Horizon Secured
@horizon-secured.com
Master Windows & Active Directory Security—From Defense to Attacks.
🚨 𝗛𝗼𝗿𝗶𝘇𝗼𝗻 𝗔𝗹𝗲𝗿𝘁 – 𝗗𝗛𝗖𝗣 𝗜𝘀𝘀𝘂𝗲𝘀 𝗔𝗳𝘁𝗲𝗿 𝗝𝘂𝗻𝗲 𝗨𝗽𝗱𝗮𝘁𝗲𝘀
Microsoft just confirmed a bug affecting DHCP on all major Windows Server versions (2016–2025). Clients may fail to renew IPs after applying June 2025 updates.
🛠️ Fix is on the way.
Stay safe,
Dave
#PatchTuesday #HorizonAlert
Microsoft just confirmed a bug affecting DHCP on all major Windows Server versions (2016–2025). Clients may fail to renew IPs after applying June 2025 updates.
🛠️ Fix is on the way.
Stay safe,
Dave
#PatchTuesday #HorizonAlert
June 14, 2025 at 7:14 AM
🚨 𝗛𝗼𝗿𝗶𝘇𝗼𝗻 𝗔𝗹𝗲𝗿𝘁 – 𝗗𝗛𝗖𝗣 𝗜𝘀𝘀𝘂𝗲𝘀 𝗔𝗳𝘁𝗲𝗿 𝗝𝘂𝗻𝗲 𝗨𝗽𝗱𝗮𝘁𝗲𝘀
Microsoft just confirmed a bug affecting DHCP on all major Windows Server versions (2016–2025). Clients may fail to renew IPs after applying June 2025 updates.
🛠️ Fix is on the way.
Stay safe,
Dave
#PatchTuesday #HorizonAlert
Microsoft just confirmed a bug affecting DHCP on all major Windows Server versions (2016–2025). Clients may fail to renew IPs after applying June 2025 updates.
🛠️ Fix is on the way.
Stay safe,
Dave
#PatchTuesday #HorizonAlert
🚨 𝗛𝗼𝗿𝗶𝘇𝗼𝗻 𝗔𝗹𝗲𝗿𝘁
SAP is having a rough season.
Another critical vulnerability just dropped — in 𝗦𝗔𝗣 𝗡𝗲𝘁𝗪𝗲𝗮𝘃𝗲𝗿 (𝟵.𝟲), involving missing authorization checks. Rated highly for a reason.
There’s more in this month’s advisory, but this one definitely stands out.
📎 support.sap.com/en/my-suppor...
#SAP
SAP is having a rough season.
Another critical vulnerability just dropped — in 𝗦𝗔𝗣 𝗡𝗲𝘁𝗪𝗲𝗮𝘃𝗲𝗿 (𝟵.𝟲), involving missing authorization checks. Rated highly for a reason.
There’s more in this month’s advisory, but this one definitely stands out.
📎 support.sap.com/en/my-suppor...
#SAP
SAP Security Patch Day - June 2025
SAP security Patch Day Bulletin
support.sap.com
June 11, 2025 at 8:04 AM
🚨 𝗛𝗼𝗿𝗶𝘇𝗼𝗻 𝗔𝗹𝗲𝗿𝘁
SAP is having a rough season.
Another critical vulnerability just dropped — in 𝗦𝗔𝗣 𝗡𝗲𝘁𝗪𝗲𝗮𝘃𝗲𝗿 (𝟵.𝟲), involving missing authorization checks. Rated highly for a reason.
There’s more in this month’s advisory, but this one definitely stands out.
📎 support.sap.com/en/my-suppor...
#SAP
SAP is having a rough season.
Another critical vulnerability just dropped — in 𝗦𝗔𝗣 𝗡𝗲𝘁𝗪𝗲𝗮𝘃𝗲𝗿 (𝟵.𝟲), involving missing authorization checks. Rated highly for a reason.
There’s more in this month’s advisory, but this one definitely stands out.
