credential caching Archives

Winsage

May 28, 2026

Windows Server 2016 Update: Disastrous Bug Breaks AD

Microsoft released a mandatory patch (KB5087537) for Windows Server 2016 to enhance cryptographic layers and address critical vulnerabilities. This update is essential for organizations using legacy workloads, as mainstream support ended in January 2022, but extended support continues until January 12, 2027. The patch aims to prepare systems for the expiration of Windows Secure Boot certificates in June 2026, which, if not updated, could compromise security and expose systems to malware. The update uses a phased deployment model and includes a new SecureBoot folder to assist IT professionals in managing certificate status. It also addresses various quality-of-life issues, including bugs affecting Remote Desktop Connection and authentication errors with Microsoft services. However, a significant issue arises when the host server name is exactly 15 characters long, causing failures in the domain controller discovery process and obstructing critical operations. This bug is linked to the historical 15-character limit of NetBIOS, which affects the Active Directory lookup mechanism. Microsoft has acknowledged the issue but has not provided a timeline for a fix, leaving administrators to either rename servers or uninstall the update. As the Secure Boot deadline approaches, IT departments must carefully assess their environments to avoid disruptions while ensuring security compliance.

Tech Optimizer

April 15, 2026

Connecting .NET Lambda to Amazon Aurora PostgreSQL via RDS Proxy

Many organizations are modernizing legacy .NET applications while reducing database costs and enhancing scalability, particularly during migrations to AWS Lambda and transitions from SQL Server to Amazon Aurora PostgreSQL-Compatible Edition. The process involves connecting Lambda functions to Aurora PostgreSQL using Amazon RDS Proxy, with AWS Secrets Manager managing secure credential storage. The architecture includes a .NET Lambda function interfacing with Aurora PostgreSQL via RDS Proxy, which provides connection pooling to minimize database connection overhead. The solution requires a CloudFormation template to provision resources such as a VPC with private subnets, an Aurora PostgreSQL cluster, RDS Proxy, and Secrets Manager. The RDS Proxy is configured with parameters including PostgreSQL engine family, idle client connection timeout, and Secrets Manager secret. A Windows EC2 instance is provisioned, and access is facilitated through AWS Systems Manager Fleet Manager. The solution includes creating a sample table named "employee" in the database and a new .NET Lambda project that utilizes Npgsql for database connections. The Lambda function is deployed using the AWS CLI, and testing involves invoking the function and retrieving logs from Amazon CloudWatch. Finally, resources created during the process should be deleted to prevent ongoing charges.

Winsage

December 29, 2025

Microsoft Adds Sudo to Windows 11 24H2 for Seamless Elevated Commands

Microsoft has introduced the sudo command in Windows 11 version 24H2, allowing users to execute commands with elevated privileges directly from a standard command prompt or PowerShell window. Users can enable this feature via Settings under System > For Developers. Sudo can run commands in three modes: “in a new window,” “with input disabled,” and “inline.” The inline mode runs the elevated command in the same console session, preserving context and variables. Microsoft has open-sourced the project on GitHub, inviting community contributions. Sudo integrates with User Account Control (UAC) for security, ensuring every elevation request is vetted. It simplifies administrative tasks for software engineers and system administrators, particularly in corporate environments where full admin access is restricted. The feature works seamlessly in Windows Terminal and supports Azure integrations. While some users have reported compatibility issues, Microsoft emphasizes that sudo is a developer tool rather than a complete replacement for Linux's sudo. Future developments may include community-driven extensions and integration with Windows Subsystem for Linux (WSL).

Winsage

May 2, 2025

CISOs should re-consider using Microsoft RDP due to password flaw, says expert

Microsoft has clarified that a feature in its operating system, which allows at least one user account to log in after prolonged offline periods, is a deliberate design choice and not a security vulnerability. The Remote Desktop Protocol (RDP) caches the last set of credentials used to prevent administrators from being locked out, but this can lead to complications if credentials are changed, potentially allowing unauthorized access if outdated credentials are exploited. Johannes Ullrich from the SANS Institute emphasized the importance of securing RDP and recommended robust authentication measures and isolation of RDP endpoints to mitigate risks.

Winsage

April 30, 2025

Windows RDP lets you log in using revoked passwords. Microsoft is OK with that.

The ability to use a revoked password for Remote Desktop Protocol (RDP) access on Windows machines linked to Microsoft or Azure accounts allows users to log in with either a dedicated password or the credentials from their online account. Even after changing the account password, the old password remains valid for RDP logins indefinitely, and in some cases, multiple previous passwords may still grant access. This behavior poses significant security risks, especially if the account has been compromised, as changing the password does not block access via RDP with the old password. The issue arises from credential caching on the local machine, where the initial login credentials are stored securely, allowing continued access without online verification.