How should critical vulnerabilities be handled?

Another subreddit suggested I come here for advice on this.

Backstory:
I know it's probably different from company to company but I'm hoping to get some insight on this process. I'm in a support role for a mid-size company. It's unique in that it's tier 1/2 support but also some system administration. They're trying to squeeze all the work they can from their underpayed employees across the board, but it's getting me some valuable experience so I'm okay with it. For the most part. The Sr System Engineer is "retiring" soon. He wants to go 1099 and only work 20 hrs a week on certain projects. He's trying to unload this work on me in preparation of his retirement. I don't have an engineering background. Quite the opposite. I fell into IT and have no real technical education.

Here's the rub, Security will create Vulnerability Management tickets. It looks like they just copy/paste text from cve.org or Defender. It's usually a lot of information referencing several possibly affected programs requesting an update or patch to the affected program. I'm then expected to go in and update whatever needs to be updated. It usually involves a developer or analyst's laptop with non-standard software. I try to do my best and determine what software needs to be updated but 80% of the time the user will push back saying they don't have it or it will already be updated to the current version. If I don't see it listed in their programs I have to take their word for it. Or, for example, if it involves Apache Commons Text, I don't even know what that is or how to find it so if the user pushes back I have no choice but to take their word fur it. If it's already the current version, I don't what else I'm supposed to do. I can try to use AI for help but that involves a long remote session with the user while I troubleshoot and it rarely ends in success. The retiring engineer (who is actually a generally nice guy) will tell me I need to figure these things out because he's retiring soon and won't be around to do this. I don't feel like I have the education, experience, or knowledge to complete most of these tickets.

I also feel like the Security team is abdicating their responsibility to some degree on this. It's not the first time I've felt this way about Security. When I ask if software is security approved they tell us to search cve.org but when I come back and tell them that it says the program is high risk and I should deny it, they say it's not that simple and other factors need to be taken into consideration but they don't elaborate or follow-up on it. I'm not a security guy. I don't know how to make these determinations.

Is this how it's supposed to work? Am I just supposed to figure it out or just fail at the job? In short (too late for that I suppose, haha) am I the problem?

https://redd.it/1nf57a2
@r_systemadmin

Critical Cursor AI Flaw Allows Silent Code Execution via Malicious Repositories

**Date:** September 12, 2025

**TL;DR:**

* Cursor AI ships with Workspace Trust disabled by default, creating a silent code execution risk.
* Attackers can weaponize malicious repositories to run arbitrary code as soon as a folder is opened.
* Users must enable Workspace Trust and audit repositories to mitigate potential supply chain attacks.

A serious security flaw has been disclosed in the AI-powered code editor Cursor, a fork of Visual Studio Code. The vulnerability allows attackers to execute arbitrary code when a developer opens a maliciously crafted repository. The issue arises because Cursor ships with Workspace Trust disabled by default, which lets .vscode/tasks.json auto-run commands without user consent.

This flaw poses a significant threat to developers and security teams by opening the door to supply chain attacks. Sensitive credentials could be leaked, files modified, or systems compromised. To protect themselves, sysadmins and developers should enable Workspace Trust in Cursor, use alternative editors for untrusted code, and carefully review repositories before opening them.

**Full Story:**

[https://thehackernews.com/2025/09/cursor-ai-code-editor-flaw-enables.html](https://thehackernews.com/2025/09/cursor-ai-code-editor-flaw-enables.html)



https://redd.it/1nf7mhh
@r_systemadmin

Asked to be a guest speaker on IT security for individuals/micro businesses

Hello friends,

A client of mine asked me to be a guest speaker at an event in a very specific trade. Effectively, it's a bunch of micro businesses (1-2 employees), and they want me to offer advice on cyber security/etc.

I've never done this before, do you guys have any tips? She wants a 50 minute presentation but I don't know if I can blather about stuff that long, so I was thinking maybe a 30 minute session covering 6 topics at 5 minutes each, with 20 minutes of questions/answers.

