Articles about Windows Server

If you’ve found your system running unexpectedly short of storage space over the past couple of days, then Windows Defender could be to blame.

Some users report that the bug has led to hundreds of thousands and even millions of files being generated by the security software, taking up gigabytes of storage space.

Continue reading →

If you start to see the error message "Windows can't verify the publisher of this driver software" in Windows 10, it is because of a change Microsoft is making to driver validation.

The change has been introduced with the latest cumulative update for Windows 10 as Microsoft starts to block some third-party drivers from being installed. It also means that when you try to view driver signature properties you may see the error message "No signature was present in the subject".

Continue reading →

It is just days since the CISA (Cybersecurity and Infrastructure Security Agency) issued an emergency warning about a critical Windows vulnerability. Now Microsoft has issued a warning that the vulnerability is being actively exploited and the company is "actively tracking threat actor activity".

The Netlogon EoP vulnerability (CVE-2020-1472) is concerning not just because of its severity, but because of the fact that it can be exploited in a matter of seconds. The security issue affects Windows Server 2008 and above, and enables an attacker to gain admin control of a domain.

Continue reading →

Cybersecurity and Infrastructure Security Agency (CISA) has taken the extraordinary steps of issuing an emergency alert about a critical vulnerability in Windows.

CISA issued the warning to government departments, saying it "has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action". With Emergency Directive 20-04, the CISA requires agencies to install the August 2020 Security Update to mitigate against a vulnerability in Microsoft Windows Netlogon Remote Protocol.

Continue reading →

As part of this month's Patch Tuesday, Microsoft has issued a fix for a 17-year-old Windows DNS Server vulnerability. Known as SIGRed and tracked as CVE-2020-1350, the flaw is a serious one that has been assigned a CVSS base score of 10.0.

The vulnerability affects all version of Windows Server and is a wormable remote code execution flaw that requires no user interaction. In addition to issuing a critical patch, Microsoft has also provided details of a workaround for anyone who is unable to deploy the fix immediately

Continue reading →

Microsoft has released two off-schedule patches for serious vulnerabilities in the Windows Codecs Library affecting Windows 10 and Windows Server.

With the updates, which have been released through the Microsoft Store, the company is addressing the "critical" CVE-2020-1425 and the "serious" CVE-2020-1457. Both are Remote Code Execution vulnerabilities, and both have been addressed with little fanfare from Microsoft.

Continue reading →

Earlier this week, Microsoft inadvertently released details of a critical vulnerability in the SMBv3 protocol in Windows 10 and Windows Server. While there was no fix available at the time, the company did provide suggestions about how to mitigate against attacks.

With the information out in the wild, Microsoft was under pressure to get a patch released to customers -- and now it has managed to produce such a fix. KB4551762 is an emergency patch for the CVE-2020-0796 vulnerability, and users are advised to install it as soon as possible.

Continue reading →

Having inadvertently revealed details of an unpatched security flaw, Microsoft published an advisory that provides details on a recently detected vulnerability in the SMBv3 (Server Message Block) protocol.  Attackers who exploit the issue successfully "gain the ability to execute code on the target SMB Server or SMB Client" according to Microsoft's disclosure.

Attacks against SMB Servers use a specially crafted packet that is sent to the target. Attacks against SMB Clients are more complicated as it is required to configure a malicious SMBv3 Server and get users to connect to it.

Continue reading →

Patch Tuesday is supposed to be the day Microsoft issues bug-fixing updates for Windows and other software, but this week things were a little different. In addition to the usual patches, the company also inadvertently revealed the existence of a critical vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol -- one for which there is currently no patch.

It seems that Microsoft had intended to issue a patch to the vulnerability (CVE-2020-0796) yesterday, and therefore referenced it in the introductory text for the Patch Tuesday release, but then changed its mind -- perhaps because the patch was not ready. Two cybersecurity firms also published brief details of the security flaw, and while Microsoft is still yet to issue a patch, the company has provided details of workarounds.

Continue reading →

A self-described "reverser/pwner [and] Windows kernel hacker" has demoed a working exploit for two recently discovered vulnerabilities in Windows Remote Desktop Gateway (RD Gateway).

The exploit takes advantage of the CVE-2020-0609 and CVE-2020-0610 vulnerabilities which have already been shown to make a denial of service attack possible. Now Luca Marcelli has shown how the same vulnerabilities can be exploited in a Remote Code Execution attack.

Continue reading →

There have been a series of problematic updates for Windows recently, and now yet another one has popped up, this time affecting not only Windows 10, but also Windows 8.1, Windows 7 and Windows Server.

The KB4522016 cumulative update is interfering with printing. The update is causing issues with the printer spooler service, leading to print jobs failing or being canceled without user intervention.

Continue reading →

Microsoft has announced that from the middle of July, Windows 7 and Windows Server 2008 users who want to continue to receive updates will need SHA-2 code signing support.

The change is being introduced because "the security of the SHA-1 hash algorithm has become less secure over time due to weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing".

Continue reading →

Containerization enables organizations to both modernize existing applications and adopt new technologies based on business requirements. But the process of migrating older systems can be daunting.

Popular container platform Docker is addressing this with the launch of a new Windows Server application migration program. This is designed to allow businesses to migrate and modernize their legacy Windows Server applications in advance of the end-of-support deadline for Microsoft Windows Server 2008.

Continue reading →

It has been a while since Microsoft first mentioned Project Honolulu, and several months down the line it has now been released. Hitting general availability sees Microsoft officially revealing the name: Windows Admin Center.

There have already been several previews of Project Honolulu/Windows Admin Center, but now Microsoft will start the big push to encourage sysadmins to use it to manage their Windows Server and Windows 10 deployments.

Continue reading →

Microsoft is working on an HTML5-based Remote Desktop client to allow Windows users to control their devices from the comfort of their favorite browser. The web app was announced at the Ignite event last year and it is now finally available to test.

The Remote Desktop client is offered as a preview at this stage, and is accompanied by official documentation on how it can be set up on Windows devices. The web version is compatible with Windows 7 SP1 or Windows Server 2008R2 and newer, but it also requires a "compatible" browser as well.

Continue reading →