📎 support.sap.com/en/my-suppor...
#SAP
🛠️ 𝗧𝘄𝗼 𝗮𝗻𝗻𝗼𝘆𝗶𝗻𝗴 𝗯𝘂𝗴𝘀—𝗳𝗶𝗻𝗮𝗹𝗹𝘆 𝗳𝗶𝘅𝗲𝗱!
✔️ Firewall profile issue on Windows Server 2025 DCs
✔️ Kerberos cert-based auth issues (WHfB, Device PKINIT)
Both resolved in the 𝗝𝘂𝗻𝗲 𝟮𝟬𝟮𝟱 updates ✅
📬 You can subscribe to my newsletter to get all the details as soon as possible.
#PatchTuesday
✔️ Firewall profile issue on Windows Server 2025 DCs
✔️ Kerberos cert-based auth issues (WHfB, Device PKINIT)
Both resolved in the 𝗝𝘂𝗻𝗲 𝟮𝟬𝟮𝟱 updates ✅
📬 You can subscribe to my newsletter to get all the details as soon as possible.
#PatchTuesday
June 11, 2025 at 7:02 AM
🛠️ 𝗧𝘄𝗼 𝗮𝗻𝗻𝗼𝘆𝗶𝗻𝗴 𝗯𝘂𝗴𝘀—𝗳𝗶𝗻𝗮𝗹𝗹𝘆 𝗳𝗶𝘅𝗲𝗱!
✔️ Firewall profile issue on Windows Server 2025 DCs
✔️ Kerberos cert-based auth issues (WHfB, Device PKINIT)
Both resolved in the 𝗝𝘂𝗻𝗲 𝟮𝟬𝟮𝟱 updates ✅
📬 You can subscribe to my newsletter to get all the details as soon as possible.
#PatchTuesday
✔️ Firewall profile issue on Windows Server 2025 DCs
✔️ Kerberos cert-based auth issues (WHfB, Device PKINIT)
Both resolved in the 𝗝𝘂𝗻𝗲 𝟮𝟬𝟮𝟱 updates ✅
📬 You can subscribe to my newsletter to get all the details as soon as possible.
#PatchTuesday
🔐 Microsoft Patch Tuesday - 2 Zero-Days:
→ SMB privilege escalation (CVE-2025-33073)
→ WebDAV RCE (CVE-2025-33053) – actively exploited!
Network-based, low complexity.
📩 Full breakdown in Horizon Alert.
horizon-secured.com/newsletter/
#CyberSecurity #ZeroDay
→ SMB privilege escalation (CVE-2025-33073)
→ WebDAV RCE (CVE-2025-33053) – actively exploited!
Network-based, low complexity.
📩 Full breakdown in Horizon Alert.
horizon-secured.com/newsletter/
#CyberSecurity #ZeroDay
June 10, 2025 at 7:51 PM
🔐 Microsoft Patch Tuesday - 2 Zero-Days:
→ SMB privilege escalation (CVE-2025-33073)
→ WebDAV RCE (CVE-2025-33053) – actively exploited!
Network-based, low complexity.
📩 Full breakdown in Horizon Alert.
horizon-secured.com/newsletter/
#CyberSecurity #ZeroDay
→ SMB privilege escalation (CVE-2025-33073)
→ WebDAV RCE (CVE-2025-33053) – actively exploited!
Network-based, low complexity.
📩 Full breakdown in Horizon Alert.
horizon-secured.com/newsletter/
#CyberSecurity #ZeroDay
Reposted by Horizon Secured
PLEASE RT: New and Free Active Directory Domain Services Applied Skill Credential
techcommunity.microsoft.com/t5/itops-tal...
techcommunity.microsoft.com/t5/itops-tal...
