我的學習手記 A technical geek blog: 2025

Wednesday, December 3, 2025

Update ADFS certificate after Microsoft deprecation of Azure AD and MSOnline PowerShell (Connect-MsolService) and retirement is on July 1, 2025.

Solution:

1. (AAD Server) Microsoft Entra Connect Sync --> (Need to use the cert.pfx file)

2. Welcome --> Configure --> Manage federation --> Manage certificates --> Update SSL certificate

3. restart ADFS Service

Remark: You still need to go to ADFS proxy to use Powershell to update the SSL cert on the proxy server after the above step to upload the public cert to Azure.

A website help you to search for Known Exploited Vulnerabilities (KEV)

https://www.k-solveglobal.ai/KEV

Purpose: The portal helps organizations focus their patching efforts on vulnerabilities that are actively being exploited by threat actors in the wild, which are considered the most urgent threats.

Source of Data: The portal dynamically integrates with the official CISA KEV Catalog via data feeds (CSV/JSON).

Functionality: Users can monitor live KEV updates, identify threats relevant to their specific systems, and generate reports filtered by vendor or CVE (Common Vulnerabilities and Exposures) to streamline their vulnerability management process.

Windows Insider

Time flying, 11 years ago.

Wednesday, November 5, 2025

How to bypass proxy for Microsoft Update via Pac file

// Bypass for Microsoft Update domains

if ( shExpMatch(host, "download.microsoft.com") || shExpMatch(host, "ntservicepack.microsoft.com") || shExpMatch(host, "cdm.microsoft.com") || shExpMatch(host, "wustat.windows.com") || shExpMatch(host, "windowsupdate.microsoft.com") || dnsDomainIs(host, ".windowsupdate.microsoft.com") || shExpMatch(host, "update.microsoft.com") || dnsDomainIs(host, ".update.microsoft.com") || dnsDomainIs(host, ".windowsupdate.com") || dnsDomainIs(host, ".windowsupdate.microsoft.com") || dnsDomainIs(host, ".download.windowsupdate.com") || dnsDomainIs(host, ".prod.do.dsp.mp.microsoft.com") || dnsDomainIs(host, ".dl.delivery.mp.microsoft.com") || dnsDomainIs(host, ".delivery.mp.microsoft.com") || dnsDomainIs(host, "tsfe.trafficshaping.dsp.mp.microsoft.com") || dnsDomainIs(host, "ctldl.windowsupdate.com") ) return "DIRECT";

Windows 11 24H2 (OS Build 26100.6901) Wifi issue on Lenovo T14s

The Wifi card will be missing (Disappear) when you switch from wired network to wifi

The problematic driver is Qualcomm FastConnect 6900 Wi0Fi 6E 2.0.0.1292

Solution: Upgrade to Microsoft Update Driver - 2.0.0.1308

Qualcomm Communications Inc. - Net - 2.0.0.1308 816d017f-d000-4277-b198-64f07f87fff9_9bf8ff15ef3ecdb207279ff6d350bf8abaeb34df.cab (SHA1: m/j/Fe8+zbIHJ5/201C/irrrNN8=) (SHA256: j4LduWL7jAobpBd4JIzDohsJYp0UPwHuADr34WWVYQA=)

https://www.catalog.update.microsoft.com/Search.aspx?q=Qualcomm%20FastConnect%206900

Monday, October 27, 2025

Windows 10 using HardeningKitty to harden it

When you click Windows update on Windows 10 you will receive the following message:

As a short term solution for end of support Windows 10, using HardeningKitty to harden it will reduce the risk.

Reference:

https://www.youtube.com/watch?v=SoceWcFh4z0

Windows 10 end of support - Some option for home users who cannot upgrade to Windows 11

After Windows 10 reached its end of support on October 14, 2025, millions of older PCs that cannot upgrade to Windows 11 have become vulnerable unless users take prompt action. Below is a structured summary addressing the three areas you requested: support status, security risks, and user recommendations.

1. End of Support Summary

Microsoft officially ended all updates, including **security patches, bug fixes, and technical assistance**, for Windows 10 on **October 14, 2025**. While Windows 10 will continue to function, unsupported devices are no longer protected against new vulnerabilities. For organizations or users needing extra time, Microsoft offers **Extended Security Updates (ESU)** through October 2026 for a paid extension—mainly serving as a temporary bridge rather than a long-term fix.

2. Security Risks of Unsupported Systems

Running an unsupported operating system poses several hidden dangers:

- **Unpatched vulnerabilities** become permanent entry points for malware and ransomware attackers. Cybercriminals actively target such systems using automated scanning tools.

- **Higher breach rates** are observed—studies show outdated systems are about three times as likely to suffer data breaches.

In short, continuing to use Windows 10 exposes home users to significant cybersecurity and privacy threats, even if the system appears to run normally.

3. Recommendations for Home Users Without New Hardware

**Option A: Migrate to a Linux Distribution**

For users who cannot or do not want to buy a new computer:

- Consider **Lubuntu** or **Deepin**, which are lightweight, stable, and easier for beginners. I installed Lubuntu on my X61 which is 4GB RAM, 64GB SSD for many years which is running well and Deepin on several old hardware e.g. X230, X240 and DELL 5400.

- Linux offers reliable **long-term support and free security updates**, making it suitable for web browsing, office work, and basic computing.

**Option B: Temporary Hardening of Existing Windows 10**

If migration is not immediately possible:

- Enroll in **Microsoft’s ESU program** for one more year of critical security updates.

- Implement **CIS (Center for Internet Security) hardening benchmarks** using automated tools or scripts such as **CIS-CAT Lite** or community **HardeningKitty**, which adjust registry policies, disable risky services, and enforce strong authentication.

- Use **regular offline backups**, **browser isolation**, and a **reputable endpoint security suite** to add layered protection.

Closing Advice:

Unsupported Windows systems are prime targets for modern cyberthreats. Users should either migrate to a maintained platform (e.g. Linux) or apply stringent CIS-based Windows hardening as a short-term safeguard. Long-term reliance on Windows 10 without updates is not recommended for security or privacy reasons.

Saturday, September 27, 2025

Cisco ASA (CVE-2025-20333) (CVSS: 9.9) (CVE-2025-20362) (CVSS: 6.5)

Patch asap.

https://software.cisco.com/download/home/286285782/type/280775065/release/9.16.4%20Interim

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

Cisco Security Advisory: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote a

https://x.com/TheHackersNews/status/1971278285138268395?t=zA5NXTNfTvuWF557wLLXGw&s

Cisco ASA fixed version 9.16.4.85, 9.17.1.45, 9.18.4.47, 9.19.1.37, 9.20.3.7, 9.22.1.3

CVE-2025-20333

https://www.tenable.com/blog/cve-2025-20333-cve-2025-20362-faq-cisco-asa-ftd-zero-days-uat4356

CVE-2025-20333, CVE-2025-20362: Cisco Zero-Days Exploited | Tenable®

Cisco patched two zero-days in ASA and FTD, CVE-2025-20333, CVE-2025-20362, that were exploited by the same threat actor behind the ArcaneDoor campaign, UAT4356

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

Cisco Security Advisory: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firew

https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks

Cisco Event Response: Continued Attacks Against Cisco Firewalls

Home / Cisco Security Cisco Event Response: Continued Attacks Against Cisco Firewalls Version 1: September 25, 2025 Summary In May 2025, Cisco was engaged by multiple government agencies that provide

https://thecyberexpress.com/cisa-warns-of-cve-2025-20333/

CISA Warns Of CVE-2025-20333 In Cisco ASA Devices

CISA issues Directive 25-03 to address CVE-2025-20333 and related Cisco ASA threats, urging agencies to patch systems and mitigate active exploitation.

https://www.darkreading.com/vulnerabilities-threats/cisco-actively-exploited-zero-day-bugs-firewalls-ios

Bugs Targets Firewalls, IOS

Patch now: Cisco recently disclosed four zero-days, including three targeted by a nation-state actor previously behind the "ArcaneDoor" campaign.

https://www.cisa.gov/news-events/alerts/2025/09/25/cisa-directs-federal-agencies-identify-and-mitigate-potential-compromise-cisco-devices

Open Source Firewall

- **pfSense**

- Latest version: 2.8.1

- Release date: September 3, 2025

- Key features: Traffic shaping, IDS, firewall, load balancing, web management, high stability

- **OPNsense**

- Latest version: 25.7.2

- Release date: August 20, 2025

- Key features: Transparent proxy, IDS/IPS (Suricata), SSL VPN, weekly security patches, REST API, cloud/VM support

- **IPFire**

- Latest version: 2.29 Core Update 197

- Release date: September 18, 2025

- Key features: Deep packet inspection, traffic reporting, DoS protection, VLAN support, technical team friendly

- **ClearOS**

- Latest community version: 7.9.1 (no newer versions on main site, active as of 2024)

- Latest activity: October 16, 2024

- Key features: Simple UI, SMB/home focus, VPN, proxy, mail, IDS, etc.

- **Endian Firewall**

- Latest version: 6.8.0

- Release date: April 23, 2025

- Key features: IDS/IPS, VPN, multi-uplink, content filtering, hardware and virtualized deployment support

- **IPCop**

- Latest version: 2.1.9 (project is largely inactive, last update around 2015)

- Release date: ~2015

- Key features: Basic firewall, VPN, traffic shaping, more instructional/testing use

- **Untangle (Arista NG Firewall)**

- Latest version: 17.3.0

- Release date: May 2025

- Key features: IDS/IPS, unified threat management, web filtering, threat prevention, virtual/cloud deployments supported

Sunday, September 21, 2025

美国（CVE）中国（CNVD / CNNVD / CICSVD）欧洲（EUVD）

特性	美国（CVE）
核心组织	MITRE Corporation（管理）


英文名称	Common Vulnerabilities and Exposures


成立时间	1999年


主要功能	唯一标识已知安全漏洞（标准化编号）
覆盖范围	全球，面向所有ICT产品与服务
重点产品/领域	所有类型软硬件产品（通用）
编号机制	使用独立CVE编号（CVE-YYYY-XXXXX）
与CVE关系	核心标准
运营模式	非营利、公开协作（MITRE主导）
特色/优势	全球通用标准，被广泛引用

特性	中国（CNVD / CNNVD / CICSVD）
核心组织	CNVD：CNCERT（国家互联网应急中心）
	CNNVD：CNITSEC（中国信息安全测评中心）
	CICSVD：CICS-CERT（国家工信安全中心）
英文名称	China National Vulnerability Database
	China National Vulnerability Database (CNNVD)
	China Industrial Control System Vulnerability Database (CICSVD)
成立时间	CNVD：2004年
	CNNVD：2007年
	CICSVD：2018年
主要功能	漏洞收集、通报、预警、技术支持与应急响应
覆盖范围	中国境内或由中国机构运营的系统与产品为主
重点产品/领域	通用IT系统、政府/关键基础设施、工业控制系统（CICSVD）
编号机制	使用CNVD编号（如CNVD-2025-XXXXX）或CNNVD编号（如CNNVD-2025-XXXXX）
与CVE关系	部分漏洞同步至CVE，但独立管理
运营模式	政府主导，国家级应急响应机制
特色/优势	本土响应迅速，政策联动强，覆盖工业控制

特性	欧洲（EUVD）
核心组织	ENISA（欧洲网络安全局）


英文名称	European Union Vulnerability Database (EUVD)


成立时间	2025年4月（正式发布）


主要功能	聚合、验证并发布欧盟范围内的网络安全漏洞信息
覆盖范围	欧盟境内ICT产品与服务，聚焦欧盟数字生态
重点产品/领域	IT产品、网络设备、云服务、关键基础设施、欧盟相关供应链
编号机制	使用EUVD自有ID（如EUVD-2025-XXXXX），仍保留CVE作为"替代ID"
与CVE关系	与CVE并行，引用CVE但不依赖其编号体系
运营模式	欧盟机构主导，公共平台，强调数字韧性与互操作性
特色/优势	强调漏洞利用状态分析、缓解措施建议，支持风险评估与事件响应

Reference:

CVE (Common Vulnerabilities and Exposures)：是一个国际公认的漏洞数据库，提供每个已知漏洞的标准化名称和描述。CVE 编号广泛用于漏洞跟踪和补丁管理。

CNVD (China National Vulnerability Database)：中国国家信息安全漏洞共享平台，收集和发布与信息系统安全漏洞相关的信息。 CNCVE：可能指的是中国的一个漏洞数据库或标准，但根据搜索结果，没有找到具体的信息或定义。可能需要更多的上下文来确定确切的含义。

CNNVD (China National Vulnerability Database of Information Security)：中国信息安全测评中心负责建设运维的国家信息安全漏洞库，提供信息安全漏洞的分析、验证、通报和修复消控工作。

https://zhuanlan.zhihu.com/p/575718368

https://bbs.sangfor.com.cn/forum.php?mod=viewthread&tid=288211

Https://www.cnblogs.com/Hardworking666/p/15866081.html

Https://www.infoq.com/news/2025/06/cve-european-vulnerability-euvd/

Pages

Wednesday, December 3, 2025

Wednesday, November 5, 2025

Monday, October 27, 2025

Saturday, September 27, 2025

Sunday, September 21, 2025