Articles about Windows Server

Microsoft has issued a warning to users of various versions of Windows Server that a recent update is causing problems with Netlogon connections.

Affecting Windows Server 2022, 2019, 2012 R2, 2012, 2008 R2 SP1 and 2008 SP2, the problem means that some applications and appliances on domain controllers may be unable to establish a Netlogon secure channel. Microsoft is blaming not only the KB5009555 update, but "updates released January 11, 2022" for the problem.

Continue reading →

The first Patch Tuesday of 2022 ended up being rather more dramatic that many would have expected -- and not for the right reasons. The company released the KB5009566 update which, along with another update, was later found to cause problems with VPN connections. But it was issue with Window Server updates that concerns system administrators.

No fewer than three updates were found to be problematic for different versions of Windows Server, ultimately leading to Microsoft halting the rollout of KB5009624, KB5009557 and KB5009555. And while the Hyper-V issues introduced by the patches are still to be fixed, Microsoft has nonetheless recommenced the rollout of the update, saying that it is investigating the problems.

Continue reading →

Microsoft has fixed a critical vulnerability which affects several versions of its operating system including Windows 11 and Windows Server 2022.

The security bug is an HTTP vulnerability which is tracked as CVE-2022-21907 and Microsoft warns it is wormable. The company has issued a fix for the flaw and says that users should prioritize installing it to secure their systems.

Continue reading →

Microsoft has issued an out-of-band update for Windows Server to address a problem with Remote Desktop that can prevent connections to a server.

There are two different updates available at the moment -- KB5010196 for Windows Server 2019, and KB5010215 for Windows Server 2012 R2 -- and Microsoft says that updates will be released for other affected platforms "in the coming days". As these are emergency, out-of-band updates, they are not currently available from Windows Update, and must instead be installed manually.

Continue reading →

Microsoft has revealed that a recent update for Windows has been causing problems that could have left systems unprotected and open to attack.

After installing the KB5007205 update, some system administrators have found that Microsoft Defender for Endpoint fails. This makes something of a change from the printer problems that so many updates for Windows have caused in recent times, but there is currently no fix available.

Continue reading →

Microsoft has released a slew of emergency updates for various editions of Windows Server following the discovery of an authentication issue caused by this month's Patch Tuesday updates.

The updates (KB5008601, KB5008602, KB5008603, KB5008604, KB5008605 and KB5008606) are available for Windows Server 2008 SP2 up to Windows Server 2019. Although these are emergency, out-of-band updates, system administrators will still need to manually download and install them on affected domain controllers as Microsoft is not making them available via Windows Update.

Continue reading →

If you’ve found your system running unexpectedly short of storage space over the past couple of days, then Windows Defender could be to blame.

Some users report that the bug has led to hundreds of thousands and even millions of files being generated by the security software, taking up gigabytes of storage space.

Continue reading →

If you start to see the error message "Windows can't verify the publisher of this driver software" in Windows 10, it is because of a change Microsoft is making to driver validation.

The change has been introduced with the latest cumulative update for Windows 10 as Microsoft starts to block some third-party drivers from being installed. It also means that when you try to view driver signature properties you may see the error message "No signature was present in the subject".

Continue reading →

It is just days since the CISA (Cybersecurity and Infrastructure Security Agency) issued an emergency warning about a critical Windows vulnerability. Now Microsoft has issued a warning that the vulnerability is being actively exploited and the company is "actively tracking threat actor activity".

The Netlogon EoP vulnerability (CVE-2020-1472) is concerning not just because of its severity, but because of the fact that it can be exploited in a matter of seconds. The security issue affects Windows Server 2008 and above, and enables an attacker to gain admin control of a domain.

Continue reading →

Cybersecurity and Infrastructure Security Agency (CISA) has taken the extraordinary steps of issuing an emergency alert about a critical vulnerability in Windows.

CISA issued the warning to government departments, saying it "has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action". With Emergency Directive 20-04, the CISA requires agencies to install the August 2020 Security Update to mitigate against a vulnerability in Microsoft Windows Netlogon Remote Protocol.

Continue reading →

As part of this month's Patch Tuesday, Microsoft has issued a fix for a 17-year-old Windows DNS Server vulnerability. Known as SIGRed and tracked as CVE-2020-1350, the flaw is a serious one that has been assigned a CVSS base score of 10.0.

The vulnerability affects all version of Windows Server and is a wormable remote code execution flaw that requires no user interaction. In addition to issuing a critical patch, Microsoft has also provided details of a workaround for anyone who is unable to deploy the fix immediately

Continue reading →

Microsoft has released two off-schedule patches for serious vulnerabilities in the Windows Codecs Library affecting Windows 10 and Windows Server.

With the updates, which have been released through the Microsoft Store, the company is addressing the "critical" CVE-2020-1425 and the "serious" CVE-2020-1457. Both are Remote Code Execution vulnerabilities, and both have been addressed with little fanfare from Microsoft.

Continue reading →

Earlier this week, Microsoft inadvertently released details of a critical vulnerability in the SMBv3 protocol in Windows 10 and Windows Server. While there was no fix available at the time, the company did provide suggestions about how to mitigate against attacks.

With the information out in the wild, Microsoft was under pressure to get a patch released to customers -- and now it has managed to produce such a fix. KB4551762 is an emergency patch for the CVE-2020-0796 vulnerability, and users are advised to install it as soon as possible.

Continue reading →

Having inadvertently revealed details of an unpatched security flaw, Microsoft published an advisory that provides details on a recently detected vulnerability in the SMBv3 (Server Message Block) protocol.  Attackers who exploit the issue successfully "gain the ability to execute code on the target SMB Server or SMB Client" according to Microsoft's disclosure.

Attacks against SMB Servers use a specially crafted packet that is sent to the target. Attacks against SMB Clients are more complicated as it is required to configure a malicious SMBv3 Server and get users to connect to it.

Continue reading →

Patch Tuesday is supposed to be the day Microsoft issues bug-fixing updates for Windows and other software, but this week things were a little different. In addition to the usual patches, the company also inadvertently revealed the existence of a critical vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol -- one for which there is currently no patch.

It seems that Microsoft had intended to issue a patch to the vulnerability (CVE-2020-0796) yesterday, and therefore referenced it in the introductory text for the Patch Tuesday release, but then changed its mind -- perhaps because the patch was not ready. Two cybersecurity firms also published brief details of the security flaw, and while Microsoft is still yet to issue a patch, the company has provided details of workarounds.

Continue reading →