New and Free Active Directory Domain Services Applied Skill Credential | Microsoft Community Hub
Learn about the new Active Directory Applied Skills Credential from Microsoft.
techcommunity.microsoft.com
May 22, 2025 at 3:44 PM
PLEASE RT: New and Free Active Directory Domain Services Applied Skill Credential
techcommunity.microsoft.com/t5/itops-tal...
techcommunity.microsoft.com/t5/itops-tal...
🚨 Critical DMSA finding for orgs running Windows Server 2025
A low-priv user with delegated rights (e.g. OU control) can create a DMSA that impersonates any AD account.
This is a stealthy privilege escalation path.
Details 👉 www.akamai.com/blog/securit...
#WindowsServer2025 #ActiveDirectory
A low-priv user with delegated rights (e.g. OU control) can create a DMSA that impersonates any AD account.
This is a stealthy privilege escalation path.
Details 👉 www.akamai.com/blog/securit...
#WindowsServer2025 #ActiveDirectory
www.akamai.com
May 22, 2025 at 7:57 AM
🚨 Critical DMSA finding for orgs running Windows Server 2025
A low-priv user with delegated rights (e.g. OU control) can create a DMSA that impersonates any AD account.
This is a stealthy privilege escalation path.
Details 👉 www.akamai.com/blog/securit...
#WindowsServer2025 #ActiveDirectory
A low-priv user with delegated rights (e.g. OU control) can create a DMSA that impersonates any AD account.
This is a stealthy privilege escalation path.
Details 👉 www.akamai.com/blog/securit...
#WindowsServer2025 #ActiveDirectory
Fix for Bitlocker Recevery Screen issues is available. But you need to download the update manually.
support.microsoft.com/en-us/topic/...
support.microsoft.com/en-us/topic/...
May 19, 2025—KB5061768 (OS Builds 19044.5856 and 19045.5856) Out-of-band - Microsoft SupportYour Privacy Choices Opt-Out Icon
support.microsoft.com
May 20, 2025 at 6:00 AM
Fix for Bitlocker Recevery Screen issues is available. But you need to download the update manually.
support.microsoft.com/en-us/topic/...
support.microsoft.com/en-us/topic/...
Reposted by Horizon Secured
LockBit’s dark web empire suffered a major blow after a May 2025 breach exposed internal chats, affiliate data, Bitcoin wallets, and attack details-shaking trust in the ransomware giant and fueling law enforcement investigations. #CybersecurityNews
pupuweb.com/has-lockbits...
pupuweb.com/has-lockbits...
Has LockBit’s Dark Web Empire Collapsed? Shocking Data Leak Exposes Ransomware Secrets - PUPUWEB
Will the LockBit Hack Spell Disaster? Devastating Breach Unveils Ransomware Operation The notorious LockBit ransomware group, infamous for its
pupuweb.com
May 19, 2025 at 2:05 AM
LockBit’s dark web empire suffered a major blow after a May 2025 breach exposed internal chats, affiliate data, Bitcoin wallets, and attack details-shaking trust in the ransomware giant and fueling law enforcement investigations. #CybersecurityNews
pupuweb.com/has-lockbits...
pupuweb.com/has-lockbits...
Reposted by Horizon Secured
New 'Defendnot' tool tricks Windows into disabling Microsoft Defender
www.bleepingcomputer.com/news/microso...
This is creative from the attackers side.
www.bleepingcomputer.com/news/microso...
This is creative from the attackers side.
New 'Defendnot' tool tricks Windows into disabling Microsoft Defender
A new tool called 'Defendnot' can disable Microsoft Defender on Windows devices by registering a fake antivirus product, even when no real AV is installed.
www.bleepingcomputer.com
May 18, 2025 at 11:53 AM
New 'Defendnot' tool tricks Windows into disabling Microsoft Defender
www.bleepingcomputer.com/news/microso...
This is creative from the attackers side.
www.bleepingcomputer.com/news/microso...
This is creative from the attackers side.
