inside a VDA environment, StorageZones Controller v5.4.1 or higher is required.

Related:

exclusing company onedrive and sharepoint

Symantec Community Leave a comment
I need a solution

Seem to be having difficulties excluding all the different places and ways users are accessing some of our tools.

I had made prior channel filter exclusions that seemed to be working as well as http ones but am continually adding to these as we had some tenant changes with 0365 etc.

I have and influx of cloud hits for our sharepoint sites as well as our one drive.

I do only wish to exclude our corporate one drive and not something someone might have installed and be using with personal accounts.

Right now I am seeing incidents created with OneDrive.exe as well as EXCEL.exe and a sharepoint site that I already added to the excluded list. Trying to keep ‘private’ information and sorporation so hope the blackouts do not interfere with assistance (images attached)

Is there somewhere else I ened to make these exclusions for this endpoint activity?

In https I have -*xnamexgroup-my.sharepoint.com/*

and assorted ways that the home paths are listed for onedrive, example

%HOMEPATH%OneDrive – xxx Group*

0

1580487019

Related:

DLP v15 Depracted Technologies

Symantec Community Leave a comment
I do not need a solution (just sharing information)

We’re looking at upgrading our DLP implementation from v14.6 to v15.x and i’m trying to find out if any technologies have been deprecated under v15.x?  Looking at the documentation for v15, SharePoint 2007 for example is not covered as a supported technology.  Is there anywhere which either gives a definitive list of all currently supported OS’s, technologies etc… or a list of all depracated technologies per version?

0

Related:

DLP v15 Deprecated Technologies

Symantec Community Leave a comment
I do not need a solution (just sharing information)

We’re looking at upgrading our DLP implementation from v14.6 to v15.x and i’m trying to find out if any technologies have been deprecated under v15.x?  Looking at the documentation for v15, SharePoint 2007 for example is not covered as a supported technology.  Is there anywhere which either gives a definitive list of all currently supported OS’s, technologies etc… or a list of all deprecated technologies per version?

0

Related:

ShareFile Connectors Authentication and Single Sign-on

Citrix Leave a comment

ShareFile Connectors Authentication and Single Sign-on

ShareFile Enterprise includes support for connecting to existing network drives and SharePoint document libraries from within the ShareFile app for iOS and Android. This article details the authentication events for ShareFile Connectors when deployed as part of a XenMobile solution.

Figure 1: Authentication events

There are five authentication events involved for ShareFile Connectors in a XenMobile deployment:

User-added image

  1. Secure Hub authenticates to XenMobile.
  2. The ShareFile app authenticates to ShareFile.com.
  3. ShareFile app authenticates to NetScaler in the DMZ when accessing connectors.
  4. NetScaler authenticates to the ShareFile StorageZone controller. HTTP Basic is the default method for this step. However, Kerberos authentication is also possible.
  5. StorageZone Controller impersonates the domain user account and authenticates to the Network share or SharePoint server on behalf of that user. Kerberos and NTLM are supported.

Single sign-on to ShareFile.com

When using MDX-wrapped apps with XenMobile, single sign-on form Secure Hub to ShareFile.com is achieved using SAML. The App Controller acts as the SAML Identity Provider (IDP) configured in the ShareFile account. When the app is launched, Secure Hub obtains a SAML token for the user from App Controller and passes it to the ShareFile MDX app along with information about the ShareFile sub-domain. Secure Mail for iOS uses the same technique for authentication to ShareFile in order to present the user with a list of files and folders when they select the Attach from ShareFile option.

Separate Authentication Required for Connectors

The sign-on to ShareFile.com enables access to native ShareFile data if the data resides in a Citrix-managed StorageZone in the ShareFile cloud or in a customer-managed StorageZone, but it does not authenticate the user to any StorageZone Connectors that may be assigned to the user.

To access Connectors data sources like Network drives and SharePoint document libraries, the user must also authenticate to the Active Directory domain in which the network shares or SharePoint servers reside. Steps 3 through 5 in Figure 1 represent this separate authentication flow.

XenMobile MicroVPN Settings

ShareFile MDX-enabled mobile applications app can be configured to use the following Network access policies in XenMobile App Controller:

Network Access setting options

  • Blocked – In this mode of operation, which is the default setting for new applications, network access is not allowed and the ShareFile app cannot function. The network access setting must be changed to one of the preceding options.
  • Unrestricted – In this mode of operation, traffic from the ShareFile app is permitted to contact any host on the Internet. When communicating with the ShareFile.com control plane, traffic flows directly from the client to ShareFile.com, or directly to the external address of any storage zone.
  • Tunneled to the internal network – In this mode of operation, all network traffic from the ShareFile app is intercepted by the Worx MDX framework and redirected through the NetScaler Gateway using an app-specific MicroVPN.

    When the Network access settings is configured for Tunneled mode, the Initial VPN Mode setting becomes relevant to the connection.

Initial VPN Mode setting options

  • Full VPN Tunnel – In this mode of tunneling, traffic between the client and the destination is not modified in any way by NetScaler Gateway. This method is required for applications that perform end-to-end SSL connections using certificate-based authentication.
  • Secure browse – In this mode of tunneling, SSL/HTTP traffic from the MDX app is terminated by the MDX framework, which then initiates new connections to internal connections on the user’s behalf.
  • User-added image

Consider the following points as you design your XenMobile and ShareFile deployment:

  • Single sign-on to ShareFile.com is available for the ShareFile MDX-wrapped applications and Secure Mail, by configuring App Controller with ShareFile account details.
  • Authentication to ShareFile.com is not sufficient to authenticate users to domain-joined network shares and SharePoint document libraries.

Additional Resources

Configure ShareFile Single Sign-On with XenMobile

XenMobile ShareFile Mobile App SSO using SAML

Secure Mobile Data Access with Worx-enabled ShareFile

Related:

Enable Web Access to Connectors

Citrix Leave a comment

Web Access to Connectors allows users to see a Connectors tab in the ShareFile web app where they can browse, upload and download documents stored in on-premises SharePoint document libraries or CIFS file servers, as well as certain Personal Cloud Connectors. Depending on your plan, this feature may be disabled by default.

To enable the feature, please send a request to ShareFile Customer Support.

Requirements

Related:

Favorite Folders and Files

Citrix Leave a comment

To add a folder or file to your favorites, click the Star icon to the left of the folder or file name.

To view all of your Favorite Folders, click on the Favorites tab in the left navigation menu.

Items in this list can be organized by selecting the gray grips along the right edge of the row. Click and hold to drag to move the file or folder up or down.

Limitations

  • You cannot add a SharePoint folder that is a sub-site (ReadOnly) within your SharePoint Connectors menu.

Related:

How to Access SharePoint and Network Shares on ShareFile Desktop App for Windows

Citrix Leave a comment

The ShareFile Desktop App allows access to SharePoint and Network Shares. If this feature is enabled for your account, access these locations via the Navigation drop-down menu. Please note that your ability to download, upload or modify files within your SharePoint or Network Share locations depends on your permissions in those locations.

User-added image

Related: