Microsoft has released KB5003646 on the 6th of June 2021. Part of this update is a security hardening measurement to align with recommendations as a conclusion out of CVE-2021-31958.
As a known issue of this KB5003646, microsoft has noted in the release notes: «After installing this or later updates, apps accessing event logs on remote devices might be unable to connect.»
This is exactly what is happening on Fortinet FSSO (FSSO with FortiGate, as well as FSSO over the FortiAuthenticator) and Palo Alto Networks User-ID Agent. They are not working anymore after the installation of Update KB5003646.
Some security researchers have demonstrated three high risk vulnerabilities for exchange server systems. Microsoft has published information about the vulnerability today and even has a patch for the problem already in place.
Even though we, as Boll Engineering AG, are not associated in any way with the affected product, a lot of our customer reported, that they have vulnerable systems in place and may be affected by this bug. We have been asked if IPS signatures and WAF patches are already implemented. Therefore we decided to post this blog to raise the awareness of this vulnerability once more, even after the broad press has already published a lot of releases regarding this matter.
WatchGuard announced in the last days a new feature called Dark Web Scan. The feature is hosted in the WatchGuard cloud. With this new tool, you can perform searches based on email addresses and domain names to see which accounts have been exposed on the dark web during known data breaches.
Sicherlich haben Sie sich schon gefragt, wann welches Feature in welchem Fireware Release eingeführt wurde. Da sich dies nur mühsam per Release Notes oder Dokumentation rausfinden lässt, hat WatchGuard für ihre Features einen KB Artikel mit einer Feature Liste pro Version erstellt:
What is the problem? AuthPoint Gateway software must be updated to the latest available version, v5.1.5 before the week of 10 October 2019. If you do not update your AuthPoint Gateway before 10 October, it is likely that all authentication will fail for your AuthPoint user base.
When must I update my AuthPoint Gateway? If
you use AuthPoint Gateway software v188.8.131.52 or lower, you must update
your Gateway software to v5.1.5 as soon as possible. If you update your
Gateway software before the dates referenced below, this issue will not
For AuthPoint users in the APAC cloud region – 10 October 2019
For AuthPoint users in the EMEA cloud region – 16 October 2019
For AuthPoint users in the AMER cloud region – 17 October 2019
In the Access Portal configuration, you can now configure reverse proxy actions so remote users can connect to internal web applications and Microsoft Exchange services with an external URL. With reverse proxy actions, you can give remote teams access to internal resources without the need for a VPN. Multi-factor authentication is supported as well.