🚨 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 - 𝟳 𝗭𝗲𝗿𝗼-𝗗𝗮𝘆𝘀 𝘁𝗵𝗶𝘀 𝗠𝗮𝘆 🚨
5 exploited
4 = gain SYSTEM privileges
Targets: CLFS, DWM, Defender, Visual Studio
You don't have time to dig — I do.
Subscribe for full alerts:
👉 horizon-secured.com/newsletter/
#CyberSecurity #ZeroDay #Infosec #PatchTuesday
5 exploited
4 = gain SYSTEM privileges
Targets: CLFS, DWM, Defender, Visual Studio
You don't have time to dig — I do.
Subscribe for full alerts:
👉 horizon-secured.com/newsletter/
#CyberSecurity #ZeroDay #Infosec #PatchTuesday
May 13, 2025 at 6:16 PM
🚨 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 - 𝟳 𝗭𝗲𝗿𝗼-𝗗𝗮𝘆𝘀 𝘁𝗵𝗶𝘀 𝗠𝗮𝘆 🚨
5 exploited
4 = gain SYSTEM privileges
Targets: CLFS, DWM, Defender, Visual Studio
You don't have time to dig — I do.
Subscribe for full alerts:
👉 horizon-secured.com/newsletter/
#CyberSecurity #ZeroDay #Infosec #PatchTuesday
5 exploited
4 = gain SYSTEM privileges
Targets: CLFS, DWM, Defender, Visual Studio
You don't have time to dig — I do.
Subscribe for full alerts:
👉 horizon-secured.com/newsletter/
#CyberSecurity #ZeroDay #Infosec #PatchTuesday
1/4 🔒 Secure Bits 💡
𝗦𝗜𝗗 𝗛𝗶𝘀𝘁𝗼𝗿𝘆 𝗰𝗮𝗻 𝗯𝗲 𝗮 𝗱𝗮𝗻𝗴𝗲𝗿𝗼𝘂𝘀 𝗮𝘁𝘁𝗿𝗶𝗯𝘂𝘁𝗲.
Do you use it in your environment?
Originally, SID History was used during Active Directory migrations—to let migrated users access old resources by injecting old SIDs into the SIDHistory attribute.
𝗦𝗜𝗗 𝗛𝗶𝘀𝘁𝗼𝗿𝘆 𝗰𝗮𝗻 𝗯𝗲 𝗮 𝗱𝗮𝗻𝗴𝗲𝗿𝗼𝘂𝘀 𝗮𝘁𝘁𝗿𝗶𝗯𝘂𝘁𝗲.
Do you use it in your environment?
Originally, SID History was used during Active Directory migrations—to let migrated users access old resources by injecting old SIDs into the SIDHistory attribute.
May 13, 2025 at 11:02 AM
1/4 🔒 Secure Bits 💡
𝗦𝗜𝗗 𝗛𝗶𝘀𝘁𝗼𝗿𝘆 𝗰𝗮𝗻 𝗯𝗲 𝗮 𝗱𝗮𝗻𝗴𝗲𝗿𝗼𝘂𝘀 𝗮𝘁𝘁𝗿𝗶𝗯𝘂𝘁𝗲.
Do you use it in your environment?
Originally, SID History was used during Active Directory migrations—to let migrated users access old resources by injecting old SIDs into the SIDHistory attribute.
𝗦𝗜𝗗 𝗛𝗶𝘀𝘁𝗼𝗿𝘆 𝗰𝗮𝗻 𝗯𝗲 𝗮 𝗱𝗮𝗻𝗴𝗲𝗿𝗼𝘂𝘀 𝗮𝘁𝘁𝗿𝗶𝗯𝘂𝘁𝗲.
Do you use it in your environment?
Originally, SID History was used during Active Directory migrations—to let migrated users access old resources by injecting old SIDs into the SIDHistory attribute.
Reposted by Horizon Secured
Oh, I should probably have mentioned that the vulnerable DSA account also has "Run as service" permissions on all your DC's.....