She also asked me how much I would charge for this, but since I've never done this I don't know what to answer. I would think my hourly rate to prepare the presentation and the time to do the presentation.

https://redd.it/1nf6396
@r_systemadmin

MSP fixing vulnerabilities on our network - should fixes be included in our SLA or be chargeable?

It's not exactly clear if they are included in our SLA but you would imagine if our MSP is in charge of setting up and securing our network, that they would fix whatever vulnerabilities they find. How is this generally handled in other orgs who have an MSP? Thanks

https://redd.it/1nf6tf1
@r_systemadmin

Who needs 811 when an excavator can discover all the utilities at once?

I said what I said.

https://redd.it/1nfd1p3
@r_systemadmin

Is it normal that my team demands me to answer phone calls from them when I'm on vacation?

Half a year ago I went on 10 day vacation. Before leaving, I left our Project Manager a message with a quick guide on what was left to do with the project and a note, that she needs to pick someone from the team to continue with the tests.

When on vacation, I was doing tourist things and haven't really paid attention to my phone (also was out of service often). In the afternoon I've noticed few unanswered calls and a message from my colleague, asking about the details of the project - I messaged him, to write to the PM, so she can forward him the note with the guide. Few hours later I've noticed few new messages, where he asks me to talk about the project, so he doesn't have to message the PM. I got annoyed, told him the PM knows every detail and stopped answering.

After coming back from vacation, I got scolded by whole team, that I should answer the calls.

Now, half a year later, I'm going on vacation and my team member asked me how can he contact me in case he needs something.

Is it normal? I honestly wasn't expecting that kind of reaction from the whole team. And it's not some small company with 3 person IT dept - just a regular corporation.

https://redd.it/1nfeeqm
@r_systemadmin

Users storing passwords on personal gmail accounts

I work in healthcare IT and a user told me today that everyone in his department created a personal gmail account to store their work passwords on and that they use the same password for everything. They wanted me to reset their gmail accounts which I obviously don’t have access to do because they made it.

How do you all handle situations like this? I reported this to my manager due to my concern of PHI being accessed. Maybe I did the right thing reporting it but I also am worried that I am overreacting.



https://redd.it/1nfgl3k
@r_systemadmin

Did I do the right thing?

Hi all,

I recently handed my notice in at a job where I felt undervalued and stressed due to the chaotic nature of the business. In the last year I got the "extra" responsibilities of label printers, power BI connections and dashboards, creating and maintaining html apps for the business. All on top of the infrastructure of switches, hosts, storage etc. alongside this I was also teaching new IT recruits.
Small increase of 1.5k pay per year to cover.
This seems like a lot of work but I also think this is maybe the nature of being a sysadmin in a medium business? ~300 employees.
I recently landed a job as an infra engineer instead, for the same pay and a couple more hours a week but for a company with a slightly larger IT team.

I enjoyed the old place because it was varied and I liked most of the people, but I'm running out of steam and they wouldn't hire anyone else that's 3rd line level knowlege to help.

I feel like I've done the right thing, but what would your deciding factors be?

https://redd.it/1nfbdtu
@r_systemadmin

KB5014754 - AD Strong Certificate Mapping Enforcement. What are you doing? Help

I am trying to figure out how to handle this enforcement of strong certificate mapping for smart cards that Microsoft is enforcing next patching.

* Our PKI team uses Entrust and our certs are stored in an LDAP other than active directory so we cannot add the SID stamping from the AD account on their certificates.
* We have 2016 Domain controllers so we cannot use the GPO tuples for strong name based mapping
* Users self-renew their smart card certs any given day so there could be hundreds of newly-issued certificates between newly issued smart cards and renewed certs.

I have been running splunk searches against eventcode 39 and manually mapping the AltSecurityIdentities attribute to their AD account based off the events over the last month.

