Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"Targeting AD FS With External Brute-Force Attacks"
"On July 2019 Patch Tuesday, Microsoft released a patch for CVE-2019-1126, an important vulnerability ... While Microsoft only released one patch, we believe there are two vulnerabilities that allow attackers to remotely launch brute-force attacks on AD FS servers from the outside of the network. Attackers can bypass the Extranet Lockout Protection security feature and also bypass the Microsoft AD lockout policy(!) in certain scenarios ..."
VG
Bernd
[0] https://blog.preempt.com/security-advisory-targeting-ad-fs-with-external-bru...
rwth-security@lists.rwth-aachen.de