⚠️ If you are using SAM-R, especially with Defender for Identity, you may be vulnerable to a downgrade attack! ⚠️
This was so dangerous they are disabling SAM-R queries in the coming weeks. Only classic sensor is affected, not XDR agent sensor (3.x).
learn.microsoft.com/...
This was so dangerous they are disabling SAM-R queries in the coming weeks. Only classic sensor is affected, not XDR agent sensor (3.x).
learn.microsoft.com/...
May 12, 2025 at 11:36 PM
Oh, I should probably have mentioned that the vulnerable DSA account also has "Run as service" permissions on all your DC's.....
Reposted by Horizon Secured
Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting SAP NetWeaver instances to a Chinese threat actor.
Chinese hackers behind attacks targeting SAP NetWeaver servers
Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting SAP NetWeaver instances to a Chinese threat actor.
www.bleepingcomputer.com
May 9, 2025 at 4:23 PM
Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting SAP NetWeaver instances to a Chinese threat actor.
Reposted by Horizon Secured
If you used a solid color as your Windows 7 wallpaper, the system could take an extra 30 seconds to load.
Wait, what?
STORY: www.windowscentral.com/software-app... 🪳
Wait, what?
STORY: www.windowscentral.com/software-app... 🪳
It wasn't your fault — Windows 7 took longer to boot up because of a simple programming mistake by Microsoft
If you used specific wallpapers on your Windows 7 PC, the system could take an extra 30 seconds to load.
www.windowscentral.com
May 9, 2025 at 8:28 PM
If you used a solid color as your Windows 7 wallpaper, the system could take an extra 30 seconds to load.
Wait, what?
STORY: www.windowscentral.com/software-app... 🪳
Wait, what?
STORY: www.windowscentral.com/software-app... 🪳
Reposted by Horizon Secured
Legacy Login in Microsoft Entra ID Exploited to Breach Cloud Accounts
hackread.com/legacy-login...
hackread.com/legacy-login...
Legacy Login in Microsoft Entra ID Exploited to Breach Cloud Accounts
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
May 10, 2025 at 11:02 AM
Legacy Login in Microsoft Entra ID Exploited to Breach Cloud Accounts
hackread.com/legacy-login...
hackread.com/legacy-login...
Reposted by Horizon Secured
Fired employee, Davis Lu, has claimed he’s not guilty of writing a “IsDLEnabledinAD” function that checked if Davis Lu was still in the company’s Active Directory and if not deleted a bunch of files and sabotaged his former employer’s network.
A crazy coincidence if true.
A crazy coincidence if true.
Developer convicted for “kill switch” code activated upon his termination
Software developer plans to appeal after admitting to planting malicious code.
arstechnica.com
March 11, 2025 at 12:00 PM
Fired employee, Davis Lu, has claimed he’s not guilty of writing a “IsDLEnabledinAD” function that checked if Davis Lu was still in the company’s Active Directory and if not deleted a bunch of files and sabotaged his former employer’s network.
A crazy coincidence if true.
A crazy coincidence if true.
Reposted by Horizon Secured
Active Directory Advanced Threat Hunting - Compare GPOs with the Security Compliance Toolkit and Baselines!
@microsoft.com @mscommunity.bsky.social @mvpaward.bsky.social #Microsoft #ActiveDirectory #mvpbuzz #coolstuff #ADDS #Windows #WindowsServer
👇👇👇👇
techcommunity.microsoft.com/t5/windows-s...
@microsoft.com @mscommunity.bsky.social @mvpaward.bsky.social #Microsoft #ActiveDirectory #mvpbuzz #coolstuff #ADDS #Windows #WindowsServer
👇👇👇👇
techcommunity.microsoft.com/t5/windows-s...
Active Directory Advanced Threat Hunting - Compare GPOs with the Security Compliance Toolkit | Microsoft Community Hub
Dear Microsoft Active Directory friends,
Even in the age of digital transformation, group policy settings (still) play a crucial role in...
techcommunity.microsoft.com
January 26, 2025 at 3:41 PM
Active Directory Advanced Threat Hunting - Compare GPOs with the Security Compliance Toolkit and Baselines!