I need to set up some kind of a sync that connects from LDAP-A and can detect newly issued certificates, pulls the cert serialnumber/issuer, or SKI, whatever attribute we choose, and dumps it into LDAP-B (AD) account's altsecurityIdentities.

Is anybody else successfully doing this via powershell or python or anything? I am NOT a coder whatsoever. Starting to freak out.


[https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16](https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16)

https://redd.it/1nfcr26
@r_systemadmin

Exclusive: Vista-backed device management software firm Jamf explores a sale, sources say

https://www.reuters.com/technology/vista-backed-device-management-software-firm-jamf-explores-sale-sources-say-2025-09-12/


Seems like JAMF is going on the market.

A non-payed walled, brief article.

https://www.themiddlemarket.com/latest-news/vista%E2%80%90backed-jamf-reportedly-explores-sale

https://redd.it/1nflm6c
@r_systemadmin

IT Jobs Offshore?

Anyone out there hold an IT job that keeps you on a boat or rig, if so how did you find it?

Craving something different and the ocean has always called my name, would really hate to ditch a built career to scratch this itch but vacations at the beach only do so much!

https://redd.it/1nfoi4k
@r_systemadmin

Company policies that IT (Sysadmins) break.

I thought it would be fun to see what corporate policy type things IT people often break.

First thing I think of is dress code! Even our CIO does his own thing to push the norm. Wears nice shoes and a sportcoat, but almost always some tshirt, which might be more or less goofy depending on who has scheduled to see that day.

https://redd.it/1nfqvgd
@r_systemadmin

SharePoint online access NA

Anyone experiencing SharePoint Online connectivity issues in NA?

https://redd.it/1nfymen
@r_systemadmin

Power outage during Robocopy /MOVE

Hi guys, I need some help. I was copying a large amount of data to a new data structure using Robocopy on the same drive because of changes in the data structure and access rights (the company required this).

Command used:
robocopy "D:\\<SOURCE>" "D:\\<DESTINATION>" /E /MOVE

Everything was fine at first — it had already copied a few folders, moved the files, deleted the old ones, and didn’t copy the access rights to the files, which was exactly what was needed.

However, during the copy of a large folder (\~250 GB), we had a power outage. Now, the new location has about 213 GB and the old one still has 37 GB.

My question is: can I just repeat the same command? From what I understand, Robocopy with /MOVE won’t delete the original files if the new ones aren’t successfully created.
Is there anything I should be aware of?

Of course, I did make a checkpoint of the VM before starting, but I’d prefer not to re-copy the entire 1.5 TB from the beginning.

https://redd.it/1ng1es0
@r_systemadmin

RDP via WHfB, using hybrid domain joined endpoint

Hi Folks,

Below is a link to MSFT's guide for setting up authentication for RDP via WHfB.

https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/rdp-sign-in?tabs=adcs

My test machine is hybrid domain joined, I've followed the doc to the letter and I don't get prompted to enter a pin. I'm prompted for biometrics, which don't work (per the doc) when you are on a hybrid domain joined machine. Something isn't working correctly.

Has anyone out there managed to follow the MSFT article below and RDP via WHFB to work?

P.S. - I can't use cred guard as my users connect via an RDS gateway (not supported).

Thanks!

https://redd.it/1ng3ekq
@r_systemadmin

KDC Proxy with Let's Encrypt? Possible to Automate?

I had a thought of setting up a KDC Proxy that isn't publicly accessible, but is still accessible through Entra Private Access. With it in place I would then remove the GSA Enterprise Application for the DCs. Is this a valid layer of the onion or just a fruitless endeavor?

https://redd.it/1ng34q1
@r_systemadmin

update IT journalist interviewing for a jr sysadmin position.

Hi all,
I made a post last week about interviewing for an IT support/Jr sysadmin position, pivoting away from full time journalism.

I had my interview last week and felt it went pretty well. At one point, the IT manager asked me about the most difficult technical challenge I've ever faced. I told him about how I solved a major data merge issue at my last job with some custom noscripts, and he said he was currently wrestling with the exact same issue I described. We were able to talk shop. The interview ended up running over.

I got a tour afterwards and met the team. The tour also went over (by about an hour and a half!) and he gave me a lot of valuable info about the organization, what pay to expect, etc. I felt like our personalities gelled pretty well.

I was told I'd hear back next week about if I'm moving on to the final round. Overall I feel pretty optimistic. Thanks for all the advice in my last post.

https://redd.it/1ng85mj
@r_systemadmin

Guest Wi-Fi DHCP solutions

Looking for some advice on whether or not this is a good plan.

Current state: we have several sites today with varying network architectures. Most of these sites have a guest Wi-Fi VLAN so to maintain consistency when it comes to DHCP, we've centralized the DHCP functionality with our primary firewall.

Problem is that unlike Windows DHCP server, the firewall requires a separate interface for each DHCP pool, so we've grown from a couple sub-interfaces on the firewall to dozens, and with plans to expand even further this is a really ugly situation.

We have an established DMZ with its own domain, and own Windows datacenter licensing, so my thought was to throw a Windows Server VM in our DMZ with MS DHCP Server, consolidate all of our guest Wi-Fi DHCP pools to that server, and create the necessary ACLs to allow Guest Wi-Fi clients to hit that DHCP server to get addresses.

Our DMZ does have its own AD domain and I would anticipate this server would be joined to that domain and the server would have our standard security suite installed on it and get patched regularly. Are there any potential red flags with this particular solution that anyone could see?

https://redd.it/1ngau1f
@r_systemadmin

Live migration for VMs through Hyper-V/FOCM

I am setting up a new Hyper-V environment for 40ish VMs. Right now I have two hosts that I am able to do live migrations with, but this third host I've added is giving me some trouble.


All of our VMs are set to migrate to hosts with different processors (the VM setting in HV). When I try to migrate the VM, it looks like it's going through the process of trying to migrate but eventually stops without an error, staying on the host it started on. This happens to all of our VMs regardless of the network they use.


I've made sure all of our hosts are up to date with Windows patches. Our hosts are a Dell R650 and two Dell R940s. I haven't enabled any BIOS settings on the hosts with no migration issues (the R650 and one of the R940s).


Any ideas? Thanks!

https://redd.it/1ngckfk
@r_systemadmin

Allow only Teams but but block SharePoint/OneDrive on unmanaged devices

We’re in the process of setting up a conditional access policy to block access to OneDrive and SharePoint on unmanaged devices.

The problem is that this policy ends up blocking Teams as well, since Teams relies on SharePoint in the backend. That means users on mobile or unmanaged PCs can’t even use Teams for communication, which isn’t what we want.

Has anyone here successfully implemented a setup where:

Teams chat/communication is allowed on unmanaged devices (mobile or PC), but SharePoint/OneDrive is completely blocked?

Please help.

https://redd.it/1ng8yay
@r_systemadmin

Is mixing 1Gbps and 10Gbps links in an iSCSI MPIO setup ever acceptable?

I’m a Systems Administrator at my company, and our IT Director insists it’s fine to have an iSCSI multipath configuration where one path is 10Gbps and the other is 1Gbps. He believes MPIO will “just handle it.”

Everything I’ve been able to find in vendor docs, whitepapers, and community discussions suggests this is a **very bad idea**—unequal links cause instability, latency spikes, and even corruption under load. I’ve even reached out to industry experts, and the consensus is the same: don’t mix link speeds in iSCSI multipath.

I’m looking for:

* Real-world experiences (good or bad) from people who’ve tried this.
* Authoritative documentation or vendor best practices I can cite.
* The clearest way to explain *why* this design is problematic to leadership who may not dig into the technical details.

Any input, war stories, or links I can use would be greatly appreciated.

xposted

https://redd.it/1ngh4em
@r_systemadmin