WebProNews

Tag: Windows Server

  • Windows 10 and 11 Have a Critical, Seven Month-Old Zero-Day Flaw

    Windows 10 and 11 Have a Critical, Seven Month-Old Zero-Day Flaw

    Windows has a critical, zero-day flaw and the worst part is that Microsoft has known about it for seven months and can’t seem to fix it.

    The exploit in question impacts Windows 10, Windows 11, and Windows Server, allowing a user to gain administrative privileges, according to BleepingComputer. Microsoft has already released two separate patches to address the issue, but neither of them has successfully fixed it.

    To make matters even worse, Microsoft’s latest effort to fix the vulnerability actually broke an unofficial patch that did fix it. 0patch (Zero Patch) is an independent security organization that provides patches for issues Microsoft cant/won’t fix, as well as older, end-of-life versions of Windows that Microsoft no longer supports. 0patch had successfully patched the fix, but now Microsoft’s patch has broke it.

    When BleepingComputer asked Microsoft for info on their future plans to fix the issue, they received this response:

    “We’re aware of this report and will take action as needed to protect customers.”

    0patch has once again issued a fix that actually works, leading some to wonder why Microsoft can’t seem to do that with a product they made in the first place.

  • Homeland Security Issues Warning On Critical Windows Server Bug

    Homeland Security Issues Warning On Critical Windows Server Bug

    The Department of Homeland Security (DHS) is warning of a Windows Server bug that can give hackers access to any machine on a network.

    Microsoft issued a patch in August that serves as a stopgap measure to prevent the vulnerability from being used. A permanent fix is expected early next year. In the meantime, the vulnerability does not require a hacker to steal authentication information. Instead, a hacker merely has to forge “an authentication token for specific Netlogon functionality,” according to Tom Tervoort, Senior Security Specialist and Ralph Moonen, Technical Director at Secura.

    Once the token is used, an attacker is “able to call a function to set the computer password of the Domain Controller to a known value. After that, the attacker can use this new password to take control over the domain controller and steal credentials of a domain admin.” This attack would allow a hacker to take over any computer on the network.

    The vulnerability has been given the highest severity rating, a CVSS score of 10.0. As a result, DHS is giving government offices until 11:59 PM, Monday, September 21 to implement the patch. Needless to say, all other organizations should implement Microsoft’s patch immediately, and be on the lookout for the permanent fix early next year.

  • Microsoft Releases Patch for 17-Year-Old Bug

    Microsoft Releases Patch for 17-Year-Old Bug

    Better late than never—Microsoft has released an update to a major vulnerability that is some 17 years old.

    Microsoft and security researchers are keen to prevent another WannaCry disaster, which has prompted a renewed focus on Windows vulnerabilities. Israeli security firm Check Point has discovered a vulnerability, called SigRed, that has the potential to be just as bad.

    The vulnerability scores a CVSS Base score of 10, meaning it is as bad of a vulnerability as can exist. Microsoft also describes it as “a wormable vulnerability, meaning that it has the potential to spread via malware between vulnerable computers without user interaction. DNS is a foundational networking component and commonly installed on Domain Controllers, so a compromise could lead to significant service interruptions and the compromise of high level domain accounts.”

    According to Check Point, every version of Windows Server, from 2003 to 2019, are equally vulnerable. This gives hackers an enormous target to take advantage of. Microsoft has released an update today, as part of Patch Tuesday. All organizations are strongly encouraged to update immediately.

    “We strongly recommend users to patch their affected Windows DNS Servers in order to prevent the exploitation of this vulnerability,” says Check Point. “We believe that the likelihood of this vulnerability being exploited is high, as we internally found all of the primitives required to exploit this bug, which means a determined hacker could also find the same resources. In addition, some Internet Service Providers (ISPs) may even have set up their public DNS servers as WinDNS.”

    System admins should waste no time applying this patch, as hackers will waste no time trying to take advantage of SigRed.

  • Microsoft Storage Spaces Bug Slips Through

    Microsoft Storage Spaces Bug Slips Through

    Microsoft has acknowledged a bug in its Storage Spaces feature that leads to file corruption, and is working on a resolution.

    Storage Spaces is a features that uses regular hard drives to provide RAID-style storage redundancy. It’s also a useful way to create a pool of storage from a number of different drives.

    Unfortunately for Microsoft, the latest Windows and Windows Server updates have a major bug impacting Storage Spaces.

    “Devices using Parity Storage Spaces might have issues using or accessing their Storage Spaces after updating to Windows 10, version 2004 (the May 2020 Update) and Windows Server, version 2004,” reads the company’s support site. “When using some configurations, partitions for Parity Storage Spaces might show as RAW in Disk Manager.”

