January 2015 – 1 Critical and 7 Important Fixes
The first Patch Tuesday for 2015 has been released and Windows sysadmins will be busy updating as usual.
This release includes 8 fixes with 1 listed as Critical and 7 more listed as Important. It’s always vital to make sure your systems are fully patched but Windows admins may feel some comfort knowing that the only critical issue is one that affects the Windows Telnet Service.
The internet has been around for more than half a century, going back to the 1960s when the US Department of Defense first awarded contracts for packet network systems. With each passing decade, we saw a greater proliferation of the net into more areas of our lives, transforming our world into a global, knowledge-based civilization; however, one of the big problems with today’s internet technology is the abundance of security bugs, lingering from out-of-date nodes in the net.
Photo By Karin Jonsson (Flickr: Poodle) [CC-BY-2.0 via Wikimedia Commons
POODLE 2.0: Here We Go Again
It was just a bit more than an month ago when the POODLE vulnerability in SSLv3 was discovered and sent sysadmins around the world scrambling.
You might remember that the original POODLE vulernability affected SSLv3, an older protocol that has been largely replaced by the TLS protocol. Since SSLv3 was only available on many systems as a measure to support very old web browsers, it was no big deal to disable it and thereby remove the vulnerabilty.
But today news is spreading that some TLS implementations can be vulnerable too and that as many as 10% of all web sites maybe affected. This new vulnerability has been labeled CVE-2014-8730 and it’s much more serious that the original POODLE.
It’s time to scramble again.
The vulnerability allows a user with restricted permissions to escalate to domain administrator privileges and Microsoft reports that attacks have been seen in the wild. Microsoft has officially stated that "the only way a domain compromise can be remediated with a high level of certainty is a complete rebuild of the domain," so it's critical that all Windows admins apply this patch immediately.
Microsoft recommends first patching domain controllers running Windows Server 2008 R2 or earlier. Next, patch your Windows Server 2012 and later domain controllers. Finally, patch all of your regular systems to ensure complete safety.
Use the following step-by-step instructions showing how to configure FrameFlow Server Monitor to make sure your systems have been patched:
With each new Windows release the desktop edition gets a lot of press coverage but what about the server editions? Let’s take a look at the server edition that was released along with the Windows 10 Technical Preview.
What Will the New Windows Server Edition be Called?
First, let’s talk about the name. At this time it’s not clear whether the new version will be called “Windows 10 Server,” or “Windows Server 2015,” or possibly something else. Microsoft currently uses the generic “Windows Server Technical Preview” which doesn’t give anything away. While we now have a confirmed name for the desktop edition, those of us on the server side of things will have to wait a bit longer.
What is the POODLE Bug?
Google researchers have found a severe flaw in an obsolete but still used encryption software, which could be exploited to steal sensitive data… The POODLE attack can force a connection to “fallback” to SSL 3.0, where it is then possible to steal cookies. Computerworld
FrameFlow Server Monitor Can Verify POODLE Patch Installation
Did you know that you can use FrameFlow Server Monitor to verify that the patch has been installed on all your systems?
Update: Windows 9 is dead. Long live Windows 10! Microsoft fooled everyone by skipping to Windows 10. There’s a preview build available already and stay tuned for our initial observations. So far all we can say is that we’re happy to have the Start Menu back.
We are very happy to announce that FrameFlow v7.0.5 is now available for download!
This release includes a number […]
Databases like SQL Server, MySQL and Oracle are the workhorses of IT operations. They are the reliable back-end for applications, services, web sites and many other kinds of systems so […]
Your servers, switches and routers are the core of your operations so of course it’s important to ensure that everything is running smoothly and to get early warning about potential problems. With this set of five best practices you can optimize your server monitoring configuration for easy management, quick adaptation to changing conditions and […]
We’re very pleased to announce that version 7.0 for FrameFlow Server Monitor and FrameFlow Multi-Site Monitor has been released.
This new version includes many features that you guys have been asking for. Some highlights include:
Maintenance Windows: You can define scheduled or one-time maintenance windows […]
FrameFlow v7.0 Beta 2
We’re very happy to announce that the second beta release for FrameFlow Server Monitor and FrameFlow Multi-Site Monitor is now available for download. As with beta 1 this release is available for all licensed users or by invitation for evaluation users.
Updates Since Beta 1
We’ve made […]
Version 7.0 Status Update
As you probably saw, Beta 1 of FrameFlow v7.0 was released at the beginning of the month. Since then we’ve had a ton of feedback and we’ve been making further updates and fixes.
Beta 2 is almost ready for release and you’ll see a number of changes in it. First, we’ve made […]
FrameFlow v7.0 Beta 1
We’re very happy to announce that Beta 1 for FrameFlow Server Monitor and FrameFlow Multi-Site Monitor is now available for download.
Important: Because this is a beta release we strongly advise you to make a complete backup of your monitoring configuration before installing […]
We are very happy to announce that v6.8.5 is now available on our web site. As usual licensed users can get it by logging into their account on our site here:
For those who are in the evaluation phase you can just download again from our […]