Category: Server Security and Patching

Windows Server 2016 Brings Enhanced Security, Nano Support for the Cloud and Docker Containers Baked Right In!

As modern civilization continues to advance, fuelled in many ways by innovations in digital technology, all types of businesses and government organizations are becoming increasingly dependant on the IT infrastructure powered by Windows Servers.

Read more

Patch Tuesday for August 2015

It’s that glorious time of the month, time for all Windows sysadmins to apply the latest fixes delivered by Microsoft.

This month’s delivery includes 14 fixes with 4 of them rated Critical and the rest rated Important. In the Critical category we find fixes for remote code execution flaws that affect Windows, Office, the .NET Framework and more. Interestingly, in the first Patch Tuesday since Windows 10 was released, we find critical fixes for Microsoft’s new Edge browser too.

The remainder of the fixes address various privilege escalation and information exposure problems.

For the complete list of fixes see the Microsoft Security Bulletin Summary for August 2015.

Patch Tuesday for April 2015

This month’s Patch Tuesday fell on the 12th of April and Microsoft delivered 13 patches with three of them rated critical. As usual there was a Cumulative Security Update for Internet Explorer which fixed multiple Critical issues. These days it takes less and less time for exploits to appear in the wild so if your organization still supports IE as a browser you’ll want to patch your servers and workstations as soon as possible.

Read more

Patch Tuesday for March 2015

It’s Patch Tuesday again for all Windows sysadmins and this month’s delivery includes more fixes than usual.

Microsoft’s security bulletin lists 14 individual fixes including a fix for the recently discovered “FREAK” vulnerability. Of the fourteen fixes, 5 of them are rated Critical and the rest are Important.

Also included are fixes for issues in Internet Explorer, the VBScript scripting engine, a flaw in an Adobe font driver bundled with Windows, and issues in Microsoft Office. All of these could result in a remote code exploit so it’s vital that Windows-based systems are patched as soon as possible.

“FREAK” Vulnerability (CVE20150204): Pretty Much All Systems are Exposed

New Security Internet Security Flaw Discovered

The list of flaws in trusted security algorithms has grown again with the recent announcement of the “FREAK” (Factoring Attack on RSA-EXPORT Keys) vulnerability also known as CVE-2015-0204.

First reports confirmed that many OpenSSL implementations contained the flaw and today Microsoft issued Security Advisory 3046015 confirming that all versions of Windows are vulnerable.

Where Did The Freak Vulnerability (CVE2015-0204) Come From?

The details of the vulnerability are alarming and largely due to flawed federal policies on encryption dating back to the 1990s. Around that time products like PGP (Pretty Good Privacy) were starting to see wider distribution and the U.S. officials responded by passing laws to control the export of any product that included high grade encryption. It was a futile effort and the battle was eventually won by crusaders such as Phil Zimmerman.

Some would even say there is a darker side to government efforts on the control and distribution of encryption technology:

Read more

First Patch Tuesday for January 2015

    Photo By Jason Scott - Flickr: IMG_9976 - CC-BY-2.0 via Wikimedia Commons

    January 2015 – 1 Critical and 7 Important Fixes

    The first Patch Tuesday for 2015 has been released and Windows sysadmins will be busy updating as usual.

    This release includes 8 fixes with 1 listed as Critical and 7 more listed as Important. It’s always vital to make sure your systems are fully patched but Windows admins may feel some comfort knowing that the only critical issue is one that affects the Windows Telnet Service.

    Read more

Are You Monitoring Your Servers for Bugs Like Heartbleed, Shell Shock & Poodle?

Server Monitoring For Computer & Internet Bugs
Photo By wongo888 (Flickr: Brown Computer Bug) - CC-BY-2.0 via Wikimedia Commons

The internet has been around for more than half a century, going back to the 1960s when the US Department of Defense first awarded contracts for packet network systems. With each passing decade, we saw a greater proliferation of the net into more areas of our lives, transforming our world into a global, knowledge-based civilization; however, one of the big problems with today’s internet technology is the abundance of security bugs, lingering from out-of-date nodes in the net.

Read more