Just patched an Exchange DAG cluster and an Edge server - all seems good.
Welcome to 2019: Your Exchange server can be pwned by an email (and other bugs need fixing)
Microsoft has released the first Patch Tuesday bundle of the year, patching up 49 CVE-listed security vulnerabilities and issuing two advisories. Happy new year from Redmond The January edition of Patch Tuesday includes critical fixes for Windows 10, Exchange Server, and Hyper-V. Among the 49 bug fixes were patches for remote …
COMMENTS
-
-
Wednesday 9th January 2019 08:04 GMT ds6
All seems good
...Meanwhile, my employer refuses to provide the funding to upgrade from Server 2003 with very old versions of Exchange. All user home directories are stored on unencrypted SMBv1 admin shares. Every AD account has local admin privileges on whatever system they are able to log into. All AD/Google/etc. accounts are disabled manually when an employee leaves but there are still hundreds of accounts still active back to 2008. We just recently decomissioned 2 print servers at my behest that had been running for years and were completely unused security holes. I'm the only one that knows how to write scripts in the whole department. Our netmaster doesn't know how DNS wildcards work and even after I explained it to him managed to take the entire site offline for 2 days (yeeeaaah 48hr TTL) by fat-fingering the domain name. We didn't get Webroot even though they went out of their way to get rid of a company-wide infection of Emotet for us with a proprietary, custom-tooled removal package, and instead are paying for an abandonware endpoint antivirus system that hasn't had its definitions updated in months and was clearly designed for XP. My cool boss just left for a better job right after I finally had some hope of making things better. My boss's boss admitted to the whole office he "doesn't know much about computers, [he's] a policy guy" when asked if he would perform interim duties. High-profile, high-availability, mission-critical systems are running XP on hardware from a similar era and no one wants to so much as touch it from fear of killing it, and we can't get the funding for a backup, let alone replace it. We pay for third parties to manage the CMS and phone system and both regularly break. If the VoIP server ever goes down it refuses to come back up and it has to be re-imaged over the wire from their servers and any voicemails from within the time period of the last backup are lost; they have not fixed this issue despite weeks of downtime and we still pay for their services. Oh but at least we're dumping money into some Indian company to develop an absolutely useless app that shows you a glorified calendar and half the time doesn't let you log in.
Sorry, I needed to vent about 20% of what I'm currently dealing with.
-
Wednesday 9th January 2019 10:03 GMT BigSLitleP
Re: All seems good
I've worked for so many companies like this, which is why my average employment in any single role is about 15 months. Currently working for a "cloud provider" that seems to be mainly incompetent, using equipment way out of date or bought from ebay. We *cause* most of the problems you listed.
Just hit 13 months in my current role.....
-
-
-
-
Wednesday 9th January 2019 14:17 GMT Robert Helpmann??
Re: Give Adobe a break
A round of applause for Adobe, who didn't need to put out a single security fix for Flash today.
So they're ditching the whole thing?!?!?! Holy crap!
Instead, the internet's screen door will see a handful of performance and stability fixes
And I was soooo happy, if only for a fleeting moment.
-
-
-
Wednesday 9th January 2019 04:32 GMT john.jones.name
exchange better than office 364 which still needs DNSSEC and DMARC
at least you can control exchange and hide it behind a firewall or inspection service...
e.g. office365 lacks DNSSEC and DMARC (even though Microsoft consume this information themselves customers are not to be trusted with actual security)
-
Wednesday 9th January 2019 21:23 GMT MatthewSt
Re: exchange better than office 364 which still needs DNSSEC and DMARC
DMARC has been supported for a while - https://blogs.technet.microsoft.com/fasttracktips/2016/07/16/spf-dkim-dmarc-and-exchange-online/
There's some more docs on it here - https://docs.microsoft.com/en-us/office365/SecurityCompliance/use-dmarc-to-validate-email
-
-
-
Wednesday 9th January 2019 18:57 GMT Anonymous Coward
Re: Hang on
"You mean some people still put Windows servers on the internet? I thought everyone had learned that you need a solid gateway device in front of them."
Well in a non domain joined environment with default security settings as say a web server, Windows Server does have a rather better security record over the last decade than say a LAMP stack. Which is probably why Netcraft shows that 42% of web sites run on IIS versus only 19% on Apache these days
-
Wednesday 9th January 2019 19:40 GMT ds6
Re: Hang on
42% on IIS is because it's the Windows Solution. Got Windows Server? Why not deploy IIS? Bing bang boom you're done.
Meanwhile everyone else has been enjoying a diversified landscape of tailored stacks, unfortunately with a bit too much serverside JavaScript... But hey, better than dealing with Windows.
And so I quickly escape before IIS admins come for my head.
-
Sunday 13th January 2019 04:33 GMT Anonymous Coward
Re: Hang on
"Which is probably why Netcraft shows that 42% of web sites run on IIS versus only 19% on Apache these days"
IIS marketshare on actively used websites has been on a steady decline for the last decade and hasn't shown any signs of recovering. In fact it's now sitting around 7%. Even Azure now hosts more Linux than any other OS, so IIS usage increasing doesn't line up with other stats.
-
-
Monday 14th January 2019 19:09 GMT Anonymous Coward
Re: Hang on
"Nope, Azure is about 30% Linux."
That was two years ago.
Then in September 2018 it hit parity with Windows: https://www.zdnet.com/article/linux-now-dominates-azure/
Based on the trends quoted in that article it's a safe assumption that Linux has increased to a solid majority by now.
-
-
-
-
-
Thursday 10th January 2019 05:46 GMT Doctor Evil
One more time - with feeling
If you're (still) running Office 2010 on an older 32-bit system, then yesterday's update will break all your Office apps -- again!
Instead of the familiar and desired splash screen, you'll get a little window with a message that says "Entry Point Not Found : The procedure entry point GetDateFormatEx could not be located in the dynamic link library KERNEL32.dll". And then ... nothing.
Same old, same old; this happened a month or 2 ago with KB4461522. This time the offending update is KB4461614; uninstall that and all will be well in your (admittedly somewhat antiquated) world once more.
-
Saturday 12th January 2019 09:07 GMT sgrier23
Bug Tuesday
Greetings
I am always amazed that Microsoft and Adobe need to do bug fixes on a regular monthly rate. The real reason for this is that the applications were not written properly, and the testing was inadequate.
App applications have bugs - faults in the code - and proper testing should and would find these and eliminate them.
But MS and Adobe want their latest and greatest applications out there, and both of these companies - and most, if not all, allow their users to find them and tell them and hopefully the companies would fix it. But not always.
I am totally fed up with these companies updates and security fixes - some of which cause bigger problems.
I say that the companies should write their applications properly in the first place, and these issues won't happen.
Moan over.
Cheers