Paessler PRTG 22.4.81.1532 security fix for Cross Site Scripting XSS

Paessler PRTG released version 22.4.81.1532 (stable) in which a PRTG the tag handling system was fixed regarding tag parameters to avoid the risk of a possible Cross Site Scripting (XSS) attack.

Updates are available for PRTG Preview 22.4.81.1504 or PRTG Stable 22.4.81.1532
  • PRTG Stable 22.4.81.1532 sha256 installer exe 0DD1952B8EE8A56F77FBA968366794BFA58ABEFC38151192D378EAF35607091F
  • PRTG Stable 22.4.81.1532 sha256 installer zip 64F4918CE265ED58EC98996516D59AA97BB7BBC614AAD644E2F90C9DAB22F106
  • PRTG Preview 22.4.81.1504 sha256 installer exe: 28F05875EA31067881B2E04B3557F1BBC3D174D2064CCBA3E93BD4F1EC2E7839
  • PRTG Preview 22.4.81.1504 sha256 installer zip A82725C7C7BBA8E116F31030857BD3DE099FF5B7C40248E04A1DB425A617318E
Source: https://www.paessler.com/prtg/history/stable

Security Testing - Review LAPS

It is a good idea to review your companys Microsoft's Local Administrator Password Solution LAPS installation. Leo Loobeek published a nice powershell-script which helps in finding groups which are specifically delegated by sysadmins and finding users with "All Extended Rights" that can view passwords, and viewing all computers with LAPS enabled.

https://github.com/leoloobeek/LAPSToolkit
https://github.com/leoloobeek/LAPSToolkit/blob/master/LAPSToolkit.ps1

  • Get-LAPSComputers
    Displays all computers with LAPS enabled, password expriation, and password if user has access

  • Find-LAPSDelegatedGroups
    Searches through all OUs to see which AD groups can read the ms-Mcs-AdmPwd attribute

  • Find-AdmPwdExtendedRights
    Parses through ExtendedRights for each AD computer with LAPS enabled and looks for which group has read access and if any user has "All Extended Rights". Sysadmins may not be aware the users with All Extended Rights can view passwords and may be less protected than the users in the delegated groups. An example is the user which adds a computer to the domain automatically receives the "All Extended Rights" permission. Since this function will parse ACLs for each AD computer, this can take very long with a larger domain.
I've seen installations, where LAPS was implemented to improve security. However due to wrong configuration way to many people where able to read passwords in Active Directory (Mitre Att&ck Tactic Credential Access)

Azure Managed Identities (technical service accounts)

Explaination Azure Managed Identities = technical service accounts Password is automatically managed, as it was the case in managed service ...