Get a Pentest and security assessment of your IT network.

Cyber Security

Microsoft Warns of Windows Hello for Business Orphaned Key Risks

Microsoft published guidance on how to mitigate the security risks stemming from orphaned Windows Hello for Business (WHfB) public keys. The company says that it is aware of an issue in WHfB public keys persisting after a device is removed from Active Directory if the AD exists. Such keys will not be deleted even after the device used to create them is completely removed. An authenticated attacker could obtain orphaned keys created on TPMs that were affected by CVE-2017-15361 (ROCA), discussed in Microsoft Security Advisory ADV170012.

Source: https://www.bleepingcomputer.com/news/security/microsoft-warns-of-windows-hello-for-business-orphaned-key-risks/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation