Note: this post is getting frequent updates; please keep checking back. Last update: 3/19/2021
Microsoft has released a set of out of band security updates for vulnerabilities for the following ver...
Updated Mar 19, 2021
Version 44.0
Blog Post
1. Is there a method to identify if a system has been compromised? The MS script culls log entries that are suspicious; you then need to dig into the log file specific to the culled entry. http response codes 200, 241, and 500; no indications of account names and login attempts. No indications of uploads.
2. Date/time entries in culled file do not match dates/times in actual log files
3. No indication that the "patch" ELIMINATES the alleged compromise; do they?
4. Are new AD or local logins created if a system is compromised? What account is compromised if the multitude of legs doesn't directly indicate login names or email addresses?
5. If a log entry contains an email address/account, does the flaw/bad code permit unauthenticated access to account indicated in the multitude of log files?