@microsoft.com @mscommunity.bsky.social @mvpaward.bsky.social #Microsoft #ActiveDirectory #mvpbuzz #coolstuff #ADDS #Windows #WindowsServer
👇👇👇👇
techcommunity.microsoft.com/t5/windows-s...
@microsoft.com @mscommunity.bsky.social @mvpaward.bsky.social #Microsoft #ActiveDirectory #mvpbuzz #coolstuff #ADDS #Windows #WindowsServer
👇👇👇👇
techcommunity.microsoft.com/t5/windows-s...
Reposted by Horizon Secured
"Securing Active Directory" by @brd.bsky.social is the most interesting presentation from the Windows Server Summit so far: techcommunity.microsoft.com/event/window...
Securing Active Directory - Windows Server Summit
Wondering if you should deploy Windows Server 2025 Domain Controllers? Join Active Directory Program Manager Cliff Fisher on a deep dive into new security...
techcommunity.microsoft.com
April 29, 2025 at 5:40 PM
"Securing Active Directory" by @brd.bsky.social is the most interesting presentation from the Windows Server Summit so far: techcommunity.microsoft.com/event/window...
🚨Horizon Alert
If you are using telnet on Windows, this should be the top priority for you right now:
securityonline.info/0-click-ntlm...
If you are using telnet on Windows, this should be the top priority for you right now:
securityonline.info/0-click-ntlm...
0-Click NTLM Authentication Bypass Hits Microsoft Telnet Server, PoC Releases, No Patch
Critical 0-click flaw in Microsoft Telnet Server allows attackers to bypass authentication & gain admin access. Learn about the MS-TNAP vulnerability & how to mitigate
securityonline.info
April 29, 2025 at 6:07 PM
🚨Horizon Alert
If you are using telnet on Windows, this should be the top priority for you right now:
securityonline.info/0-click-ntlm...
If you are using telnet on Windows, this should be the top priority for you right now:
securityonline.info/0-click-ntlm...
🔒 Secure Bits 💡
“The trust relationship between this workstation and the primary domain failed.”
Do you really understand what this message means? Let’s break it down. 👇
#Windows #ActiveDirectory
“The trust relationship between this workstation and the primary domain failed.”
Do you really understand what this message means? Let’s break it down. 👇
#Windows #ActiveDirectory
April 29, 2025 at 11:42 AM
🔒 Secure Bits 💡
“The trust relationship between this workstation and the primary domain failed.”
Do you really understand what this message means? Let’s break it down. 👇
#Windows #ActiveDirectory
“The trust relationship between this workstation and the primary domain failed.”
Do you really understand what this message means? Let’s break it down. 👇
#Windows #ActiveDirectory
Reposted by Horizon Secured
Reposted by Horizon Secured
SAP NetWeaver Visual Composer development server: Missing authorization check
URL: nvd.nist.gov/vuln/detail/...
Classification: Critical, Solution: Not Defined, Exploit Maturity: Not Defined, CVSSv3.1: 10.0
CVEs: CVE-2025-31324
URL: nvd.nist.gov/vuln/detail/...
Classification: Critical, Solution: Not Defined, Exploit Maturity: Not Defined, CVSSv3.1: 10.0
CVEs: CVE-2025-31324
NVD - CVE-2025-31324
nvd.nist.gov
April 26, 2025 at 8:33 AM
SAP NetWeaver Visual Composer development server: Missing authorization check
URL: nvd.nist.gov/vuln/detail/...
Classification: Critical, Solution: Not Defined, Exploit Maturity: Not Defined, CVSSv3.1: 10.0
CVEs: CVE-2025-31324
URL: nvd.nist.gov/vuln/detail/...
Classification: Critical, Solution: Not Defined, Exploit Maturity: Not Defined, CVSSv3.1: 10.0
CVEs: CVE-2025-31324