Windows Subsystem for Linux 2 splashes down on Win Server 2022

Microsoft has made it official. Windows Subsystem for Linux 2 distributions are now supported on Windows Server 2022.

The technology emerged in preview form last month and represented somewhat of an about-face from the Windows giant, whose employees had previously complained that while the tech was handy for desktop users, sticking it on a server might mean it gets used for things for which it wasn't intended.

(And Windows Server absolutely had to have the bloated user interface of its desktop stablemate as well, right?)

Microsoft has released an out-of-band patch to deal with an authentication issue that was introduced in the May 10 Windows update.

Elizabeth Tyler, cyber security consultant on Microsoft's Detection and Response Team, confirmed the fix to worried administrators early this morning.

Microsoft has quietly slipped System Center 2022 out the door, more than six months after the debut of Windows Server 2022 – but also flagged the product is not in its final state.

System Center is Microsoft's tool for deploying and managing software-defined datacenters and has long been a near-essential companion for those deploying Windows Server at scale. Microsoft these days spends a lot more time talking about Arc, its cloud-hosted management suite, but System Center still has a loyal following.

The new version includes updates to System Center Operations Manager (SCOM), Virtual Machine Manager (VMM), System Center Orchestrator (SCORCH), Service Manager (SM), and Data Protection Manager (DPM), but has a modest list of new features.

Updated Microsoft's first Patch Tuesday of 2022 has, for some folk, broken Hyper-V and sent domain controllers into boot loops.

A Register reader got in touch concerning KB5009624, which they said "breaks hypervisors running on WS2012R2."

"I'm currently dealing with this right now and it's a hassle," our reader said.

Microsoft has extended the Secured-core concept it applied to PCs in 2019 to servers, and to Windows Server and Azure Stack HCI.

Secured-core sees Microsoft work with hardware manufacturers to ensure that their products include TPM 2.0 modules, ship with Secure Boot enabled by default in BIOS, and use the Dynamic Root of Trust for Measurement tech that allows use of Intel's Trusted Execution Technology (TXT) and AMD's Secure Virtual Machine (SVM).

Once those elements are in place, Microsoft is confident hardware is harder to compromise with firmware-based attacks, and is less susceptible to running unverified code.

Microsoft has announced Extended Security Updates for Windows Server 2008 and 2012, and for SQL Server 2012 – and made it free if you run them in its Azure cloud.

The current extended support offering for Windows Server 2012 and 2012 R2 ends on October 10, 2023. However, Monojit Bhattacharya, a product management leader for Azure and member of Microsoft’s Windows Server Team, has revealed that Redmond is offering “Extended Security Updates” for three years.

SQL Server 2012, for which extended support ends on July 12, 2022, has also been given an extra three years of security updates.

Amid all the emissions about Windows 11 this week came the stealthy arrival of the public preview of Windows Server 2022: Azure Edition.

While its desktop sibling has had its ups and downs over the years, Windows Server has soldiered on behind the scenes. Windows Server 2019 was, according to Microsoft, "our fastest adopted Windows Server ever".

Server 2022 is destined to be the next release in the Long Term Servicing Channel (LTSC) and supports up to 48TB of RAM, 64 sockets, and 2,048 logical processors. The blessed relief of hotpatching that doesn't need a reboot is continued from the Azure Edition of Server 2019 (although a server bounce is still needed after a quarterly update.)

Data analysis firm Splunk says it's found a resurgence of the Crypto botnet – malware that attacks virtual servers running Windows Server inside Amazon Web Services.

Splunk's Threat Research Team (STRT) posted its analysis of the attack on Monday, suggesting it starts with a probe for Windows Server instances running on AWS, and seeks out those with remote desktop protocol (RDP) enabled.

Once target VMs are identified, the attackers wheel out an old favourite: brute forcing passwords. If that tactic succeeds, the attackers get to work and install cryptomining tools that produce the Monero cryptocurrency.

Ignite Microsoft has released a preview of Windows Server 2022, with "secured core", improved Windows Containers, and MsQuic protocol support in the kernel.

Windows Server can also be deployed using an "as a service" model in the style of Windows 10, though there are important differences. The regularly updated version is simply called Windows Server (plus a release number such as 2004), is in the semi-annual release channel, and requires a subscription licence called Software Assurance, so is not a cheap way to get the latest Windows Server forever.

Each semi-annual channel release is supported for only 18 months. Also, there is no desktop GUI for the semi-annual channel, only the stripped-down Server Core option, or Nano Server for containers. Given the above limitations, it is the traditional long-term support versions of Windows Server, like Server 2022, that are likely to be used for non-ephemeral installations.

Another potential mitigation has emerged for the PrintNightmare zero-day vuln, which lets low-privileged users execute code as SYSTEM on Windows domain controllers: remove those people from a backwards-compatibility group.

The zero-day hole came to light earlier this week after an infosec research firm mistakenly published proof-of-concept exploit code for a remote-code execution (RCE) vuln it had nicknamed PrintNightmare. Sangfor Technologies published the exploit for the vulnerability after wrongly believing Microsoft had patched it this month, having read the June Patch Tuesday notes for a remote-code execution vuln in Windows Print Spooler tracked as CVE-2021-1675.

While the patch for CVE-2021-1675 also protects against PrintNightmare on most Windows devices, it didn’t do so for domain controllers, which caused some puzzlement among security researchers. Until today, when Yunhai Zhang of Tianji Lab discovered a potential cause: