2.5 Admins 2.5 Admins 246: Perpetual Hotpatch
6 snips
May 8, 2025 Old passwords can still access Windows RDP, raising security concerns despite password revocation. Broadcom's cease-and-desist letters against VMware users reveal the truth behind perpetual software licenses. Microsoft is pushing a subscription model for Windows Server 2025, questioning the concept of software ownership. Strategies for safeguarding archived files involve ZFS's read-only datasets and immutable flags, offering a balance between data accessibility and protection.
AI Snips
Chapters
Transcript
Episode notes
Windows RDP Password Cache Risks
- Windows RDP caches old password hashes allowing login even after password changes.
- This weakens security, letting attackers use revoked credentials unnoticed.
Secure Remote Desktop Protocol Usage
- Avoid exposing RDP directly to the Internet; it's designed for local network use.
- Restrict RDP access to trusted LAN segments and control network subnets and VPNs.
Microsoft Prioritizes Cache Over Security
- Microsoft caches credentials without timely updating after password changes, favoring availability over security.
- This results in old passwords working when new ones may fail, which defies security logic.