    Unfortunately, “issues using or accessing their Storage Spaces” are just the beginning of the problem, as some users have also reported corrupted partitions and files.

    At this time Microsoft does not have a permanent solution, only a workaround. This is just the latest in a string of issues Microsoft has had with data-eating bugs making their way into major OS releases. Here’s to hoping the company can get a handle on this one quickly.

  • Windows 10 Crosses 1 Billion Device Threshold

    Windows 10 Crosses 1 Billion Device Threshold

    Microsoft has announced that Windows 10 is now installed on 1 billion monthly active devices.

    In a blog post, Yusuf Mehdi, Corporate Vice President, Modern Life, Search & Devices, said: “Today we’re delighted to announce that over one billion people have chosen Windows 10 across 200 countries resulting in more than one billion active Windows 10 devices. We couldn’t be more grateful to our customers, partners and employees for helping us get here.”

    The company had originally planned to hit this milestone in 2018, within three years of the Windows 10 release. Unfortunately, as a result of the death of Windows Phone, the goal had to be postponed. Now, five years after its release, Microsoft has crossed the threshold, with one in seven people around the world using the operating system. Mehdi makes it clear there is more yet to come.

    “Reaching a billion people with Windows 10 is just the beginning. We will invest in Windows not only within Windows 10 for PCs but also across many other Windows editions, serving diverse customer needs including Windows IoT, Windows 10 Teams edition for Surface Hub, Windows Server, Windows Mixed Reality on HoloLens, Windows 10 in S mode, Windows 10X and more.

    “We are inspired by the ways you use Windows 10, and we look forward to seeing how you continue to use these billion devices in new and exciting ways to power the world.”

  • PSA: NSA Issues Warning About Windows 10 Vulnerability

    PSA: NSA Issues Warning About Windows 10 Vulnerability

    The National Security Agency (NSA) has issued a press release detailing a severe vulnerability in Windows 10 and encouraging all users to update immediately.

    According the NSA’s press release, the agency discovered the vulnerability in the Windows 10 cryptography functionality. “The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality.”

    It is relatively unusual for the NSA to issue a press release about a vulnerability, but the severity of this particular one warranted it.

    “The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.”

    The agency recommends all users immediately apply all January 2020 Patch Tuesday patches to mitigate the danger.

  • Microsoft Launches New Windows Server Preview

    Microsoft Launches New Windows Server Preview

    Microsoft announced the launch of its third Technical Preview of Windows Server 2016 and System Center 2016, which includes the release of the first public preview of Windows Server Containers as well as new Nano Server functionality and software-defined datacenter enhancements.

    “Delivering applications quickly is key to staying competitive in today’s fast-paced business environment,” Microsoft says. “To respond, many organizations are looking for ways to accelerate how they move applications from development into production and continuously improve them to respond to business changes. DevOps-oriented tools and processes, which offer agile innovation and faster time to market, are empowering both developers and IT to meet this demand and drive new levels of value to their business. Containers are increasingly seen as an ideal solution to embrace DevOps giving developers increased agility while reducing operations management challenges for IT.”

    With Windows Server Containers, the company aims to bring such benefits to its customers.

    “Windows Server Containers create a highly agile Windows Server environment, enabling you to accelerate the DevOps process to efficiently build and deploy modern applications,” it says. “Through this release, millions of Windows developers will be able to experience the benefits of containers for the first time using the languages of their choice – whether.NET, ASP.NET, and PowerShell or Python, Ruby on Rails, Java and many others.”

    The news builds on a partnership with Docker Microsoft announced in October to offer container and DevOps benefits to Linux and Windows Server users. Windows Server Containers are part of the Docker open source project and can be deployed/managed using PowerShell or the Docker client.

    On the Nano Server front, they’ve added a new Emergency Management Console and for software-defined networking, they’re providing a scalable network controller and a software load balancer for higher availability and performance.

    More details on all of it here.

    Image via Wikimedia Commons

  • Google Compute Engine Gains Windows Server Support

    Google announced on Tuesday that Windows Server on Google Compute Engine is now generally available. It has been in beta since early December.

    Compute Engine is now supported by the following operating systems:

    Screen shot 2015-07-14 at 3.31.31 PM

    Operating systems with support outside of Compute Engine include:

    Screen shot 2015-07-14 at 3.32.09 PM

    “Compute Engine offers Windows Server 2012 R2 and Windows Server 2008 R2 customers benefits of rapid deployments, increased uptime due to transparent maintenance, cheap and predictable block storage, and best in class Google Cloud Storage Nearline backup,” says product manager Alex Gaysinsky. “Sharepoint, SQL and Exchange Server, and other Microsoft applications are also available to Compute Engine customers via the Microsoft License Mobility program.”

    “Since the Windows Server on Compute Engine beta announcement, we have made several Windows-specific improvements to the Compute Engine virtualization stack in order to bring the full benefits of Google network to Windows Server users,” Gaysinsky adds. “With multi queue (MQ) and generic receive offload (GRO) support, Windows Server running on Compute Engine can reach up to 7.5Gbps of throughput. This reduces the number of Windows Server instances required to serve web based applications and helps our customers more effectively contain their infrastructure and operational costs.”

    Now that it’s generally available, Windows Server instances are covered by the Compute Engine SLA. Those who buy Cloud Platform support packages can get architectural and operational support for their Windows Server deployments on Compute Engine.

    Images via Google

  • OrcsWeb Now Offers Complete ASP.NET 4.5 Support

    OrcsWeb is one of the leading providers of Microsoft Windows-based cloud and dedicated server hosting solutions. To remain at the top, the company must remain up-to-date on all the latest technologies. Their quick adoption of the latest version of ASP.NET only cements their dedication.

    OrcsWeb announced that ASP.NET 4.5 is now available across all platforms – cloud and dedicated. They worked closely with Microsoft throughout the beta stage to make sure their .NET 4.5 support was perfect. Users can expect new features, increased performance and control, and other benefits with the latest release of .NET.

    “ASP.NET 4.5 is the most exciting release of the .NET framework yet. Microsoft has made significant performance improvements in both application startup and memory utilization that customers will recognize immediately,” according to Jeff Graves, Director of Technology. “Security improvements help web developers easily protect their application from malicious users with unobtrusive validation and the baked-in AntiXSS library. Asynchronous HTTP calls are much easier to manage with the new await command. The best part is that OrcsWeb clients can take full advantage of these features today, across all of our platforms.”

    Here are the key improvements that users will find built into .NET 4.5:

  • ASP.NET 4.5 uses bundling (which combines separate JavaScript files for faster loading) and minification (which reduces the size of JavaScript and CSS files by removing unneeded characters).
  • ASP.NET 4.5 can read, write, and flush a stream asynchronously. This asynchronicity lets you send data to a client incrementally without tying up operating system threads.
  • The new async and await keywords make it easier to write asynchronous HTTP modules and asynchronous HTTP handlers.
  • ASP.NET 4.5 provides ways to read un-validated request data so that you can allow users to pass markup for selected fields or pages.

    • It should be noted that all new OrcsWeb clients will receive .NET 4.5 by default. All existing Windows cloud server or dedicated server clients can either install the upgrade themselves, or contact OrcsWeb for a professional installation. You can find more information on installing .NET 4.5 yourself here.

  • OnLive Adjusts Service To Meet Microsoft Licensing Rules

    OnLive has changed its popular OnLive Desktop service to bring it into compliance with Microsoft’s licensing rules. OnLive Desktop is now powered by Microsoft’s Windows Server 2008 instead of Windows 7.

    OnLive Desktop allows users to connect their iPad or Android tablet to OnLive’s servers in order to run a virtual Window 7 desktop, complete with Microsoft Office and Adobe Flash. The service has been popular with users, but drew Microsoft’s ire. It seems that OnLive Desktop fell afoul of Microsoft’s complicated licensing rules. Not long after OnLive Desktop launched, Microsoft said that OnLive Desktop’s service was violating its rules, but that they were “actively engaged with OnLive with the hope of bringing them into a properly licensed scenario.”

    This scenario, it seems, consisted of OnLive offering the same basic service with a slightly different version of Windows. Without making any announcements, OnLive made the switch from Windows 7 to Windows Server 2008 sometime over the weekend. Also, all references to Windows 7 have been removed from the OnLive website’s descriptions of OnLive Desktop.

    The user experience appears to have changed little with the switch. OnLive Desktop still offers users the same range of tools they had before, just in a slightly different package. The OnLive Desktop App is available on the iOS App Store and on Google Play for free. OnLive Desktop offers two plans for users: the free plan provides access to Microsoft Office and Adobe Reader, while the Plus plan (which costs $4.99 per month) adds Flash, cloud storage access, web mail attachments, and faster speeds.

    OnLive Desktop users, have you noticed a difference with the switch to Windows Server? Is OnLive Desktop better, worse, or the same as before? Let us know in the comments.

    [H/T: Cult of Mac]

  • Microsoft Windows Server Coming To Amazon Web Services

    Amazon has announced that customers taking advantage of the free usage tier of their Amazon Web Services can now run their Windows Server applications in their AWS cloud.

    Amazon Web Services is designed to make cloud computing easier for a wide variety of businesses – whether large, small, or the U.S. Treasury Department (yes, really). The addition of the ability to run Windows Server applications represents a significant expansion of the program for users who want to have more flexibility in the kinds of applications and operating systems they run on their AWS accounts.

    [Source: Amazon]