This month’s Patch Tuesday fell on the 12th of May and Microsoft delivered 13 patches with three of them rated critical. As usual there was a Cumulative Security Update for Internet Explorer which fixed multiple Critical issues. These days it takes less and less time for exploits to appear in the wild so if your organization still supports IE as a browser you’ll want to patch your servers and workstations as soon as possible.
Timing Flaw Discovered in Windows Ping Utility
It’s not everyday that you discover a flaw in a core networking component of a major operating system, but that’s just what happened here at FrameFlow last week. The command line “ping” is the workhorse of network and server monitoring. It’s the basic test that any sysadmin will use to determine if a remote system is alive and responding to network requests. As we investigated in more detail we were even more surprised to discover that this bug is deep in the Windows API and affects pretty much any program that needs to run ping tests.
“FREAK” Vulnerability (CVE2015-0204): Pretty Much All Systems are Exposed
The list of flaws in trusted security algorithms has grown again with the recent announcement of the “FREAK” (Factoring Attack on RSA-EXPORT Keys) vulnerability also known as CVE-2015-0204.
First reports confirmed that many OpenSSL implementations contained the flaw and today Microsoft issued Security Advisory 3046015 confirming that all versions of Windows are vulnerable.
Where Did The Freak Vulnerability (CVE2015-0204) Come From?
The details of the vulnerability are alarming and largely due to flawed federal policies on encryption dating back to the 1990s. Around that time products like PGP (Pretty Good Privacy) were starting to see wider distribution and the U.S. officials responded by passing laws to control the export of any product that included high grade encryption. It was a futile effort and the battle was eventually won by crusaders such as Phil Zimmerman.
Some would even say there is a darker side to government efforts on the control and distribution of encryption technology:
Techniques for Fast and Efficient Server Monitoring
FrameFlow is highly customizable and offers a wide variety of monitoring options. We’ve designed it that way on purpose to give you the flexibility to build out your monitoring configuration in a way that best suits your work environment, practices and policies.
There’s one area where first time users often have questions and that’s when it comes to authentication. FrameFlow is an agentless monitoring system, which means we don’t install anything on the systems being monitored. Instead we use standard protocols to reach out to the monitored machines and collect the data we need. To do that we need to authenticate to the machines being monitored. This is a good thing because it means that FrameFlow plays by the rules when it comes to your network security polices rather than wildly opening ports to reveal monitoring data like some agent-based systems do.
January 2015 – 1 Critical and 7 Important Fixes
The first Patch Tuesday for 2015 has been released and Windows sysadmins will be busy updating as usual.
This release includes 8 fixes with 1 listed as Critical and 7 more listed as Important. It’s always vital to make sure your systems are fully patched but Windows admins may feel some comfort knowing that the only critical issue is one that affects the Windows Telnet Service.
The internet has been around for more than half a century, going back to the 1960s when the US Department of Defense first awarded contracts for packet network systems. With each passing decade, we saw a greater proliferation of the net into more areas of our lives, transforming our world into a global, knowledge-based civilization; however, one of the big problems with today’s internet technology is the abundance of security bugs, lingering from out-of-date nodes in the net.
Photo By Karin Jonsson (Flickr: Poodle) [CC-BY-2.0 via Wikimedia Commons
POODLE 2.0: Here We Go Again
It was just a bit more than an month ago when the POODLE vulnerability in SSLv3 was discovered and sent sysadmins around the world scrambling.
You might remember that the original POODLE vulernability affected SSLv3, an older protocol that has been largely replaced by the TLS protocol. Since SSLv3 was only available on many systems as a measure to support very old web browsers, it was no big deal to disable it and thereby remove the vulnerabilty.
But today news is spreading that some TLS implementations can be vulnerable too and that as many as 10% of all web sites maybe affected. This new vulnerability has been labeled CVE-2014-8730 and it’s much more serious that the original POODLE.
It’s time to scramble again.
The vulnerability allows a user with restricted permissions to escalate to domain administrator privileges and Microsoft reports that attacks have been seen in the wild. Microsoft has officially stated that "the only way a domain compromise can be remediated with a high level of certainty is a complete rebuild of the domain," so it's critical that all Windows admins apply this patch immediately.
Microsoft recommends first patching domain controllers running Windows Server 2008 R2 or earlier. Next, patch your Windows Server 2012 and later domain controllers. Finally, patch all of your regular systems to ensure complete safety.
Use the following step-by-step instructions showing how to configure FrameFlow Server Monitor to make sure your systems have been patched:
With each new Windows release the desktop edition gets a lot of press coverage but what about the server editions? Let’s take a look at the server edition that was released along with the Windows 10 Technical Preview.
What Will the New Windows Server Edition be Called?
First, let’s talk about the name. At this time it’s not clear whether the new version will be called “Windows 10 Server,” or “Windows Server 2015,” or possibly something else. Microsoft currently uses the generic “Windows Server Technical Preview” which doesn’t give anything away. While we now have a confirmed name for the desktop edition, those of us on the server side of things will have to wait a bit longer.
What is the POODLE Bug?
Google researchers have found a severe flaw in an obsolete but still used encryption software, which could be exploited to steal sensitive data… The POODLE attack can force a connection to “fallback” to SSL 3.0, where it is then possible to steal cookies. Computerworld
FrameFlow Server Monitor Can Verify POODLE Patch Installation
Did you know that you can use FrameFlow Server Monitor to verify that the patch has been installed on all your systems?
Update: Windows 9 is dead. Long live Windows 10! Microsoft fooled everyone by skipping to Windows 10. There’s a preview build available already and stay tuned for our initial observations. So far all we can say is that we’re happy to have the Start Menu back.
We are very happy to announce that FrameFlow v7.0.5 is now available for download!
This release includes a number […]
Databases like SQL Server, MySQL and Oracle are the workhorses of IT operations. They are the reliable back-end for applications, services, web sites and many other kinds of systems so […]
Your servers, switches and routers are the core of your operations so of course it’s important to ensure that everything is running smoothly and to get early warning about potential problems. With this set of five best practices you can optimize your server monitoring configuration for easy management, quick adaptation to changing conditions and […]