Hello, welcome to the Tuesday, November 16th, 2021 edition of the Sandstone at Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Fort Walton Beach, Florida.

We got an emergency update from Microsoft, and this update does not actually fix security vulnerability.

Instead, it does fix a problem where you're no longer able to authenticate after applying

the Microsoft patches from November 9th.

This affects you if you're using a single sign-on inactive directory on-premise or via the Hyperasia Active Directory.

And if you're not using essentially the latest and greatest version of Windows server,

so Windows server 2019 and earlier are possibly affected by this bug.

If you're infected, you probably know it because users were not able to authenticate.

And yes, then please update your systems with this emergency patch.

Of course, you may have already backed out of the November 9th update.

So if you're brave, then apply that again and then try Microsoft's new update.

And talking about Active Directory, one issue that our handler Rob keeps running into is that

Microsoft won't allow you to paste a password into the password

change GUI. And that, of course, gets in the way of best practices these days. You aren't really

able to use any password safes and such for these passwords. So what Rob came up with is a little script that will allow you to copy paste the

password and the script will then change it for you within active directory. Rob posted two

versions of the script, fairly straightforward, fairly simple. The first one is, well, simpler,

but it does actually contain the old

new password as part of the script. So that, of course, puts it somewhat at risk of losing

that script or leaving it sitting on the server. The second script, a little bit more elegant.

It will actually prompt you for the old new password, but then allow you to paste the password into

...